Polish Gov't Finally Admits It Deployed NSO Malware, Pretends Targeting Of Opposition Leaders Isn't Abusive

from the don't-be-shitty,-Poland dept

Poland — like far too many countries — has a Pegasus problem. The highly intrusive (and highly effective) phone malware sold by Israel’s NSO Group for the ostensible purpose of tracking down terrorists and other deadly criminals has been observed (yet again) being deployed to track government critics and political opponents.

When Apple announced its lawsuit against NSO Group for targeting iPhone users, it also announced plans to notify users who had been targeted by NSO spyware. The first beneficiary of this notification program was a Polish prosecutor who was apparently targeted for trying to investigate election irregularities.

That initial notification opened the floodgates. The Polish government had access to the spyware and was deploying it for reasons entirely unrelated for the reasons it stated when purchasing it.

Several members of political opposition groups in Poland have produced evidence that they were hacked by Pegasus spyware, raising alarming questions about the Polish government’s use of the software.


The compromises were discovered by Citizen Lab, a spyware research group based at the University of Toronto, which has done extensive work on Pegasus.


In the Polish case, Citizen Lab also found evidence of spyware compromises targeting a lawyer representing Polish opposition groups and a prosecutor involved in a case against the ruling Law and Justice party. In both cases, traces of Pegasus spyware were found on the targets’ devices.

“Tip of the iceberg,” as AFP reported (via MSN News):

Evidence of the hacking, which has become a major scandal in Poland, was reported by the Canada-based cyber-security watchdog Citizen Lab.

“We think this is just the tip of the iceberg and there’ll be more discoveries to come,” John Scott-Railton, a senior researcher with the group, told AFP.

“It’s shocking and it looks very bad,” he said. “Pegasus is a tool of dictators. Its use in these cases point to an authoritarian slide” in Poland.

Throughout this stream of revelations, the Polish government remained silent, apparently hoping the steady stream of news involving misuse by NSO customers would wash away interest in its misdeeds. Waiting it out didn’t work. When the plan to ignore it failed, the government started lying.

When asked by the AP in December if Poland had purchased Pegasus, state security spokesman Stanislaw Zaryn would neither confirm nor deny it. However, many Kaczynski allies publicly cast doubt on suggestions of government Pegasus use.

Polish Prime Minister Mateusz Morawiecki called the Citizen Lab-AP findings “fake news” and suggested a foreign intelligence service could have done the spying — an idea dismissed by critics who said no other government would have any interest in the three Polish targets.

Deputy Defense Minister Wojciech Skurkiewicz in late December said “the Pegasus system is not in the possession of the Polish services. It is not used to track or surveil anyone in our country.”

All lies. And all exposed by non-government entities like Citizen Lab and Amnesty International — both of which have uncovered plenty of device infections by NSO malware. Faced with undeniable evidence, the Polish government has finally admitted its possession of these hacking tools.

Poland’s most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents.

Jaroslaw Kaczynski, the leader of Poland’s ruling conservative party, Law and Justice, said in an interview that the secret services in many countries are using the Pegasus software to combat crime and corruption.

But this admission is accompanied by even more lies. Evidence shows the Polish government targeted opposition figures and investigators looking into a highly irregular, and completely botched election. The evidence is overwhelming but the ruling party is still trying to pretend this is all above-board.

“There is nothing here, no fact, except the hysteria of the opposition. There is no Pegasus case, no surveillance,” Kaczynski said. “No Pegasus, no services, no secretly obtained information played any role in the 2019 election campaign. They lost because they lost. They shouldn’t look for such excuses today.

Maybe in this particular case the spying did not directly affect election results. But the software is not being used to target terrorists and criminals. It’s being used to track opposition officials and investigators who are definitely the sort of people the malware was purchased to target. This is abuse and the government is taking a decidedly totalitarian tack by refusing to admit it engaged in, at the very least, highly questionable use of these hacking tools.

Filed Under: , , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Polish Gov't Finally Admits It Deployed NSO Malware, Pretends Targeting Of Opposition Leaders Isn't Abusive”

Subscribe: RSS Leave a comment
This comment has been deemed insightful by the community.
That One Guy (profile) says:

'Fake news! We never did X! Even if we did that's fine!'

Polish Government: Pegasus? Never heard of it.
Evidence: The polish government bought Pegasus, software explicitly designed to spy on people.
Polish Government: Okay maybe we’ve heard of it, but any investigations were purely anti-terrorism and/or anti-corruption related.
Evidence: It was used against political opponents and those looking into questionable elections.
Polish Government: Fake news! Nothing happened and anyone who says otherwise is lying, something we have demonstrably not done during this debacle so you can trust us over those filthy liars!

mousward says:

Re: Corrupt Criminals in power.

tsk, tsk — the Constitutional Republic of Poland is obviously a unique case.
Corrupt government is virtually impossible in democracies, where the citizens exercise total control over all persons with any government power.

Can you even imagine anyone in the American government ever spying on citizens, political critics, or political opponents?
It’s unthinkable.

James Burkhardt (profile) says:

"No Pegasus, no services, no secretly obtained information played any role in the 2019 election campaign. They lost because they lost. They shouldn’t look for such excuses today.”

I think this might be a serious unforced error that is exposing much more than they wanted to. At first I was thinking:

Nice job moving the goalposts Poland. Like this is masterful spin. The issue is not that surveilance was used to affect the election – as this quote claims. The issue is that after the election, while the opposition was doing investigations into election irregularities, the government was shown to have engaged in an ongoing use of malware to perform "oversight" of the investigation. at least that appears to be the obvious motive.

But I keep rereading this and I don’t recall there ever being a claim the spyware predated the election investigation. But according to this quote, they had that spyware on the prosecutor’s phone during the election, and simply didn’t use the information gleaned from the illicit surveillance.

Its been a pattern in government scandals in the modern age, with PM Johnson, Guilliani, Trump, and the Cuomos all going through this cycle.Minor scandal breaks, deny. More info comes out, deny. uncontestable proof comes out, simultaneously deny it happened and claim is was all legal. Finally, confess to the wrongdoing, still denying it was wrong, and accidentally admit the scandal was much bigger. Its a very weird spin to use, one that just asks a bunch of questions that weren’t in the public eye and only brings more eyes to the problem.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...