WARSAW, Poland (AP) — Poland’s new prime minister said Tuesday he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.
Donald Tusk made the announcement during a news briefing alongside President Andrzej Duda, a political opponent aligned with the previous ruling party. The use of Pegasus was alleged to have occurred under the government led by the right-wing Law and Justice party.
Pegasus gives operators complete access to a mobile device, allowing them to extract passwords, photos, messages, contacts and browsing histories, and to activate the microphone and camera for real-time eavesdropping.
Tusk said he was sharing information with Duda that showed wide use of the spyware in Poland.
“This is only a sample of the documents that are at your disposal, Mr. President,” he said at the start of a meeting of the Cabinet Council, a consultation format between the president and the government. Duda called the meeting to discuss other matters.
The prime minister said he asked the justice minister and prosecutor general to provide Duda with documents which “confirm 100% the purchase and use of Pegasus in a legal and illegal manner.”
The president has not publicly responded.
Tusk took power in December following an October election which he won as the head of a broad centrist alliance. It marked the end of eight years of rule by Law and Justice, a populist party that the European Union accused of eroding democratic norms.
The new parliament has set up a special commission to investigate who used Pegasus and against whom during Law and Justice’s years in government.
“The list of victims of these practices is unfortunately very long,” Tusk said. That list has not been publicly released.
Several Polish opponents of the previous government were targeted with Pegasus, a spyware program made by Israel’s NSO Group, according to findings by the University of Toronto’s nonprofit Citizen Lab that were exclusively reported by The Associated Press.
“This vindicates the victims and the technical and forensic methods we used to confirm infections,” said John Scott-Railton, a senior researcher with Citizen Lab who discovered the first cases of Pegasus use in Poland.
“Commercial spyware like Pegasus is dangerous to democracy and carries a baked-in abuse potential,” Scott-Railton said in a statement to the AP.
The NSO Group has said that it only sells its spyware to legitimate government law enforcement and intelligence agencies vetted by Israel’s Defense Ministry for use against terrorists and criminals. But evidence has emerged of human rights activists and politicians being targeted by governments worldwide.
Some of those who were hacked received notifications on their iPhones from phone maker Apple, then turned to Citizen Lab for confirmation.
Scott-Railton said Tusk’s confirmation “affirms the key role Apple’s threat notifications play in driving accountability for commercial spyware abuses. In Poland, these notifications were the first sign for researchers and reporters that a spyware scandal was lurking.”