A politician who investigated spyware abuse had his phone hacked with Pegasus spyware

Security researchers have confirmed that a European politician had his phone hacked by Pegasus spyware while working on a committee investigating the exploits of the notorious surveillance tool. This has reignited a new debate about governments abusing spying to gather information about their critics.
Researchers at the University of Toronto’s digital rights unit, Citizen Lab, say the confirmed hacking of the phones of Greek journalist and former politician Stelios Kouloglou in 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating spyware attacks on European governments, has been publicly identified as a victim of espionage.
Kouloglou told TechCrunch on the phone that the deliberate compromise of his phone is “not bad.” One European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the law,” and called on the European Commission to take tougher measures by imposing stricter restrictions on the use of spyware across the 27 member states.
Although spyware attacks on lawmakers are rare, the timing and focus of the committee’s investigation into its investigation suggests a greater focus on the committee’s internal workings ahead of the widely anticipated report detailing its findings. The hacks open new questions about how governments use spyware that is ostensibly needed to detect serious crimes, but has been caught snooping on the communications of journalists, lawmakers and critics.
Citizen Lab investigators did not say whether the hacking was country-specific, but said a government client used an email address uploaded by Pegasus that was used in a previous campaign to hack journalists’ phones across Europe. The identity of the customer is unknown, but the reuse of the same attacking email address means that the customer was authorized by NSO Group to use its Pegasus spy to spy on phones in several European countries.
A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report before it was published.
In its report released on Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice in March 2023 using an exploit that compromised the security of Apple’s software. The vulnerability has been removed but a fix has not yet been installed on Kouloglou’s phone. The exploit was a “click-zero” error, meaning a spy entered and stole her data without needing to communicate with her.
The bug exploited a previously discovered flaw in Apple’s smart home software used on iPhones. It allowed the spy to intercept private data on Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.
The timing of the October 2022 hack coincided with intense email and text message discussions between October and November 2022, prior to the delivery of the first draft detailing the spyware exploits focused on Cyprus, Greece, Hungary, Poland, and Spain.
The hack also came to light when Kouloglou was in the hospital at the time for a scheduled surgery, which may have allowed the spyware operators to listen in on audio of him discussing his health care or other conversations he had with visitors at the time.
Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operative while Kouloglou was traveling from Athens to Brussels, during the committee’s hearing and months before the committee finalized and adopted its draft report.
On the phone, Kouglou told TechCrunch that he doesn’t know why he was targeted but believes it is because of his work on the European Parliament’s committee investigating Pegasus abuse.
He described how angry he was when he learned that his phone had been hacked.
“You see that all your personal information [was taken] — not every exchange of information or messages with the minister — but also the more private things, like happy times and sad times,” he told TechCrunch.
Kouloglou said he plans to sue NSO Group, a spyware maker headquartered in Israel. NSO remains largely banned from use in the United States following a Biden-era executive order that prohibited government use of spyware that could violate human rights.
Last year, the spyware maker confirmed that an unnamed American investor group had invested tens of millions of dollars in the company, possibly as part of an effort to revive the torn NSO brand associated with allowing human rights abuses.
Kouloglou said he is going public with his issue of “democracy, human rights, and the fight against corruption.”
“Corruption affects everyone,” he said.
If you shop through links in our articles, we may earn a small commission. This does not affect our editorial independence.



