CONNECT WITH US
Cyber Security

Cyber Security

Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

Kanak Aggarwal

Published on

Add as a preferred source on Google
Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

MEP Stelios Kouloglou, investigating Pegasus abuses, had his phone hacked, sparking outrage and calls for strict EU spyware limits.

The confirmation that a European lawmaker, actively investigating spyware abuses, had his phone compromised by Pegasus software intensifies scrutiny on the global surveillance technology market, threatening to deepen regulatory pressures on developers like NSO Group and further erode public trust in digital security frameworks. This incident, revealing a direct assault on oversight mechanisms, poses significant market implications for companies operating in the contentious dual-use technology space, where government contracts intersect with fundamental human rights.

Security researchers at the University of Toronto’s digital rights unit, The Citizen Lab, confirmed the phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023. This marks the first public identification of a member of the European Parliament’s PEGA committee, tasked with probing phone spyware attacks by European governments, as a victim of the very technology under investigation. Mr. Kouloglou reported his phone was compromised in October 2022 and again in March 2023, coinciding with crucial phases of the committee's work.

The breaches utilized a zero-click exploit, leveraging a previously discovered vulnerability in Apple's iPhone software, which allowed Pegasus to infiltrate the device and extract private data without any user interaction. While Apple had patched the flaw, the fix was not installed on Mr. Kouloglou’s device at the time of the attacks. This sophisticated method highlights the persistent challenge for device manufacturers in outmaneuvering state-sponsored adversaries, placing immense pressure on their brand integrity in an era where digital security is paramount for consumer trust.

What It Means

This incident is more than a security breach; it represents a significant blow to the fragile ecosystem of digital trust, which is foundational for the modern creator and consumer economy. When oversight bodies themselves become targets, it sends a chilling message about the perceived impunity of those who wield such powerful surveillance tools. For brands and platforms, this erosion of confidence translates into a tangible market risk, as users become increasingly wary of where their data resides and how their digital communications are protected.

My read is that the deliberate targeting of an investigator undermines the democratic process and the rule of law, which are crucial for stable markets and predictable regulatory environments. The European Parliament's PEGA committee was established precisely to address these concerns, and this hack could galvanize stricter digital sovereignty measures across the 27-member bloc. Such regulatory shifts could significantly impact the market for surveillance technologies, pushing for greater transparency and accountability that NSO Group and its peers have historically resisted.

Tens of millions of dollars

Reported investment from an unnamed American group into NSO Group last year, aimed at rehabilitating the spyware maker's beleaguered brand amidst widespread allegations of human rights abuses and U.S. government blacklisting.

The Context

NSO Group, the Israeli-headquartered maker of Pegasus, has faced escalating global scrutiny. The U.S. government blacklisted the company in 2021, citing its role in enabling foreign governments to conduct "transnational repression." This designation, along with a string of high-profile hacking revelations involving journalists, activists, and dissidents, has severely impacted the company's brand and market access. While NSO Group has consistently maintained that its software is sold only to vetted governments for combating terrorism and serious crime, the repeated instances of abuse tell a different story, making its rehabilitation a complex endeavor.

Mr. Kouloglou’s targeting aligns with a broader trend of state actors employing sophisticated cyber tools for political ends, a development that casts a long shadow over the future of digital communications. The Citizen Lab's finding that the government customer used the same Pegasus-loaded email address from prior campaigns across Europe implies a persistent and authorized operation, underscoring the challenges of attributing and curbing such attacks. This context is vital for understanding the escalating regulatory push by the European Union and other bodies to rein in the use and proliferation of commercial spyware.

What Analysts Say

The ongoing saga around Pegasus and similar tools highlights a critical inflection point for the cybersecurity and digital rights landscape. Analysts are increasingly weighing the reputational and financial risks for tech companies whose products are weaponized, even indirectly, against civil society. The push for stringent regulations in Europe, like the proposed EU Cyber Resilience Act and enhanced privacy frameworks, could set a global precedent for how dual-use technologies are developed, sold, and governed, directly impacting market valuations and investment flows in the sector.

The erosion of trust in digital platforms, exacerbated by such high-profile hacks, is a concern for any brand built on audience engagement and data integrity. As a contributing author focused on the creator economy, I see this as a deepening crisis for digital public spheres. When individuals, even those in positions of power, cannot assume the privacy of their digital interactions, it stifles open discourse and undermines the very foundation of online communities. This incident amplifies calls for robust, transparent digital governance, a trend that will reshape the competitive landscape for tech providers globally.

The market will be watching for the European Commission’s concrete actions following this incident, as well as the progress of Mr. Kouloglou’s planned lawsuit against NSO Group. Any judicial or regulatory precedents set could significantly alter the operational environment for surveillance technology firms and their government clients, potentially triggering new investment strategies or divestment from the sector as accountability demands grow.

Frequently asked questions

Who is Stelios Kouloglou and why was his phone hacked?

Stelios Kouloglou is a Greek journalist and former politician who served on the European Parliament's PEGA committee, investigating phone spyware attacks. His phone was hacked with Pegasus spyware during his tenure on this committee, likely due to his work probing surveillance abuses.

What is Pegasus spyware?

Pegasus is a notorious surveillance tool developed by the Israeli company NSO Group. It can covertly infiltrate mobile phones, allowing operators to extract data, monitor communications, and even activate the device's camera and microphone without the user's knowledge.

Who confirmed the hacking of Kouloglou's phone?

Security researchers at the University of Toronto’s digital rights unit, The Citizen Lab, confirmed that Stelios Kouloglou's phone was hacked with Pegasus spyware in 2022 and 2023.

What are the implications of a lawmaker investigating spyware being hacked?

This incident is seen as a "direct attack on the rule of law" and raises serious questions about government abuse of surveillance tools. It intensifies calls for stricter regulations on spyware use within the EU and highlights threats to democracy and human rights.

What actions is Kouloglou taking after his phone was hacked?

Kouloglou stated his intention to sue NSO Group, the maker of Pegasus spyware. He is also going public with his story to advocate for democracy, human rights, and the fight against corruption.

What type of vulnerability did Pegasus exploit on Kouloglou's iPhone?

The Pegasus spyware exploited a "zero-click" bug, which means it compromised a security vulnerability in Apple’s iPhone software without requiring any interaction from Kouloglou. This flaw was in Apple's smart home software.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It's possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Google Preferred Source