A Polish opposition politician’s mobile phone was hacked with military-grade spyware while he was running an election campaign against the ruling party, according to a cyber security monitoring group.
Krzysztof Brejza’s phone was broken into 33 times between April and October 2019 ahead of national parliamentary elections, using Pegasus software produced by Israel’s NSO Group, according to the University of Toronto’s Citizen Lab.
Messages stolen from Brejza’s phone were subsequently doctored and then broadcast on state-controlled television before the October parliamentary election, which was won by the ruling Law and Justice party (PiS), according to the Associated Press, which first reported the allegations.
The news has sparked outrage from Poland’s opposition. Tomasz Grodzki, speaker of Poland’s Senate, and like Brejza a member of the largest opposition grouping, Civic Platform, said the revelations were “scandalous and unacceptable”.
“I will be demanding urgent explanations from the prime minister and leadership of the security services,” he wrote on Twitter. “I will not leave Senator Brejza alone in a clash with these authoritarian and base authorities.”
John Scott-Railton, one of Citizen Lab’s researchers, wrote on Twitter that the case would be a “test of whether the European Union/European Commission is capable of addressing what appears to be a profound violation of fair elections and basic democratic norms in Poland”.
Brejza said in an interview with Polsat News that the alleged hacking could have had an impact on the election result. “I am not saying that PiS would not have won the election,” he said. “But certainly, the eavesdropping on [his phone] took that half or one per cent away from Civic Coalition, and influenced the fact that PiS now has a [lower house] majority.”
The revelations come amid broader concerns about the rule of law in Poland, where PiS has subjugated judges to political control and reduced the public media to a claque since coming to power in 2015.
This week, the Associated Press reported that Roman Giertych, a lawyer who has represented various opposition figures, and Ewa Wrzosek, a prosecutor who has been critical of PiS’s judicial reforms, had also been hacked using Pegasus. Mateusz Morawiecki, Poland’s prime minister, said on Wednesday that it was necessary to check whether those claims were “in any way consistent with reality”, adding that it was easy to create “fake news”.
Stanislaw Zaryn, spokesperson for the minister co-ordinating Poland’s security services, said on Friday that “suggestions that Polish security services use operational methods for political ends are false”.
He added that the security services did not comment on individual cases, but said “operational control” was used in “justified” cases and after obtaining a court order.
A spokesperson for NSO Group said that it provided its software only to intelligence and law enforcement agencies following a vetting and licensing process carried out by Israel’s defence ministry, adding that NSO did not operate the technology and was not privy to the data collected.
“The company does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorised uses. It is technologically impossible to alter or manipulate the collected data by anyone,” the spokesperson said, declining to comment on whether Poland’s security services were a client of NSO.