A recent investigation by Citizen Lab has uncovered that Stelios Kouloglou, a former Member of the European Parliament, experienced multiple intrusions on his mobile device via the infamous Pegasus spyware. These breaches occurred while he was engaged in a critical committee tasked with scrutinizing the misuse of commercial surveillance tools within the European Union.
Key Findings of the Spyware Investigation
Citizen Lab’s forensic analysis disclosed that the attackers potentially accessed sensitive documents and committee discussions. The researchers, including John Scott-Railton and Ron Deibert, emphasized that the infections have not been linked to any specific government, although there is a notable connection with previous campaigns targeting Russian and Belarusian journalists and activists in Europe.
The findings suggest that a Pegasus customer with the capability to conduct surveillance across multiple European countries might be behind these attacks. Kouloglou was actively involved in the ‘Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware’ during his tenure from March 2022 to July 2023.
Timeline of the Spyware Attacks
According to Citizen Lab, Kouloglou’s device was first compromised on October 21, 2022, with subsequent infections noted in March 2023. These incidents involved a zero-click exploit within Apple’s HomeKit, named PWNYOURHOME, which was later patched in iOS 16.3.1. During the initial breach, Kouloglou was hospitalized, and the timing coincided with a visit from investigative journalist Thanasis Koukakis, who had also been targeted by spyware.
The March 2023 infection aligned with critical discussions and hearings of the PEGA Committee, occurring just before the adoption of their first report. These events highlight the serious implications of spyware usage against political figures and journalists.
Implications and Broader Concerns
This incident marks the first public identification of a PEGA Committee member being targeted by Pegasus. The overlap with campaigns against Russian and Belarusian journalists underscores the potential for widespread surveillance misuse. The Citizen Lab report raises significant concerns about governments leveraging spyware intended for combating severe crimes for monitoring journalists and political dissidents.
In another alarming revelation, Citizen Lab recently reported that Russian authorities used Cellebrite’s forensic tools to access the iPhone of detained activist Andrey Pivovarov. This highlights ongoing surveillance practices that exploit technological vulnerabilities for political purposes.
These findings expose the persistent threat posed by commercial surveillance vendors exploiting global telecom infrastructures. By manipulating signaling protocols, these actors can conduct covert location tracking, evading detection and accountability.
As these investigations unfold, they continue to shed light on the critical need for regulatory oversight and enhanced security measures to protect individuals from unwarranted surveillance.
