TechDigits

Tech news
Thursday, Mar 28, 2024

Polish opposition duo hacked with NSO spyware

Polish opposition duo hacked with NSO spyware

The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.

In both instances, the invader was military-grade spyware from NSO Group, the Israeli hack-for-hire outfit that the U.S. government recently blacklisted, say digital sleuths of the University of Toronto-based Citizen Lab internet watchdog.

Citizen Lab could not say who ordered the hacks and NSO does not identify its clients, beyond saying it works only with legitimate government agencies vetted by Israel's Defense Ministry. But both victims believe Poland’s increasingly illiberal government is responsible.

A Polish state security spokesman, Stanislaw Zaryn, would neither confirm nor deny whether the government ordered the hacks or is an NSO customer.

Lawyer Roman Giertych and prosecutor Ewa Wrzosek join a list of government critics worldwide whose phones have been hacked using the company’s Pegasus product. The spyware turns a phone into an eavesdropping device and lets its operators remotely siphon off everything from messages to contacts. Confirmed victims have included Mexican and Saudi journalists, British attorneys, Palestinian human rights activists, heads of state and Uganda-based U.S. diplomats.

But word of the Poland hacking is especially notable, coming as rights groups are demanding an EU-wide ban on the spyware. The 27-nation European Union has tightened export restrictions on spyware, but critics complain that abuse of it by EU member states urgently needs to be addressed.

Citizen Lab previously detected multiple infections in Poland dating from November 2017, though it didn't identify individual victims then. The Pegasus spyware has also been linked to Hungary, which like Poland has been denounced for anti-democratic abuses. Germany and Spain are reportedly among NSO's customers, with Catalan separatists accusing Madrid of targeting them with Pegasus.

“Once you start aggressively targeting with Pegasus, you’ll join a fraternity of dictators and autocrats who use it against their enemies and that certainly has no place in the EU,” said senior researcher John-Scott Railton of Citizen Lab.

Former EU parliament member Marietje Schaake of the Netherlands, now international cyber policy director at Stanford University, said: “The EU cannot credibly condemn human rights violations in the rest of the world while turning a blind eye to problems at home.”

The Polish targets see the hack as evidence of a perilous erosion of democracy in the very nation where Soviet hegemony began unraveling four decades ago.

Just hours before Zaryn answered emailed questions about the hack from The Associated Press, a provincial prosecutor filed a motion seeking the arrest of Giertych, the lawyer, in a financial crimes investigation.

Zaryn did not comment on whether the two matters might be related. He said Poland conducts surveillance only after obtaining court orders.

“Suggestions that Polish services use operational methods for political struggle are unjustified,” Zaryn said.

An NSO spokesperson said Monday that the company is a “software provider, the company does not operate the technology nor is the company privy to who the targets are and to the data collected by the customers.” Citizen Lab and Amnesty International researchers say, however, that NSO appears to maintain the infection infrastructure.

The company spokesperson also called the allegations of Polish misuse of Pegasus unclear: “Once a democratic country lawfully, following due process, uses tools to investigate a person suspected in committing a crime, this would not be considered a misuse of such tools by any means.”

In July an investigation by a global media consortium found Pegasus was used in Hungary to hack at least 10 lawyers, an opposition politician and several journalists. Last month, a Hungarian governing party official acknowledged that the government had purchased Pegasus licenses.

In 2019, independent Polish broadcaster TVN found evidence the government anti-corruption agency spent more than $8 million on phone spyware. The agency denied the report but Prime Minister Mateusz Morawiecki was more ambiguous, saying all would “be clarified in due time.”

In the last four months of 2019, Giertych was hacked at least 18 times, Citizen Lab found. At the time, he was representing former Prime Minister Donald Tusk of Civic Platform, now head of the largest opposition party, and former Foreign Minister Radek Sikorski, now a European Parliament member.

The “jaw-droppingly aggressive” tempo and intensity of the targeting — day-by-day, even hour-by-hour — suggested “a desperate desire to monitor his communications,” Scott-Railton said. It was so unrelenting that the iPhone became useless and Giertych abandoned it.

“This phone was with me in my bedroom and it was with me when I went to confession. They scanned my life totally,” he said.

Most of the hacks occurred just ahead of an Oct. 13, 2019, parliamentary election that the Law and Justice party of Jaroslaw Kaczynski won by a slim margin, leading to a further erosion of judicial independence and press freedom.

Giertych was also involved representing an Austrian developer at the time who claimed that Kaczynski, Poland’s most powerful politician, stiffed him as a deal to build twin business towers in Warsaw fell apart. Revelations of that deal-gone-sour triggered a scandal because Polish law bans political parties from profit — and the towers were to be built on land owned by Kaczynski's party.

Giertych also represented Sikorski in an illegal w iretapping case in which the former foreign minister's conversations were recorded and published; Sikorski alleges the government failed to investigate the possible involvement of Kaczynski allies. Last year, anti-corruption officials searched Giertych's home and office in a manner a Polish court deemed illegal and the EU called emblematic of how Poland's government treats hostile lawyers in politically sensitive cases.

When the Lublin regional prosecutor applied for a court order Monday seeking Giertych's arrest, it said the lawyer had refused to appear for questioning, and seemed to be “deliberately hiding from justice.”

Giertych called this absurd and said the financial wrongdoing investigation was trumped-up, that a Poznan court had already dismissed it for lack of evidence. Prosecutors say he is suspected of money laundering for legal fees he received in a Warsaw property dispute case a decade ago.

Citizen Lab was still investigating how Giertych’s phone was infected but said it expects a “zero-click” vulnerability, which wouldn't involve user interaction. They believe Wrzosek was similarly hacked. Citizen Lab found six intrusions on her phone from June 24-Aug. 19.

Last year, Wrzosek ordered an investigation into whether presidential elections should be postponed over concerns they could threaten the health of voters and election workers. Almost immediately, she was stripped of the case and transferred to the distant provincial city of Srem with two days’ notice.

"I didn’t even know where the city was and I had nowhere to live there,” said Wrzosek, who was hacked shortly after returning to Warsaw and resuming media appearances critical of the government.

A vocal member of an independent prosecutors' association, Wrzosek learned she’d been hacked — and tweeted about it -- when Apple sent out alerts last month to scores of iPhone users across the globe targeted by NSO’s Pegasus, including 11 U.S. State Department employees in Uganda. In a lawsuit it filed the same day, Apple called NSO “amoral 21-century mercenaries.” In 2019, Facebook sued the Israeli firm for allegedly hacking its globally popular WhatsApp messenger app.

Wrzosek has filed an official complaint but doesn’t expect prompt accountability, believing “the same services that tried to break into my phone will now be conducting the proceedings, looking for perpetrators.”

Ewa Wrzosek, a Polish prosecutor, stands outside her office holding her phone, in Warsaw, Poland, on Thursday, Dec. 16, 2021. Wrzosek, a prosecutor who is resisting a political takeover of the system of state prosecution, and an erosion of judicial independence more broadly under Poland's right-wing populist government, was the target of cellphone eavesdropping this year. She and a prominent Polish lawyer have become the first two confirmed cases involving the use of Pegasus military grade spyware against targets in Poland, where an illiberal government is eroding democratic norms.


Roman Giertych, a prominent Polish lawyer, poses for a photograph, in Rome, on Thursday, Dec. 16, 2021. Giertych, a fierce opponent of Poland's right-wing ruling party who defends some opposition politicians, was the target of aggressive cellphone eavesdropping in 2019. The hacking targeting his phone and that of a Polish prosecutor are the first two confirmed cases of Pegasus military grade spyware being used against targets in Poland, where an illiberal government is eroding democratic norms.


Ewa Wrzosek, a Polish prosecutor, stands outside her office, in Warsaw, Poland, Thursday, Dec. 16, 2021. Wrzosek, a prosecutor who is resisting a political takeover of the system of state prosecution, and an erosion of judicial independence more broadly under Poland's right-wing populist government, was the target of cellphone eavesdropping this year. She and a prominent Polish lawyer have become the first two confirmed cases involving the use of Pegasus military grade spyware against targets in Poland, where an illiberal government is eroding democratic norms.


Roman Giertych, a prominent Polish lawyer, poses for a photograph, in Rome, Thursday, Dec. 16, 2021. Giertych, a fierce opponent of Poland's right-wing ruling party who defends some opposition politicians, was the target of aggressive cellphone eavesdropping in 2019. The hacking targeting his phone and that of a Polish prosecutor are the first two confirmed cases of Pegasus military grade spyware being used against targets in Poland, where an illiberal government is eroding democratic norms.




Newsletter

Related Articles

TechDigits
0:00
0:00
Close
FTX's Bankman-Fried headed for jail after judge revokes bail
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Musk announces Twitter name and logo change to X.com
The future of sports
TikTok Takes On Spotify And Apple, Launches Own Music Service
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Poor Man With Money, Mark Zuckerberg, Unveils Twitter Replica with Heavy-Handed Censorship: A New Low in Innovation?
The Double-Edged Sword of AI: AI is linked to layoffs in industry that created it
US Sanctions on China's Chip Industry Backfire, Prompting Self-Inflicted Blowback
Meta Copy Twitter with New App, Threads
BlackRock Bitcoin ETF Application Refiled, Naming Coinbase as ‘Surveillance-Sharing’ Partner
UK Crypto and Stablecoin Regulations Become Law as Royal Assent is Granted
A Delaware city wants to let businesses vote in its elections
Alef Aeronautics Achieves Historic Milestone with Flight Certification for World's First Flying Car
Google Blocked Access to Canadian News in Response to New Legislation
French Politicians Advocate for Pan-European Regulation on Social Media Influencers
Melinda French Gates Advocates for Increased Female Representation in AI to Prevent Bias
Snapchat+ gains 4 million paying subscribers in its first year
Apple Makes History as the First Public Company Valued at $3 Trillion
Elon Musk Implements Twitter Limits to Tackle Data Scraping, but Faces Criticism for Technical Misunderstanding
EU and UK's Slow Electric Vehicle Adoption Raises Questions About the Transition to Green Mobility
Top Companies Express Concerns Over Europe's Proposed AI Law, Citing Competitiveness and Investment Risks
Meta Unveils Insights on AI Usage in Facebook and Instagram, Amid Growing Calls for Transparency
Crypto Scams Against Seniors Soar by 78% in 2022, Experts Urge Vigilance
The End of an Era: National Geographic Dismisses Last of Its Staff Writers
Shield Your Wallet: The Perils of Wireless Credit Card Theft
Harvard Scientist Who Studies Honesty Accused Of Data Fraud, Put On Leave
Putting an End to the Subscription Snare: The Battle Against Unwitting Commitments
The Legal Perils of AI: Lawyer Faces Sanctions for Relying on Fictional Cases Generated by Chatbot
ChatGPT’s "Grandma Exploit": Ingenious Hack Exposes Loophole in AI, Generates Free Software Codes
The Disney Downturn: A Near Billion-Dollar Box Office Blow for the House of Mouse
A Digital Showdown: Canada Challenges Tech Giants with The Online News Act, Meta Strikes Back
Distress in the Depths: Submersible and Passengers Missing in Titanic Wreckage Expedition
Mark Zuckerberg stealing another idea: Twitter
European Union's AI Regulations Risk Self-Sabotage, Cautions smart and brave Venture Capitalist Joe Lonsdale
Nvidia GPUs are so hard to get that rich venture capitalists are buying them for the startups they invest in
Chinese car exports surge
Reddit Blackout: Thousands of Communities Protest "Ludicrous" Pricing Changes
Nvidia Joins Tech Giants as First Chipmaker to Reach $1 Trillion Valuation
AI ‘extinction’ should be same priority as nuclear war – experts
×