Skip to main content

Pegasus: Catalan president targeted by Israeli spyware

Citizen Lab report finds that at least 65 pro-Catalan independence individuals were targeted by the software, including Catalan presidents
The Catalan regional president, Pere Aragones, at the Catalan regional government headquarters in Barcelona, on 15 September 2021 (AFP)
The Catalan regional president, Pere Aragones, at the Catalan regional government headquarters in Barcelona, on 15 September 2021 (AFP)

A new investigation by CitizenLab has found that the Catalan president, Pere Aragones, was hacked by the NSO Group’s Pegasus software in one of Europe’s most significant phone-hacking cases. 

The report by Citizen Lab, a research group that focuses on high-tech human rights abuses, said they found that at least 65 pro-Catalan independence individuals were targeted by the Israeli software, including all Catalan presidents since 2010, when some were still in office.

Four others were infected with a similar phone hacking software called Candiru, another secretive Israel-based company that sells spyware to governments. 

The hacking, Citizen Lab found, happened during “political negotiations and debates” over Catalonian independence.

The Pegasus software, developed by the Israeli NSO Group, allows governments to access the phones or laptops of activists and journalists worldwide, allowing operators to view messages, contacts, the camera, microphone, and location history. 

Jordan: Activists' phones hacked with Israeli spyware Pegasus, say privacy groups
Read More »

Gonzalo Boye, a lawyer who has represented numerous Catalan political figures, including former presidents Carles Puigdemont and Quim Torra, was targeted 18 times with Pegasus infection attempts between January and May 2020. 

Some of the attempts carried out via SMS were messages disguised as tweets from organisations like Human Rights Watch, The Guardian, Columbia Journalism Review, and Politico. 

Citizens Lab has collected “more than 200 such messages” that involved operators sending text messages containing malicious links, which, once clicked on, would infect the device through a Pegasus exploit server. 

An analysis of Boye’s phone found that it had an active Pegasus infection as of 30 October 2020 - 48 hours before one of his clients had just been arrested. 

The targeting of the lawyer has raised concerns about a possible violation of lawyer-client privilege. 

The spyware also targeted Catalan members of the European Parliament Toni Comin and Diana Riba. 

Citizen Lab also found that “friends, family members, and associates were also infected as part of relational targeting. The government operating the spyware likely saw their phones as windows into the lives of their primary targets”.

'We are not criminals'

While Citizen Lab has not attributed the hacking to a specific group, they have said that “circumstantial evidence suggests a strong nexus with the government of Spain, including the nature of the victims and targets, the timing, and the fact that Spain is reported to be a government client of NSO Group.”

“We are not criminals,” Aragones told The New Yorker in an interview published Monday on the Pegasus hacking. “What we want from the Spanish authorities is transparency.”

Since the investigation into the global use of the illegal spyware in governments such as Saudi Arabia, Morocco, Bahrain, and the United Arab Emirates, the NSO Group has said that they have no control over how clients use their products or have access to any data they collect and claims to have safeguards in place.

However, critics say the safeguards are insufficient. 

In November 2021, the US blacklisted the NSO Group after saying its activities went against its national security interests.