(CN) — It's a chilling thought: The specter of Stasi-like government surveillance is back in Europe and yet the European Union's leaders are ominously silent about a mushrooming of spyware across the bloc.
The accusation of widespread and illegal spyware use is leveled by a European Parliament committee that's spent the past nine months probing how several European governments have spied on a range of individuals – politicians, journalists, lawyers, activists and business people – by hacking their smartphones under the guise of national security.
“The more we inquire, the bigger we see this issue is,” said Saskia Bricmont, a Belgian Green party parliamentarian and member of the PEGA committee, the panel investigating spyware.
“It's related to business, to the political level,” she said in a telephone interview. “It touches on the independence of the judiciary; it touches on access to justice for victims.”
It's a murky world connecting power brokers, spy agencies, police forces, technology experts, mercenary intelligence agents, money and corrupt governments.
The scale of spyware abuse remains far from known, but the committee's 159-page draft report paints a disturbing picture of a largely unregulated market of spyware tools being sold by companies in the EU and deployed by EU governments. Spyware is very expensive, costing millions of dollars to purchase.
The report asserted it can be “safely assumed” that all 27 EU nations “have purchased one or more commercial spyware products” and that Europe has become a hub for spyware exports to countries with dreadful human rights records.
Four countries – Poland, Hungary, Spain and Greece – are accused of engaging in illegal spyware use by hacking the phones of journalists, politicians, lawyers, activists and others. In Poland, Hungary and Greece, the phones of a range of government adversaries were allegedly hacked; in Spain, politicians, activists and others involved in Catalonia's drive for independence were alleged targets.
At least 14 of the 27 EU countries purchased Pegasus spyware, a highly sophisticated program developed by NSO Group, a major Israeli security firm with links to Israel's military intelligence, the report said. NSO has branches in Bulgaria and Cyprus.
Pegasus was designed to easily take over smartphones and extract all their contents without the individual who's targeted even making a single click, a so-called “zero-click attack.”
A massive scandal over Pegasus erupted in July 2021 with the release of a blockbuster report by a consortium of journalists and Amnesty International. The consortium's reports were based on a leak of more than 50,000 phone numbers allegedly spied on by governments around the world that purchased Pegasus.
The investigation found governments were using Pegasus to not only spy on suspected criminals and terrorists but also on journalists, human rights activists, lawyers, politicians, academics, business people, members of royal families and even the heads of state, including French President Emmanuel Macron, the consortium said.
More revelations arrived.
In December 2021, Citizen Lab, a University of Toronto-based research group that investigates digital espionage, and Meta, the parent company of Facebook, reported on their findings about Predator, a cheaper version of Pegasus sold by Intellexa, a company founded by Tal Dilian, a former Israeli intelligence officer who'd set up business in Cyprus before he moved his operations to Greece.
In the parliamentary report, other spyware companies come to light too: In Austria, there's DSIRF, a large spyware provider with close ties to former Chancellor Sebastian Kurz; Tykelab is an Italian spyware company; FinFisher, now defunct, operated from Germany; in Lithuania, Anatoly Hurgin, an Israeli-Russian former Israeli military engineer and co-developer of Pegasus, has set up a suspected spyware company called UAB.
The parliamentary report charges that the spyware market has thrived in the EU's open markets and border-free zone that's allowed opaque companies to take advantage of favorable banking and tax regimes inside the EU while also an exporting spyware to countries, including dictatorships, around the world.