WARSAW, Poland ( Associated Press) – Polish Sen. Krzysztof Brezza’s mobile phone was hacked nearly three dozen times in 2019 with military-grade spyware while he was campaigning for the opposition against a right-wing populist government in parliamentary elections, an internet watchdog said. met.
Text messages stolen from Brezza’s phone – then manipulated into a smear campaign – were broadcast by state-controlled TV in the heat of the race, which was won by the ruling party. With the hacking exposed, Brezza now questions whether the election was fair.
This is the third discovery by the University of Toronto’s non-profit Citizen Lab that a Polish opposition figure was hacked. With Pegasus spyware from Israeli hacking tools firm NSO Group. Brezza’s phone was digitally broken 33 times from April 26, 2019 to October 23, 2019, said researchers at Citizen Lab, who have been tracking government misuse of NSO malware for years.
The other two hacks were identified earlier this week following a joint Citizen Lab-associated press investigation. All three victims blame the Polish government, which has refused to confirm or deny that it ordered the hack or is a customer of the NSO Group. State Security Services spokesman Stanislav Zarin insisted Thursday that the government does not illegally wiretap and obtain court orders in “appropriate cases”. He said that any suggestions that the survey was conducted by the Polish government for political purposes were false.
NSO, which was blacklisted by the US government Last month, says it only sells its spyware to legitimate government law enforcement and intelligence agencies for use by Israel’s Defense Ministry against terrorists and criminals. It did not name its customers and would not say whether Poland is among them.
Citizen Lab said it believes NSO keeps logs of intrusions so that an investigation can determine who was behind the Polish hack.
In response to the revelations, EU lawmakers said they would accelerate efforts to investigate any misuse of Pegasus spyware by member states.
The other two Polish victims are Eva Vrzocek, an outspoken prosecutor fighting undermining the judicial independence of an increasingly rigid government, and Roman Geertic, a lawyer who represented senior leaders of Breja’s party, the Civic Platform, in sensitive cases. Is.
Prime Minister Mateusz Morawiecki on Wednesday dismissed the revelations that Girtic and Vrzocek were hacked as “fake news”. Justice Minister Zbigniew Ziobrow expressed no information about “illegal actions aimed at surveillance of civilians”, but added that Poland was “not helpless” in taking action against those suspected of crimes.
Giertych was hacked 18 times, even for the 2019 parliamentary elections, which the ruling Law and Justice party won by a razor-thin margin, continuing a dangerous erosion of democracy in a country where a popular 1980s protest The movement heralded the eventual collapse. of the Soviet Empire.
Citizen Lab senior researcher John Scott-Railton said the rapid pace of Brezza and Geertic’s hacks “indicates an extreme level of surveillance” that raises pressing questions about abuses of power. Pegasus gives its operators full access to mobile devices: they can extract passwords, photos, messages, contacts and browsing history, and activate the microphone and camera for real-time hiding.
“My heart sank with every case we find. It seems to confirm our worst fears: even when used in a democracy, such Spyware has almost irreversible abuse potential,” Scott-Railton said.
Other confirmed victims include Mexican and Saudi journalists, British lawyers, Palestinian human rights activists. Head of State and U.S. diplomat based in Uganda.
An NSO spokesperson said on Thursday that “the company does not know nor can it know who its customers are targeting, yet implements measures to ensure that these systems are used only for authorized uses.” It is done,” claiming zero tolerance for governments abusing it. NSO says it has terminated several contracts from governments that have abused Pegasus but has not publicly named anyone.
And yet, Citizen Lab notes, the list of cases continues to grow.
Brezza, a 38-year-old lawyer, told the Associated Press that the data stolen from his phone as chief of staff of the opposition coalition’s parliamentary campaign no doubt provided important strategy insights, combined with the blurring effort against him. Formally prevents “a fair electoral process.”
Text messages stolen from Brezza’s phone were manipulated to appear as if he had created an online group that spreads hateful anti-government propaganda, and reports in state-controlled media cited the changed texts. But the group didn’t really exist.
Brezza says he now understands where he got TVP state television.
“This operation ruined the work of the staff and destabilized my operation,” he said. “I don’t know how many votes it took from me and the whole coalition.”
Brezza won his Senate seat in that October 2019 race. But since the ruling party rests on the more powerful lower house of parliament, it has further distanced Poland from EU standards of liberal democracy.
Election observers from the Organization for Security and Co-operation in Europe said at the time that control of state media gave the ruling party an unfair advantage but called the elections essentially free. They didn’t know about hacking.
Brezza has kept the ruling Law and Justice Party on its heels since taking power in 2015. For example, he has disclosed the huge bonuses given to senior government officials. In another case, he disclosed that the Postal Service sent tens of thousands of dollars to a company linked to ruling party leader Jaroslav Kaczynski. Brezza fears the hacking could compromise the whistleblowers who approached him with evidence.
The NSO Group is facing tough financial and legal challenges – after governments used Pegasus spyware to spy on dissidents, journalists, diplomats and human rights activists from countries including Saudi Arabia, the United Arab Emirates – in which debt Including the risk of default on more than $300 million. , Mexico and the United States, whose blacklisting effectively barred American companies from supplying technology to the Israeli firm.
Apple last month sued NSO, which was intent on preventing breaches of its operating system, including the so-called zero-click hack, which can compromise devices without user interaction. Apple alerted many users around the world that they have been hacked. In 2019, Facebook sued the Israeli firm over allegations of hacking the globally popular WhatsApp Messenger app.
Dutch EU MP Sophie told the Associated Press on Wednesday in ‘te veld’ that a committee has opened hearings on Pegasus and that revelations from Poland “will only help expedite the process.”
“EU governments using spyware on political opponents and critics is unacceptable,” he tweeted, accusing the European Commission – the EU’s executive arm – of “advertising the issue”. She wants to ban such practices in the 27-nation bloc.
However, this can be difficult, as national security matters are outside EU jurisdiction, said Lukasz Olejnik, a cybersecurity consultant who has worked with the International Red Cross. He said some member states are apt to argue that the EU cannot prohibit the use of digital surveillance tools to that end.
Bajaj reported from Boston. Associated Press reporter Calvin Chan contributed from London and Joseph Federman from Jerusalem.