The European Parliament’s Committee of Inquiry into the Pegasus software discovered during its investigations in Israel and after establishing contact with the company that created the spyware, that the company has 22 customers within the European Union, including 12 are states. This revelation shows that the Pegasus affair revealed in several international media which pointed the finger at Morocco, was in reality an orchestrated campaign and which particularly targeted the Kingdom.
In 2021, a group of international but especially French media as well as NGOs, accused Morocco of using the Israeli spyware Pegasus developed by the company NSO. Morocco then filed defamation suits with the Paris Court, demanding that evidence to corroborate these accusations be revealed.
At the time, the resounding affair caused a scandal, especially since the media had claimed that the Moroccan intelligence services were spying on the French President, Emmanuel Macron and even King Mohammed VI, in addition to several other personalities.
And in the arguments of the signatories of the survey, appeared as clients of NSO, for the most part African countries, developing countries, and almost no Western countries. On the exposed list, no country of the European Union apart from Hungary (a pariah state within the 27) was part of it, suggesting that these countries respected the rules, privacy and did not did not engage in espionage.
A year later, new spy cases broke out within the European bloc, notably with the revelation of Greece’s use of spyware similar to Pegasus, called Predator and whose parent company is owned by an Israeli. Greece spied on an investigative journalist and the leader of the country’s socialist party via this software.
Spain also caused a scandal when it was revealed that the Catalan independence leaders had been spied on via Pegasus, before the government itself revealed that some of its members had allegedly been victims of hacking of their phones through the same spyware.
But this time, it was a European commission of inquiry that went to Israel to check whether EU countries were using Pegasus. This investigation was triggered after European commissioners denounced having been spied on, which suggested that it was European state-to-European state espionage.
According to the Israeli media Haaretz, which conducted investigations, the members of the commission of inquiry were “surprised” to discover contracts with their countries of origin. They are currently 12 European countries out of 27 members of the EU to attach the services of Pegasus at a state level, reveals the Israeli media.
But in total NSO has contracts with 22 security and law enforcement organizations within the EU, which means that some countries in the European Union have several contracts with the company through companies or institutions.
Representatives of the commission have traveled to Israel in recent weeks to also meet with Defense Ministry officials and local experts. On their return to Europe, they also discovered that there was a highly developed cyberwar and espionage industry whose main customers were European countries.
“If a single company has 14 Member States for customers, you can imagine the overall size of the sector. There seems to be a huge market for commercial spyware, and EU governments are very keen buyers. But they are very quiet about it, keeping it out of public view,” said MEP Sophie in ‘t Veld and member of the Pegasus Inquiry.
“We know that spyware is being developed in several EU countries. Notably Italy, Germany and France,” she added, continuing that “even if they use it for legitimate purposes, they don’t want more transparency, surveillance and guarantees. The Secret Service has its own universe, where normal laws don’t apply. To some extent this has always been the case, but in the digital age they have become all-powerful, virtually invisible and utterly elusive”.
Separately, Microsoft revealed new spyware called Subzero, made by an Austrian company located in Lichtenstein called DSIRF. Spyware exploits a weakness to hack into computers.
Meanwhile, Google security investigators have unveiled a new spyware named Hermit, made by an Italian company called RSC Labs, a successor to Hacking Team also exploited an unknown security weakness to allow hacking of iPhones and computers. Android devices, and has been found on devices in Kazakhstan, Syria, and Italy.
The customers of RCS Labs, which is located in Milan with branches in France and Spain, include official European law enforcement organizations.