Hackers have their sights set on European lawmakers, and the European Parliament is struggling to keep up.
Two members of the European Parliament's security and defense subcommittee recently discovered that hackers had launched spyware attacks on their phones, which could have given them incredibly sensitive access through the phones’ microphones, cameras, and other applications. One committee staffer has also been targeted.
A spokesperson confirmed the spyware findings to The Daily Beast on Thursday. The European Parliament is paying “special attention” to the subcommittee and its staff given its portfolio of work, and everyone on the committee will have the opportunity to scan their devices for spyware, the spokesperson said.
ADVERTISEMENT
“In the given geopolitical context and given the nature of the files followed by the subcommittee on security and defense, a special attention is dedicated to the devices of the members of this sub-committee and the staff supporting its work,” the spokesperson told The Daily Beast.
Hackers have targeted the chair of the defense subcommittee, Nathalie Loiseau, a French member of European Parliament, as well as Elena Yoncheva, a Bulgarian lawmaker and member of the subcommittee, according to a Politico report.
The lawmakers did not immediately return a request for comment.
The news comes as the European Parliament tries to play catch-up on cybersecurity ahead of elections in June. Protecting against spyware is notoriously difficult—hackers can infiltrate victims’ phones with malware that is capable of infecting phones without the victim having to click on anything.
The European Parliament's IT department has been working an uphill battle trying to prepare the body for elections and protect against nefarious actors year-round. Last year, the department issued an internal review that found that the parliament’s cybersecurity "has not yet met industry standards” and is “not fully in-line with the threat level" of foreign hackers, according to a Politico report.
Member states are now high alert for hacking operations or disinformation operations that could interfere with elections in the coming days. Each member state conducts elections individually and simultaneously, relying on different systems and safeguards. That could generate a perfect storm in which foreign bad actors can interfere, or create the appearance of interference and throw the entire process into chaos.
The report from the IT department reportedly highlighted different areas of concern, including attacks that could impact political debates, voting systems, parliament, or disinformation operations.
Spyware is a pernicious surveillance threat that governments around the globe and the private sector are still working to counter properly. Pegasus spyware from NSO Group, an Israeli firm, has targeted journalists, dissidents, and members of civil society throughout the world, including in Mexico, Morocco, and Rwanda, according to researchers.
The State Department has stated that hackers can use spyware to enable extrajudicial killings; associates of journalist Jamal Khashoggi were targeted with Pegasus before his murder in Istanbul in 2018, according to Amnesty International. Some American phone numbers have also been targeted, according to an investigation, including Robert Malley, then Biden administration’s special envoy to Iran.
Politicians need to do their part to protect their devices and their political institutions from prying eyes, John Scott-Railton, a senior researcher at Citizen Lab who works to uncover new Pegasus infections around the globe, told The Daily Beast.
“The writing on the wall in general, whether it's elections or political institutions around the world, is that the threat right now is greater than most people, including most politicians realize,” he said.
The latest spate of targeted spyware hacking comes as European Union nations continue to strategize about providing military aid for Ukraine as it continues to fight against the Russian invasion.
If foreign hackers are successfully able to surveil lawmakers’ most intimate details, it could impact the core functions of political institutions in Europe, Scott-Railton said.
It’s already clear that the vulnerability in Europe “is a direct threat to European institutions’ ability to function and to maintain confidentiality when necessary, and protect their sources and process,” Scott-Railton said.
“The European political reckoning on the issue of spyware is going to have to happen. The question is how much of a price will be paid in breaches before serious action is taken from various national and European institutions,” he added.