Spain: Hacked Catalans to launch a legal bid on spyware use

FILE - Former deputy president of the Catalan regional government Oriol Junqueras, centre, walks with the current Catalonian president Pere Aragones, 2nd left, in front of an "estelada" or Catalan pro-independence flag after being released from the Lledoners prison in Sant Joan de Vilatorrada near Barcelona, Spain, June 23, 2021. The phones of dozens of pro-independence supporters in Spain's northeastern Catalonia, including the regional chief and other elected officials, were hacked with controversial spyware available only to governments, a cybersecurity rights nonprofit said Monday April 18, 2022. (AP Photo/Joan Mateu, File)
265805 Pinchos- PGB promo Banner (25 x 5 cm)-5 copy


Associated Press

MADRID (AP) — Separatist politicians and activists from Catalonia on Tuesday announced a legal offensive in half a dozen countries against the Spanish state and the Israeli owners of a controversial spyware allegedly used to snoop on them.

The head of the Catalan and Spanish-speaking northeastern region also announced that relations with central authorities in Spain would remain strained until Madrid conducts a full investigation and punishes those found responsible for the alleged surveillance.

A spokeswoman for the Spanish government said there was no illegal spying happening in the country.

Citizen Lab, a team of cybersecurity experts affiliated with the University of Toronto, had revealed a day before what is believed to be the largest to date forensically documented cluster of hacking attempts with Pegasus, a program that silently infiltrates phones to harvest their data and potentially spy on their owners.

At least 65 high-profile figures of the Catalan pro-independence camp — including elected officials, civil society leaders, lawyers and their relatives — were targeted with NSO Group’s Pegasus or other programs created by Candiru, another Israeli tech firm. Candiru’s spyware potentially allows third parties to impersonate the phone’s owner to send out messages or emails, according to Citizen Lab.

Both NSO Group, the owner of Pegasus, and Candiru have been criticized by global rights groups for breaching users’ privacy and face lawsuits from some of the world’s major technology firms.

The companies claim that their software is only sold to government agencies to target criminals and terrorists. On the alleged spying on Catalan separatists, Citizen Lab said that its research had found evidence of “a strong nexus with one or more entities within the Spanish government.”

“There is no spying here, there is no eavesdropping if it’s not under the cover of the law,” government spokeswoman Isabel RodrĂ­guez said Tuesday during a weekly briefing.

Asked whether the country’s intelligence services, known as CNI, had contracted the use of Pegasus, RodrĂ­guez said: “There are issues which, because they pertain to national security, are protected by law and are classified material.”

Some of the politicians and activists allegedly targeted appeared at the same time for a press conference at the European Parliament in Brussels, where they vowed to file lawsuits seeking transparency in Spain, but also in France, Germany, Switzerland, Belgium and Luxembourg, where some of the alleged hacking took place. Luxembourg is also where the European subsidiary of NSO Group is headquartered.

Among the speakers was Carles Puigdemont, a European Union lawmaker and former Catalan regional chief who fled Spain in 2017 to avoid prosecution after a banned independence referendum went ahead under his watch.

“The Spanish state has organized a criminal plot to attack a legitimate, democratic political movement,” said Puigdemont, who also urged leaders of the EU’s executive branch to investigate the use of the controversial spyware and, in his words, “to hold Spain accountable.”

Spain’s Defense Minister Margarita Robles, who oversees the country’s intelligence apparatus, will appear before national lawmakers to answer questions on the issue, the government said.

Pere Aragonès, the current head of Catalonia’s regional administration, said that political relations with central authorities couldn’t go on as normal until the left-to-center coalition led by Pedro Sánchez fully investigates the hacking with external supervision. Aragonès’ own phone was among those allegedly targeted with Pegasus during his previous role as the region’s vice president.

Almost all of the spying incidents identified by Citizen Lab occurred between 2017 and 2020, when efforts to carve out an independent state in northeastern Spain led to the country’s deepest political crisis in decades.