AP Exclusive: NSO spyware hacked Polish opposition duo

WARSAW, Poland (AP) — The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.

In both instances, the invader was military-grade spyware from NSO Group, the Israeli hack-for-hire outfit that the U.S. government recently blacklisted, say digital sleuths of the University of Toronto-based Citizen Lab internet watchdog.

Citizen Lab could not say who ordered the hacks and NSO does not identify its clients, beyond saying it works only with legitimate government agencies. But both victims believe Poland’s increasingly illiberal government is responsible.

A Polish state security spokesman, Stanislaw Zaryn, would neither confirm nor deny whether the government ordered the hacks or is an NSO customer.

Lawyer Roman Giertych and prosecutor Ewa Wrzosek join a list of government critics worldwide whose phones have been hacked using the company’s Pegasus product. The spyware turns a phone into an eavesdropping device and lets its operators remotely siphon off everything from messages to contacts. Confirmed victims have included Mexican and Saudi journalists, British attorneys, Palestinian human rights activists, heads of state and Uganda-based U.S. diplomats.

But word of the Poland hacking is especially notable, coming as rights groups are demanding an EU-wide ban on the spyware. The 27-nation European Union has tightened export restrictions on spyware, but critics complain that abuse of it by EU member states urgently needs to be addressed.

Citizen Lab previously detected multiple infections in Poland dating from November 2017, though...