European politician probing spyware abuses hacked with Pegasus
What's the story
Stelios Kouloglou, a former member of the European Parliament (MEP) from Greece, was targeted by NSO Group's hacking software while investigating spyware abuses in Europe. The Citizen Lab at the University of Toronto revealed this shocking revelation. However, they could not link the attacks on Kouloglou to any specific government operator of Pegasus spyware.
Committee involvement
Kouloglou was part of the Pega committee
Kouloglou was part of a special European parliamentary committee called Pega, which was set up in March 2022 after the Pegasus Project exposed how governments were using NSO Group's Pegasus spyware to target journalists, activists, politicians, and other civil society members. The committee's mission was to investigate the use of spyware in violation of EU law.
Device compromise
Kouloglou's device hacked during hospital stay
Citizen Lab reported that Kouloglou's mobile device was first compromised on October 21, 2022. This was during a particularly intense period of activity in Pega's deliberations and investigations. The hacking coincided with his hospitalization for elective surgery where he met Greek investigative journalist Thanasis Koukakis. The latter had been working on mercenary spyware stories in Greece amid a major scandal involving illegal targeting of over 80 people including politicians, journalists, and military officials.
Continued attacks
Device hacked again in March 2023
Citizen Lab also reported that Kouloglou's device was hacked again on March 6 and 7, 2023. This was when Pega was heavily discussing the final drafting of its report. The attack coincided with his travel from Athens to Brussels. This case marks the first known instance of a member of the Pega committee being targeted by spyware, Citizen Lab said.
Research impact
More parliamentarians may be hacked in future
John Scott-Railton, a senior researcher at Citizen Lab, said, "This case is the ultimate irony of Europe's spyware crisis. Someone on the very committee tasked with investigating Pegasus gets infected by it." He also warned that there could be more hacked parliamentarians in future as members may unknowingly attend high-level meetings with their phones turned into spies.