EU lawmaker investigating surveillance hacked by Israeli Pegasus


A former member of the European Parliament who served on a committee investigating abusive surveillance was himself hacked using an Israeli-made spy tool, Pegasus , a Canadian tech watchdog group said on Friday.

Citizen Lab said in a report that the phone of Stelios Kouloglou, a Greek television journalist-turned-lawmaker, was hacked at least three times between October 2022 and March 2023 using Pegasus spyware, a tool distributed by the Israeli company NSO Group.

At the time of the targeting, Kouloglou was serving on the European Parliament's PEGA Committee, established in 2022 to examine the use of illegal phone hacking across the European Union.

The committee focused mainly on the use of Pegasus and similar tools, finding that governments across the EU likely used spyware, "in one way or another, some legitimate, some illegitimate."

Kouloglou said he was astonished at the audacity of whoever was behind the hacking.

"I was not expecting that a PEGA member would be spied on by Pegasus," he told Reuters . "I was not expecting that they would be as reckless as that."

NSO did not return messages seeking comment.

In a statement to Reuters , the European Parliament did not directly address Kouloglou's case but said its IT security services "constantly monitor cybersecurity threats as well as potential cyberattacks against its working environment."

It said spyware screening tools had been available to all lawmakers since 2022 and that a report adopted last month called for their extension to all devices used for parliamentary business.

The European Commission, the European Union's executive branch, did not immediately return messages seeking comment.

NSO has repeatedly been accused of facilitating intrusive surveillance of journalists, political opponents, civil rights activists and religious figures around the world.

NSO was blacklisted by the US government in 2021 over human rights and national security concerns.

Last year, WhatsApp owner Meta Platforms won a $168 million damages award against NSO for unlawfully hacking the platform, although the award was significantly reduced. Last month, Meta accused NSO of violating the court's injunction on targeting its services and filed for a contempt order.

Citizen Lab said it believed that Kouloglou had been hacked through a vulnerability in Apple software that was not known at the time.

It said that Kouloglou received repeated warnings from Apple about state-sponsored hacking attempts in 2023 and 2024. Apple did not directly address questions about Kouloglu, but said the vulnerability referenced in the Citizen Lab report had since been patched and that it regularly issues alerts to hacking targets.

Citizen Lab did not identify who actually used Pegasus to target the former lawmaker.

Published: Modified: Back to Voices