EU officials targeted with Israeli spyware, bloc officers say

Brussels/Washington  — Senior officials at the European Commission were targeted in 2021 with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters.

Among them is Didier Reynders, a senior Belgian statesman who has been serving as the European justice commissioner since 2019, according to one of the documents. At least four other commission staffers were also targeted, according to the document and another person familiar with the matter. The two EU officials confirmed that staffers at the commission were targeted but did not provide details.

The commission became aware of the targeting following messages issued by Apple to thousands of iPhone owners in November telling them they were “targeted by state-sponsored attackers”, the two EU officials said. It was the first time Apple had sent a mass alert to users that they were in government hackers' crosshairs.

The warnings triggered immediate concern at the commission, the two officials said. In a November 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.

“Given the nature of your responsibilities, you are a potential target,” the staffer said in the email.

Reuters was unable to determine who used the Israeli spyware to target Reynders and his Brussels-based colleagues, whether the attempts were successful, and, if so, what the hackers might have obtained as a result.

Reynders and his spokesperson David Marechal did not return repeated messages. European Commission spokesperson Johannes Bahrke declined to comment. Apple declined to comment.

Not responsible

Security researchers have said the recipients of the warnings were targeted between February and September 2021 using ForcedEntry, an advanced piece of software that was used by Israeli cyber surveillance vendor NSO Group to help foreign spy agencies remotely and invisibly take control of iPhones. A smaller Israeli spyware vendor, QuaDream, also sold a nearly identical tool to government clients, Reuters previously reported.

NSO said in a statement that it was not responsible for the hacking attempts, saying the targeting described by Reuters “could not have happened with NSO's tools”.

The company, which faces a number of overlapping lawsuits and was recently blacklisted by US officials over alleged human rights abuses, said it supports an investigation into the targeting and called for the establishment of global rules to govern the spyware industry.

QuaDream, which keeps a lower profile, did not return repeated messages.

IT experts examined at least some of the officials' smartphones for signs of compromise but the results were inconclusive, according to the two EU sources, who spoke on condition of anonymity because they weren't authorised to speak to the press.

Reuters has been unable to determine whether the commission is still investigating the matter.

News of the targeting comes as the EU is beginning to follow the US in taking a harder look at spyware merchants such as NSO.

The European parliament is set to launch a committee of inquiry to investigate the use of surveillance software in European member states on April 19, according to Sophie in 't Veld, the EU legislator who championed the committee's creation.

In 't Veld said that she had been unaware that European Commission officials were targeted, calling the news “dynamite”.

“We really have to get to the bottom of this,” she said.

Denied wrongdoing

The committee was formed after reports that senior opposition politicians in Poland had their phones hacked with Israeli spyware and that prominent critics and investigative journalists in Hungary had also been targeted.

Polish officials and a Hungarian ruling party legislator have acknowledged that their respective governments purchased NSO software, though both nations have denied wrongdoing regarding allegations of domestic espionage.

It is important not to jump to conclusions about who might be responsible, said Kenneth Lasoen, a research fellow at the Clingendael Netherlands Institute of International Relations.

The EU “are a very high profile target for multiple actors”, Lasoen said. “Brussels is a true nest of espionage.”

Reuters