Presidents, MPs, civil society activists: over 60 Catalans phones infected with spyware

The Catalan president, Pere Aragonès, is one of more than 60 Catalan pro-independence activists who have been victims of spyware. While serving as the vice president of Catalonia during Quim Torra’s mandate, the current leader was infected with Israeli NSO Group’s software, Pegasus, as was reported by The New Yorker magazine and by The Citizen Lab on Monday.

Aragonès, as well as all the Catalan presidents since 2010, have all been directly or indirectly affected by the software. Quim Torra’s phone was infected while he was serving as president, while former president Artur Mas was attacked after leaving office. 

Now based in Belgium, former president Carles Puigdemont was not directly affected but the phones of up to 11 of his close associates, including his spouse, were infected with the spyware. 

His wife was infected "at least twice," the Citizen Lab reports read, once on or around October 7, 2019 and the second time on July 4, 2020. 

Citizen Lab is an investigative organization based at the University of Toronto that focuses on high-tech human-rights abuses.

But these are not the only pro-independence leaders whose phones were infected by Pegasus.

Members of the European Parliament

Antoni Comín, former Catalan health minister and current MEP for the Catalan government's junior coalition partner, Junts, as well as Diana Riba of Esquerra Republicana de Catalunya (ERC), Catalonia’s senior coalition member, and ERC’s Jordi Solé, who replaced former vice president Oriol Junqueras as MEP. 

All of their phones were infected, while Junts' MEPs Clara Ponsatí and Carles Puigdemont are likely to have been relational targets.

Ponsatí, who is also the former Catalan education minister, is likely to have been a target as the phone of her parliamentary staff, Pol Cruz, was infected with NSO Group’s software. 

Catalan civil society

Catalan civil society has also been a target of spyware Pegasus. In 2015, the first Pegasus SMS infection attempt was registered. 

The victim was at the time the president of Assemblea Nacional Catalana (ANC or Catalan National Assembly) Jordi Sànchez. He received the SMS, "shortly after a large demonstration in Barcelona," the investigation group pointed out.

Between 2017 and 2020, after the October 1, 2017 referendum, Sánchez received at least 25 more infections attempts. 

Jordi Sánchez is one of the Catalan pro-independence leaders arrested and then pardoned over three years later due to his role in organizing the referendum deemed illegal by Spain. "One of the infections occurred on October 13, 2017, just days before his arrest," The Citizen Lab reports, and the SMS that he received up to 2020 "coincided with days when he was given weekend release from jail." He is one of the five members of the ANC infected with spyware. 

The current president of ANC, Elisenda Paluzie, and board member Sònia Urpí are two of the other victims.

But another Catalan civil society organization that has also been affected by Pegasus is Òmnium Cultural. One of its most prominent targets is Meritxell Bonet, the spouse of former organization president Jordi Cuixart, who was also imprisoned and then pardoned.

While Cuixart was absent from his role, journalist and historian Marcel Mauri became the vice president of the cultural group. "Within ten days of assuming the role, on October 24, 2019, we found evidence of what would be the first of three Pegasus infections of his phone," the report reads. 

Other board members whose phones were infected are Jordi Bosch and Elena Jiménez, the international representative of Òmnium Cultural.  

Lawyers representing Catalan leaders

Pegasus did not stop at Catalan civil society members, but it was also used to infect the phones of lawyers representing Catalan independence leaders such as Carles Puigdemont and former vice president Oriol Junqueras. 

Gonzalo Boye, representing Puigdemont as well as many other Catalan pro-independence figures, received at least 18 infection attempts in only five months, from January to May 2020. He was successfully infected on October 30, 2020 or around that date, the Citizen Lab says. 

Another prominent lawyer whose phone was infected is Andreu Van den Eynde. He represents pardoned leaders such as Oriol Junqueras and Raül Romeva, but also former Catalan parliament speaker and current business minister, Roger Torrent, and Barcelona’s ERC city council leader Ernest Maragall. 

The last lawyer infected - although Citizen Lab cannot determine the date of the infection - is Jaume Alonso-Cuevillas, who has also represented Carles Puigdemont. 

MPs, speakers, and political forces targeted

Roger Torrent is not the only parliament speaker infected with Pegasus. The current speaker, Laura Borràs from Junts party, has also had her phone infected according to The Citizen Lab report. She was targeted while she was a member of the Spanish congress.

Also, a wide range of members of parliament or Catalan politicians from up to five different parties have had their phones infected with Pegasus.

Esquerra Republicana (ERC), with 12 members targeted, and Junts per Catalunya (JxCat), with 11 members targeted, are the main political forces, but there are others. 

Far-left CUP had four members who were targeted, while the centrist Partit Demòcrata Europeu Català (PDeCAT) had three members. The Partit Nacionalista Català (PNC) had one member who was targeted, but they have not been identified.