US-backed Israeli company's spyware used to target European journalists, Citizen Lab finds

Winnipeg Free Press

2 days ago

ROME (AP) — Spyware from a U.S.-backed Israeli company was used to target the phones of at least three prominent journalists in Europe, two of whom are editors at an investigative news site in Italy, according to digital researchers at Citizen Lab, citing new forensic evidence of the attacks.
The findings come amid a growing questions about what role the government of Italian Prime Minister Giorgia Meloni may have played in spying on journalists and civil society activists critical of her leadership, and raised new concerns about the potential for abuse of commercial spyware, even in democratic countries.
'Any attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable, if confirmed,' the European Commission said in a statement Wednesday in response to questions from members of parliament. 'The Commission will use all the tools at its disposal to ensure the effective application of EU law.'
Meloni's office declined to comment Thursday, but a prominent member of her Cabinet has said that Italy 'rigorously respected' the law and that the government hadn't illegally spied on journalists.
Mercenary spyware industry
The company behind the hacks, Paragon Solutions, has sought to position itself as a virtuous player in the mercenary spyware industry and won U.S. government contracts, The Associated Press found.
Backed by former Israeli Prime Minister Ehud Barak, Paragon was reportedly acquired by AE Industrial Partners, a private investment firm based in Florida, in a December deal worth at least $500 million, pending regulatory approvals. AE Industrial Partners didn't directly respond to requests for comment on the deal.
Paragon's spyware, Graphite, was used to target around 90 WhatsApp users from more than two dozen countries, primarily in Europe, Meta said in January. Since then, there's been a scramble to figure out who was hacked and who was responsible.
'We've seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,' a spokesperson for WhatsApp told AP in an email. 'WhatsApp will continue to protect peoples' ability to communicate privately.' Meta said the vulnerability has been patched and they have not detected subsequent attacks. Meta also sent a cease-and-desist letter to Paragon. Last month, a California court awarded Meta $168 million in damages from Israel's NSO Group, whose spyware was used to hack 1,400 WhatsApp accounts, including of journalists, activists and government officials.
Journalists targeted
The Citizen Lab's findings, released today, show that the use of spyware against journalists has continued, despite the backlash against NSO Group, and establish for the first time that Paragon was able to successfully infect Apple devices.
Ciro Pellegrino, who heads the Naples newsroom of an investigative news outlet called Fanpage.it, received a notice on April 29 that his iPhone had been targeted.
Last year, Fanpage secretly infiltrated the youth wing of Meloni's Brothers of Italy party and filmed some of them making fascist and racist remarks. Pellegrino's colleague, Fanpage editor-in-chief Francesco Cancellato, also received a notice from Meta that his Android device had been targeted by Paragon spyware, though forensic evidence that his phone was actually infected with Graphite hasn't yet surfaced, according to Citizen Lab.
The Citizen Lab's report today also revealed a third case, of a 'prominent European journalist,' who asked to remain anonymous, but is connected to the Italian cluster by forensic evidence unearthed by researchers at the laboratory, which is run out of the Munk School at the University of Toronto. The Citizen Lab, which has analyzed all the devices, said the attack came via iMessage, and that Apple has patched the vulnerability. Apple did not respond immediately to requests for comment.
'Paragon is now mired in exactly the kind of abuse scandal that NSO Group is notorious for,' said John Scott-Railton, a senior researcher at the Citizen Lab. 'This shows the industry and its way of doing business is the problem. It's not just a few bad apples.'
Stealthy spyware
Paragon's spyware is especially stealthy because it can compromise a device without any action from the user. Similar to the NSO Group's notorious Pegasus spyware, which has been blacklisted by the U.S. government, Graphite allows the operator to covertly access applications, including encrypted messengers like Signal and WhatsApp.
'There's no link to click, attachment to download, file to open or mistake to make,' Scott-Railton said. 'One moment the phone is yours, and the next minute its data is streaming to an attacker.'
Parliamentary oversight
COPASIR, the parliamentary committee overseeing the Italian secret services, took the rare step last week of making public the results of its investigation into the government's use of Paragon. The COPASIR report said that Italian intelligence services hadn't spied on Cancellato, the editor of Fanpage.
The report did confirm the surveillance, with tools including Graphite, of civil society activists, but said they had been targeted legally and with government authorization — not as activists but over their work related to irregular immigration and national security.
Giovanni Donzelli, vice president of COPASIR and a prominent member of Meloni's Brothers of Italy party, declined further comment Thursday, saying the parliamentary report was 'more relevant than an analysis done by a privately funded Canadian laboratory.'
Citizen Lab says it's 'rigorously independent,' and doesn't accept research funding from governments or companies.
Italy and Paragon both say they've terminated their relationship, but offer starkly different versions of the breakup.
Paragon referred questions to a statement it gave to Israeli newspaper Haaretz, in which the company said that it stopped providing spyware to Italy after the government declined its offer to help investigate Cancellato's case. Italian authorities, however, said they had rejected Paragon's offer over national security concerns and ended the relationship following media outcry.
U.S. contracts
Paragon has been keen to deflect reputational damage that could, in theory, impact its contracts with the U.S. government.
Wednesdays
Columnist Jen Zoratti looks at what's next in arts, life and pop culture.
A 2023 executive order, which so far hasn't been overturned by U.S. President Donald Trump, prohibits federal government departments and agencies from acquiring commercial spyware that has been misused by foreign governments, including to limit freedom of expression and political dissent.
The U.S. Department of Homeland Security awarded Paragon a one-year, $2 million contract last September for operations and support of U.S. Immigration and Customs Enforcement, public records show.
The U.S. Drug Enforcement Administration has also reportedly used the spyware. In December 2022, Adam Schiff, the California Democrat who at the time chaired the House Intelligence Committee, wrote to the administrator of the U.S. Drug Enforcement Administration questioning whether the DEA's use of Graphite spyware undermined efforts to deter the 'broad proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them.'
___
Byron Tau in Washington, and Lorne Cook in Brussels, contributed to this report.