The mobile phones of Spanish Prime Minister Pedro Sanchez and Defence Minister Margarita Robles were infected last year with the Israeli-made Pegasus spyware, the government said on Monday, the Associated Press reported.
The spyware gives attackers near-complete control over a victim’s phone via a zero-click attack – meaning that no action is required on the part of the victim for her data to be exposed.
The Israeli cyber intelligence company NSO Group has repeatedly defended the use of Pegasus, saying it is sold only to government agencies around the world for law enforcement and intelligence purposes.
At a news conference on Monday, the government minister for the presidency, Felix Bolanos, said that Sanchez’s phone had been breached twice in May 2021 and Robles’ device was targeted once in June of the same year.
“We have no doubt that this is an illicit, unauthorised intervention,” Bolanos added. “It comes from outside state organisms and it did not have judicial authorisation.”
Details about the breaches were sent to Spain’s National Court for further investigation, Bolanos told the news conference.
He also said that the hacking resulted in a “significant amount of data being obtained” from the mobiles phones of the two leaders.
“We are absolutely certain that it was an external attack because in Spain, in a democracy like ours, all such interventions are carried out by official bodies and with judicial authorisation,” the minister said, reported Al Jazeera. “In this case, neither of the two circumstances prevailed. We want the Justice Ministry to investigate.”
The allegations came amid mounting pressure on Spain’s Socialist-led government to explain itself after Canada’s cybersecurity group Citizen Lab alleged that the phones of 65 activists of the Catalan separatist movement had been tapped with Pegasus spyware between 2017 and 2020, AP reported.
The Spanish government had assured that the National Intelligence Centre would investigate the alleged tapping of phones of the Catalan members, The Guardian reported.
In November, the United States Commerce Department added NSO Group to its trade blacklist.
Surveillance allegations in India
In July, the story about Pegasus being used by governments around the world to snoop on critics was broken by a consortium of international media organisations.
The exposes had shown that the military-grade spyware had been used for unauthorised surveillance of Opposition leaders, activists and journalists in India.
In India, the list of potential personalities who were targeted using the spyware include Congress leader Rahul Gandhi, former Election Commissioner of India Ashok Lavasa, Union ministers Ashwini Vaishnaw and Prahlad Singh Patel, industrialist Anil Ambani and former Central Bureau of Investigation Director Alok Verma.
Responding to the allegations, Ashwini Vaishnaw, the Union information technology minister, had told Parliament on July 19 that illegal surveillance was not possible in India.
In August, the Ministry of Defence had told the Rajya Sabha that it has “not had any transaction with NSO Group Technologies”.
Former Union minister Yashwant Sinha, journalist N Ram, the Editors Guild of India, Asian College of Journalism chairperson Sashi Kumar, Rajya Sabha MP John Brittas and advocate ML Sharma had filed pleas in the Supreme Court seeking an investigation into the matter.
In October, a bench led by Chief Justice NV Ramana had said that the government cannot evade answers under the garb of national security. It also formed a technical committee to investigate the case.
On April 18, the committee asked the Director Generals of Police of all states to inform them whether they had accessed the Pegasus spyware.