We already knew that several figures of the Catalan independence movement, including the former spokesperson for the regional government, had seen their phones infected in 2019 by the Pegasus spyware. A vast investigation by the Citizen Lab of the University of Toronto, which specializes in the detection of surveillance software, reveals, however, on Monday April 18, that these are, in fact, several dozen people, directly or indirectly linked to the Catalan separatist movement. , which have been spied on.
Among the victims identified are three Catalan MEPs (Antoni Comin, Diana Riba and Jordi Solé), but also lawyers, or members of Parliament and the regional government. Elected officials or candidates from at least five political parties have been identified: Junts per Catalunya (independence, centre), Esquerra republicana de Catalunya (independence, left), Candidatura d’unitat popular (independence, radical left), Partit democrata europeu català (separatist, centre), Partit nacionalista de Catalunya (separatist, centre-right).
The investigation confirmed that at least 63 different people were targeted by the powerful Israeli spyware, and a scan of phones confirmed infection in 51 cases. Traces of a Pegasus infection are more easily detectable on Apple phones than on Android phones.
“In Spain, around 80% of smartphone users have Android, and this is reflected in the individuals we contactednote le Citizen Lab. Since our Pegasus detection tools are more advanced for iOS devices [Apple], we believe that our report greatly underestimates the number of people who have been targeted and infected by Pegasus. »
The track of the Spanish intelligence services
Several people have also been targeted or hacked, not for their political activity, but for the links they have with Catalan elected officials. Several members of the entourage close to the independence leader Carles Puigdemont, who has lived in Belgium since the failure of the attempt to proclaim independence in 2017, are thus among the targets of Pegasus. In addition to those of his main political collaborators, the phones of his wife and his lawyer were also infected, according to analyzes by Citizen Lab. The overwhelming majority of confirmed infections took place in 2019 and 2020. A dozen senior Catalan politicians were, at the time, the subject of legal proceedings in Spain for “rebellion”; almost all were pardoned in September 2021.
Who ordered these particularly intrusive surveillance, using software capable of sucking up all the content of a phone? The Citizen Lab is not “not able to attribute with certainty the responsibility for these hacks to a specific government, but a body of circumstantial evidence points in the direction of one or more entities within the Spanish government”. Those affected all had “an obvious interest for the Spanish government” and were targeted at times that correspond to events of specific interest to the authorities.
In addition, those responsible for these hacks used particularly well-designed fake SMS to trick their targets. Pegasus can, under certain circumstances, infect phones without requiring any action from the user, but more often than not sending a booby-trapped message is required to infect Android phones. Some examples collected by the Citizen Lab were particularly well done, and used personal information, such as the victim’s national identification number, easily accessible to an intelligence service.
The elements made public by the Citizen Lab point in the direction of the Centro nacional de inteligencia, the internal and external intelligence service of Spain, which depends on the Ministry of Defense. “We also consider it unlikely that a Pegasus customer who is not Spanish would be able to target people in the country, using text messages that sometimes impersonate the Spanish authorities. A clandestine operation of this magnitude, targeting people at high risk, would be extremely risky.”estime le Citizen Lab.
In a statement, the Spanish Interior Ministry said that no security service under its responsibility “had never had any relationship or contract with NSO”the publisher of Pegasus. “In Spain, all interception of communications is carried out under the regime of a judicial warrant and respects the law”says the ministry.
Commission of Inquiry in the European Parliament
The analysis of the computers of elected officials and Catalan activists also enabled the researchers to discover four attempts at infection by Candiru, another Israeli software, which makes it possible to spy on Windows computers. Two of the victims are co-founders of Vocdoni, an online voting software used by Omnium cultural, a major association for the promotion of Catalan language and culture.
Also listen Pegasus: at the heart of a global investigation into spying on phones
The Citizen Lab revelations provoked strong political reactions, in Spain but also at European level, while a European parliamentary inquiry committee on Pegasus was set up in early March – a meeting of this committee is precisely scheduled for Tuesday 19 april. The Reuters news agency also revealed on April 11 that the European Commissioner for Justice, Didier Reynders, had also been targeted by Pegasus.
The Greens group in the European Parliament, in which sit two of the three MEPs spied on, called an immediate new investigation and a ban on the use of spyware. Green MEPs have been, for several years, among the most critical of the use of this software, which certain security services consider essential, but which are also conducive to abuses.
In July 2021, an international consortium of newsrooms, including The worldhad revealed that the NSO Group software had been used by a dozen countries to monitor political opponents, journalists or lawyers, and to engage in diplomatic or economic espionage.