European Politician Targeted by Pegasus Spyware Amid Investigatory Committee Work
Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics.
The Hacking Incident: A Closer Look
Researchers from the University of Toronto’s Citizen Lab reported that Stelios Kouloglou, a Greek journalist and former politician, had his phone compromised during 2022 and 2023. This incident represents the first confirmed case of a European Parliament member on the PEGA committee, which investigates phone spyware attacks by European governments, being publicly identified as a victim.
Kouloglou expressed outrage at the intrusion, describing the deliberate hacking of his phone as “reckless.” A fellow European lawmaker labeled the attack as a “direct attack on the rule of law,” prompting calls for the European Commission to impose stringent limits on spyware use across its member states.
Spyware Misuse: Implications for Democracy
While instances of spyware attacks on lawmakers are uncommon, the targeting of a committee investigator raises significant concerns. It suggests an alarming focus on the committee ahead of a much-anticipated report detailing its findings, further complicating the debate around the use of spyware for crime detection versus harassment of journalists and critics.
Details of the Hacking
Though Citizen Lab did not pinpoint a specific country responsible for the hacking, it did note that the same Pegasus-loaded email address used in previous attacks on journalists in Europe was employed in this case. This strongly implies that the responsible government had NSO Group’s authorization to deploy its spyware.
According to Citizen Lab’s report, Kouloglou’s phone was hacked in October 2022 and again in March 2023 using an exploit that took advantage of a security vulnerability in Apple’s iPhone software. This vulnerability had been patched, yet Kouloglou had not updated his device, allowing the spyware access without any action on his part. Dubbed a “zero-click” exploit, the malware siphoned sensitive data such as text messages, location, and photos from Kouloglou’s phone.
Timing and Context of the Hacking
The timing of the October hack coincided with intense communication activity around the investigatory committee’s work, particularly leading up to a draft report that focused on spyware abuses in several European countries including Cyprus, Greece, Hungary, Poland, and Spain. Notably, this breach occurred while Kouloglou was hospitalized for a scheduled surgery, potentially allowing the spyware operators to overhear private conversations during a vulnerable moment.
The targeting continued with another hacking incident in March 2023 while Kouloglou was traveling from Athens to Brussels, underscoring the intense scrutiny placed on him due to his role on the committee.
Personal Impact and Future Actions
Kouloglou noted his uncertainty about why he was specifically targeted but speculated it was related to his investigative work on Pegasus abuses. He shared his feelings of anger upon discovering that his private data had been compromised, stating, “You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments.”
Kouloglou has voiced intentions to sue NSO Group, the Israeli company behind Pegasus, which remains largely barred from operation within the United States due to human rights violations associated with its tools.
He plans to share his story publicly “for democracy, human rights, and the fight against corruption.” He emphasized the wide-reaching implications of corruption, stating, “Corruption concerns everybody.”
For further information, you can read more on TechCrunch.
Image Credit: techcrunch.com






