The cell phone numbers of the Spanish prime minister and defense minister have reportedly been hacked by a client of an Israeli spyware company, believed to be the kingdom of Morocco.
More than 200 mobile phone numbers in Spain, including those of Prime Minister Pedro Sánchez and the Defense Minister Margarita Robles, were singled out as potential targets of surveillance by the client of the Israeli-based NSO Group, according to the data leak at the heart of the Pegasus project, the UK-based Guardian daily reported Tuesday.
Details of the scale of the apparent targeting came as Spain’s highest criminal court opened a probe into how the mobile phones of Sanchez and Robles were infected with Pegasus spyware last year.
The Spanish government has so far declined to speculate on who may have been behind what it described as “illicit” and “external” attacks, the existence of which it unveiled during a hastily arranged press conference on Monday.
At a weekly press conference in Madrid on Tuesday, the Spanish government’s spokesperson refused to comment on whether Morocco may have been behind the Pegasus attack, and on what effect such action could have on diplomatic relations.
“It’s a bit hypothetical to talk about what the consequences could be – if we’re able to find out where the attack came from,” said Isabel Rodríguez. “But what we’re clear about is that this attack was external and illicit. Those are the certainties we can use to make decisions on at the moment.”
The government has ruled out any internal spying efforts, adding the targeting must have come from abroad as any such monitoring in Spain would have required judicial authorization.
The Pegasus Project is an international investigative journalism initiative that revealed state-sponsored espionage on journalists, opposition politicians, activists, business people and others with the private Pegasus spyware developed by the Israeli technology and the Israeli regime’s cyber-arms company NSO Group. Pegasus is purportedly marketed for surveillance of "serious crimes and terrorism," but in 2020, a target list of 50,000 phone numbers leaked out and analyzed by international media and rights groups revealed that the list contained the numbers of leading opposition politicians, human rights activists, journalists, lawyers, and other political dissidents.
The targeting of the Spanish prime minister, according to the daily, was allegedly carried out in May and June of last year – a particularly turbulent time in Spanish politics – when the Sánchez administration was preparing its controversial pardons of nine Catalan independence leaders jailed over their parts in the failed secession attempt in 2017 and was also engaged in a tense diplomatic row with Morocco.
The mobile number selections believed to have been made by Morocco occurred in 2019, according to time stamps in the data leak.
The row between Spain and Morocco developed after the Madrid government allowed Brahim Ghali, a Western Sahara independence leader, to be treated for COVID-19 in Spain.
Over the following days, as more than 8,000 people crossed from Morocco to Spain’s north African enclave of Ceuta, Rabat’s ambassador in Madrid appeared to draw a line between Ghali’s treatment and the influx of refugees, warning that some actions had consequences that “need to be assumed.”
According to the report, a Spanish mobile number belonging to a prominent human rights activist from Western Sahara, Aminatou Haidar, was included in the leaked database and found to have been targeted by Pegasus dating back to 2018.
A Spanish mobile number for the journalist Ignacio Cembrero – whose work is focused on the Maghreb – was also listed on the Pegasus Project database, the report further said.
Morocco previously denied spying on any foreign leaders using Pegasus, and has said the reporters investigating the NSO were “incapable of proving [the country had] any relationship” with NSO.
But an analysis of the leaked records showed Morocco appeared to have listed dozens of French officials as candidates for possible surveillance, including President Emmanuel Macron.
The attacks also came to light as the Spanish government continued to face questions over how Pegasus was used to monitor dozens of members of the Catalan independence movement, including the president of the northeastern Spanish region, Pere Aragonès, and three of his predecessors.
The pro-independence Catalan regional government has pointed the finger at Spain’s National Intelligence Center (CNI), which insists its operations are overseen by the Supreme Court and that it acts “in full accordance with the legal system, and with absolute respect for the applicable laws.”
A judge at Spain’s Audiencia Nacional announced on Tuesday the start of an inquiry into “a possible offence of the discovery and revelation of secrets” relating to the use of Pegasus to infect Sanchez’s and Robles’ devices.
Recent media reports suggest the phone of a third politician – the then-Spanish Foreign MArancha González Laya – was also targeted with some kind of spyware in May last year.