The cellphones of Spain’s prime minister and defence minister were infected last year with Pegasus spyware, which is available only to countries’ government agencies, authorities announced Monday.
Prime Minister Pedro Sanchez’s mobile phone was breached twice in May 2021, and Defence Minister Margarita Robles’ device was targeted once the following month, Presidency Minister Felix Bolanos said Monday in a hastily convened news conference in Madrid.
The breaches, which resulted in a significant amount of data being obtained, were not authorized by a Spanish judge, which is a legal requirement for national covert operations, Bolanos said.
“We have no doubt that this is an illicit, unauthorized intervention,” Bolanos said. “It comes from outside state organisms and it didn’t have judicial authorization.”
No speculation on responsibility for breach
The Socialist-led government was during those months under intense scrutiny over its handling of a major foreign policy spat with Morocco and gripped by a tense domestic dispute over the release of jailed separatists from Spain’s restive Catalonia region.
Bolanos refused to speculate who might have been behind the Pegasus breach, nor what might have prompted it. The National Court opened an investigation into the breach, and a parliamentary committee on intelligence affairs was set to look into it.
In May 2021, more than 8,000 migrants forced their way into Spain’s North African enclave of Ceuta from Morocco by scaling a border fence or swimming around it. Spain deployed troops and armoured vehicles there to stop more migrants from getting into its territory.
That crisis came as Rabat and Madrid were at odds over Spain agreeing to provide COVID-19 care to a prominent Sahrawi leader fighting for the independence of Western Sahara, a territory once under Spanish control that Morocco annexed in the 1970s.
Moroccan authorities denied they encouraged mass migration into Ceuta, which came as Spain struggled to cope with tens of thousands of migrants arriving from Africa.
Before Monday’s announcement, the government was already under pressure to explain why the cellphones of dozens of people connected to the separatist movement in the northeastern Catalonia region were infected with Pegasus between 2017 and 2020.
The Catalan dispute, with separatists wanting to break away from Spain and activists staging occasionally violent street protests, has dogged Spanish governments for decades.
The spyware revelations — by Citizen Lab, a cybersecurity group of experts affiliated with the University of Toronto — involve at least 65 people, including elected officials, lawyers and activists linked to Catalonia.
They were targeted with the software of two Israeli companies, Candiru and NSO Group, the developer of Pegasus. The spyware silently infiltrates phones or other devices to harvest data and potentially spy on their owners.
The regional Catalan government has accused Spain’s National Intelligence Centre, or CNI, of spying on separatists, and declared that relations with national authorities were “on hold” until full explanations are offered and those responsible are punished.
The conservative Popular Party, or PP, was in office in 2017, when Catalan separatists declared independence following an unauthorized referendum, although no further action was taken to execute the declaration. PP remained in power until mid-2018, when they were ousted by Sanchez in a parliamentary vote.
Catalan party demands resignation
ERC, the main political party in Catalonia and a crucial ally of the government, has called for the resignation of Robles, the defence minister. But the spying scandal has left them exposed to the pressure of more radical separatists, who are calling on ending the support for Sanchez’s left-to-centre coalition in the national parliament.
The central government has attempted to temper their concerns with pledges of full transparency, announcements of plans for an internal probe by the country’s intelligence agency, and a separate investigation by Spain’s ombudsman.
A special parliamentary commission on state secrets has also been established and the head of CNI is expected to be questioned by lawmakers later this week, although discussions around state security issues are not meant to be publicized.