Top

Pegasus spyware remains a big threat to civil society

Poland and Hungary admitted that they purchased the spyware, while authorities in Mexico made the first arrestment related to the Pegasus scandal

The revelations about the global spy scandal surrounding the malware Pegasus continue, causing strong concern on whether there are more journalists, activists, and politicians who were hacked.

The Pegasus scandal was revealed back in July after an in-depth investigation which indicated that advance spyware owned by the Israeli surveillance software maker NSO Group was used by governments to spy on public figures. After the victim click on a malicious link, the Pegasus is installed on their mobile phones and obtains access to the user’s messages and data. Once installed the spyware can even activate the mobile phone remotely and steal the user’s data.

Months after the first exposure, the investigation into the case continues. Polish Deputy Prime Minister Jaroslaw Kaczynski admitted in January that the country bought Pegasus spyware, although he was previously denied it. He insisted though that the software was not used to monitor the political opponents. However, there are great allegations that Pegasus has been used to spy at least on three critics of the Polish government multiple times ahead of parliamentary elections in 2019.

“These findings are shocking but not surprising. They raise serious concerns not only for politicians but for the whole of Poland’s civil society in general, particularly given the context of the government’s record of persistently subverting human rights and the rule of law” said Amnesty International Poland’s Director Anna Błaszczak.

“Activists and protesters, have been targeted through criminal investigations, undermining the rights to freedom of expression and peaceful assembly. Meanwhile, judges and prosecutors who raised concerns over the lack of independence of the judiciary face disciplinary and even criminal investigations”.

Back in November, a senior official in Hungary’s governing party admitted for the first time that the government purchased the Pegasus spyware. Lajos Kosa, chairman of parliament’s Committee on Defense and Law Enforcement, said that Hungary had bought the software produced by NSO however he claimed that Pegasus was used with the permission of the Justice Ministry and said that the surveillance was lawful, authorized by the judiciary and/or the Minister of Justice. However, he didn’t disclosure whether journalists, activists, or politicians were targeted with Pegasus by the Hungarian state.

Mexico made the first arrest

In Mexico, authorities arrested a technician who worked for a private firm, following the allegations that he was participated in spying on the mobile phone of a broadcast journalist.

According to the Federal Justice Ministry, the technician was arrested in November and a Mexico City judge ordered him imprisoned. The investigation both for this case as well as for other allegations in Mexico continues.

“As stated in the past, NSO’s technologies are only sold to vetted and approved government entities and cannot be operated by private companies or individuals. We regret to see that, over and over again, the company’s name is mentioned in the media in events that have nothing to do with NSO, directly or indirectly,” said NSO in a statement after the Mexico arrest.

Meanwhile, the Defense Ministry of Israel dramatically decreased the number of countries in which Israeli firms can sell cyber technologies. The November list consists of 37 countries, down from 102. Although NSO insists its product is meant only to assist countries in fighting crime and terrorism, the US Department of Commerce has recently blacklisted both NSO Group and Candiru, by adding them to the list of foreign companies that engage in malicious cyber activities.

George Mavridis is a journalist currently conducting his doctoral research at the Department of Journalism and Mass Media at Aristotle University of Thessaloniki (AUTH). He holds a degree from the same department, as well as a Master’s degree in Media and Communication Studies from Malmö University, Sweden, and a second Master’s degree in Digital Humanities from Linnaeus University, Sweden. In 2024, he completed his third Master’s degree in Information and Communication Technologies: Law and Policy at AUTH. Since 2010, he has been professionally involved in journalism and communication, and in recent years, he has also turned to book writing.