“When you realise your private life is scrutinised by very bad people, you become angry,” Stelios Kouloglou said. The Greek former MEP and journalist was speaking after researchers revealed that his mobile device was repeatedly infected with Pegasus spyware – while he was serving on the European parliament’s committee investigating the very same hacking software.
According to a new report from the Citizen Lab at the University of Toronto, Kouloglou’s phone was compromised at least twice: on 21 October 2022 and again between 6 and 7 March 2023. Both dates fell during critical phases of the work of the special parliamentary committee known as Pega, which was established in March 2022 after the Guardian and a consortium of media outlets published the Pegasus Project.
“Citizen Lab finds former MEP Stelios Kouloglou was hacked with Pegasus while investigating spyware abuses.”
That investigation exposed how governments around the world were using Pegasus – made by the Israel-based NSO Group – to target journalists, activists and politicians. Pega’s mission was to examine whether the spyware was being used in contravention of EU law.
Kouloglou, a journalist first elected as a Syriza MEP, joined the committee in March 2022. The first infection occurred about seven months later, in what Citizen Lab called a “particularly intense period of activity”, as lawmakers prepared research missions to Greece, Cyprus and Spain. The second infection came as the committee finalised its report.
The hacking would likely have given the attacker access to Kouloglou’s private emails, text messages and other communications relating to the committee’s deliberations, potentially exposing confidential parliamentary work. “Without a doubt the hacking had to do absolutely with my status as member of the PEGA Committee,” Kouloglou said.
Researchers could not attribute the attacks to any specific government, but found they bore hallmarks of a previous Pegasus campaign against exiled Russian and Belarusian journalists in Europe. “Whichever entity is responsible for the hacking, the infection could have exposed strictly confidential exchanges among PEGA Committee members and their staff, and other sensitive and confidential parliamentary proceedings, including to parties under investigation by the Committee itself,” the report’s authors wrote.
NSO Group did not respond to a request for comment. The findings mark the first publicly documented case of an active member of the Pega committee being targeted with Pegasus, raising fresh questions about whether the inquiry’s work was compromised.