Pegasus used for mass spying on Catalan Independence movement

The use of spyware against pro-independence leaders is not new: it was already known it had been used against Roger Torrent when he was Speaker. But the so-called Catalangate became a scandal on Monday, following an investigation by Citizen Lab, a group of cybersecurity experts at the University of Toronto, which was made public in conjunction with an extensive report in The New Yorker. According to this research, the phone of Catalan president Pere Aragonès, as well as those of former presidents Quim Torra and Artur Mas and the devices of over 60 Catalan politicians, activists, lawyers and journalists have been the target of a cyberespionage campaign using Israeli company NSO's Pegasus programme. Some of them have also been victims of a different spyware –also Israeli– called Candiru. Citizen Lab concludes that Catalangate is the largest case of cyberespionage they have documented.

The Pegasus programme, designed by Israeli company NSO, allows to listen to conversations, read messages, access the entire contents of a phone, taking screenshots, review browsing history and even remotely activating the device's camera and microphone. The Israeli company claims that it can only be acquired by governments and law enforcement agencies to combat crime and terrorism, but sources from the Department of Home Affairs have denied any link to the scandal and have assured ACN that "neither the Ministry, nor the National Police, nor the Guardia Civil have ever had any relationship with the NSO company and, therefore, have never contracted any of its services". Ciitzen Lab, however, points to the National Intelligence Center (CNI) – attached to the Ministry of Defence, not the Ministry of Home Affairs – as a known NSO client. "We consider it unlikely that a non-Spanish Pegasus client would run such an extensive operation in Spain," the organisation argues.

Aragonès has reacted with indignation to the new revelations about Catalan gate. "The mass spying operation against the Catalan independence movement is an unjustifiable disgrace. An extremely serious attack on fundamental rights and democracy. One more example of repression against a peaceful and civic movement. We will go as far as necessary," he warned in a tweet. Pro-independence parties and organisations, with former president Carles Puigdemont or the leader of ERC, Oriol Junqueras at the forefront, have already called a press conference for Tuesday in the European Parliament to denounce the case.

According to the report over sixty telephones of Catalan politicians, lawyers and activists have been tapped with this program, among them Speaker Laura Borràs's and former president Carles Puigdemont's collaborators Gonzalo Boye or Joan Matamala, in this last case with a different programme called the Candiru. They also reveal that all the telephones of pro-independence Catalan MEPs were tapped. Those of Toni Comín, Diana Riba and Jordi Solé, directly, and those of Carles Puigdemont or Clara Ponsatí, indirectly through their entourage. Citizen Lab suspects that there are many more victims because its detection tools are better developed for iPhone than for Android, which is the most used system in Catalonia.

The former president Carles Puigdemont has accused the Spanish state of spying on politicians, lawyers and activists "massively and illegally". In this sense, he added that they are "victims of the state's dirty war to fight against a legitimate idea". "The report is forceful and revealing," he lamented.

Citizen Lab's research "suggests" that the Spanish government has used Pegasus. NSO CEO Shalev Hulio admits that Spain has made "legitimate" use of the technology. “Spain definitely has a rule of law,” Hulio told The New Yorker's Ronan Farrow. “And if everything was legal, with the approval of the Supreme Court, or with the approval of all the lawful mechanisms, then it can’t be misused.” Amnesty International has put out a statement where it asks the Spanish government to "clarify whether or not it is an NSO" and to carry out "an exhaustive and independent investigation on the use of Pegasus spyware against Catalans identified in this investigation". Amnesty International lamented that in October 2020 it already asked the Spanish government to inform of all of its contracts with private surveillance firms, but was told that this information is classified.

The New Yorker centres on the case of Jordi Solé, among others. It quotes an cybersecurity experts who explains intruders "they took control of it and were on it probably for some hours. Downloading, listening, recording." That happened after receiving suspicious messages via WhatsApp or SMS, supposedly from known contacts. Solé was spied on in June 2020, in the weeks before he joined the European Parliament to substitute Oriol Junqueras, who was forced to stand down as he was then in prison. Lawyer Gonzalo Boye received up to eighteen attacks between March and October 2020 through text messages "disguised" as Twitter updates. At least one of the attacks was successful. A few months lates, in February 2021. Citizen Lab identified an infection in another of Puigdemont's collaborators. Joan Matamala. In total, this businessman was attacked up to sixteen times.

Other victims

The lawyer Andreu van den Eynde, who led the defence of Oriol Junqueras, Raül Romeva, Carme Forcadell, Carles Mundó and Dolors Bassa in the trial of the Independence bid, was spied on by the Pegasus programme, which hacked into and monitored mobile phones of several members of ERC, Junts and CUP during 2019 and 2020, as revealed by El País just before the start of the trial of the Independence bid, and also of ANC and Òmnium Cultural leaders. Oriol Sagrera, a jurist specialising in criminal law and currently secretary general and number two in the Department of Enterprise and Employment, was also spied on using this program.

Three of the victims of this programme have explained to El País that Citizen Lab warned them that they had been spied on using Pegasus. Two of those involved who received this information were Van den Eynde and Sagrera. The latter was the Speaker's chief of staff under Roger Torrent. This same system monitored the activity of several mobile phones of members of the ANC, such as that of its president Elisenda Paluzie and of Òmnium, such as that of the vice president Marcel Mauri, according to the investigation.

The precedent of Torrent

These new cases of espionage are in addition to those already suffered by Torrent himself, secretary general of ERC Marta Rovira, former minister of Foreign Affairs Ernest Maragall, CUP former MP Anna Gabriel, and PDECat and ANC member Jordi Domingo. In an institutional declaration, Torrent accused "the State apparatus" of being responsible for the espionage and asked the Spanish government to investigate it and make all those responsible pay, but the central executive washed its hands of the matter. The Ministry of Home Affairs, the National Police and the Guardia Civil then also denied being clients of NSO.

Eldiario.es also published that the mobile phones of the minister of Digital Policies, Jordi Puigneró, and the technical director of the Consell per la República, Sergi Miquel, were also attacked, but in the case of the minister it was not successful. Puigneró explained to this newspaper that he suspects that the cybersecurity software installed in Catalan government's high ranking officials' mobile phones went into action and blocked the spyware.