A Polish Senate commission heard the testimony of two cybersecurity experts, John Scott-Railton and ... [+]
Recent revelations about Pegasus spyware abuse targeting critics in Poland and an exiled Russian journalist have underscored the urgent need for stronger protections against invasive surveillance, according to digital rights experts from Access Now and the University of Toronto’s non profit Citizen Lab. They warn the unchecked spread of cyberweapons like Pegasus poses a dire threat to human rights worldwide.
Pegasus is military-grade spyware that can remotely hack into mobile phones and take total control of the device. Once Pegasus secretly infects a phone, it can copy messages, photos, emails, record calls and activate microphones and cameras for continuous surveillance without the owner's knowledge. This lets Pegasus transform personal phones into 24/7 monitoring tools for prying government eyes.
In Poland, Amnesty International and the Citizen Lab helped uncover how Pegasus was illegally deployed against opponents before crucial 2019 elections. According to the investigation, published last year, by hacking devices the PiS (Law and Justice) ruling party obtained and leaked private data to state media to smear critics, likely altering the election outcome.
Last week, a Senate commission concluded Pegasus violates Polish law, improperly collecting excessive data without adequate security. In an in-depth report, it compared the abuses to Russian interference in the 2016 US election.
According to the report, once obtained illicitly, Pegasus was weaponized against PiS's political rivals. Senator Krzysztof Brejza, head of the opposition election campaign, had his phone hacked 33 times during the 2019 parliamentary race. Attonery Roman Giertych was another main target, his device infiltrated at least 18 times to frustrate cases against senior PiS members.
Personal data stolen from Brejza and Giertych’s phones made its way onto government-controlled TVP to assassinate their characters right before pivotal elections. “On the main edition of TVP News, an alleged email by Krzysztof Brejza was published multiple times, which in fact was a compilation of 19 old text messages,” an automated translation of the report reads.
Those surveilled described an Orwellian nightmare. Krzysztof Brejza condemned PiS's "obsession with wiretapping and surveillance". His wife Dorota spoke of constant anxiety, with three young children frightened by TV attacks. Roman Giertych deemed government spying a "criminal organization".
Prosecutor Ewa Wrzosek recounted the collapse of privacy from lifelong hacking. "My private life lay in ruins," she said. Even intimates were spied on.
In Russia, Access Now and the Citizen Lab revealed Pegasus infected the phone of journalist Galina Timchenko while she was in Germany, shortly after Putin's regime declared her outlet Meduza "undesirable", escalating its crackdown on war reporting.
The Pegasus hacking exacerbates fears dissidents cannot escape the reach of Putin's surveillance apparatus. In the case of Meduza journalist’s hack though, there’s a long list of potential culprits. States such as Germany, where Timchenko was staying when her phone was infected or Latvia, where she currently lives, are Pegagus customers.
The Netherlands’ General Intelligence and Security Service and an unnamed Estonian government agency, also appear to use Pegasus extensively. Some EU leaders have even stated that all Russians living in the West should be put under “strict surveillance”.
The recent findings are just the latest chapters in a number of Pegasus-related scandals, and paint a bleak picture of the current state of freedom of expression, the electoral process and privacy in authoritative regimes and democracies alike.
"Poland's Senate Pegasus Commission report fit within a bigger trend: Careful investigations keep finding that Pegasus spyware is harming European democracies, including the security of their electoral processes. (...) In this critical time for the future of democracy, the out-of-control mercenary spyware industry is directly undermining our core shared values, security & human rights," Citizen Lab’s senior researcher John Scott-Railton wrote on X.
