EU called to take action following impact of Pegasus on its spyware investigation.
Civil society organizations and Members of the European Parliament (MEPs) are pressing the European Commission for prompt action regarding spyware, following confirmation from Citizen Lab that Stelios Kouloglou, a member of the Parliament’s PEGA spyware investigation, was targeted by Pegasus in both 2022 and 2023. The identity of the attacker remains unknown, the Commission has not commented, and the PEGA committee’s 2023 recommendations are mostly unaddressed. This update follows TNW’s previous article on the hacking incident.
There is increasing pressure on the European Commission to respond to spyware issues, as forensic evidence revealed that one of the EU’s spyware investigators was compromised by Pegasus. Civil society groups released a joint statement insisting that this situation must be met with accountability and not impunity.
Citizen Lab confirmed recently that Stelios Kouloglou, a former Greek MEP, was hacked in October 2022 and again in March 2023. These incidents occurred while he was a member of the PEGA committee, which investigates this type of malpractice.
The attacker has not been identified, and Citizen Lab has no evidence pointing to the Greek government’s involvement. The same email address linked to Pegasus had previously been seen in campaigns aimed at journalists throughout Europe, suggesting it was used by a customer authorized to employ the NSO Group's tool in various nations.
The perpetrator of the hack could have accessed sensitive committee documents and discussions. Lawmakers have labeled this event an attack on the rule of law, and the left grouping in Parliament is calling for stringent EU-wide regulations on spyware usage.
The Commission has not responded to inquiries from TechCrunch and has not publicly addressed how it is implementing the PEGA committee’s 2023 recommendations, which campaigners now seek to resolve with a transparent action plan.
The statement highlights a series of European scandals: spyware targeting exiled journalists in Latvia, Lithuania, and Poland; the targeting of the Parliament president with Predator; and Graphite infections in Italy, where spyware-infested counterfeit WhatsApp applications have appeared. According to EUobserver, EU public funds have also been directed towards the surveillance industry itself.
The enforcement of the bloc’s dual-use export regulations remains inconsistent, as leaked Bulgarian export licenses to repressive governments have demonstrated. Although the EU theoretically regulates spyware vendors, it sometimes financially supports them in practice.
Meanwhile, NSO Group has considered selling Pegasus entirely, raising further questions about accountability. The customers of this tool continue to target individuals in Europe.
The PEGA committee spent two years addressing Europe’s spyware challenges, and one of its own members was compromised in the process. If this doesn’t prompt the urgent response that campaigners are advocating for, it’s hard to envision what might.
Other articles
EU called to take action following impact of Pegasus on its spyware investigation.
Campaigners are urging the European Commission to address the spyware crisis in Europe following an incident where a member of the PEGA committee was hacked using Pegasus while looking into the matter.
