Spain would have used Pegasus to spy on Catalan separatists


The Canadian research center Citizen Lab published, on April 18, the results of an investigation into the Spanish government’s use of spyware to monitor Catalan separatists.

Between 2017 and 2020, dozens of smartphones belonging to Catalan separatists were targeted and infected with spyware, particularly that of NSO Group, Pegasus. In any case, this is revealed by the Citizen Lab, an interdisciplinary laboratory of the Munk School of the University of Toronto, in Canada, which studies in particular the dangers associated with new technologies. “With the consent of the targets, we obtained forensic artifacts from their devices which we examined for evidence of Pegasus infections.says the lab report. Our forensic analysis allows us to conclude with great confidence that, of the 63 people targeted by Pegasus, at least 51 people were infected.”.

The report explains that every Catalan Member of the European Parliament (MEP) who has supported the region’s independence has been affected either directly by Pegasus or through their relatives. Three MEPs were directly infected, two others had staff, family members or close associates targeted by Pegasus. Among them are Carles Puigdemont, former president of Catalonia between 2016 and 2017, or Jordi Solé, former member of the Parliament of Catalonia. Personalities from civil society, lawyers, journalists, activists, were also monitored. The Citizen Lab does not attribute “conclusively these hacking operations to a particular government”but evokes “a series of circumstantial evidence” that indicate a close connection with one or more entities within the Spanish government.

All suspicion leads to the Spanish government

Indeed, the precise timing of the targeting, between 2017 and 2020, corresponds to events of particular interest to the Spanish government (referendum for the independence of Catalonia, editor’s note). The Spanish counterintelligence would have been a client of the NSO group. Furthermore, the analysis of the content used for these hacks suggests access to the personal information of the targets.

“We also consider it unlikely that a non-Spanish Pegasus customer would undertake such extensive targeting in Spain, using text messages and often impersonating Spanish authorities.says Citizen Lab. Such a multi-year clandestine operation, especially against high-profile figures, poses a high risk of official discovery and would surely entail serious diplomatic and legal repercussions for a non-Spanish government entity.”.

More than 200 SMS analyzed

Also according to Citizen Lab, victims were infected through at least two vectors: no-click exploits and malicious text messages. The use of no-click exploits is particularly difficult to block because a regular user cannot perform any action that will reliably protect him against such attacks. These do not require social engineering, and take advantage of pre-existing flaws in a device or software.

Many victims have been targeted using SMS attacks, with Citizen Lab having collected over 200 such messages, some of them highly personalized and realistic. For example, a message sent to Jordi Baylina included part of his official real tax identification number. Pau Escrich, another victim, received an email mimicking the style of Mobile World Congress (MWC), with a fake link to tickets, which would have allowed, if clicked, to infect the computer or mobile via Candiru , the other spyware spotted in the scan. Other SMS imitated airlines, or Twitter.

“The seriousness of the matter clearly warrants a formal investigation to determine the responsible party, how the hack was authorized, what legal framework governed the hack and what judicial review applied, the true scale of the operation, the uses which had been made of the hacked material, and how the hacked data was handled, including to whom it may have been provided”concludes the Citizen Lab.



Source link -98