Polish senators question cyber experts in hacking inquiry

Polish senators question cyber experts in hacking inquiry

WARSAW, Poland -- A Polish Senate commission opened an investigation into the use of powerful spyware against government critics by hearing testimony Monday from cybersecurity experts, who compared targeting of opposition figures under the right-wing government to methods used by the Kremlin against critics in Russia.

John Scott-Railton and Bill Marczak, senior researchers with the Citizen Lab, a research group based at the University of Toronto, told the seven-member committee they were able to confirm that data was stolen from the phone of a Polish senator, Krzysztof Brejza. That came on top of their findings in late December that Brejza and two others — a Polish lawyer and a prosecutor — were hacked aggressively with Pegasus, spyware produced by Israel's NSO Group.

The revelations have shocked many Poles because Pegasus is a tool meant to be used by governments to fight terrorists and other dangerous criminals. It gives its operators complete access to a mobile device, allowing them to extract passwords, photos, messages, contacts and browsing history and activate the microphone and camera for real-time eavesdropping.

Many view it as a human rights violation to use it against domestic opponents who criticize the government but pose no danger to society.

In Brejza's case, his phone was hacked multiple times in 2019, mostly when he was running the opposition’s parliamentary election campaign. Messages from his phone were doctored and used in a smear campaign against him in the heat of the race, which the ruling right-wing Law and Justice party narrowly won.

After evasions and denials by government officials, Law and Justice leader Jaroslaw Kaczynski acknowledged last week that Poland had acquired Pegasus, describing it as an important tool against criminals, but denying it was used against the opposition.

Polish media have identified the operator as Poland's Central Anti-Corruption Bureau, a special service created to combat corruption in public life that is under the control of the ruling party.

In the wake of revelations about the spying, the families of Brejza and Roman Giertych, the lawyer who was hacked, have faced further pressure. After Brejza filed a civil suit against Kaczynski for suggesting he was hacked due to suspicions of wrongdoing, Brejza's father, a mayor, was summoned as a suspect in an unrelated case for questioning by prosecutors.

False bomb threats were also sent last week to hospitals and police stations from the phones of one of Giertych's daughters and Brejza's wife, who is also his lawyer.

“It's a kind of threat against the family,” Giertych told The Associated Press on Monday, saying it reminds him of old communist methods.

Speaking by video link, the two experts also confirmed to the committee that an operator first started registering the Pegasus infrastructure in November 2017, only weeks after Polish media established that the contract with the Polish government was finalized.

The Law and Justice party has rejected calls by the opposition for an investigation into the hacking in the lower house of parliament, or Sejm.

In reaction, the Senate, where the opposition has a small majority, approved forming a committee to investigate evidence that the three government critics were hacked with the spyware. Sen. Marcin Bosacki, the committee's chairman, said the step was needed “due to the deepest concern for our democracy and the future of the Polish state.”

Bosacki said one of the probe's aims will be to determine whether the hacking of Brejza’s phone altered the outcome of the 2019 election, arguing that a state in which secret services have an influence on the election process ceases to be a democracy.

Still, only the Sejm can launch an inquiry with full investigative powers, including calling witnesses. The Senate can invite witnesses but not require them to appear. Law and Justice senators voted against establishing the senate committee and refused to accept seats on it.

Bosacki concluded Monday's two-hour questioning of the two witnesses by saying it was a good beginning in their attempt to clarify the “aggressive” use of Pegasus technology against a senator and two others.

But a third witness who was scheduled to testify — a Polish professor and cybersecurity expert — canceled two hours before the hearing, Bosacki said, “due to talks with his superiors, who strongly advised him not to do so.”

———

Monika Scislowska contributed to this report from Warsaw.

Source Link