The study, published Monday by the Citizen Lab, considered one of the world’s leading experts in digital attack detection, said the victims of cell phone targeting were Pere Aragonès, who has led Catalonia since last year, as well as former regional presidents Quim Torra, Carles. Puigdemont and Artur Mas. He also noted that MEPs, lawmakers, lawyers, civil society activists and journalists, as well as some members of their families, were targeted. Although the NSO Group claims that Pegasus is only sold to governments to track down criminals and terrorists, a joint survey two years ago by the Guardian and El País found that the president of Catalonia’s regional parliament and at least two other pro-independence supporters spyware was used to target them. The Citizen Lab report reported that at least 65 people were targeted or infected with paid spyware, of which at least 63 were targeted or infected with Pegasus. Almost all of the incidents took place between 2017 – the year of Catalonia’s failed regional independence bid – and 2020. Victims’ phones are said to have been targeted using fake messages or WhatsApp messages. He said Aragonès was targeted while he was vice president of Catalonia, while Torra – who was regional president between 2018 and 2020 – was targeted while in power. Putzdemon, who led the failed, unilateral push for independence almost five years ago, was also a target – as was Mas, who was targeted after stepping down. Thirty-one regional MPs – 27 of them from the three Catalan parties in favor of independence – are said to have been targeted, as were nine members of the two powerful grassroots groups, the Catalan National Assembly and Òmnium Cultural. The Citizen Lab investigation also concluded that many lawyers representing prominent Catalan separatists were targeted and infected with Pegasus. According to the report, these include Gonzalo Boye, who represents Puigdemont, and Andreu Van den Eynde, a lawyer for many senior pro-independence politicians, including former regional vice-president Oriol Junqueras. The report said the number of confirmed mercenary spyware victims was “extremely high”. [and] gives a window to a possibly greater effort to bring a significant section of Catalan civil society under targeted scrutiny for several years ”. The Citizen Lab pointed out that the NSO group claims that Pegasus is sold only to governments, adding: “Although we do not attribute this function to specific government entities, indirect evidence suggests a strong relationship with the Spanish government, including the nature of the victims and objectives, the timetable and the fact that Spain is mentioned as a government client of the NSO Group “. He called for a formal investigation to determine who had ordered the targeting, what judicial oversight he had exercised and how the infringed material had been used. Aragonès said the Citizen Lab’s findings, first reported in the New Yorker, had revealed “a case of espionage against a democratic European movement that endangers fundamental rights everywhere”. He called on the Spanish government to provide immediate explanations, saying: “The espionage of public representatives, lawyers or civil rights activists is a red line.” Amnesty International, which examined the Citizen Lab investigation and said it had found evidence of Pegasus targeting and infection in all cases, said the Spanish government needed to clarify whether it was a NSO Group customer. He also urged the government to conduct “a thorough, independent investigation” into the alleged use of Pegasus against those identified by the Citizen Lab. “Governments around the world have not done enough to investigate or stop human rights abuses caused by invasive spyware programs such as Pegasus,” said Likhita Banerji, Amnesty International’s technology and human rights researcher. “The use, sale and transfer of this surveillance technology must be suspended temporarily to prevent further human rights violations.” An NSO spokesman said: “The NSO continues to target a number of politically motivated defense organizations, such as Citizen Labs and Amnesty, for producing inaccurate and unfounded reports based on vague and incomplete information. “We have repeatedly collaborated with government investigations, where credible allegations are worthwhile. However, the information that emerged from these allegations is again false and could not be related to NSO products for technological or conventional reasons. “ A spokesman for the Spanish Interior Ministry said that neither the ministry, Policía Nacional, nor the Guardia Civil had ever traded with the NSO Group and therefore had not entered into any of its services. He added: “All interceptions of communications are carried out under judicial authority and in full respect of the law.” The Spanish National Intelligence Service (CNI) has previously told the Guardian and El País that its work is being overseen by the Supreme Court and that it is acting “in full compliance with the legal system and in full compliance with applicable laws”. In U.S. courts in response to WhatsApp’s allegations, the NSO Group has denied allegations that it bears any responsibility for targeting individuals, saying it did not use the technology itself.
