Associated Incidents
Sophisticated hacking software from an Israeli company with a U.S. affiliate and federal contracts has been used to spy on Italian activists who rescue migrants at sea, a nonprofit that examined their phones said Wednesday.
Toronto-based Citizen Lab said the spyware was developed by Paragon Solutions. The company has held itself out as being ethical and more selective in choosing government clients than peer companies such as NSO Group, one of several punished by the United States for selling to autocratic regimes that used its products against civil groups and opposition politicians.
"Paragon sold the illusion of 'ethical' and 'democratic' spyware --- but this scandal proves once again that such a thing does not exist," Hannah Neumann, a member of the European Parliament's committee investigating NSO and other spyware makers, told The Washington Post. The Biden administration took actions against spyware makers, including banning some from U.S. government deals. It is not clear how the Trump administration will approach the issue.
Paragon Solutions US, based in Virginia, has listed a former CIA assistant director as executive chairman. He did not respond to requests for comment. Paragon has won contracts in recent years with the Department of Homeland Security's Immigration and Customs Enforcement agency and the Drug Enforcement Administration, according to previous media reports. The Israeli company's founders included Ehud Barak, a former prime minister of that country.
Among those targeted by Paragon's Graphite spyware were co-founders Luca Casarini and Giuseppe Caccia of Mediterranea Saving Humans, which rescues migrants from the Mediterranean Sea, Citizen Lab said. Casarini has criticized Italian policies on migrants.
They were among 90 people notified in January by Meta's WhatsApp messaging service that they had been subject to hacking attempts by government-grade mercenary spyware. Those notifications prompted some of the Italian victims to lend their devices to Citizen Lab for analysis, which said it turned up the first known forensic traces of Graphite on the phones of the two rescuers.
The editor in chief of Italian news site Fanpage also received a warning from WhatsApp pointing to Paragon, but his phone no longer contained evidence of the infection, Citizen Lab researcher John Scott-Railton said.
"It's a wound to democracy because this spyware was found on a newspaper editor in chief's cellphone," said Federico Fornaro, a national lawmaker from the opposition Democratic Party. "[Were they after] the sources of their investigative stories? We won't stop until we figure that out."
The Italian government has given conflicting responses since word of the spying began coming out a month ago. On Feb. 14, it said it suspended its contracts with Paragon pending an investigation.
Casarini, who is widely seen as a friend of Pope Francis, told The Post he was not surprised that he was being spied on but was stunned to find out from Meta. "I thought, 'It must be big this time, if [Meta CEO Mark] Zuckerberg decided to warn me,'" Casarini said.
Earlier, another friend of the pope, Father Mattia Ferrari, who is the chaplain of Mediterranea Saving Humans, was notified by Meta that he had been targeted, but a different spyware tool might have been used in that case.
WhatsApp said it agreed with the analysis and said Citizen Lab had helped it find victims and close the vulnerability that the spyware had been using to install itself, which involved inviting victims to a group chat and then posting an altered PDF document. The victims did not have to click on the document for the technique to work.
Unlike NSO's Pegasus and other top-of-the-line phone spyware, Graphite has been able to avoid detection in part because it infects specific applications, in this case WhatsApp, and stays within it to relay conversations to the spies. Pegasus and its ilk take control of the entire device, which gives them more access and capability but also leaves more for investigators to find. Citizen Lab asked developers of targeted apps to look through crash reports for evidence of similar infections.
Stefano Pitrelli in Rome contributed to this report.