Exclusive: EU found evidence employee phones compromised with spyware -letter

By Raphael Satter

(Reuters) – The European Union found evidence that smartphones used by some of its staff were compromised by an Israeli company’s spy software, the bloc’s top justice official said in a letter seen by Reuters.

In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked using Pegasus, a tool developed and sold to government clients by Israeli surveillance firm NSO Group.

The warning from Apple triggered the inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter said.

Though the investigation did not find conclusive proof that Reynders’ or EU staff phones were hacked, investigators discovered “indicators of compromise” – a term used by security researchers to describe that evidence exists showing a hack occurred.

Reynders’ letter did not provide further detail and he said “it is impossible to attribute these indicators to a specific perpetrator with full certainty.” It added that the investigation was still active.

Messages left with Reynders, the European Commission, and Reynders’ spokesman David Marechal were not immediately returned.

An NSO spokeswoman said the firm would willingly cooperate with an EU investigation.

“Our assistance is even more crucial, as there is no concrete proof so far that a breach occurred,” the spokeswoman said in a statement to Reuters. “Any illegal use by a customer targeting activists, journalists, etc., is considered a serious misuse.”

NSO Group is being sued by Apple Inc (AAPL.O) for violating its user terms and services agreement.

LAWMAKERS’ QUESTIONS

Reuters first reported in April that the European Union was investigating whether phones used by Reynders and other senior European officials had been hacked using software designed in Israel. Reynders and the European Commission declined to comment on the report at the time.

Reynders’ acknowledgement in the letter of hacking activity was made in response to inquiries from European lawmakers, who earlier this year formed a committee to investigate the use of surveillance software in Europe.

Last week the committee announced that its investigation found 14 EU member states had purchased NSO technology in the past.

Reynders’ letter – which was shared with Reuters by in ‘t Veld, the committee’s rapporteur – said officials in Hungary, Poland and Spain had been or were in the process of being questioned about their use of Pegasus.

In ‘t Veld said it was imperative to find out who targeted the EU Commission, suggesting it would be especially scandalous if it were found that an EU member state was responsible.

The European Commission also raised the issue with Israeli authorities, asking them to take steps to “prevent the misuse of their products in the EU,” the letter said.

A spokesperson for the Israeli Ministry of Defense did not immediately respond to a request for comment.

Apple’s alerts, sent late last year, told targeted users that a hacking tool, dubbed ForcedEntry, may have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry had been the work of NSO Group. Reuters also previously reported that another, smaller Israeli firm named QuaDream had developed a nearly identical tool.

In November, the administration of U.S. President Joe Biden gave NSO Group a designation that makes it harder for U.S. companies to do business with them, after determining that its phone-hacking technology had been used by foreign governments to “maliciously target” political dissidents around the world.

NSO, which has kept its client list confidential, has said that it sells its products only to “vetted and legitimate” government clients.

(Reporting by Raphael Satter and Christopher Bing in Washington; editing by Grant McCool)