Poland’s state audit body says was target of mass spyware attack

Poland’s state audit body says was target of mass spyware attack
Headquarters of Pegasus maker NSO: NIK said that as many as 544 mobile devices of its officials ranging from rank and file employees to directors were targeted.
By Wojciech Kosc in Warsaw February 7, 2022

The Supreme Chamber of Control (NIK), Poland’s state audit body, was targeted by spyware after announcing probes into the cancelled mail-in vote presidential election in 2020 and the Ministry of Justice’s use of funds earmarked for helping victims of crime, NIK said on February 4.

The right-wing coalition government of Law and Justice (PiS) and United Poland is under fire for allegedly using Pegasus to wiretap its political rivals and even some people from within the ruling camp. The coalition is fighting tooth and nail not to allow a parliamentary investigative commission – with subpoena power – to probe the scandal. 

NIK did not say directly that Pegasus was the spyware used but Polish media, which first reported on the attack, said that was the case.

The government’s use of Pegasus first came into the spotlight in December in reports by the Toronto-based cyber security watchdog Citizen Lab.

Amidst targets were Roman Giertych, a lawyer working for the former Polish Prime Minister and European Council President, Donald Tusk. Other targets included Senator Krzysztof Brejza at a time when he headed the election campaign of Civic Coalition, Poland’s biggest opposition party.

NIK said that as many as 544 mobile devices of its officials ranging from rank and file employees to directors were targeted. 

“We have information about incidents, the number of which runs into thousands,” NIK’s spokesperson Lukasz Pawelski told a press conference. He later said that there were more than 7,000 attempts at installing spyware on NIK’s employees’ devices, not all of them successful. 

The attacks peaked after NIK announced that it would probe the highly controversial mail-in vote presidential election, which the PiS government pushed for in 2020, saying that traditional voting in polling stations would worsen the pandemic situation, Pawelski said.

In a motion to the prosecution office, which NIK filed the following year, the audit office alleged that the country’s top figures, including Prime Minister Mateusz Morawiecki, committed criminal offences by attempting to hold the vote, dubbed “the postal election”.

Eventually – and also in a highly dubious decision from the legal standpoint – the government simply cancelled the election, rescheduling it to June 28, with the run-off vote on July 10. 

The other peak of Pegasus attacks came after NIK said that it would look into how the Ministry of Justice spent money from a fund set up to help victims of crime. 

The money was channelled to Poland’s anti-graft police CBA, which used it to buy Pegasus, NIK said in January. That was illegal, as, by law, CBA can only be financed from the central budget.

Since the scandal broke out, the Polish government has gone from denying any knowledge of Pegasus to admitting that Poland had bought it but claiming it was not used for political purposes.

The Polish government is just the latest authoritarian or semi-authoritarian regime in Central Europe and Eurasia to stand accused of using Pegasus spyware against opposition figures.

Viktor Orban's hybrid regime in Hungary has admitted buying the spyware but not said who it was used against. The Kazakhstan dictatorship, and that of Azerbaijan, have remained silent in the face of accusations that they have used it against opposition figures.