Brussels spyware crisis expands: Two MEPs hit in phone-hacking security breach

9 months ago 7
ARTICLE AD BOX

BRUSSELS — Two members and one staffer of the European Parliament’s security and defense subcommittee were the target of spyware, in a widening security breach of the EU institution’s work.

French liberal member of the European Parliament Nathalie Loiseau, who chairs the defense subcommittee, was targeted with the Israeli-made spyware type Pegasus, she confirmed to POLITICO. Bulgarian social-democrat lawmaker Elena Yoncheva, a member of the subcommittee, also found traces of spyware on her phone during an IT security check this week, she said. A third official, a committee staff member, was also targeted.

The new revelations show the crisis around the hacking of European Parliament phones is widening, after POLITICO reported Wednesday that the institution had asked members on its defense subcommittee (SEDE) to have their phones checked for spyware.

“Traces found in two devices” prompted the institution to advise members to have their phones checked, Parliament’s Deputy Spokesperson Delphine Colard said. That number has now gone up to three.

The European Parliament is on high alert for cyberattacks and foreign interference in the run-up to the EU election in June.

The targeting of the EU lawmakers raises concerns about some of the European Union’s work on highly sensitive issues. The subcommittee plays an advisory and oversight role on security and defense — which remain the prime responsibility of EU governments — as the European Union ramps up its ammunition production and strategizes on how to best support Ukraine.

Yoncheva performed a routine check on her iPhone Tuesday at the Parliament’s IT services. Technicians informed her that a “heavy attack” had taken place on or around Oct. 30. At the time of publication, the Bulgarian lawmaker was still waiting for an analysis of whether the attack was successful and what malware was used.

“This isn’t about me or somebody else … In general, [hacking] is something that is becoming more and more popular as an instrument to obtain illegitimate information,” said Yoncheva.

Five other SEDE members contacted by POLITICO said they were either awaiting an appointment for their phones to be checked or planning to do in the coming week.

Loiseau’s spyware incident was first reported by Le Point. The subcommittee chair then sent an email on Wednesday, seen by POLITICO, that advised its members to take their phones to the institution’s IT service for a spyware check.

Loiseau was tired of hearing members of the European Parliament repeat how they were not a legitimate target for hacking because they wouldn’t have “anything interesting to say,” she told POLITICO. “They are sort of reluctant [to talk] about their privacy … They don’t want to have their phones checked. So that’s why I did something a little more formal,” she said.

This is not the first time Loiseau has checked her phone for spyware, but it is the first time a successful intrusion was detected. She has since changed her device.

Spyware tools allow security services, governments, companies and hackers to gain access to mobile phones and other devices and snoop on data | Damien Meyer/AFP via Getty Images

One lawmaker on the committee said that members were waiting for Loiseau to announce a meeting of the leading members of political groups (coordinators) given the severity of the crisis.

Another lawmaker, a member of Parliament’s Greens group, said they would ask for a debate on the spyware incidents at the opening session of the upcoming plenary in Strasbourg next week.

The crisis surrounding the security and defense committee follows previous incidents with other European Parliament members targeted with spyware.

Researchers revealed in 2022 that the phones of members of the Catalan independence movement, including EU politicians, were infected with Pegasus and Candiru, two types of hacking tools. That same year, Greek member of the EU Parliament and opposition leader Nikos Androulakis was among a list of Greek political and public figures found to have been targeted with Predator, another spyware tool. Parliament’s President Roberta Metsola previously also faced an attempted hacking using spyware.

European Parliament members in 2022 set up a special inquiry committee to investigate the issue. It investigated a series of scandals in countries including Spain, Greece, Hungary and Poland and said at least four governments in the EU had abused the hacking tools for political gain.

Parliament’s IT service launched a system to check members’ phones for spyware in April last year. It had run “hundreds of operations” since the program started, the statement said.

Dutch liberal member of the European Parliament Bart Groothius, who is a substitute on the defense subcommittee, said it was “only logical that states are more interested in our work” as the bloc ramps up its work on defense.

The spyware incidents illustrated that Parliament needs “a full-fledged counterintelligence and security service,” Groothuis said.

Read Entire Article