The Italian government denied Wednesday that it had spied on journalists and migrant activists using spyware but said it would cooperate with an investigation into “vulnerabilities” after at least seven Italian cellphones were apparently hacked with military-grade surveillance technology.
Meta’s WhatsApp messaging service informed dozens of people across the European Union on Jan. 31 that they had been targeted in a spyware attack using technology from Israeli cyber firm Paragon Solutions.
In a statement provided by Meta’s Italy press office, WhatsApp said it had disrupted what it called “a spyware campaign by Paragon that targeted several users, including journalists and members of civil society.”
After The Guardian newspaper broke the story, the Italian government confirmed on Feb. 5 that at least seven Italian cellphones were involved and that it had activated the National Cybersecurity Agency, which reports to the premier’s office, to investigate.
It said other targeted phones had numbers from Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, Netherlands, Portugal, Spain and Sweden.
Speaking to parliament’s lower chamber Wednesday, Cabinet Minister Luca Ciriani confirmed that the Italian government for many years has had a contract with Paragon Solutions to provide intelligence-gathering capabilities to fight terrorism and other threats to national security.
But he insisted that the law was “rigorously respected” and denied the government had used the technology to spy on journalists illegally. He threatened legal action against any claims to the contrary.
“Regardless, it’s up to judicial authorities to ascertain the source of the vulnerabilities that have been claimed,” he said, adding that Italian intelligence services “are ready to provide full support.”
The Guardian has reported that Paragon halted its contract with Italy after the spyware attack became public, but Ciriani said the contract with the intelligence services continues. That suggests that a second contract, perhaps with another law enforcement agency or police department, was canceled. Israel’s Haaretz newspaper has said Paragon had two contracts with Italy for Graphite, a military-grade surveillance technology capable of hacking into encrypted smartphones.
There was no immediate response to an email seeking comment sent to Paragon Solutions.
Among the Italians targeted were Luca Casarini, the head of the migrant rescue group Mediterranea Saving Humans, and Francesco Cancellato, editor of the Fanpage new website, both of whose work has been critical of the government.
Both confirmed in interviews Wednesday that they had been informed by WhatsApp on Jan. 31 that their phones had been infected with the spyware. The message they received from WhatsApp suggested they contact Citizen Lab, based out of the Munk School at the University of Toronto, which has for years played a leading role in exposing state-backed hackers.
Cancellato said he believed he had been targeted as the “backdoor” through which hackers could see what investigative stories Fanpage was developing. He surmised Fanpage’s undercover reports, in which journalists infiltrated the youth branch of Premier Giorgia Meloni’s party and exposed neofascist behavior, might have been of interest.
Casarini, for his part, heads an aid group that rescues migrants in the Mediterranean and has criticized the Italian government’s support of Libya’s patrols of its coasts to prevent smugglers’ boats from leaving.
He said he was cooperating with prosecutors.
