EU called on to take action following impact of Pegasus on its spyware investigation.
Civil society organizations and Members of the European Parliament (MEPs) are calling for immediate action from the European Commission regarding spyware, following Citizen Lab's confirmation that Stelios Kouloglou, who is involved in the Parliament’s PEGA inquiry into spyware, was hacked using Pegasus in 2022 and 2023. The identity of the attacker remains unknown, the Commission has not responded, and the recommendations made by the PEGA committee in 2023 have mainly gone unaddressed. This follows up on TNW's earlier report about the hacking incident.
There is increasing pressure on the European Commission to address spyware issues, especially after forensic evidence indicated that one of the EU’s spyware investigators was targeted with Pegasus. Civil society groups issued a joint statement insisting that such abuses must face accountability rather than go unpunished.
Citizen Lab confirmed last week that Stelios Kouloglou, a former Greek MEP, was infected by spyware in October 2022 and again in March 2023. These incidents occurred while he was serving on the PEGA committee, which is dedicated to investigating such abuses.
The perpetrator remains unidentified, and Citizen Lab has found no evidence implicating the Greek government. An email address associated with Pegasus also appeared in earlier attacks against journalists across Europe, indicating that the tool may have been authorized for use by a client in several countries.
The individual behind the hack could have accessed sensitive committee documents and discussions. Lawmakers have described this occurrence as an assault on the rule of law, with members of the Parliament's left faction pushing for strict EU-wide regulations on spyware usage.
The Commission has not responded to requests for comments from TechCrunch and has not publicly addressed how it is implementing the PEGA committee’s 2023 recommendations, which advocacy groups now wish to see clarified through a public roadmap.
The statement highlighted a series of European scandals, including spyware targeting exiled journalists in Latvia, Lithuania, and Poland, an attack on the President of Parliament using Predator, and Graphite infections in Italy, where spyware-infected fake WhatsApp applications have also emerged. Additionally, EU public funds have reportedly been directed towards the surveillance industry itself, as noted by EUobserver.
Enforcement of the EU’s dual-use export regulations remains inconsistent, as evidenced by leaked Bulgarian export licenses issued to governments known for repression. While the EU ostensibly regulates spyware vendors, it also occasionally supports them financially.
NSO Group is currently considering selling Pegasus entirely, which raises further questions about accountability. Regardless of the underlying customers, attacks targeting European individuals continue.
The PEGA committee dedicated two years to documenting the spyware issue in Europe, and one of its own members was compromised during this effort. If this situation does not prompt the urgent response that advocates are seeking, it is difficult to envision what would.
Other articles
EU called on to take action following impact of Pegasus on its spyware investigation.
Activists are urging the European Commission to address Europe's spyware issue after a PEGA committee member was targeted with Pegasus while looking into the matter.
