Spain closes Pegasus investigation over ‘lack of cooperation’ from Israel

AFP  /  July 10, 2023

Judge looking into alleged hacking of ministers’ phones with NSO Group spyware says Israel has not responded to requests.

A Spanish judge investigating the alleged hacking of ministers’ phones with Pegasus spyware has shelved his investigation over a “complete” lack of cooperation from Israel, a court statement said on Monday.

In June 2022, José Luis Calama said he had sent a formal request for international judicial assistance, known as a letter rogatory, to the Israeli government asking for information about the software made by the Israeli firm NSO Group.

He also said he wanted to go there in person to take a witness statement from NSO’s chief executive.

But on Monday, the Audiencia Nacional, Spain’s top criminal court, said Calama had decided to provisionally close the case “due to the complete lack of legal cooperation from Israel, which has not responded to the rogatory commission … and has prevented the investigation from going ahead”.

The investigation began in May 2022 after the Spanish government said the spyware, which can infiltrate mobile phones to extract data or activate a camera or microphone to spy on their owners, had been used against phones belonging to top politicians.

Among those targeted were the phones of the Prime Minister, Pedro Sánchez; the Defence Minister, Margarita Robles; the Interior Minister, Fernando Grande-Marlaska, and the Agriculture Minister, Luis Planas.

But the Israeli government had not answered the request for assistance, which had been sent four times, meaning “it probably never would”, the court said in a statement, indicating the only remaining option was diplomacy.

“All that remains is a possible diplomatic channel capable of promoting compliance with the obligations derived from international treaties,” it said.

The court said Sánchez’s phone had been targeted on five occasions between October 2020 and December 2021. But despite a prolonged analysis of the four phones, it had not been possible to determine who was behind the attacks, the statement said.

Spain’s government has blamed it on “an external attack” while the Spanish press has pointed the finger at Morocco, given the diplomatic crisis between the two countries at the time.

The Guardian and El País first reported in June 2020 that the speaker of the Catalan regional parliament, Roger Torrent, and at least two other pro-independence supporters had been alerted that they had been targeted in what at the time was called a “possible case of domestic political espionage”. Dozens more cases were later identified in April 2022, when researchers at the Citizen Lab at the University of Toronto’s Munk school published a report saying the phones of at least 65 Catalan separatists had been targeted using Pegasus after the failed 2017 independence bid.

NSO has said its spyware is sold to government clients only for the purposes of investigating serious crime and terrorism. It has said it investigates legitimate allegations of abuse.

The spy chief Paz Esteban told a parliamentary committee in 2022 that 18 Catalan separatists, including the Catalan regional leader, Pere Aragonès, had been spied on with Pegasus software – but always with court approval. She was later sacked.

 

__________

Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ 

Stephanie Kirchgaessner & Sam Jones

The Guardian  /  May 3, 2022

Data leak reveals scale of potential surveillance by NSO Group client believed to be Morocco.

More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco, according to the data leak at the heart of the Pegasus project.

Details of the scale of the apparent targeting came as Spain’s highest criminal court opened an investigation into how the mobile phones of the Prime Minister, Pedro Sánchez, and the Defence Minister, Margarita Robles, came to be infected with Pegasus spyware last year.

The Spanish government has refused to speculate on who may have been behind the “illicit” and “external” attacks, the existence of which it revealed on Monday at a hastily called press conference.

The targeting of the prime minister is alleged to have taken place in May and June last year – a particularly turbulent time in Spanish politics. Not only was the Sánchez administration preparing its controversial and deeply divisive pardons of nine Catalan independence leaders jailed over their parts in the failed secession attempt in 2017, Spain was also engaged in a tense diplomatic row with Morocco.

The mobile number selections believed to have been made by Morocco occurred in 2019, according to time stamps in the data, which includes more than 50,000 numbers of individuals selected as possible surveillance targets by NSO clients around the world.

A Spanish mobile number belonging to Aminatou Haidar, a prominent human rights activist from Western Sahara, was included in the leaked database and found to have been targeted by Pegasus dating back to 2018, according to an analysis by Amnesty International. Traces of the Pegasus spyware, which is sold by the Israeli company NSO Group, were also found on a second phone belonging to Haidar as recently as November 2021.

A Spanish mobile number for the journalist Ignacio Cembrero – whose work is focused on the Maghreb – was also listed on the Pegasus project database.

The inclusion of more than 200 Spanish mobile numbers selected by a client believed to be Morocco does not indicate that every number was targeted or hacked. But it signals the client was apparently active in seeking out possible targets for surveillance within Spain.

NSO said the fact a number appeared on the leaked list was in no way indicative of whether a number was targeted for surveillance using Pegasus. NSO has also said the database had “no relevance” to the company.

Morocco previously denied spying on any foreign leaders using Pegasus, and has said reporters investigating NSO were “incapable of proving [the country had] any relationship” with NSO.

But an analysis of the leaked records showed Morocco appeared to have listed dozens of French officials as candidates for possible surveillance, including President Emmanuel Macron.

NSO has said its spyware is only sold to government clients for the purposes of investigating serious crime and terrorism. It has said it investigates legitimate allegations of abuse and strongly denied Pegasus was ever used to target Macron.

The attacks came to light as the Spanish government continued to face questions over how Pegasus was allegedly used to monitor dozens of members of the Catalan independence movement, including the president of the north-eastern Spanish region, Pere Aragonès, and three of his predecessors.

The pro-independence Catalan regional government has pointed the finger at Spain’s national intelligence centre (CNI), which insists its operations are overseen by the supreme court and that it acts “in full accordance with the legal system, and with absolute respect for the applicable laws”.

On Tuesday, a judge at Spain’s Audiencia Nacional announced the beginning of an inquiry into “a possible offence of the discovery and revelation of secrets” relating to the use of Pegasus to infect Sanchez’s and Robles’s devices.

Recent media reports suggest the phone of a third politician – the then Spanish foreign minister, Arancha González Laya – was also targeted with some kind of spyware in May last year.

The row between Spain and Morocco occurred after the Madrid government allowed Brahim Ghali, a Western Sahara independence leader, to be treated for Covid-19 in Spain.

Over the following days, as more than 8,000 people crossed from Morocco to Spain’s north African enclave of Ceuta, Rabat’s ambassador in Madrid appeared to draw a line between Ghali’s treatment and the influx of migrants, warning that some actions had consequences that “need to be assumed”.

At a weekly press conference in Madrid on Tuesday, the Spanish government’s spokesperson refused to comment on whether Morocco may have been behind the Pegasus attack, and on what effect such action could have on diplomatic relations.

“It’s a bit hypothetical to talk about what the consequences could be – if we’re able to find out where the attack came from,” said Isabel Rodríguez.

“But what we’re clear about is that this attack was external and illicit. Those are the certainties we can use to make decisions on at the moment.”

The government has ruled out any internal spying, adding the targeting must have come from abroad as any such monitoring in Spain would have required judicial authorization.

Rodríguez said the government had nothing to hide and promised full collaboration with any judicial investigation, “including declassifying relevant documents should it prove necessary”.

On Tuesday, Sánchez’s Spanish Socialist Workers’ party (PSOE) joined the three parties on the Spanish right in vetoing a parliamentary inquiry into the Pegasus scandal.

A PSOE spokesperson said the mooted congressional committee was not needed as an internal investigation by Spain’s national intelligence centre was already under way, as was an inquiry by the public ombudsman.

The decision did not go down well with the PSOE’s junior coalition partners in the far-left, anti-austerity Unidas Podemos alliance, nor with the pro-independence Catalan Republican Left party (ERC) on whose support the minority government relies in parliament.

Gabriel Rufián, the ERC’s spokesperson, described the use of Pegasus as “a major scandal” and said it needed to be investigated.

The Pegasus project is an investigative collaboration involving 16 media partners including The Guardian, The Wire, The Washington Post and Le Monde, and is coordinated by the French non-profit Forbidden Stories.

Stephanie Kirchgaessner is The Guardian’s US investigations correspondent, based in Washington DC

Sam Jones is Madrid correspondent for The Guardian