AP Exclusive: Polish opposition senator hacked with spyware

Dec 23, 2021, 9:47 AM | Updated: Jan 2, 2022, 1:24 pm

WARSAW, Poland (AP) — Polish Sen. Krzysztof Brejza’s mobile phone was hacked with sophisticated spyware nearly three dozen times in 2019 when he was running the opposition’s campaign against the right-wing populist government in parliamentary elections, an internet watchdog found.

Text messages stolen from Brejza’s phone — then doctored in a smear campaign — were aired by state-controlled TV in the heat of that race, which the ruling party narrowly won. With the hacking revelation, Brejza now questions whether the election was fair.

It’s the third finding by the University of Toronto’s nonprofit Citizen Lab that a Polish opposition figure was hacked with Pegasus spyware from the Israeli hacking tools firm NSO Group. Brejza’s phone was digitally broken in to 33 times from April 26, 2019, to Oct. 23, 2019, said Citizen Lab researchers, who have been tracking government abuses of NSO malware for years.

The other two hacks were identified earlier this week after a joint Citizen Lab-Associated Press investigation. All three victims blame Poland’s government, which has refused to confirm or deny whether it ordered the hacks or is a client of NSO Group. State security services spokesman Stanislaw Zaryn insisted Thursday that the government does not wiretap illegally and obtains court orders in “justified cases.” He said any suggestions the Polish government surveils for political ends were false.

NSO, which was blacklisted by the U.S. government last month, says it only sells its spyware to legitimate government law enforcement and intelligence agencies vetted by Israel’s Defense Ministry for use against terrorists and criminals. It does not name its clients and would not say if Poland is among them.

Citizen Lab said it believes NSO keeps logs of intrusions so an investigation could determine who was behind the Polish hacks.

In response to the revelations, European Union lawmakers said they would hasten efforts to investigate allegations that member nations such as Poland have abused Pegasus spyware.

The other two Polish victims are Ewa Wrzosek, an outspoken prosecutor fighting the increasingly hardline government’s undermining of judicial independence, and Roman Giertych, a lawyer who has represented senior leaders of Brejza’s party, Civic Platform, in sensitive cases.

Prime Minister Mateusz Morawiecki on Wednesday dismissed revelations that Giertych and Wrzosek were hacked as “fake news.” Justice Minister Zbigniew Ziobro expressed no knowledge of “illegal actions aimed at the surveillance of citizens” but also said Poland was “not helpless” in taking action against people suspected of crimes.

Giertych was hacked 18 times, also in the run-up to 2019 parliamentary elections that the ruling Law and Justice party won by a razor-thin margin. That victory has continued a dangerous erosion of democracy in the nation where the popular 1980s protest movement Solidarity presaged the eventual collapse of the Soviet empire.

The intense tempo of the hacks of Brejza and Giertych “indicates an extreme level of monitoring” that raises pressing questions about abuses of power, Citizen Lab senior researcher John Scott-Railton said. Pegasus gives its operators complete access to a mobile device: They can extract passwords, photos, messages, contacts and browsing history and activate the microphone and camera for real-time eavesdropping.

“My heart sinks with each case we find,” Scott-Railton added. “This seems to be confirming our worst fear: Even when used in a democracy, this kind of spyware has an almost immutable abuse potential.”

Other confirmed victims have included Mexican and Saudi journalists, British attorneys,Palestinian human rights activists, heads of state and Uganda-based U.S. diplomats.

An NSO spokesperson said Thursday that “the company does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorized uses.” The spokesperson claimed zero tolerance for governments who abuse it the software; NSO says it has terminated multiple contracts of governments who have abused Pegasus, although it has not named any publicly.

Despite any measures NSO might be taking, Citizen Lab notes, the list of abuse cases continues to grow.

Brejza, a 38-year-old attorney, told the AP that he has no doubt data stolen from his phone while he was chief of staff of the opposition coalition’s parliamentary campaign provided critical strategy insights. Combined with the smear effort against him, he said, it prevented “a fair electoral process.”

Text messages stolen from Brejza’s phone were doctored to make it appear as if he created an online group that spread hateful anti-government propaganda; reports in state-controlled media cited the altered texts. But the group didn’t actually exist.

Brejza says he now understands where TVP state television got them.

“This operation wrecked the work of staff and destabilized my campaign,” he said. “I don’t know how many votes it took from me and the entire coalition.”

Brejza won his Senate seat in that October 2019 race. But since the ruling party held on to the more powerful lower house of parliament, it has steered Poland further away from EU standards of liberal democracy.

Election monitors from the Organization for Security and Cooperation in Europe said at the time that control of state media gave the ruling party an unfair advantage but called the elections essentially free. They were unaware of the hacking.

Brejza has kept the ruling Law and Justice party on its heels since it won power in 2015. For example, he has exposed large bonuses paid to senior government officials. In another case, he revealed that the postal service sent tens of thousands of dollars to a company tied to ruling party leader Jaroslaw Kaczynski. Brejza fears the hacking could have compromised whistleblowers who had reached out to him with evidence.

NSO Group is facing daunting financial and legal challenges — including the threat of default on more than $300 million in debt — after governments used Pegasus spyware to spy on dissidents, journalists, diplomats and human rights activists from countries including Saudi Arabia, the United Arab Emirates, Mexico and the United States. The U.S. blacklisting of NSO has effectively barred U.S. companies from supplying technology to the Israeli firm.

Apple sued NSO last month, bent on halting the violation of its operating systems with exploits including a so-called zero-click hack that can compromise a device with no user interaction. Apple alerted scores of users worldwide that they had been hacked. In 2019, Facebook sued the Israeli firm over allegations of hacking its globally popular WhatsApp messenger app.

Dutch EU parliamentarian Sophie in ‘t Veld told the AP on Wednesday that a committee has launched hearings on Pegasus and that the revelations from Poland “will only help intensify the process.”

“EU governments using spyware on political opponents and critics is unacceptable,” she tweeted, accusing the European Commission — the EU’s executive branch — of “ducking the issue.” She wants a ban on such practices in the 27-nation bloc.

That may be difficult, however, because national security matters are outside EU jurisdiction, said Lukasz Olejnik, a cybersecurity consultant who has worked with the International Red Cross. Some member states are apt to argue that the EU cannot prohibit their use of digital surveillance tools for that end, he said.

___

Bajak reported from Boston. Associated Press reporters Kelvin Chan contributed from London and Josef Federman from Jerusalem.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - People walk outside the U.S Capitol building in Washington, June 9, 2022. The biggest invest...
Associated Press

In Biden’s big bill: Climate, health care, deficit reduction

WASHINGTON (AP) — The biggest investment ever in the U.S. to fight climate change. A hard-fought cap on out-of-pocket prescription drug costs for seniors in the Medicare program. A new corporate minimum tax to ensure big businesses pay their share. And billions left over to pay down federal deficits. All told, the Democrats’ “Inflation Reduction […]
23 hours ago
House Speaker Nancy Pelosi of Calif., speaks during a news conference on Capitol Hill, Wednesday, A...
Associated Press

House Dems set to overcome GOP for climate, health care win

WASHINGTON (AP) — A flagship Democratic economic bill perched on the edge of House passage Friday, placing President Joe Biden on the brink of a back-from-the-dead triumph on his climate, health and tax goals that could energize his party ahead of November’s elections. Democrats were poised to muscle the measure through the narrowly divided House […]
23 hours ago
A long line of voters wraps around the Sedgwick County Historic Courthouse in Wichita, Kan., on the...
Associated Press

Kansas abortion vote shows limits of GOP’s strength

TOPEKA, Kan. (AP) — An increase in turnout among Democrats and independents and a notable shift in Republican-leaning counties contributed to the overwhelming support of abortion rights last week in traditionally conservative Kansas, according to a detailed Associated Press analysis of the voting results. A proposed state constitutional amendment would have allowed the Republican-controlled Legislature […]
23 hours ago
The Diablo Canyon Nuclear Power Plant, south of Los Osos, Calif., is viewed Sept. 20, 2005. The Cal...
Associated Press

Nuke or no nuke? California officials ponder nuclear future

LOS ANGELES (AP) — The California Legislature has less than three weeks to determine if it will take an extraordinary step and attempt to extend the life of California’s last operating nuclear plant, a decision that would be made amid looming questions over the cost and who would pay and earthquake safety risks. The legislative […]
23 hours ago
Election workers process mail-in ballots during a nearly all-mail primary election in Las Vegas, Ju...
Associated Press

Nevada officials offer regulations as hand-counts gain steam

RENO, Nev. (AP) — Hand-counting teams of four, not all from the same party. Table centers at least 10 feet apart. Ballots counted 20 at a time. Those are some of the regulations the Nevada secretary of state’s office is proposing for how counties can count paper ballots by hand amid a growing push for […]
23 hours ago
Associated Press

Today in History: August 12, deadliest single-aircraft crash

Today in History Today is Friday, Aug. 12, the 224th day of 2022. There are 141 days left in the year. Today’s Highlight in History: On Aug. 12, 1953, the Soviet Union conducted a secret test of its first hydrogen bomb. On this date: In 1867, President Andrew Johnson sparked a move to impeach him […]
23 hours ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Here are 4 signs the HVAC unit needs to be replaced

Pool renovations and kitchen upgrades may seem enticing, but at the forefront of these investments arguably should be what residents use the most. In a state where summertime is sweltering, access to a functioning HVAC unit can be critical.
...
Dr. Richard Carmona

Great news: Children under 5 can now get COVID-19 vaccine

After more than two years of battle with an invisible killer, we can now vaccinate the youngest among us against COVID-19. This is great news.
(Courtesy Condor)...
Condor Airlines

Condor Airlines shows passion for destinations from Sky Harbor with new-look aircraft

Condor Airlines brings passion to each flight and connects people to their dream destinations throughout the world.
AP Exclusive: Polish opposition senator hacked with spyware