Jul 27 (Reuters) – The European Union has found evidence that smartphones used by some of its staff were compromised by spyware from an Israeli company, the bloc’s top justice official said in a letter seen by Reuters.
In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked with Pegasus. , a tool developed and sold to government clients by Israeli surveillance. NSO Group company.
Apple’s warning prompted inspections of Reynders’ personal and professional devices, as well as other phones used by European Commission employees, according to the letter.
Sign up now for FREE unlimited access to Reuters.com
Although the investigation found no conclusive evidence that the phones of Reynders or EU staff were hacked, the researchers did uncover “indicators of compromise,” a term used by security researchers to describe that there is evidence showing a hack occurred. .
Reynders’ letter did not provide further details, saying “it is impossible to attribute these indicators to a specific perpetrator with complete certainty.” He added that the investigation was still active.
Messages left with Reynders, the European Commission and Reynders’s spokesman, David Marechal, were not immediately returned.
An NSO spokeswoman said the company would willingly cooperate with an EU investigation.
“Our assistance is even more crucial as there is no concrete evidence so far that a breach has occurred,” the spokeswoman said in a statement to Reuters. “Any illegal use by a client targeting activists, journalists, etc., is considered serious misuse.”
NSO Group is being sued by Apple Inc (AAPL.O) for violating its terms of user and services agreement.
QUESTIONS FROM LEGISLATORS
Reuters first reported in April that the European Union was investigating whether the phones used by Reynders and other top European officials had been hacked using software designed in Israel. Reynders and the European Commission declined to comment on the report at the time.
Reynders’ acknowledgment in the letter of the hacking activity was made in response to inquiries from European lawmakers, who earlier this year formed a committee to investigate the use of surveillance software in Europe.
Last week, the committee announced that its investigation found that 14 EU member states had purchased NSO technology in the past.
Reynders’ letter, which was shared with Reuters by in ‘t Veld, the committee’s rapporteur, said officials in Hungary, Poland and Spain had been or were in the process of being questioned about their use of Pegasus.
In ‘t Veld said it was imperative to find out who attacked the EU Commission, suggesting it would be particularly scandalous if an EU member state were found to be responsible.
The European Commission has also raised the issue with Israeli authorities, asking them to take steps to “prevent the misuse of its products in the EU,” the letter said.
The Israel Defense Ministry adviser did not immediately respond to a request for comment.
Apple’s alerts, sent out late last year, told specific users that a hacking tool, called ForcedEntry, could have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry was the work of the NSO Group. Reuters also previously reported that another smaller Israeli company called QuaDream had developed an almost identical tool.
In November, the administration of US President Joe Biden gave NSO Group a designation making it difficult for US companies to do business with them, after determining that its phone hacking technology had been used by foreign governments to “maliciously attacking” political dissidents around. the world.
NSO, which has kept its client list confidential, has said it sells its products only to “vetted and legitimate” government customers.
Sign up now for FREE unlimited access to Reuters.com
Reporting from Raphael Satter and Christopher Bing in Washington; edited by Grant McCool
Our standards: The Thomson Reuters Trust Principles.
