Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Two More Poles Identified as Victims of Hacking With Spyware

Two more Poles have been identified as victims of phone hacking with the notoriously powerful spyware from Israel’s NSO Group: an agrarian political leader at odds with Poland’s right-wing government and the co-author of a book about the head of Poland’s secret services.

Two more Poles have been identified as victims of phone hacking with the notoriously powerful spyware from Israel’s NSO Group: an agrarian political leader at odds with Poland’s right-wing government and the co-author of a book about the head of Poland’s secret services.

The newest discovery by Citizen Lab cybersleuths broadens the list of those allegedly targeted by state surveillance under Poland’s nationalist government with a tool marketed for use exclusively against criminals and terrorists.

In late December, the University of Toronto-affiliated security researchers determined that a Polish senator, Polish lawyer and a Polish prosecutor — all three critics of Poland’s ruling Law and Justice party – were hacked with NSO’s Pegasus. They were the first confirmations that a tool widely abused globally by repressive governments had been used in the European Union country.

The finding triggered an inquiry in the opposition-controlled Senate.

In its new findings, Citizen Lab found that Michal Kolodziejczak, a 33-year-old farmer and agrarian social movement leader was hacked several times in May 2019. That was months ahead of a fall election in which Kolodziejczak was hoping to have his group, AGROunia, become a formal political party. Support for his movement threatened to eat into a key constituency of the ruling party, farmers and other voters in the Polish countryside. Courts have so far blocked his efforts to form a political party.

The other target was Tomasz Szwejgiert, who says he collaborated for years with Polish secret services before finding himself at odds with powerful figures. He was hacked while co-authoring a book about the head of Poland’s secret services, Mariusz Kaminski. He was hacked 21 times with Pegasus from late March to June of 2019, intrusions that began after he and his collaborators sent questions to the Polish government about Kaminski.

Replying to a request for comment, a Polish state security spokesman, Stanislaw Zaryn, insisted that surveillance is only carried out in justified cases and in accordance with the law. He said due to legal limitations he could not give any details about whether specific people were surveilled.

Advertisement. Scroll to continue reading.

However, he said reports about Szwejgiert’s “connections with the secret services are untrue,” and said the man has faced charges for serious economic crimes.

Szwejgiert told the AP that he was innocent and served two prison terms for crimes that he did not commit.

Pegasus is ultra-invasive. The hacker gets access to a victim’s smartphone data and can surveil them in real time with the phone’s microphone and camera. The Pegasus abuse cases worldwide highlight how such technologies – used against journalists, dissidents, rights activists and politicians — pose a growing threat to democratic systems.

[ READNSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen‘ ]

The revelations in Poland led ruling party leader Jaroslaw Kaczynski to acknowledge publicly for the first time earlier this month that Pegasus was bought by the Polish state. Kaczynski described it as a tool to fight crime and denied that political opponents were targeted.

As the government sought to counter perceptions that the state was engaged in mass surveillance, a ruling party lawmaker knowledgeable about state security services, Marek Suski, said last Friday that the number surveilled by the state did not exceed “several hundred people a year.”

The news drew headlines, however, shocking Poles who considered the number anything but trivial.

John Scott-Railton, a senior researcher at the Citizen Lab who found the forensic traces of hacking on the phones of all five Poles, said he believes “there is more to be found.”

“In my experience, Pegasus abuses are often the canary in the coal mine. What about other surveillance powers? Such as wiretapping and internet monitoring? These can be harder for outsiders to prove, but are ripe for abuse at a massive scale,” said Scott-Railton, who testified along with a co-researcher to Poland’s Senate commission last week.

Citizen Lab had previously confirmed the hacking of Ewa Wrzosek, an independent prosecutor fighting government attempts to politicize the judiciary, and Roman Giertych, a prominent lawyer who represents opposition leaders including Donald Tusk, a former prime minister.

Another Pegasus hack confirmed by Citizen Lab was of Sen. Krzysztof Brejza, who was running the opposition’s 2019 parliamentary election campaign at the time. Messages stolen from his phone were doctored and used in a smear campaign against him.

One aim of the Senate inquiry is to determine whether the 2019 election was fair under the circumstances. Kaczynski’s Law and Justice won by a slim margin.

Kolodziejczak believed the elections could not have been fair, given the hacking.

“They manipulate everyone’s choices in this way,” he said. “If one party knows more, it is easier for them to convince you NOT to vote for the others.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...