The European Parliament’s PEGA Inquiry Committee delegation on Pegasus and illicit spyware are suspicious of the surveillance link between Israel and Cyprus.
MEPs raised a series of questions, including why Cyprus is an attractive destination for companies that sell software and monitoring services from Israel and what the Cypriot Parliament does to investigate complaints.
Pegasus, a tool developed by Israeli surveillance firm NSO Group has been described as “mercenary spyware” used to break into the phones and computers of human rights activists, lawyers, journalists, and faith groups.
Although the NSO group claims it only sells Pegasus to government agencies to target criminals and terrorists.
The EU is investigating if phones used by senior European officials had been hacked using software made in Israel.
It is estimated that over 50,000 telephone numbers, mainly journalists, activists, and politicians, are being monitored through the software.
In Greece, similar Predator spyware was used to monitor opposition party leaders and journalists.
The PEGA delegation was in Cyprus on a fact-finding mission earlier this week before departing for Greece.
Chair of the PEGA Committee, Jeroen Lenaers, said there are many questions related to the spyware van.
Pegasus is linked to Cyprus’ infamous Israeli spy van case reported in 2019.
In August, AKEL MEP George Georgiou called on the European Parliament to put Cyprus under the microscope and called for an on-site investigation concerning the eavesdropping scandal raging in Greece.
The company which created the surveillance software in Greece was founded by the former Israeli spy Tal Dilian, the main suspect in the Cyprus black van case.
Headed by the former Israeli intelligence agent, WiSpear, a company specialised in providing end-to-end WiFi interception and security solutions, was reportedly the owner of the black van.
Last year, the data protection watchdog imposed an administrative fine of €925,000 on WiSpear for GDPR violations.
The Commissioner for the Protection of Personal Data said WiSpear’s van collected multiple devices’ Media Access Control (MAC) addresses and International Mobile Subscriber Identity (IMSI).
Charges against Dilian and two other defendants were dropped.
Strict rules
MEP and rapporteur of the issue Sophia In’t Veld said Cyprus plays a very important role in the investigation of the subject.
She asked MPs to send her any documentation regarding the subject as soon as possible since the first draft of her report is due next week.
“We explained how there are very strict rules on exports and the use of spyware.
“Cyprus is a very attractive place for companies, not just for spyware, but the whole business of “hacking for hire”.
“They are coming to Cyprus.
“There are six companies that have been established by board members or former employees of NSO, and they have their administration here.
“And I wonder: if you are coming from Israel, why do you go to Cyprus to have your administration here? It makes no sense”, In’t Veld said after meeting Cypriot MPs Wednesday.
She said more clarifications are needed regarding the van and its equipment and whether it was returned to its owners.
Also, she noted that there’d not been any official wiretapping on journalists or other people.
“What if it’s something that’s been ordered by a third body?
“Because the spyware and the other technology are here, they are available.”
On Israel, she said that when they travelled there, they saw a strict licensing system, but marketing in export licensing systems is also a matter of political currency in international relations.
“This morning, we learnt that Cyprus is looking at the Israeli model of licensing; I am not convinced that it’s the best model to copy.”
Cypriot MP and Chair of the Legal Affairs Committee Nicos Tornaritis said the production and distribution of software that may be used for illegal surveillance would be discussed.
