European Journalists Hacked with Israeli-Made Surveillance Tool

Two European journalists received threat notifications in April directly from Apple, notifying them they were targeted “by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account.”

Today, Citizen Lab, a group based at the Munk School of Global Affairs & Public Policy at the University of Toronto that researches digital espionage, confirmed the attacks. Citizen Lab’s publication of their investigation has caused quite a stir, as it suggests the Italian government was behind the hack, contradicting the results of Italy’s own investigation.

This Limited-Time Microsoft Office Deal Gets You Lifetime Access for Just $39

Sick and tired of subscriptions? Get a lifetime license for Microsoft Office Home and Business 2021 at a great price!

What is Paragon

Paragon Solutions Ltd. was established in 2019 in Israel. Its founders included Ehud Barak, who served as Israel’s Prime Minister from 1999 to 2001, and Enud Schneorson, former head of the Israel Defense Forces (IDF) secretive Unit 8200. Unit 8200 is responsible for cyber warfare, military intelligence, counterintelligence, signal intelligence, surveillance, and code description. It’s the equivalent of the US National Security Agency (NSA) and is the largest single military unit within the IDF.

Paragon’s primary product is a spyware called Graphite, which is designed to covertly extract data from encrypted messaging applications like WhatsApp, Signal, and Apple’s Messages on both Apple and Android devices. It’s what’s known as a zero-click attack. Paragon only sells to government customers.

In 2022, Paragon established Paragon Solutions Inc. in the US. Its leadership includes a host of former government workers like CIA officials and defense contractors.

Last December, AE Industrial Partners, an investment group based in Florida, acquired Paragon for $500 million.

Two Journalists, One Attacker

Citizen Lab analyzed the devices belonging to a prominent European journalist who wishes to stay anonymous and Ciro Pellegrino, a journalist at Fanpage., a popular Italian online publication known for its stories on government officials and organized crime.

According to Citizen Lab, the iPhones of both the anonymous journalist and Mr. Pellegrino were compromised by Paragron’s Graphite spyware by the same attacker. But there’s more.

Another editor at Fanpage.it, Francesco Cancellato, received a notification from WhatsApp in January that his Android device had been targeted by Graphite. Citizen Lab was able to analyze Cancellato’s phone but couldn’t confirm a successful infection. Citizen Lab said, “Given the sporadic nature of Android logs…on a particular device does not mean that the phone wasn’t successfully hacked, simply that relevant logs may not have been captured or may have been overwritten.” However, it certainly seems like Fanpage.it is being targeted by a specific hacker.

Response from Italy’s Government

Earlier this month, Italy’s parliamentary committee that oversees intelligence services, COPASIR (Comitato Parlamentare per la Sicurezza della Repubblica), released the findings of an internal investigation into the use of Paragon spyware. It confirmed Italy used Graphite to target activists Luca Casarini and Dr. Guiseppe Caccia, founders of Mediterranea Saving Humans.

According to Wikipedia, this group carries out rescue operations in the Mediterranean Sea and was launched as a political project to challenge Italy’s anti-migrant policies and aggressive racism in Europe and beyond. However, COPASIR was unable to determine the attacker that used Graphite against Francesco Cancella, Pellegrino’s colleague at Fanpage.it.

Both Casarini and Caccia were recently ordered by a Sicilian judge to stand trial on accusations of aiding illegal immigration along with 4 other members of Mediterranea Saving Humans. The group is a known critic of Italian Prime Minister Giorgia Meloni. This case will mark the first time crew members of a rescue mission have faced prosecution.

Fallout

Paragon and Italy have cut ties over the controversy. However, there are now conflicting reports as to how everything unfolded, as both sides are claiming they were responsible for terminating the relationship. Italy says they ended their relationship with Paragon due to public backlash.

While Italy maintains all surveillance activity was legal, the backlash seems warranted. If this type of software is only available to governments, how can we be sure its use is in accordance with the law?

Here, at first glance, it certainly appears to have been used to target political opponents. Further, we’re also relying on companies like Paragon and others to be selective of their customers. A Meta executive (owner of WhatsApp) said earlier this year that Graphite had targeted many WhatsApp users. Last month, Citizen Lab identified Australia, Canada, Denmark, Israel, Cyprus, and Singapore as probable Paragon users. This is a fascinating topic to follow. We’ll do our best to keep you informed.