Catalangate featuring in European Parliament inquiry to investigate Pegasus
Experts admit it is ‘challenging’ to know origin of spyware attacks, and say NSO may also have access to information hacked
Catalangate featured in the second session of the European Parliament’s committee of inquiry to investigate the use of Pegasus and equivalent surveillance spyware, held on Tuesday.
One of the experts explaining how such software works, Constanze Kurz, mentioned the “Spanish case” and the resignation that has already been confirmed, referring to the director of Spain’s intelligence agency (CNI), dismissed earlier on Tuesday.
Several MEPs raising questions to the three panelists participating in the meeting also implicitly referred to Catalangate, including former Catalan president Carles Puigdemont.
The exiled politician wondered whether data obtained by courts using Pegasus should be treated as true in legal procedures, and also warned that information hacked is not only accessible by clients of the software, but also by the company in charge of the service, the Israeli NSO Group.
He made these comments after another expert appearing in the session, Adam Haertle, told MEPs that “most likely” the company also has access to the servers where the data hacked is stored in order to troubleshoot potential issues. “Yet, I am unable to say if they are checking it or not,” he added.
Several MEPs, such as pro-independence Esquerra’s Diana Riba, wanted to look into who might be behind the attacks. Indeed, the Catalan representative, who was herself a victim of the scheme according to the investigation led by CitizenLab research group and published by The New Yorker magazine on April 18, wondered if it was possible to know the owner of the operator of each attack.
While experts found consensus in saying it is “challenging” to identify the perpetrators of espionage using Pegasus or similar software due to the use of “proxy servers to disguise the origin of the attacks,” Bill Marczak, from CitizenLab, said there are techniques to group attacks per operator and see where this operator is targeting from. Given that the “default licence for Pegasus users is spying on phones from the same country,” a solid hypothesis can be built.