Poland’s Pegasus Scandal: 578 Citizens Under Surveillance

by ·

From 2017 to 2022 in Poland, the commercial spyware Pegasus was employed to surveil nearly 578 citizens, as disclosed by Attorney General Adam Bodnar. He noted that the peak of these incidents occurred in 2021, with 162 infections recorded.

Pegasus is a sophisticated espionage software developed by the Israeli company NSO Group, which is sold to governments worldwide. It is intended for use in criminal investigations and intelligence gathering but has often been misused against activists, politicians, and journalists.

Cyber Espionage

Tomasz Semeniuk, a spokesperson for the Polish intelligence services, confirmed that the number of individuals affected by Pegasus exceeds 500. He acknowledged that some espionage cases were justified, involving individuals suspected of terrorism or as part of counterintelligence activities, yet admitted that there were “far too many instances” where the use of Pegasus was unwarranted.

Last week, Polish prosecutors initiated an investigation against current and former government officials suspected of using Pegasus against members of opposition parties and their allies, including opposition politician Krzysztof Brejza. Previously, it was reported that significantly fewer individuals, only 31, had been summoned to provide testimony at the prosecutor’s office.

Additionally, the Polish court confirmed that the state broadcaster TVP had unlawfully used compromised personal SMS messages of opposition politician Krzysztof Brejza. The correspondence was stolen using the spyware Pegasus and subsequently broadcast by TVP in 2019.

Furthermore, on April 10, Apple issued warnings to iPhone users in 92 countries about the potential threat of infection by spyware. Apple previously mentioned that such attacks could be conducted by state-sponsored hackers, but recent communications have referred to these incidents as “mercenary spyware attacks,” emphasizing that such attacks are exceedingly rare and significantly more complex than those perpetrated by ordinary cybercriminals or malware.

Tags: