Several members of my political group in the European Parliament have recently been the victims of a spyware attack – their systems have been compromised by the zero-click intrusive software, Pegasus. Rings a bell?
Belgium, (Brussels Morning Newspaper) It wasn’t until two weeks ago that we learned that Spanish Prime Minister Pedro Sanchez’s mobile phone had been hacked by the infamous Pegasus software, however a great deal of ruckus already caused last year’s revelations regarding hacking the French president, several Polish and Hungarian politicians, and even journalists and various activists. And we’re still only talking about the known cases – the actual number of affected people can be expected to be much larger.
Last week these cyber threats were discussed in the European Parliament. Of course, taking into account the development of the Russian war of aggression in Ukraine. It must be said here that, despite its highly advanced cyber capabilities, Russia has so far failed to weaken Ukraine’s infrastructure and resistance. Undoubtedly with the huge contribution of American and British cyber missions, whose teams help to strengthen Ukraine’s cyber defenses. Low-cost cyber operations “from below”, led by “hacktivists” (the biggest group known as Anonymous) and proxy groups, also chip in this war.
Unfortunately, we as the EU are lagging in this area, even though our leaders themselves are facing an increasing number of attacks. And so, the question is clear: Will the EU citizens continue to be forced to hope that Anonymous will have the capacity to cover our backs one day? Or can we rely on ourselves in defending our critical infrastructure, data, and information?
Cyber operations may not yet win wars, but globally they are dynamically strengthening their impact in the areas of espionage, propaganda, fraud, and subversion. That is why I and my Pirate colleagues are calling on the EU, whose defenses have major shortcomings in facing the threat of cyber-attacks. And given the extremely fragile geopolitical balance, this weakness can cost us European countries and citizens a lot.
It has been 6 years since the European Parliament began to think about regulating (not only) emerging technologies. I had the honor last year, as a rapporteur, of completing the dual-use regulation, which, among other things, brought transparency to spyware exports. The Commission must now publish a list of specific spyware that has been exported from the EU. Thanks to that, we know now that Pegasus and similar spyware have been sold through sister companies in Bulgaria, Cyprus, and Luxembourg. So I need to ask, and I am asking it repeatedly within the EU institutions: what would have to happen for us to finally decide to sanction a company like the Israeli’s NSO Group?