ROME (AP) — Spyware from a U.S.-backed Israeli company was used to target the phones of at least three prominent journalists in Europe, two of whom are editors at an investigative news site in Italy, according to digital researchers at Citizen Lab, citing new forensic evidence of the attacks.
The findings come amid a growing questions about what role the government of Italian Prime Minister Giorgia Meloni may have played in spying on journalists and civil society activists critical of her leadership, and raised new concerns about the potential for abuse of commercial spyware, even in democratic countries.
“Any attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable, if confirmed,” the European Commission said in a statement Wednesday in response to questions from members of parliament. “The Commission will use all the tools at its disposal to ensure the effective application of EU law.”
Meloni’s office declined to comment Thursday, but a prominent member of her Cabinet has said that Italy “rigorously respected” the law and that the government hadn’t illegally spied on journalists.
Mercenary spyware industry
The company behind the hacks, Paragon Solutions, has sought to position itself as a virtuous player in the mercenary spyware industry and won U.S. government contracts, The Associated Press found.
Backed by former Israeli Prime Minister Ehud Barak, Paragon was reportedly acquired by AE Industrial Partners, a private investment firm based in Florida, in a December deal worth at least $500 million, pending regulatory approvals. AE Industrial Partners didn’t directly respond to requests for comment on the deal.
Paragon’s spyware, Graphite, was used to target around 90 WhatsApp users from more than two dozen countries, primarily in Europe, Meta said in January. Since then, there’s been a scramble to figure out who was hacked and who was responsible.
“We’ve seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,” a spokesperson for WhatsApp told AP in an email. “WhatsApp will continue to protect peoples’ ability to communicate privately.” Meta said the vulnerability has been patched and they have not detected subsequent attacks. Meta also sent a cease-and-desist letter to Paragon. Last month, a California court awarded Meta $168 million in damages from Israel’s NSO Group, whose spyware was used to hack 1,400 WhatsApp accounts, including of journalists, activists and government officials.
Journalists targeted
... continue reading