The Spanish government said on Monday that the mobile phones of Prime Minister Pedro Sánchez and the Defence Minister Margarita Robles were infected last year with Pegasus spyware that is only available to government agencies in an unauthorised operation.
In a hastily convened news conference, Félix Bolaños, presidency minister, said that Sánchez’s phone was breached twice in May 2021, and Robles’ device was targeted once the following month.
Bolaños said that the government knows that during the first infection, hackers got 2.6 GB of information from Sánchez’s phone, and 130 MBs during the second one. Attackers also took 9 MBs from Robles’ device.
‘We want the judiciary to investigate, so we can find out the truth … which is why we have made all of this information available,’ Bolaños added.
He said the breaches resulted in a significant amount of data being obtained, and that reports detailing the hacking have been transferred to Spain’s National Court for further investigation.
‘We have no doubt that this is an illicit, unauthorised intervention,’ Bolaños said. ‘It comes from outside state organisms and it didn’t have judicial authorisation.’
Spain’s PSOE socialist-led government is already under pressure to explain why the phones of dozens of people connected to the Catalan independence movement were infected with Pegasus between 2017 and 2020, according to Citizen Lab, a cybersecurity group of experts affiliated with the University of Toronto, and in what has been termed ‘CatalanGate’.
Those revelations involve at least 65 people, including elected officials, lawyers and activists, targeted with the software of two Israeli companies, Candiru and NSO Group, the developer of Pegasus.
Pegasus spyware can be used to take remote control of someone’s phone. The software can activate the video and photo camera, the microphone, as well as see all your communications and take screenshots at any time.
The difference between this spyware and other ones is the ‘zero-click’ option. You could, for example, receive a WhatsApp video call, and the spyware would be installed automatically without doing anything, not even picking up the call.
The Catalan government has accused Spain’s National Intelligence Centre (CNI), of spying on pro-independence politicians and activists, and declared that relations with national authorities were ‘on hold’ until full explanations are offered and those responsible are punished. Also read: Catalan government rejects spying investigation, demands resignations.
The central government has pledged ‘full transparency’, an internal probe by the country’s intelligence agency, and a separate investigation by Spain’s ombudsman.
A special parliamentary commission on state secrets has also been established and the head of CNI is expected to be questioned by MPs later this week, although discussions around state security issues are not meant to be publicised.
Citizen Lab’s full report: CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru.
Click here for all our reports related to Catalan independence.