Spanish government claims prime minister and defence minister targeted with Pegasus spyware last year, as it faces pressure over alleged Catalan hacks
The Spanish government has said the mobile phones of prime minister Pedro Sanchez and defence minister Margarita Robles were infected last year by Pegasus spyware, which its manufacturer says is intended for use by governments to target serious criminals.
In a Monday morning press conference minister for the presidency Felix Bolanos said Sanchez’s phone was targeted in May and June 2021 and that of Robles in June 2021, with data extracted from both devices.
“The interventions were illicit and external. External means carried out by non-official bodies and without state authorisation,” Bolanos said.
He added that the infections had been reported to the justice ministry and that the Audiencia Nacional, the country’s highest criminal court, would pursue the case.
Bolanos’ remarks suggested that the spyware was activated either by unathorised players within Spain or from abroad.
“These facts have been confirmed and are irrefutable,” Bolanos said. He declined to further clarify who was suspected to be behind the hacks or to engage in “supposition or conjecture” about their motivation.
The phones of other members of the government are being examined to look for further possible hacks.
Spain’s government is currently facing intense pressure over how Pegasus, which is sold by Israel’s NSO Group, allegedly came to be used to monitor the phones of more than 60 members of the Catalan independence movement, including Catalan president Pere Aragones and three of his predecessors.
Following the disclosure of those hacks last month by Canada’s Citizen Lab, the minority government’s key ally in parliament, Catalonia’s pro-independence party ERC, said it would not support the government until it takes measures to restore confidence.
Catalan president Aragones said in a Monday statement: “When the mass surveillance is against the Catalan independence movement, we only hear silence and excuses. Today everything is done in a hurry.
“But the double standard here is clear. It seems that against the independence movement anything is accepted.”
The Catalan government has blamed Spain’s National Intelligence Centre (CNI) for the hacks, with the CNI saying its operations are overseen by the supreme court and that it acts “in full accordance with the legal system, and with absolute respect for the applicable laws”.
The Spanish government has promised an internal CNI investigation into the matter, with Spain’s public ombudsman opening a separate investigation.
NSO Group said it would investigate “any suspicion of misuse” of its software and would cooperate with any governmental investigation.
“NSO’s firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools,” the company stated.
The European Union’s data regulator has called for a ban on Pegasus over allegations it has been abused by governments to spy on rights activists, journalists and politicians.
NSO Group was placed on a US blacklist in November 2021 after French non-profit Forbidden Stories alleged that multiple journalists and activists, including American citizens, had been hacked by foreign governments using the spyware.