麻豆社国产

Skip to content

US-backed Israeli company's spyware used to target European journalists, Citizen Lab finds

ROME (AP) 鈥 Spyware from a U.S.
6de59e52adee409596be5ec88c3e314e81284d64ec19c28b764a8d47b5293c12
FILE - Giorgia Meloni attends a debate at the Senate in Rome, Oct. 26, 2022. (AP Photo/Andrew Medichini, file)

ROME (AP) 鈥 Spyware from a U.S.-backed Israeli company was used to of at least three prominent journalists in Europe, two of whom are editors at an investigative news site in Italy, according to digital researchers at Citizen Lab, citing new forensic evidence of the attacks.

The findings come amid a growing questions about what role the government of Italian Prime Minister may have played in spying on journalists and civil society activists critical of her leadership, and raised new concerns about the potential for abuse of commercial spyware, even in democratic countries.

鈥淎ny attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable, if confirmed,鈥 the European Union's executive branch said in a statement Wednesday in response to questions from members of parliament. The European Commission "will use all the tools at its disposal to ensure the effective application of EU law.鈥

Meloni's office declined to comment Thursday, but a prominent member of her Cabinet has said that Italy 鈥渞igorously respected鈥 the law and that the government hadn't illegally spied on journalists.

Mercenary spyware industry

The company behind the hacks, Paragon Solutions, has sought to position itself as a virtuous player in the mercenary spyware industry and won U.S. government contracts, The Associated Press found.

Backed by former Israeli Prime Minister Ehud Barak, Paragon was reportedly acquired by AE Industrial Partners, a private investment firm based in Florida, in a December deal worth at least $500 million, pending regulatory approvals. AE Industrial Partners didn't directly respond to requests for comment on the deal.

Paragon鈥檚 spyware, Graphite, was used to target around 90 WhatsApp users from more than two dozen countries, primarily in Europe, Meta said in January. Since then, there鈥檚 been a scramble to figure out who was hacked and who was responsible.

鈥淲e鈥檝e seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,鈥 a spokesperson for WhatsApp told AP in an email. 鈥淲hatsApp will continue to protect peoples鈥 ability to communicate privately.鈥 Meta said the vulnerability has been patched and they have not detected subsequent attacks. Meta also sent a cease-and-desist letter to Paragon. Last month, a California court awarded Meta $168 million in damages from Israel鈥檚 NSO Group, whose spyware was used to hack 1,400 WhatsApp accounts, including of journalists, activists and government officials.

鈥淚t is unacceptable in a democratic country that journalists are spied on without knowing the reason. We do not know how many there are and if there are others,鈥 Vittorio di Trapani, president of the Italian journalists' union FNSI, told the AP. 鈥淭he EU should intervene. The democracy of a founding country of the union and therefore of the whole of Europe is at stake."

Journalists targeted

The , released today, show that the use of spyware against journalists has continued, despite the backlash against NSO Group, and establish for the first time that Paragon was able to successfully infect Apple devices.

Ciro Pellegrino, who heads the Naples newsroom of an investigative news outlet called Fanpage.it, received a notice on April 29 that his iPhone had been targeted.

Last year, Fanpage secretly infiltrated the youth wing of Meloni鈥檚 Brothers of Italy party and filmed some of them making fascist and racist remarks. Pellegrino鈥檚 colleague, Fanpage editor-in-chief Francesco Cancellato, also received a notice from Meta that his Android device had been targeted by Paragon spyware, though forensic evidence that his phone was actually infected with Graphite hasn't yet surfaced, according to Citizen Lab.

The Citizen Lab's report today also revealed a third case, of a 鈥減rominent European journalist,鈥 who asked to remain anonymous, but is connected to the Italian cluster by forensic evidence unearthed by researchers at the laboratory, which is run out of the Munk School at the University of Toronto. The Citizen Lab, which has analyzed all the devices, said the attack came via iMessage, and that Apple has patched the vulnerability. Apple did not respond immediately to requests for comment.

鈥淧aragon is now mired in exactly the kind of abuse scandal that NSO Group is notorious for,鈥 said John Scott-Railton, a senior researcher at the Citizen Lab. 鈥淭his shows the industry and its way of doing business is the problem. It鈥檚 not just a few bad apples.鈥

Stealthy spyware

Paragon鈥檚 spyware is especially stealthy because it can compromise a device without any action from the user. Similar to the NSO Group鈥檚 notorious Pegasus spyware, which has been blacklisted by the U.S. government, Graphite allows the operator to covertly access applications, including encrypted messengers like Signal and WhatsApp.

鈥淭here鈥檚 no link to click, attachment to download, file to open or mistake to make,鈥 Scott-Railton said. 鈥淥ne moment the phone is yours, and the next minute its data is streaming to an attacker.鈥

Parliamentary oversight

COPASIR, the parliamentary committee overseeing the Italian secret services, took the rare step last week of making public the results of its investigation into the government鈥檚 use of Paragon. The COPASIR report said that Italian intelligence services hadn't spied on Cancellato, the editor of Fanpage.

The report did confirm the surveillance, with tools including Graphite, of civil society activists, but said they had been targeted legally and with government authorization 鈥 not as activists but over their work related to irregular immigration and national security.

Giovanni Donzelli, vice president of COPASIR and a prominent member of Meloni鈥檚 Brothers of Italy party, declined further comment Thursday, saying the parliamentary report was 鈥渕ore relevant than an analysis done by a privately funded Canadian laboratory.鈥

Citizen Lab says it's 鈥渞igorously independent,鈥 and doesn't accept research funding from governments or companies.

Italy and Paragon both say they鈥檝e terminated their relationship, but offer starkly different versions of the breakup.

Paragon referred questions to a statement it gave to Israeli newspaper Haaretz, in which the company said that it stopped providing spyware to Italy after the government declined its offer to help investigate Cancellato鈥檚 case. Italian authorities, however, said they had rejected Paragon's offer over national security concerns and ended the relationship following media outcry.

U.S. contracts

Paragon has been keen to deflect reputational damage that could, in theory, impact its contracts with the U.S. government.

A 2023 executive order, which so far hasn't been overturned by U.S. President Donald Trump, prohibits federal government departments and agencies from acquiring commercial spyware that has been misused by foreign governments, including to limit freedom of expression and political dissent.

The U.S. Department of Homeland Security awarded Paragon a one-year, $2 million contract last September for operations and support of U.S. Immigration and Customs Enforcement, public records show.

The U.S. Drug Enforcement Administration has also reportedly used the spyware. In December 2022, Adam Schiff, the California Democrat who at the time chaired the House Intelligence Committee, wrote to the administrator of the U.S. Drug Enforcement Administration questioning whether the DEA鈥檚 use of Graphite spyware undermined efforts to deter the 鈥渂road proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them.鈥

___

Byron Tau in Washington, and Lorne Cook in Brussels, contributed to this report.

Erika Kinetz And Paolo Santalucia, The Associated Press