(Reuters) – The European Union’s chief justice official said in a letter seen by Reuters that the European Union had found evidence that smartphones used by some of its employees had been hacked by an Israeli company’s spyware.
In a July 25 letter sent to European lawmaker Sophie at ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple told him in 2021 that his iPhone had been hacked using Pegasus, a tool developed and sold to customers government through Israeli surveillance. NSO Group Corporation.
The letter said that the warning from Apple led to the inspection of Reynders’ personal and business devices as well as other phones used by European Commission staff.
Register now to get free unlimited access to Reuters.com
Although the investigation found no conclusive evidence that Reynders’ phones or EU employees had been hacked, investigators discovered “indications of compromise” – a term security researchers use to describe evidence showing a hack.
Reynders’ letter did not provide further details and said, “It is absolutely impossible to attribute these indications to a specific perpetrator.” She added that the investigation is still ongoing.
Letters left with Reynders, the European Commission and Reynders spokesman David Marechal were not immediately returned.
A spokeswoman for NSO said the company would willingly cooperate with the EU investigation.
“Our assistance is even more important as there is still no concrete evidence of a breach,” the spokeswoman said in a statement to Reuters. “Any illegal use by a client targeting activists, journalists, etc., is considered serious abuse.”
The NSO Group is being sued by Apple Inc (AAPL.O) for violating its User Terms and Services Agreement.
Lawyers Questions
Reuters first reported in April that the European Union was investigating whether phones used by Reynders and other senior European officials had been hacked using software designed in Israel. Reynders and the European Commission declined to comment on the report at the time.
Reynders’ admission in the letter to the hacking activity came in response to inquiries from European lawmakers, who earlier this year set up a commission to investigate the use of surveillance software in Europe.
The commission announced last week that its investigation found that 14 EU member states had purchased NSO technology in the past.
Reynders’ letter – which was seen by Reuters by committee rapporteur In Field – said officials in Hungary, Poland and Spain were or were under questioning about their use of Pegasus.
She said it was necessary to find out who targeted the EU Commission, noting that it would be particularly scandalous if an EU member state was found to be responsible.
The European Commission also raised the issue with the Israeli authorities, asking them to take steps “to prevent their products from being misused in the European Union,” according to the letter.
An Israeli Defense Ministry spokesman did not immediately respond to a request for comment.
Apple’s alerts, sent out late last year, told targeted users that a hacking tool, called ForcedEntry, may have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry was the work of NSO Group. Reuters also reported earlier that another smaller Israeli company called QuaDream has developed an almost identical tool.
In November, the administration of US President Joe Biden gave the NSO Group a designation that would make it difficult for US companies to deal with it, after confirming that its phone hacking technology had been used by foreign governments to “maliciously target” surrounding political opponents. the scientist.
NSO, which has kept its customer list confidential, said it sells its products only to “vetted and legitimate” government customers.
Register now to get free unlimited access to Reuters.com
(Reporting by Raphael Satter and Christopher Bing in Washington); Editing by Grant McCall
Our criteria: Thomson Reuters Trust Principles.