Security Experts:

Connect with us

Hi, what are you looking for?



Rights Group Verifies Polish Senator Was Hacked With Spyware

Amnesty International said Thursday it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition’s parliamentary election campaign.

Amnesty International said Thursday it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition’s parliamentary election campaign.

The Associated Press reported last month that Citizen Lab, an internet watchdog group at the University of Toronto, found that the senator, Krzysztof Brejza, and two other Polish government critics were hacked with NSO’s Pegasus spyware.

Dozens of high-profile cases of Pegasus abuse have been uncovered since 2015, many by a global media consortium last year, with the NSO Group malware employed to eavesdrop on journalists, politicians, diplomats, lawyers and human rights activists from the Middle East to Mexico.

The Polish hacks are considered particularly egregious because they occurred not in a repressive autocracy but a European Union member state.

The revelations have rocked Poland, drawing comparisons to the 1970s Watergate scandal in the United States and eliciting calls for an investigation and accountability. Although neither Citizen Lab nor Amnesty International determined who was behind the hacks, the victims all blame Poland’s right-wing ruling party, Law and Justice.

[ ReadApple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation ]

Law and Justice leaders have denied knowledge of the hacks and at times mocked the reported findings while refusing to open an investigation.

NSO Group does not identify its customers but says it only sells Pegasus to governments to fight terrorism and other serious crimes. The spyware allows its operators to vacuum up everything from instant messages and contacts to photos and to turn microphones and cameras into real-time spy tools.

Polish Prime Minister Mateusz Morawiecki has called the Citizen Lab-AP findings “fake news” and suggested a foreign intelligence service could have done the spying — an idea dismissed by critics who say no other government would have any interest in the three Polish targets.

John-Scott Railton, a senior researcher at Citizen Lab, said that “if (Polish government leaders) really believe this could be the action of a foreign service, it would be the height of irresponsibility not to investigate.”

The senator’s mobile phone was hacked with Pegasus 33 times in 2019, mostly while Brejza ran the opposition’s campaign to unseat the Law and Justice-led government, Citizen Lab determined last month.

Text messages stolen from Brejza’s phone were doctored and aired by state-controlled TV as part of a smear campaign in the heat of the race, which the populist ruling party went on to narrowly win. Brejza has compared the actions to the tactics used in Russia against Kremlin critic and opposition leader Alexei Navalny.

Donncha O’ Cearbhaill, an expert with Amnesty International’s Security Lab, said he confirmed Citizen Lab’s finding after receiving raw backups of Brejza’s phone from the Canadian researchers. Amnesty uses independently developed tools and methods for its forensic analysis.

Brejza told the AP he thinks the real victims of the hacking are Polish voters who were “deceived” by Law and Justice and “deprived of the right to fair elections.”

The other two Polish targets confirmed by Citizen Lab were Roman Giertych, a lawyer who represents opposition politicians in a number of politically sensitive cases, and Ewa Wrzosek, an independent-minded prosecutor.

Wrzosek formally asked the District Prosecutor’s Office in Warsaw last month to investigate the hacking of her phone. The office refused, justifying its decision by saying that Wrzosek refused to hand over her phone.

She said she did not relinquish the phone because she doesn’t trust the prosecutor’s office and wanted to participate in the evaluation of the device. “This is my right according to the law,” Wrzosek told the AP.

In November, Israeli financial newspaper Calcalist reported that the country’s Defense Ministry had significantly cut the list of countries to which Israeli-produced spyware could be exported. The newspaper did not say that Poland was one of the nations removed from the list, but it was not among the approved countries noted in the report.

Hungary, another European Union member where NSO Group’s Pegasus is confirmed to have been used against non-criminals, also was not on the shortened list.

The Israeli Defense Ministry has said called the Calcalist report inaccurate, without elaborating.

RelatedUS Puts New Controls on Israeli Spyware Company NSO Group

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack