What we know about Spain’s cyber-espionage spyware scandals

https://www.theguardian.com/news/2022/may/10/what-we-know-about-spains-cyber-espionage-spyware-scandals

Version 0 of 1.

Spain’s Pegasus spyware revelations have come to a head with the sacking of the country’s spy chief

Two years after a joint investigation by the Guardian and El País revealed the apparent use of Pegasus spyware to target senior pro-independence Catalan politicians, the Spanish government finds itself beset by internal and external cyber-espionage scandals that have led to the sacking of the country’s intelligence chief.

What is Pegasus?

Pegasus is spyware, manufactured by the Israeli NSO Group, which allows its operator to access everything on a target’s mobile phone, including emails, text messages and photographs. It can also activate the phone’s recorder and camera, turning it into a listening device. According to NSO Group, Pegasus is only sold to governments to track criminals and terrorists.

What’s going on in Spain?

Spain’s Socialist-led coalition government announced on Tuesday that it had fired Paz Esteban, the head of the national intelligence centre (CNI). The move came three weeks after Citizen Lab cybersecurity experts published a report alleging at least 63 people connected with the Catalan independence movement – including the current regional president, Pere Aragonès – were targeted or infected with Pegasus. The report said lawyers, journalists and civil society activists were also targeted.

It has also emerged over the past week that the phones of three of Spain’s most senior politicians – the prime minister, Pedro Sánchez, the defence minister, Margarita Robles, and the interior minister, Fernando Grande-Marlaska – were subjected to “illicit” and “external” targeting using Pegasus last year.

The Spanish government described Esteban’s dismissal as a “substitution”, but has admitted there were shortcomings and failings at the CNI on her watch – not least the fact that the centre appears to have taken a year to discover the hacking of cabinet phones.

So who’s spying on whom? And why?

Those are two big – and separate – questions. In June 2020, the Guardian and El País reported that at least three senior pro-independence Catalan politicians had been told their phones had been targeted using Pegasus. The attacks, thought to have been carried out in April and May 2019, came less than two years after the failed, illegal and unilateral bid for Catalan independence that plunged Spain into its worst political and territorial crisis for decades.

One of those targeted at the time, the then speaker of the Catalan parliament, Roger Torrent, said he believed the “Spanish state” was responsible. The Spanish government vehemently denied the accusation, saying: “This government doesn’t spy on its political opponents.”

The CNI gave a more guarded answer, saying its work was overseen by Spain’s supreme court and that it always acted “in full accordance with the legal system, and with absolute respect for the applicable laws”.

The CNI’s involvement in spying on the Catalan independence movement was confirmed last week when Esteban appeared before the congressional official secrets committee and reportedly testified that 18 members of the regional independence movement – including Aragonès – were spied on with judicial approval.

It is not clear from reports of Esteban’s testimony whether Aragonès was spied on before or after coming to his current position, nor whether the technology used in the 18 cases was Pegasus.

What is the CNI’s remit?

According to its mission statement, the CNI’s job is to “prevent and avoid any danger, threat or attack against the independence or territorial integrity of Spain, its national interests, or the stability of the rule of law and its institutions”.

Both the CNI and the government have repeatedly insisted that the law has always been adhered to and the appropriate judicial authorisation sought.

What about the Spanish cabinet ministers’ phones?

According to the Spanish government, the phones of Sánchez, Robles and Marlaska were all targeted with Pegasus in May and June last year – a particularly turbulent time in Spanish politics. Not only was the Sánchez administration preparing its deeply divisive pardons of nine Catalan independence leaders jailed for their parts in the failed secession attempt in 2017, Spain was also engaged in a tense diplomatic row with Morocco.

The government has refused to speculate on who may have been behind the attacks, saying only that they were “illicit” and “external” – meaning they were carried out by another country.

The data leak at the heart of the Pegasus investigation revealed more than 200 Spanish mobile numbers were selected as possible targets for surveillance in 2019 by an NSO Group client believed to be Morocco, but Morocco has denied spying on any foreign leaders using Pegasus, and has said reporters were “incapable of proving [the country had] any relationship” with NSO.

What does NSO Group say about the apparent targeting of Spanish government phones?

“While we have not seen any information related to this alleged misuse and we are not familiar with the details of this specific case, NSO’s firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools.”

What does it say about the apparent targeting of the Catalan independence movement?

“NSO continues to be targeted by a number of politically motivated advocacy organisations like Citizen Labs and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information. We have repeatedly cooperated with governmental investigations, where credible allegations merit. However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.”

What does all this mean politically in Spain?

Sánchez’s minority government, which relies on Aragonès’s Catalan Republican Left (ERC) party for parliamentary support, has taken a far more conciliatory approach to the “Catalan question” than its conservative predecessor. While it has ruled out a referendum on regional independence, it has shown a willingness to discuss the matter and to negotiate.

The latest spying revelations have severely dented the ERC’s trust in the Spanish government, but the party is pragmatic and may take Esteban’s dismissal as a welcome gesture by Sánchez. It also knows it has more political clout with the current left-leaning minority government in power than it would under a rightwing administration.

On Tuesday, the leader of Spain’s conservative People’s party accused the prime minister of handing Esteban’s head to the independence movement to save his own political skin.