Jump to content

CatalanGate

From Wikipedia, the free encyclopedia
(Redirected from Catalangate)

CatalanGate is a 2022 political scandal involving accusations of espionage using the NSO Group's Pegasus spyware, against figures of the Catalan independence movement. Targets of the supposed espionage included elected officials (including the four presidents of the Generalitat of Catalonia since 2010, two presidents of the Parliament of Catalonia, and MEPs), activists, lawyers, and computer scientists; in some cases, families of the main targets were also purportedly targeted.[1]

The scandal was unleashed by the publication of an article[2] in the New Yorker magazine, quoting studies by the University of Toronto's Citizen Lab, in which they examined the use of Pegasus spyware by different countries (Pegasus is only sold to governments who, according to Israel's own government, follow rule of law), and alleged to have found evidence of its deployment and use by Spain's National Intelligence Centre (CNI), to track phones owned by several Catalan politicians and other officials, and their entourage, including at times family members.[3]

The Citizen Lab report was published on April 18, 2022. The report identified up to 65 alleged victims, consummated or attempted. The number of targets exceeded previous cases of espionage studied by Citizen Lab, far surpassing those of Al Jazeera (36 victims) and El Salvador (35 victims).[4][5] Citizen Lab did not definitively attribute the responsibility for the attacks to a particular perpetrator, however, it went on to state that circumstantial evidence strongly suggests the perpetrator to be the Spanish Government.[6] The term CatalanGate was used as title of the Citizen Lab report.[6] Despite the scandal's dissemination as CatalanGate, it also allegedly affected two prominent Basque pro-independence figures.[1]

Background

[edit]

Citizen Lab is a Canadian interdisciplinary laboratory, based at the Munk School of Global Affairs at the University of Toronto, which focuses on research, development, strategic policy and high-level legal engagement at the confluence of information and communication technologies, human rights and global security.[7][8]

In April 2019, Citizen Lab worked on a case involving Pegasus infections that exploited a WhatsApp security bug that enabled infiltration of at least 1,400 terminals. Among the people alerted to the problem was the President of the Catalan Parliament, Roger Torrent.[9][10] Among the politicians affected by the breach were Ernest Maragall, Anna Gabriel, and Basque leaders like Arnaldo Otegi and Jon Iñarritu.[11][12]

MEP Jordi Solé started an investigation in June 2020, when he suspected that he was a victim of cell phone spying and contacted the security researcher Elies Campo, a former WhatsApp employee and collaborator of Citizen Lab.[13][14][15]

Most of the Catalan officials affected by the surveillance belong to the Catalonia pro-independence parties.[16]

Scandal

[edit]

Collaboration between potential victims and Citizen Lab helped identify at least 65 people supposedly attacked or infected with the spyware, 63 of them with Pegasus and 4 with Candiru (two victims were targeted using both). The actual figure could be higher as Citizen Lab's tools are developed for use with iOS systems and, in Spain, Android devices predominate (80% of the total in 2021). A selection of the cases was also analyzed by Amnesty International's Tech Lab, and the results independently validated the forensic methodology used. Virtually all incidents correspond to the period between 2017 and 2020 (although Jordi Sànchez suffered an attempted infection via SMS in 2015).[6]

In its report, Citizen Lab states that "while we do not attribute the operation to a specific government entity at this time, the circumstantial evidence shows a strong link to the Spanish government, especially given the nature of the individuals targeted, the timing of the attacks, and the fact that Spain is listed as a client of NSO Group".[6]

Once the scandal reached Spanish parliament, government officials produced documentation to certify that 29 people were indeed subject to government surveillance, fully approved by the Supreme Court of Justice and according to legal procedure.[17] The surveilled people included past and serving elected officials and regional authorities belonging to parties involved in the 2017 Catalan Independence referendum.

Methods of infiltration

[edit]

In some cases (and as is often the case), the attack was carried out by an intermediary: infecting, or attempting to infect, the terminal of family members or people close to the target to be spied on.[6]

Pegasus

A peculiarity of this case for Citizen Lab was the discovery of a new iOS zero-click vulnerability, which they called HOMAGE, that had not previously been seen used by NSO Group, and which was effective against some versions prior to 13.2.[citation needed]

Candiru

Citizen Lab identified four victims of espionage involving Candiru. Candiru spyware was used to infiltrate the targets' personal computers. The targets were sent emails containing malicious links and enticed to click on them, with their personal computers becoming infected with Candiru spyware once they clicked on the link. A total of seven such emails were identified. Some of the emails appeared to be messages from a Spanish governmental institution with public health recommendations in connection to the 2019 coronavirus epidemic.[18]

List of victims

[edit]

With the exception of four people who requested anonymity, this is the list of victims of the CatalanGate espionage case:[19]

Reactions

[edit]

Press coverage

[edit]

On the same day that saw the publication of CitizenLab's technical report, The New Yorker published an extensive report entitled "How democracies spy on their citizens" (of which the Catalan case occupied a seventh part) as their cover story.[20]

Catalan government response

[edit]

On April 19 (one day after the initial publication of the revelations), Carles Puigdemont and Oriol Junqueras appeared in the European Parliament to denounce the spying perpetrated upon the pro-independence leaders, an intervention that was joined by the Popular Unity Candidacy, the Catalan National Assembly, and Òmnium Cultural. John-Scott Railton, from Citizen Lab, also took part, detailing "circumstantial evidence": that agencies linked to the structure of the Spanish State would have used Pegasus and Candiru to infiltrate the cell phones of the victims for political purposes.[21] The previous March, the European Parliament had approved the creation of a committee of inquiry called Committee to investigate the use of Pegasus surveillance spyware on the alleged use of Pegasus surveillance spyware against journalists, politicians, security agents, diplomats, lawyers, businessmen, civil society actors and other citizens in, among other countries, Hungary and Poland, and whether such use had infringed European Union law and fundamental rights. The first meeting of the committee was held the same day that Puigdemont and Junqueras denounced the spying.[22][23]

Criticism

[edit]

Spanish general media argued that study completely overlooked the publicly-known fact that many of those politicians had been involved in (and in some instances found guilty of) several crimes and misdemeanors, from embezzlement to sedition, and were in fact under judicially-approved government surveillance, under Spanish law.[24][25][26] Regarding the naming of the scandal, the domain catalangate.cat was registered by Òmnium Cultural on 28 January 2022 - months before the scandal came to light. The name itself was coined by targeted politician Ernest Maragall.

On the other hand, despite the fact that third partied checked methodologies, some alleged deficiencies in the research methodology where denounced, including the fact that one of the main researcher was a Catalan developer affected by the surveillance.[27][28] The right wing teachers collective like "Foro de Profesores" collective denounced that the whole scandal was essentially a publicity stunt.[29][30][31] to discredit the Spanish government's investigations into past and continuing criminal activity by the surveilled people, and to cover earlier surveillance by the regional secessionist government of opposition politicians.[32]

See also

[edit]

References

[edit]
  1. ^ a b "Hauek dira Pegasus eta Candiru programekin ustez espiatu dituzten independentistak". EITB (in Basque). 19 April 2022. Retrieved 23 April 2022.
  2. ^ "How Democracies Spy on Their Citizens". The New Yorker. 14 April 2022. Retrieved 21 April 2022.
  3. ^ "Puig admite que el CNI catalán espió a petición de los Mossos". El Diario Vasco (in European Spanish). 24 January 2014. Retrieved 23 October 2022.
  4. ^ "Al Jazeera journalists 'hacked via NSO Group spyware'". BBC News. 21 December 2020. Retrieved 21 April 2022.
  5. ^ Pérez, José de Córdoba and Santiago (13 January 2022). "Pegasus Spyware Deployed Against El Salvador Journalists and Activists". Wall Street Journal. ISSN 0099-9660. Retrieved 21 April 2022.
  6. ^ a b c d e Scott-Railton, John; Campo, Elies; Marczak, Bill; Razzak, Bahr Abdul; Anstis, Siena; Böcü, Gözde; Solimano, Salvatore; Deibert, Ron (18 April 2022). "CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru". The Citizen Lab. Retrieved 21 April 2022.
  7. ^ "About the Citizen Lab". The Citizen Lab. Retrieved 21 April 2022.
  8. ^ "Espanya va espiar l'independentisme amb Pegasus, segons 'The New Yorker'". ElNacional.cat (in Catalan). 18 April 2022. Retrieved 21 April 2022.
  9. ^ Gil, Joaquín (14 July 2020). "El mòbil del president del Parlament va ser objectiu d'un programa espia que només poden comprar Governs". EL PAÍS (in Catalan). Retrieved 21 April 2022.
  10. ^ "Phone of top Catalan politician 'targeted by government-grade spyware'". the Guardian. 13 July 2020. Retrieved 21 April 2022.
  11. ^ "Otegi: "Aquí algunos salieron de rositas de 40 años de dictadura y ese Estado profundo sigue funcionando al margen"". www.publico.es. 20 April 2022. Retrieved 23 April 2022.
  12. ^ Lete, Irati Urdalleta (20 April 2022). "Pegasus: zelatari isila norbere poltsikoan". Berria (in Basque). Retrieved 23 April 2022.
  13. ^ "Pegasus ha espiat quatre presidents de la Generalitat i més de seixanta polítics i activistes independentistes". VilaWeb (in Catalan). Retrieved 21 April 2022.
  14. ^ "El factótum catalán, rico y proindepe tras la denuncia del espionaje con Pegasus". El Mundo (in Spanish). 25 April 2022. Retrieved 26 April 2022.
  15. ^ "El independentismo oculta que el autor del informe sobre Pegasus tiene vínculos con la Generalitat". The Objective (in Spanish). 24 April 2022. Retrieved 26 April 2022.
  16. ^ "Spain's top court rules Catalonia's independence referendum illegal". ABC News. 17 October 2017. Retrieved 23 October 2022.
  17. ^ "El CNI admite haber espiado a Aragonès y el entorno de Puigdemont con autorización". ElNacional.cat (in Spanish). 5 May 2022. Retrieved 23 October 2022.
  18. ^ Scott-Railton, John; Campo, Elies; Marczak, Bill; Razzak, Bahr Abdul; Anstis, Siena; Böcü, Gözde; Solimano, Salvatore; Deibert, Ron (18 April 2022). "CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru". The Citizen Lab. Retrieved 26 April 2022.
  19. ^ "La llista de totes les persones espiades en el CatalanGate". dBalears (in Catalan). 18 April 2022. Retrieved 21 April 2022.
  20. ^ "How Democracies Spy on Their Citizens". The New Yorker. 14 April 2022. Retrieved 21 April 2022.
  21. ^ NacióDigital (19 April 2022). "Els investigadors de l'espionatge a l'independentisme estableixen un "nexe sòlid" amb l'Estat | NacióDigital". www.naciodigital.cat (in Catalan). Retrieved 21 April 2022.
  22. ^ "European Parliament Multimedia Platform". multimedia.europarl.europa.eu. Retrieved 21 April 2022.
  23. ^ NacióDigital. "Es constitueix la comissió del Parlament Europeu que investiga Pegasus en ple "Catalangate" | NacióDigital". www.naciodigital.cat (in Catalan). Retrieved 21 April 2022.
  24. ^ "Sobre espías, corporaciones, omisiones y desidia". ELMUNDO (in Spanish). 1 June 2022. Retrieved 23 October 2022.
  25. ^ "Òmnium preparó hace meses una campaña contra el 'Catalan Gate'". El Español (in Spanish). 21 April 2022. Retrieved 26 April 2022.
  26. ^ "El independentismo oculta que el autor del informe sobre Pegasus tiene vínculos con la Generalitat". The Objective | Noticias exclusivas y opiniones libres en abierto (in Spanish). 24 April 2022. Retrieved 19 May 2022.
  27. ^ Olivas, José Javier (May 2022). "Methodological and ethical issues in Citizen Lab's spyware investigation in Catalonia". ResearchGate. Retrieved 23 October 2022.
  28. ^ Olivas, Jose Javier (6 June 2022). "Los descuidados peritos del "Catalangate": el valor del informe de Citizen Lab". HayDerecho (in European Spanish). Retrieved 23 October 2022.
  29. ^ de Profesores, Foro (5 July 2022). "Letter to University of Toronto by Foro de Profesores 5 July 2022" (PDF). Foro de Profesores. Retrieved 23 October 2022.
  30. ^ "'CatalanGate': escándalo útil, investigación teledirigida". ELMUNDO (in Spanish). 28 April 2022. Retrieved 23 October 2022.
  31. ^ "Òmnium preparó hace meses una campaña contra el 'Catalan Gate'". Crónica Global (in Spanish). 21 April 2022. Retrieved 23 October 2022.
  32. ^ "La Guardia Civil sitúa a empresarios e informáticos en el 'CNI catalán' que se reunió con CDR para aupar la república". Europa Press. 22 October 2022. Retrieved 23 October 2022.