Spanish Ombudsman to Probe Pegasus Spyware Claims

Written by

A government regulator is set to investigate claims that the Spanish authorities used notorious Israeli-made spyware to snoop on separatist politicians from the Catalonia region, according to reports.

The ombudsman, which is tasked with holding public institutions to account, said on Sunday that it would look into the allegations – specifically, “a possible inappropriate use of the Pegasus software tools” that may have put “fundamental rights” at risk, according to Reuters.

Minister for the presidency Felix Bolanos is quoted as saying that the government in Madrid has a “clear conscience and nothing to hide” and that its intelligence agency, the CNI, will launch its own internal investigation.

Earlier this month, Canadian non-profit Citizen Lab claimed to have identified 65 individuals targeted or infected with Pegasus and Candiru, another type of spyware. It also found evidence of “Homage,” a previously undisclosed iOS zero-click vulnerability used by Pegasus-maker NSO Group.

Victims are said to have included members of the European Parliament, legislators, jurists, members of civil society organizations and, on some occasions, family members.

They also included every Catalan president since 2010, either before, during or after serving their term.

The incidents reportedly took place between 2017 and 2020, when the Catalan independence movement was gaining steam. An illegal referendum held in 2017 resulted in jail time for many of the leaders of the movement.

“At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government, however a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government,” the non-profit claimed.

“We judge it unlikely that a non-Spanish Pegasus customer would undertake such extensive targeting within Spain, using SMSes, and often impersonating Spanish authorities. Such a multi-year clandestine operation, especially against high-profile individuals, has a high risk of official discovery, and would surely lead to serious diplomatic and legal repercussions for a non-Spanish government entity.”

What’s hot on Infosecurity Magazine?