EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones

Staff
By Staff 6 Min Read

The recent discovery that Stelios Kouloglou, a Member of the European Parliament (MEP), was targeted by Pegasus spyware marks a chilling development in the ongoing struggle to protect democratic institutions from digital surveillance. Forensic analysis conducted by Citizen Lab revealed two distinct rounds of infection on Kouloglou’s phone: once in October 2022 and again in March 2023. While the investigation stopped short of directly blaming the Greek government, it noted unsettling overlaps between the attacks on the MEP and campaigns directed at activists and journalists across Russia and Belarus. This suggests a sophisticated level of coordination that transcends simple political disagreement, pointing toward a calculated effort to undermine the very people tasked with drafting policy. For those working within the European Parliament, the revelation that their investigations into spyware were themselves being surveilled by spyware is a bitter irony, highlighting the absurdity and danger of the current landscape.

The timing of these digital intrusions provides a clear motive that goes far beyond a casual interest in an MEP’s personal data. In 2022, Kouloglou was targeted shortly after engaging with other journalists who had faced their own battles with spyware, coinciding with crucial European Parliament hearings. The second wave of attacks in 2023 occurred right as the PEGA committee—a body dedicated to investigating these very abuses—was finalizing its findings and negotiating its recommendations. As Hannah Neumann, a fellow Green MEP on the committee, aptly puts it, the timing is too precise to be coincidental. Someone was not just watching Kouloglou; they were actively monitoring the committee’s internal deliberations, likely to gain an advantage or obstruct the process of bringing spyware corruption to light. This transformation of a public servant’s device into an eavesdropping tool for unknown actors highlights how profoundly digital incursions can jeopardize the democratic process.

For Kouloglou, the violation is deeply personal and extends far beyond the professional sphere. Learning that someone had peered into his private life—his conversations with family, his interactions with his children, and his most intimate moments—has been a source of profound anger. It is a stark reminder that when these tools are deployed, there is no boundary between public duty and private existence. For him, this is not merely a matter of a breached smartphone; it is an issue of fundamental justice and the integrity of the fight against corruption. The feeling of being watched, knowing that your most vulnerable moments are being logged by a faceless entity, creates a chilling effect that threatens the very core of what it means to be a representative of the people.

Despite receiving multiple security notifications from Apple throughout 2023 and 2024, the reality of the threat only truly crystallized after the forensic intervention by Citizen Lab. These warnings, which often arrive long after the fact, serve as a cruel reminder of how difficult it is for even high-profile targets to defend themselves against such advanced, mercenary technology. Kouloglou and his colleagues now fear that he may just be the tip of the iceberg, suspecting that other members of the committee were likely targeted as well. The lack of proactive, real-time protection or institutional accountability has left many within the European Parliament feeling exposed and, frankly, disillusioned by the slow pace of reform.

The frustration bubbling within European institutions is palpable, especially given that the PEGA committee has already laid out a comprehensive roadmap for reform. Their recommendations—which include the creation of an EU-based forensic laboratory and a dedicated task force to protect electoral integrity—have sat stagnant for years. Experts like John Scott-Railton of Citizen Lab have expressed severe disappointment, characterizing the current state of European inaction as an institutional embarrassment. He warns that we are sitting on a “mountain of spyware abuses,” and as artificial intelligence continues to lower the technical and financial barriers to using such tools, the scale of the threat will only grow. Without a unified, aggressive stance, there is a very real danger that these mercenary technologies will become a standard, unchecked feature of political life.

Ultimately, the European Union stands at a crossroad where it must decide whether it will be a bystander or a leader in the regulation of invasive software. While the United States has begun to utilize sanctions, visa bans, and executive orders to create at least some deterrents, European institutions have been criticized for their bureaucratic lethargy. As Hannah Neumann succinctly notes, there is no shortage of awareness regarding the problem—the committee literally spent months documenting the extent of the rot. The issue is no longer about “what” to do or “how” to fix it; rather, it is a question of political will. The surveillance of Stelios Kouloglou serves as an urgent wake-up call that the longer Europe waits, the more vulnerable it becomes to the very entities it is trying to investigate, proving that democracy cannot function in an environment of total, hidden surveillance.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *