Mass espionage to the Catalan independence movement with a mobile virus that only governments can buy.
The Pegasus system from the Israeli company NSO was used to strip the phones of the
procés
architects .
The program attacked or infected the terminals of the top leaders of ERC, Junts, the CUP and the two associations that have flooded the streets with esteladas since 2012, Assemblea Nacional Catalana (ANC) and Òmnium Cultural, as revealed by EL PAÍS.
Most of the intrusions were recorded between 2017 and 2020.
Former presidents Artur Mas, Carles Puigdemont and Quim Torra, as well as the current
president
, Pere Aragonès, have been among the 63 victims of Pegasus.
A figure that includes targets attacked (intrusion attempts) and infected (
hacked
), according to Citizen Lab, a group of cybersecurity experts at the University of Toronto that exclusively investigates the misuse of
malware .
Israeli.
The attacks were forged during the presidential terms —as in the case of Torra (2018-2020)— or after leaving the Generalitat, as happened to Mas (2010-2016).
Another way to snoop into the technological secrets of these leaders was to infect the mobile phones of friends, advisers or partners of the targets.
Puigdemont's wife (2016-2017), the journalist Marcela Topor, was attacked with Pegasus between 2019 and 2020 through trap messages in SMS format.
"All Catalan presidents since 2010 have been attacked or infected with Pegasus, either during their term or after", collects the Canadian body in a document released this Monday under the title of
Catalangate
.
The virus glided silently through the phones of deputies, MEPs, lawyers and activists in the hot days of the
procés
.
And it landed on the terminals during the investigation of the 1-0 referendum of 2017 and the trial against the independentistas in the Supreme Court.
Considered one of the most sophisticated programs in the world, the application attacked the terminals of the head of Parliament, Laura Borrás, and her predecessor, Roger Torrent, as also revealed by an investigation by EL PAÍS and The Guardian in 2020.
Although Citizen Lab does not conclude who is behind these attacks, the cybersecurity agency establishes a link between the siege of the cell phones of the independentists and Spain.
And he bases this suspicion on the interest of those investigated for the Spanish authorities, the hot political moment of the cyberattacks and the detail that organizations such as the CNI had Pegasus at least until 2020 and that they were previously clients of another similar system of the firm Italian Hacking Team.
The Spanish intelligence service, which has had the Catalan independence movement on its radar since 2015 after the formation of the so-called Unit for the Defense of Constitutional Principles, avoided confirming to this newspaper if it ordered the infections with Pegasus.
The Law of Prior Judicial Control of 2002, which regulates the activity of the body, allows communications to be intervened after requesting a permit from a Supreme Court magistrate.
The authorization of the puncture must be renewed every three months and be reasoned.
The Israeli sentinel was also used to sniff out the organizers of the pro-independence marches.
The former presidents of the ANC and Òmnium Cultural, Jordi Sànchez and Jordi Cuixart —who were sentenced in 2019 by the Supreme Court to nine years in prison for sedition— became a target for Pegasus.
The Sànchez terminal suffered the first attempted attack in 2015 —the first of those detected—, after the activist participated in a demonstration in Barcelona.
Cuixart was monitored through the infection of his wife's terminal, which was attacked when the former leader of Òmnium was being investigated for his participation in the 1-O 2017 referendum. Later, the virus managed to access his wife's terminal in full trial of the
process
.
The president of the ANC, the economist Elisenda Paluzie, was also tracked by this program, which —according to its manufacturer— can only be purchased by public bodies such as the police, armies and intelligence services to prevent crimes such as terrorism and other organized crime activities.
A permit from the Israeli Ministry of Defense is required for export.
The siege of the star lawyers was another of the espionage strategies.
The application infiltrated the phones of Puigdemont's lawyers, Jaume Alonso-Cuevillas and Gonzalo Boye, who received 18 infected messages on their mobile between June and May 2020. The letters simulated news from media such as
The Guardian
or
Politico
and, once Once punctured, they redirected the terminal to an infected website.
The system also planned on the telephone of Andreu Van den Eynde, defender in the
procés
trial of the former vice president of the Generalitat and president of the ERC, Oriol Junqueras, and the former
minister
of Foreign Affairs of the Generalitat Raül Romeva, who were sentenced for sedition and embezzlement in 2019 by the Supreme Court to 13 and 12 years in prison, respectively.
Along with the rest of the convicted, both were partially pardoned last June by the Government.
Pro-independence MEPs were another target.
Citizen Lab estimates that the application was used to track "directly or indirectly" the Catalan community parliamentarians who supported the independence path.
And he gives as an example the cases of Diana Riba (ERC) and Antoni Comín (Junts), who were affected after landing in the European Parliament in 2019. Another victim was Jordi Solé (ERC), who occupied in 2020 the seat obtained by Junqueras in the European elections of May 2019 and that was left vacant due to the conviction of the latter in the cause of the procés.
Undetectable to antiviruses, Pegasus reports to the attacker all kinds of sensitive information from the terminals.
It allows you to listen to encrypted conversations, read encrypted messages, steal passwords and even remotely activate the terminal's microphone and camera.
An option that turns the spied on into a kind of mobile antenna.
The device also makes it possible to modify—delete and add—content such as videos and images to a phone's memory.
Together with the Catalan independentistas, the system also attacked the mobile phones of the general coordinator of Bildu, Arnaldo Otegi, and of the deputy of this formation, Jon Iñarritu.
To find out if their mobiles were attacked (intrusion attempts) or infected (hacked) with Pegasus, the 63 independentistas who were victims of the spyware voluntarily installed an application on their mobiles, which tracked the terminals.
The Canadian agency's investigation began two years ago.
The tricks used by Pegasus to sneak into the terminals are diverse.
Sometimes the system forwards infected messages to the victims.
And others, took advantage of security flaws in commercial applications.
A WhatsApp bug allowed the spyware to tap more than 1,400 terminals between April and May 2019 with a missed unanswered video call through the popular messaging app.
NSO Group, manufacturer of Pegasus, assured this newspaper in 2020 that it investigates whether its clients use their malware for a purpose other than that for which it was conceived, such as spying on opponents and activists.
But the truth is that different journalistic investigations have revealed the use of its application by authoritarian regimes.
Citizen Lab confirmed that the virus tracked phones in 45 countries in 2018.
Rwanda, Bahrain, Kazakhstan, Morocco, Mexico, the United Arab Emirates or Saudi Arabia made up the list of clients of the Israeli technology company.
The victims of Pegasus accredited by Citizen Lab join the cases revealed by EL PAÍS and
The Guardian
of the former president of Parliament Roger Torrent;
the
former
Minister of Foreign Affairs Ernest Maragall, both from ERC;
of the former CUP deputy who fled to Switzerland in 2018, Anna Gabriel, and of the PDCAT and ANC militant Jordi Domingo.
Exclusive content for subscribers
read without limits
subscribe
I'm already a subscriber
