One of Catalonia’s most senior politicians has been warned that his mobile phone was targeted using spyware its makers say is only sold to governments to track criminals and terrorists.
A joint investigation by the Guardian and El Pais has revealed that Catalan parliament President Roger Torrent and at least two other pro-independence supporters were told they were targeted last year in what experts said was a “possible case of domestic political espionage” in Europe.
According to a US lawsuit, the spyware exploited a previous vulnerability in WhatsApp software that would have given the operator potential access to everything on the target’s mobile phone — including e-mails, text messages and photographs.
Photo: Reuters
It could also have turned on the phone’s recorder and camera, turning it into a listening device.
Torrent, who was warned about the targeting by researchers working with WhatsApp, said it seemed clear the “Spanish state” was behind the alleged attack on his phone, and that he believed it had most likely occurred without any judicial authority.
WhatsApp believes the attacks occurred over a two week period in April to May last year, when a total of 1,400 of its users were allegedly targeted by the Pegasus spyware sold by Israeli company NSO Group.
The popular messaging app claims more than 100 members of civil society, including journalists in India, human rights activists in Morocco, diplomats and senior government officials, are alleged to have been affected.
WhatsApp has launched a lawsuit against NSO Group in the US. NSO Group insists its spyware is only sold to government clients for the purpose of tracking down terrorists and other criminals.
It has said that it has no independent knowledge of how those clients, which in the past have reportedly included Saudi Arabia and Mexico, use its hacking software.
Until now, it has not been suggested that any European country used NSO Group’s software in last year’s attacks, but in an interview, Torrent expressed dismay that he might have been surveilled by the Spanish state.
“It seems wrong that politicians are being spied on in a democracy with the rule of law,” Torrent said. “It also seems to me to be immoral for a huge amount of public money to be spent on buying software that can be used as a tool for the persecution of political dissidents.”
The Guardian and El Pais contacted several Spanish authorities for comment.
The Spanish National Intelligence Centre said in a statement that it acts “in full accordance with the legal system, and with absolute respect for the applicable laws” and that its work is overseen by the Spanish Supreme Court.
In addition to Torrent, researchers at Citizen Lab at the University of Toronto Munk School — who collaborated with WhatsApp after the alleged hacking attempts were discovered — alerted two other pro-independence individuals last year that they had been targeted.
One, Anna Gabriel, is a former regional lawmaker for the far-left, anti-capitalist Popular Unity Candidacy party, who is living in Switzerland after fleeing Spain because of her alleged involvement in organizing the illegal Catalan referendum.
Her lawyer said in a statement that Gabriel received notice last year from Citizen Lab that her phone had been targeted.
Another target, Jordi Domingo, received a notice from WhatsApp that his phone had been targeted. Although Domingo is an activist who supports Catalan independence, he said in an interview that he did not consider himself to be a key figure and that he believed the true target of the attempted hack might have been a prominent lawyer who shares his name and helped to draft the Catalan constitution.
In a statement, the Spanish prime minister’s office said: “The government has no evidence that the speaker of the Catalan parliament, Roger Torrent, the former MP Anna Gabriel and the activist Jordi Domingo have been the targets of hacking via their mobiles.”
John Scott-Railton, a senior researcher at Citizen Lab who has closely monitored the use of NSO Group’s spyware and collaborated with WhatsApp to engage members of civil society targeted by last year’s attack, confirmed that Torrent had been targeted using NSO’s spyware.
“Given the nature of this attack and the limited information collected by WhatsApp on its users, we can confirm that the telephone was targeted. However, additional investigation would be necessary to confirm that the phone was hacked. At this time we have no reason to believe that it wasn’t,” Scott-Railton said.
“This case is extremely troubling because it suggests that possible domestic political espionage was taking place, and certainly we look forward to continuing to investigate the targeting that happened in Spain,” he added.
IDENTITY: A sex extortion scandal involving Thai monks has deeply shaken public trust in the clergy, with 11 monks implicated in financial misconduct Reverence for the saffron-robed Buddhist monkhood is deeply woven into Thai society, but a sex extortion scandal has besmirched the clergy and left the devout questioning their faith. Thai police this week arrested a woman accused of bedding at least 11 monks in breach of their vows of celibacy, before blackmailing them with thousands of secretly taken photos of their trysts. The monks are said to have paid nearly US$12 million, funneled out of their monasteries, funded by donations from laypeople hoping to increase their merit and prospects for reincarnation. The scandal provoked outrage over hypocrisy in the monkhood, concern that their status
The United States Federal Communications Commission said on Wednesday it plans to adopt rules to bar companies from connecting undersea submarine communication cables to the US that include Chinese technology or equipment. “We have seen submarine cable infrastructure threatened in recent years by foreign adversaries, like China,” FCC Chair Brendan Carr said in a statement. “We are therefore taking action here to guard our submarine cables against foreign adversary ownership, and access as well as cyber and physical threats.” The United States has for years expressed concerns about China’s role in handling network traffic and the potential for espionage. The U.S. has
A disillusioned Japanese electorate feeling the economic pinch goes to the polls today, as a right-wing party promoting a “Japanese first” agenda gains popularity, with fears over foreigners becoming a major election issue. Birthed on YouTube during the COVID-19 pandemic, spreading conspiracy theories about vaccinations and a cabal of global elites, the Sanseito Party has widened its appeal ahead of today’s upper house vote — railing against immigration and dragging rhetoric that was once confined to Japan’s political fringes into the mainstream. Polls show the party might only secure 10 to 15 of the 125 seats up for grabs, but it is
The US Department of Education on Tuesday said it opened a foreign funding investigation into the University of Michigan (UM) while alleging it found “inaccurate and incomplete disclosures” in a review of the university’s foreign reports, after two Chinese scientists linked to the school were separately charged with smuggling biological materials into the US. As part of the investigation, the department asked the university to share, within 30 days, tax records related to foreign funding, a list of foreign gifts, grants and contracts with any foreign source, and other documents, the department said in a statement and in a letter to
RSS