The President of the European Parliament Roberta Metsola, as well as UN officials, and US lawmakers, are among those revealed by an Amnesty International investigation to have been targeted by Predator spyware.
According to an investigation carried out with the European Investigative Collaborations (EIC), at least 50 accounts belonging to 27 individuals and 23 institutions were targeted – but not necessarily infected by the Predator spyware – between February and June, via the social networks X (formerly Twitter) and Facebook.
Developed and marketed by the Israeli surveillance company Intellexa, "Predator belongs to the family of highly intrusive spyware. This means that the software has full access, without the user’s knowledge, to the microphone and camera of the infected device, as well as to all the data it contains (contacts, messages, photos, videos, etc.)," explains the human rights NGO.
The targets include the President of the European Parliament Roberta Metsola, Taiwanese President Tsai Ing-Wen, Americans Michael McCaul (MP) and John Hoeven (Senator), Germany’s Ambassador to the United States Emily Haber, and French MEP Pierre Karleskind. Several officials, academics and institutions were also targeted, according to Amnesty.
According to the NGO’s investigation, "many of the links identified as malicious and aimed at infecting targets with Predator" came from an X account named “@Joseph_Gordon16”. Amnesty considers that he "was likely to have been acting on behalf of the Vietnamese authorities or interest groups in the country."
"We have observed dozens of cases where ‘@Joseph_Gordon16’ has placed a malicious link to Predator in public social media posts. In some cases, the link appeared to be to an innocuous news site, such as The South China Morning Post, to trick the reader into clicking on it," explained Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, in a statement.
Credit: Amnesty International
"Our analysis showed that clicking on this link could lead to the user’s device being infected with Predator. We don’t know if any devices were actually infected, and we can’t say with absolute certainty that the perpetrator was within the Vietnamese government, but the interests of the government and the account coincided very strongly."
How does one get infected?
According to Amnesty’s investigation, spyware can also infect a device without the target clicking on a link. "Nearby devices, for example, can be infected in this way via so-called tactical attacks," says the NGO. "For the time being, this highly intrusive spyware cannot be monitored independently and its functionality cannot be restricted, making it extremely difficult to investigate breaches linked to its use."
Intellexa alliance products were found in at least 25 countries in Europe, Asia, the Middle East and Africa, including Switzerland, Austria, Germany, Congo, Jordan, Kenya, Oman, Pakistan, Qatar, Singapore, United Arab Emirates and Vietnam, according to the investigation. "These products have been used to undermine human rights, press freedom and social movements around the world," Amnesty said.
In addition, a “recent technical infrastructure linked to… Predator spyware” was analysed and it emerged that “related activities, in one form or another, have been carried out in Angola, Egypt, Mongolia, Kazakhstan, Indonesia, Madagascar, Sudan and Vietnam, among others”, the NGO points out.
'Regulated in the EU'
"Intellexa claims to be ‘a regulated company based in the EU’, which in itself is damning evidence that EU Member States and institutions have failed to prevent the unbridled deployment of these surveillance products, despite investigations such as the one into the Pegasus project in 2021," Amnesty International Secretary General Agnès Callamard blasted in the statement. "This failure is so obvious that, as this new investigation shows, even EU officials and institutions have been caught in the net."
Related News
- Surveillance of journalists only as 'a last resort,' MEPs say
- Spyware in Europe: EU urged to protect journalists from intrusive surveillance
- ‘Monitor, intimidate and discredit’: EU democracies not equipped to deal with spyware
The Intellexa alliance brings together companies based in several countries, including Cyprus, the Czech Republic, France, Germany, Greece, Hungary, Ireland, Israel, Northern Macedonia, Switzerland and the United Arab Emirates. Amnesty International is calling on these states to "immediately revoke all marketing and export authorisations granted to the Intellexa alliance, and (to) conduct an independent, impartial and transparent investigation to determine the extent of illegal targeting."
"In the wake of this latest scandal, governments have no choice but to introduce an immediate worldwide ban on highly intrusive spyware if they are to react effectively," concluded Callamard.
