EXCLUSIVE EU Found Evidence Employee Phones Compromised With Spyware Letter

July 27 (Reuters) – The European Union has found evidence that smartphones used by some of its staff have been compromised by spy software from an Israeli company, the bloc’s top justice official said in a letter seen by Reuters.

In a July 25 letter to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple told him in 2021 that his iPhone may have been hacked using Pegasus, a tool developed by Israeli surveillance and sold to government customers. company NSO Group.

Apple’s warning prompted an inspection of Reynders’ personal and professional devices and other phones used by European Commission employees, the letter said.

Register now for FREE unlimited access to Reuters.com

While the investigation found no conclusive evidence that Reynders or EU personnel’s phones had been hacked, researchers found “indicators of compromise” – a term used by security researchers to describe evidence that a hack has taken place.

Reynders’ letter gave no further details, saying that “it is impossible to attribute these indicators to a specific perpetrator with complete certainty.” It added that the investigation was still active.

Messages left with Reynders, the European Commission and Reynders’ spokesman David Marechal were not immediately returned.

A spokeswoman for the NSO said the company would like to cooperate with an EU investigation.

“Our help is even more important as there is no concrete evidence to date that a breach has taken place,” the spokeswoman said in a statement to Reuters. “Any illegal use by a customer targeting activists, journalists, etc. is considered serious abuse.”

NSO Group is being sued by Apple Inc (AAPL.O) for violating the terms of use and service agreement.

QUESTIONS FROM JUSTICEERS

Reuters first reported in April that the European Union was investigating whether phones used by Reynders and other senior European officials had been hacked with software designed in Israel. Reynders and the European Commission did not want to respond to the report at the time.

Reynders’ acknowledgment in the letter of hacking activity was made in response to questions from European lawmakers, who formed a committee earlier this year to investigate the use of surveillance software in Europe.

Last week, the commission announced that its investigation revealed that 14 EU member states had bought NSO technology in the past.

Reynders’ letter – which was shared with Reuters by in ‘t Veld, the committee’s rapporteur – stated that officials in Hungary, Poland and Spain had been or had been questioned about their use of Pegasus.

In ‘t Veld said it was imperative to find out who had been targeting the EU Commission, and suggested it would be particularly scandalous if an EU member state were found to be responsible.

The European Commission has also raised the issue with the Israeli authorities, asking them to take steps to “prevent the misuse of their products in the EU,” the letter said.

A spokesman for Israel’s Defense Ministry did not immediately respond to a request for comment.

Apple’s warnings, sent late last year, told targeted users that a hacking tool called ForcedEntry may have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry was the work of NSO Group. Reuters also previously reported that another smaller Israeli company called QuaDream had developed a nearly identical tool.

In November, the administration of US President Joe Biden gave NSO Group a designation making it more difficult for US companies to do business with them after it found that its phone-hacking technology had been used by foreign governments to target political dissidents. the world.

NSO, which has kept its customer list confidential, has said it only sells its products to “veiled and legitimate” government customers.

Register now for FREE unlimited access to Reuters.com

Reporting by Raphael Satter and Christopher Bing in Washington; edit by Grant McCool

Our Standards: The Thomson Reuters Trust Principles.

Leave a Comment