icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
25 Sep, 2023 13:51

EU state used Israeli spyware on Russian journalists – editors

The founder of Latvia-based news site Meduza had her phone hacked before a meeting of Russian journalists in Berlin
EU state used Israeli spyware on Russian journalists – editors

An unnamed EU state used Israeli malware to hack the mobile phone of Galina Timchenko, a Russian media editor based in Latvia, Timchenko told The Guardian on Monday. Authorities in Riga have denied any role in the incident.

Timchenko, who founded the Meduza news site, in 2014, told The Guardian that she received a message from Apple earlier this year informing her that her phone had been hacked prior to a meeting of Russian media workers in Berlin. According to the newspaper, at least four other Russian journalists – three of whom used Latvian SIM cards in their phones – were similarly targeted.

Timchenko said that she initially suspected that the Kremlin was behind the hack, but an investigation by the University of Toronto and Access Now found that the likely culprit was an EU state agency using Pegasus, a spyware program developed by Israel’s NSO Group. 

Russia does not use Pegasus, while agencies in multiple EU states – including Germany, Latvia, and Estonia – do.

Pegasus can be installed on a target’s phone with or without the user clicking a false link. Once installed, Pegasus grants the hacker the ability to read messages, look through photos, track the person’s location, and even switch on the camera and microphone without the knowledge of the phone’s owner. According to a list of NSO clients that leaked in 2021, more than 50,000 politicians, journalists, activists, and business figures were surveilled using the malware.

“It is likely that the hack was operated by some European security service. We don’t know if it was Latvia or some other country, but we have more [presence] in Latvia,” Meduza editor-in-chief Ivan Kolpakov said. 

The Latvian Embassy in Washington, DC said that it is “not aware of any electronic surveillance measures being taken against Ms. Timchenko,” while federal police in Germany, where the hack took place, refused to comment.

Timchenko and Kolpakov told The Guardian that they have reason to suspect Riga’s involvement, pointing to a dispute between the Latvian state and TV Dozhd, another Russian opposition outlet, last year. TV Dozhd was banned in Latvia and Lithuania after it broadcast a map of Russia featuring Crimea as Russian territory, and after one of its presenters referred to the Russian military as “our army.”

At the time, Meduza joined an open letter condemning the decision as “unfair, wrong, and disproportionate to the official violations.”