Spanish Prime Minister's Mobile Phone Infected By Pegasus Spyware

An anonymous reader quotes a report from Reuters: Spanish authorities have detected "Pegasus" spyware in the mobile phones of Prime Minister Pedro Sanchez and Defense Minister Margarita Robles, the government minister for the presidency, Felix Bolanos, said on Monday. Bolanos told a news conference Sanchez's phone was infected in May 2021 and at least one data leak occurred then. He did not say who could have been spying on the premier or whether foreign or Spanish groups were suspected of being behind it.

"The interventions were illicit and external. External means carried out by non-official bodies and without state authorization," he said, adding that the infections had been reported to the justice ministry, and the High Court would be in charge of the case. [...] The European Union's data watchdog has called for a ban on Pegasus over allegations it has been abused by client governments to spy on rights activists, journalists and politicians.

this could as well be true

[znrt]

although making this public clearly aims to downplay the spying on catalan citizen specifically on ideological/political grounds, the fact is that governments using pegasus to spy on political opponents is pretty commonplace abroad. so no news, really.

ironically, by trying to weasel out the government from this nth scandal, this just underlines that yes, powers that be in "democratic spain" are shady enough to even spy on the prime minister and a defense minister who has already followed all and all ultranationalistic whims like a trained dog, without hesitation.

Re:

[Deal In One]

My understanding for Pegasus is that it is offered to the governments. So I doubt a random politician can get access to it, especially if he / she is in the opposition party and not part of the ruling government.

So I suspect that most likely it's a government of another country which is spying on the Spanish PM / government.

Just like the French President Macron was spied on via pegasus as well.

https://www.bbc.com/news/world... [bbc.com]

Re:

[Toutatis]

Don't underestimate the corruption of officials that support the party that was ruling when Spain bought Pegasus.

Re:

[OriolFM]

As you say, this is an obvious play to draw attention from the official, state-sanctioned spying on Catalan politicians, activists, and lawyers, even when in foreign countries. It is also proven that there are members in the Spanish official bodies (Police, CNI, Guardia Civil, military) that spy on politicians (from all the political spectrum), private citizens, and everyone in between to blackmail them or simply for discrediting them. Take, for instance, former commissioner Villarejo: https://www.bbc.com [bbc.com]

Re:

[airport76]

Absolutely. Spanish secret services are either too incompetent to prevent (or even detect) the infection, or they are croocked enough to be the source, or both. In any case, the people is being f* up.

Ban on pegasus, LOL

[MobyDisk]

Fools! You can't ban a virus! Do they not understand how this works? First you develop it, then you sell it to the "good guys", and then eventually the "bad guys" get it. After that, it's out there. The only way you "ban" it s by closing the security hole then wait until a new one is found.

Re:

[znrt]

what are you on about. pegasus is a specific tool that is specifically only sold to governments, allegedly for national security. the whole issue is that some governments are giving it a different use. afaik there are no reports that the tool has gone wild, so whatever the news, son government is responsible.

besides this isn't a virus, it's a fkn trojan delivered via phishing. i mean .. just read, man.

Re:Ban on pegasus, LOL

[MobyDisk]

Pegasus is a specific tool that is specifically only sold to governments...afaik there are no reports that the tool has gone wild

This article *is* a report that the tool has gone wild. A high-profile person got it on their phone, nobody really knows how or why. So clearly it already has gone rogue.

The problem with any malware, no matter what the vector, is that someone is going to learn that vector, and learn how to use the tool, and deploy it according to how they see fit. You can't bottle it back up.

Re:

[Anonymous Coward]

This has been something discussed since the early 1990s on the cypherpunks list. If a backdoor is forced, then the bad guys will have just as free access as the intended good guys. A "skeleton key" will eventually find its way into the hands of the bad guys. It doesn't matter how securely locked away the software is, someone will get their hands on it, find a way to bypass all protections, and make a cracked copy. Decades of pirate sites have shown that to be a fact of life.

So, now what we have is bad g

Re:

[znrt]

no, that's wild (and pretty daft) speculation. who are you blaming and what is your evidence?

the far more plausible explanation is that state sanctioned agencies do spy on high profile elected officials. it's called "deep state". it so happens that these 2 high profile officials are "socialists" (only in name, but still), and it is no secret that security and police institutions in spain are completely dominated by elements of the far right (just like the judiciary and the elites in general). again, while t

Re:

[_merlin]

Ya know, spying on enemy or rival heads of state is often justified as necessary for "national security". There's also the old adage that one man's terrorist is another man's freedom fighter, and so on.

Re:

[splutty]

It's NOT specifically 'only sold to governments'. It's sold to anyone that can pay.

Re:

[znrt]

from their website:

June 30, 2021 (Tel Aviv) – NSO Group, the world leader in precision cyber intelligence solutions for the sole use of vetted-and-approved, state-administered intelligence and law enforcement agencies, today released its “Transparency and Responsibility Report,”

now, it is indeed possible that they do sell to non-state crooks, but there would be consequences for them and you would have to show evidence. where is it?

Re:

[splutty]

Random Saudi Arabian prince (royalty, not government) using it to spy on his ex wife. Which coincidentally was how this started coming to light.

Re:

[znrt]

Random Saudi Arabian prince (royalty, not government) using it to spy on his ex wife.

you mean sheik Mohammed bin Rashid Al Maktoum who is
president,
also prime minister,
also defence minister
of the UAE, which was a customer of NGO.

Which coincidentally was how this started coming to light.

no idea what you mean, known cases of government misuse/abuse trace back to panama in 2015, this has been known for a long time.

Re:

[Mal-2]

Oh noes! They might have to buy their spyware through intermediaries and fully owned subsidiaries!

Like any of them are playing by the rules they already have on the books when we're not looking.

Re:

[bill_mcgonigle]

> You can't ban a virus!

Technically no, but a volley of cruise missiles into NSO Group HQ has a similar effect.

Re:

[TuringTest]

Their phones should have been secure models for official work. Only personal stuff for personal phone

They do have secure models for official work, separate from their personal phones. [translate.goog] It did not do much good, since Pegasus was able to access the secured phones, and routine controls weren't able to discover it.

Nobody expects the Spanish Inquisition!

[jfdavis668]

Not even the Prime Minister is safe! Time for the comfy chair!

Re:Nobody expects the Spanish Inquisition!

[Malenfrant]

I was on holiday near Madrid a few years ago staying at a small, family-run hostel. While I was there I was taken ill, so I called down to reception for a doctor. They informed me that they had their own, in-house doctor and he would be up to see me shortly.

Sure enough, about 10 minutes later there was a knock on my door and a man in a white coat with a stethoscope came in. He gave me a good examination, and after a while assured me that I just had a nasty flu bug. He said he'd get the bar downstairs to send me some honey, lemon and whisky.

As he was leaving I remarked that I was surprised to find that such a small establishment had it's own doctor. He replied 'Of course, no one expects the Spanish Inn Physician!'

Time for payback

[spaceman375]

Perhaps someone/some group should buy a pegasus license, then use it to spy on the people who produce pegasus. Prove that they know and are complicit in it's use in inappropriate places and ways, and have the whole operation shut down, with jail time for those in charge.

Not bloody likely, but one can hope.

Re:

[HiThere]

While I find your accusation against the Spanish government reasonable and plausible, this doesn't mean I find it implausible that someone penetrated the Spanish Prime Minister's phones. Or even that he was vastly indignant that someone would do that to *him*.