Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

调查间谍软件滥用行为的政客遭 Pegasus 间谍软件入侵

Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics. 安全研究人员证实,一位欧洲政客在参与调查臭名昭著的监控工具滥用情况的委员会期间,其手机遭到了 Pegasus 间谍软件的入侵。这一事件再次引发了关于各国政府滥用间谍软件收集批评者信息的争议。

The researchers at the University of Toronto’s digital rights unit The Citizen Lab say the confirmed phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware. 多伦多大学数字权利研究机构“公民实验室”(The Citizen Lab)的研究人员表示,希腊记者兼前政客斯泰利奥斯·库洛格卢(Stelios Kouloglou)在 2022 年至 2023 年间手机遭入侵一事已得到证实。这是欧洲议会 PEGA 委员会(负责调查欧洲政府发起的手机间谍软件攻击)成员首次被公开确认为间谍软件的受害者。

Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was “reckless.” One serving European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the rule of law,” and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc. 库洛格卢在电话中告诉 TechCrunch,这种蓄意的手机入侵行为是“鲁莽的”。一位现任欧洲议员将库洛格卢手机被黑描述为“对法治的直接攻击”,并呼吁欧盟委员会采取具体行动,在 27 个成员国范围内对间谍软件的使用实施严格限制。

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics. 虽然针对议员的间谍软件攻击并不常见,但此次攻击的时间点以及针对委员会调查员所使用的正是其正在调查的间谍软件,这表明在委员会即将发布备受期待的调查报告前,有人对其内部运作给予了高度关注。这些黑客攻击引发了新的质疑:各国政府表面上声称需要间谍软件来识别严重犯罪,却被发现利用其监视记者、议员和批评者的通讯。

Citizen Lab’s researchers did not attribute the phone hacking to a specific country but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe. 公民实验室的研究人员并未将此次手机入侵归咎于特定国家,但表示该政府客户使用的正是此前针对欧洲各地记者手机攻击活动中所使用的同一个植入 Pegasus 的电子邮件地址。该客户的身份尚不明确,但重复使用同一个攻击邮箱地址暗示,该客户获得了 NSO Group 的授权,可以使用其 Pegasus 间谍软件在欧洲多个国家进行手机监听。

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication. 欧盟委员会发言人未回应 TechCrunch 的置评请求。NSO Group 在报道发布前也未回应关于公民实验室报告的置评请求。

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke in and stole his data without needing any interaction on his part. 公民实验室在周五发布的报告中称,库洛格卢在 2022 年 10 月以及 2023 年 3 月期间至少两次遭到入侵,攻击者利用了一个针对苹果 iPhone 软件安全漏洞的攻击程序。该漏洞此前已被修复,但库洛格卢的手机尚未安装补丁。该攻击程序属于“零点击”漏洞,意味着间谍软件无需用户进行任何交互即可入侵并窃取数据。

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos. 该漏洞利用了苹果 iPhone 智能家居软件中此前被发现的一个缺陷。它允许间谍软件在库洛格卢不知情的情况下,从其手机中获取私人数据,例如短信和其他通信记录、位置数据以及照片。

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focused in Cyprus, Greece, Hungary, Poland, and Spain. The hack also lines up at the exact time that Kouloglou was in the hospital for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time. 2022 年 10 月的黑客攻击时间点,恰逢 2022 年 10 月和 11 月期间关于电子邮件和短信的密集讨论,当时正值一份描述塞浦路斯、希腊、匈牙利、波兰和西班牙间谍软件滥用情况的初稿交付前夕。此次攻击还恰好发生在库洛格卢因预定手术住院期间,这可能使间谍软件操作员能够窃听讨论其医疗状况的环境音频,或他在当时与访客进行的谈话。

Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report. 几个月后的 3 月 6 日和 7 日,公民实验室称,在库洛格卢从雅典前往布鲁塞尔的途中,其手机再次遭到同一名 Pegasus 操作员的入侵。当时正值委员会听证会期间,距离委员会最终确定并采纳书面报告草案还有数月时间。

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses. He described anger when he learned that his phone had been hacked. “You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he told TechCrunch. 在电话中,库洛格卢告诉 TechCrunch,他不知道自己为何成为特定目标,但他认为这是因为他在欧洲议会调查 Pegasus 滥用行为的委员会中所做的工作。当得知手机被黑时,他感到非常愤怒。他告诉 TechCrunch:“你意识到你所有的个人数据都被拿走了——不仅仅是所有的专业交流或与部长的信息,还有非常私密的事情,比如快乐的时刻和悲伤的时刻。”

Kouloglou said he plans to sue NSO Group, the Israeli-headquartered spyware maker. NSO remains largely banned from use in the United States following a Biden-era executive order that outlawed the government’s use of spyware that could violate people’s human rights. Last year, the spyware maker confirmed an unnamed American investment group funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses. 库洛格卢表示,他计划起诉总部位于以色列的间谍软件制造商 NSO Group。在拜登政府发布行政命令禁止政府使用可能侵犯人权的间谍软件后,NSO 在美国的使用基本被禁止。去年,这家间谍软件制造商证实,一家未具名的美国投资集团向该公司注入了数千万美元,这很可能是为了重塑 NSO 因助长侵犯人权而受损的品牌形象。

Kouloglou said he was going public with his story “for democracy, human rights, and the fight against corruption.” “Corruption concerns everybody,” he said. 库洛格卢表示,他公开自己的遭遇是“为了民主、人权和反腐败”。他说:“腐败与每个人息息相关。”