Pegasus Was Used to Hack Phone of Polish Opposition Leader 33 Times During 2019 Polls

Doctored text messages of the opposition coalition’s campaign leader Krzysztof Brejza were flashed on the country's state-controlled television and media.

Listen to this article:

New Delhi: During the 2019 Polish parliamentary election, doctored text messages of the opposition coalition’s campaign leader Krzysztof Brejza were flashed on the country’s state-controlled television and media. The ruling Law and Justice party narrowly won the election.

Three years later, Brejza, a member of the Polish lower house of parliament, has claimed that his phone was hacked as many as 33 times by Pegasus, the flagship spyware of Israeli firm NSO, Associated Press reported on Friday.

This is the third disclosure in a week that opposition figures and an outspoken prosecutor in Poland had their phones hacked through Pegasus, which NSO claims is only sold to governments.

Krzysztof Brejza. Photo: Twitter/@KrzysztofBrejza

In a statement to AP, Polish state security services spokesman Stanislaw Zaryn said that the Polish government does not wiretap illegally and obtains court orders in “justified cases.” He also dismissed any suggestions the Polish government surveils for political reasons.

All the three victims were identified in a joint investigation by AP and researchers of  the University of Toronto’s Citizen Lab.

Polish prime Mateusz Morawiecki had on Wednesday characterised the first two cases of Pegasus hacking on Polish anti-government figures as “fake news”.

This is, of course, not the first time that political opposition members were found to have been targeted by the use of Pegasus. As part of the Pegasus Project, a consortium of 17 international media groups including The Wire, had reported in July that opposition politicians, dissidents and government officials had probably been targeted through the Israeli spyware.

In India, more than 300 phone numbers were identified on the leaked database of probable Pegasus targets, including top opposition leader Rahul Gandhi, a serving Election Commissioner, human rights activists, and state opposition politicians. The Indian government has neither confirmed nor denied that it has ever used Pegasus spyware.

The phone of India’s most well-known poll strategist, Prashant Kishor, was hacked during the time of the West Bengal assembly election, a forensic investigation by Amnesty International’s security lab revealed.

In Brejza’s case, his phone was digitally broken in 33 times from April 26, 2019, to October 23, 2019. The Polish parliamentary elections in 2019 were held on October 13, which saw the Law and Justice party winning with 43.6% of the popular vote.

Last month, the NSO group was blacklisted by the US government for “malicious cyber activities”.

In response to the latest Polish exposé, an NSO spokesperson told AP that the company “does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorized uses”.

NSO says it has terminated multiple contracts of governments who have violated the terms and conditions of use of Pegasus, although it has not named any publicly.

According to Citizen Lab, NSO maintains logs of intrusions so an investigation could determine the government utilising the Pegasus software in the Polish hacks.

Brejza told AP that the contents of his phone had been hacked and stolen during his tenure as chief of staff of the opposition coalition’s parliament campaign. 

The Polish state television network TVP reported text messages from Brejza’s phone that were modified to appear that he was behind the creation of a group that spread “hateful anti-government propaganda”. Brejza says he now understands where TVP state television got them.

The hacking of his phone and the smear campaign against him prevented a “fair electoral process” during the Polish parliamentary elections, the 38-year-old attorney said.

“This operation wrecked the work of staff and destabilized my campaign,” he said. “I don’t know how many votes it took from me and the entire coalition.”

In response to the latest revelations, TVP accused Citizen Lab of being funded by billionaire George Soros, who has become the target of right-wing conspiracy theories.

Brejza won his parliamentary seat in 2019, but the opposition could not wrest the lower house from the ruling party.

Since then, Poland and the European Union has often been at loggerheads over allegations of causing Polish democracy to backslide.

The other two Polish victims of Pegasus software were Ewa Wrzosek, a prosecutor fighting to keep judicial independence and Roman Gierych, a lawyer representing the opposition party, Civic Platform.

Wrzosek had posted in November that she had got an alert from Apple that her phone had been a target of possible cyberattack by government agencies.

After Apple announced that it had sued NSO last month, it began to alert scores of users worldwide that their phone had been probably compromised. Two years ago, Facebook had also sued NSO on allegations of hacking its popular messaging app, WhatsApp.

Also read: Timing of 2019 WhatsApp-NSO Hack in India Validates Leaked Database Accessed by Pegasus Project

As per the Citizen Lab investigation, Giertych was hacked 18 times in the run-up to the 2019 parliamentary elections.

Citizen Lab senior researcher John Scott-Railton stated that the frequency of attacks on Brejza and Giertych “indicates an extreme level of monitoring”. He pointed out that Pegasus allows the operator to have complete control of the contents and functions of a smartphone remotely, including the ability to turn on the microphone and camera for real-time surveillance.

“My heart sinks with each case we find,” Scott-Railton told AP. “This seems to be confirming our worst fear: Even when used in a democracy, this kind of spyware has an almost immutable abuse potential”.

Dutch liberal member of the European Parliament, Sophie in ’t Veld tweeted, “I cannot stress this enough – the phone of a democratic opposition politician being HACKED in an EU member state. Not by Putin, Xi or the NSA, but by his own government, which sits on the @EUCouncil by the way”.

She further told AP that a committee has launched hearings on Pegasus and that the revelations from Poland “will only help intensify the process.”

In September, the EU parliament had held a debate on the findings of the Pegasus project after two members of the investigative consortium spoke at a hearing of a parliamentary special committee.

The EU parliament’s Daphne Caruana Prize for Journalism was awarded to the ‘Pegasus Project’ in October.