A European Parliament committee has begun investigating Pegasus spyware cases, looking into accusations of spying leveled against EU member states. 

Developed by the Israeli firm NSO Group, Pegasus software has been sold primarily to government clients. The spyware gains access to smartphones, allowing full access to victims' communications and private data.

The committee chair Jeroen Lenaers, a Dutch MEP, said: "We have seen many cases where innocent people such as journalists and lawyers have been targeted by spyware, and this is a huge problem for democracy and the rule of law."

READ MORE

See Odesa's catacombs, ready for Russian attack

What counts as a chemical weapon?

How Zoe Reed builds bridges between cultures

The new committee will investigate whether or not Pegasus software has breached EU law and fundamental rights. 

The more powerful European Commission has refused to investigate, saying the cases are a matter for individual states to explore. 

Journalists hacked 

The University of Toronto-based Citizen Lab revealed that prominent government critics of the Polish government and opposition figures had been targeted by Pegasus software. 

Citizen Lab did not say who ordered the hacks. NSO has a policy of not identifying its clients beyond stating it works only with legitimate government agencies that have been vetted by Israel's Defense Ministry.

A Polish state security spokesperson told AP, which first reported the story, that "suggestions that Polish services use operational methods for political struggle are unjustified."

Earlier this year, Hungarian journalists targeted by Pegasus announced plans to take legal action against the Hungarian government and NSO. 

In Greece an investigative journalist said on Tuesday that prosecutors will investigate who targeted his phone after Citizen Lab revealed hackers 

Germany's Federal Criminal Police Office also bought Pegasus software from NSO in 2019, something revealed by an investigation by German publications led by Die Zeit. 

The government said they used the software to target terrorists and organized criminals. 

"Once you start aggressively targeting with Pegasus, you'll join a fraternity of dictators and autocrats who use it against their enemies, and that certainly has no place in the EU," senior researcher John-Scott Railton of Citizen Lab told AP. 

Catalan leaders call for police action 

The committee's setting up comes as in Spain, over 60 people, including three Catalan presidents and some MEPs, are alleged to have been spied on by Spanish authorities. 

Catalonia's regional leader will ask the police to investigate alleged spying by the Spanish government after Citizen Lab found that his phone and those of dozens more pro-independence leaders were infected with spy software.

Citizen Lab said that in the wake of a failed independence bid in 2017, at least 63 people linked to the Catalan separatist movement, including current leader Pere Aragones and several of his predecessors, had been targets of Pegasus spyware made by Israel's NSO Group. 

"A democratic state does not spy on its citizens...a democratic state does not listen in on the private conversations of its political opponents," Aragones told a news conference.

The government denied illegally spying on the Catalan independence leaders but didn't say whether it had undertaken any court-approved electronic surveillance.

"The government has nothing to hide," spokesperson Isabel Rodriguez said, adding that it would cooperate fully with any investigation.

Citizen Lab said it could not directly attribute the spying operations, but circumstantial evidence pointed to Spanish authorities.

Downing Street targetted 

Citizen Lab is one of the leading research groups on mercenary spyware within the cybersecurity industry.

This week, it also revealed that it had warned British officials that electronic devices connected to government networks, including in the prime minister's office and foreign ministry, appeared to be targeted with Pegasus.

"We confirm that in 2020 and 2021, we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," the blog post reads.

Citizen Lab said it believed the targeting connected to the prime minister's office was done by NSO clients in the United Arab Emirates, while the British foreign ministry hacking came from other countries, including Cyprus, Jordan, and India.

Cyprus authorities "categorically deny" any involvement in the matter, government spokesperson Marios Pelekanos told Reuters.

An NSO spokesperson said the allegations are "false and could not be related to NSO products for technological and contractual reasons."