ONE OF Scotland’s most prominent solicitors has told The Herald he believes the Spanish government used Pegasus, the controversial Israeli spyware, to hack into his phone.
Aamer Anwar’s claim comes after the Citizen Lab, a group based at the University of Toronto specialising in high-tech human-rights abuses, revealed that at least 65 individuals associated with Catalonian independence, were infected with the mercenary software.
According to the researchers Clara Ponsati was one of those targeted.
While the Citizen Lab is not “conclusively attributing the operations to a specific entity” they believe “extensive circumstantial evidence points to the Spanish government.”
At the time, Ms Ponsati was exiled in Scotland.
The academic, who briefly served as Catalonia’s education minister, fled to Belgium, with Carles Puigdemont, and three other cabinet members when Madrid sacked the Catalan government and imposed direct rule on the region after the 2017 declaration of independence.
She moved to Fife in March 2018, returning to the job she’d previously held at St Andrew’s University when the Spanish supreme court withdrew an international arrest warrant in her name.
However, no sooner had Ms Ponsati returned to Scotland, when the court changed tack, re-issuing the warrant.
Mr Anwar was part of the academic’s legal team, fighting the attempt to have her extradited back to Spain.
He told The Herald that he and other members working on the case suspected at the time that they were being hacked.
“We were very aware of the fact that calls would die mid-sentence, email would go adrift, messages would arrive 24 hours later, rather than immediately,” he said.
“At the peak, it became so frustrating that you couldn't actually have a conversation.”
The solicitor said the team were forced to use special encrypted software.
Mr Anwar said at one point he was so worried about Spain listening in that he had to use his 12-year-old’s mobile to speak to someone about Ms Ponsati’s case.
Joanna Cherry, the MP and QC, said, if the claims were true, it would be a “disgraceful breach of the principle of legal privilege and unworthy of a democracy bound by the rule of law.”
Citizen Lab says their forensic analysis indicates that Pol Cruz, who worked for Ms Ponsati after she was elected to the European parliament, had his computer infected with Pegasus on or around July 7, 2020.
The spyware is made by the Israel-based NSO Group, which is believed to have made “multiple” infections within Downing Street and the Foreign Office in 2020 and 2021.
A Pegasus operator linked to the United Arab Emirates is suspected of being behind the Whitehall infection.
In the early days of its existence, a user had to allow Pegasus to be installed, which meant whoever was operating the programme would have to trick the phone owner into clicking a link.
However, since 2019, the firm has developed what’s known as a zero-click exploit, where a user doesn’t have to inadvertently give permission to the software.
Once the software’s on the phone, it can gain access to everything stored including photos and videos, recordings, messages, location records, passwords, call logs, and search history.
It also has the capability to activate cameras and microphones for real-time surveillance without the permission or knowledge of the user.
Mr Anwar said his phone has been changed a few times in recent years because the problems seemed to persist.
He said: “I remember one occasion when I had bought my daughter an iPad I turned it on and restored it from my profile and when it restored after about two minutes it went crazy, made werid noises. It was then taken to Apple and they said they had had never seen anything like that before.”
“It's a direct attack on a democratically elected politician. You talk about Russia and China doing this, but this is a European nation carrying out wholesale attacks,“ he added.
Citizen Lab says that every Catalan MEP that supported independence was targeted either directly with Pegasus, or, like Ms Ponsati, via suspected relational targeting.
Mr Puigdemont’s lawyer Gonzalo Boye, was targeted at least 18 times with infection attempts between January and May 2020.
NSO insist they only sell the software to governments for the purposes of tracking criminals and terrorists, and that each sale is regulated by the Israeli government.
However, last November, the US Commerce Department blacklisted the company, saying its tools had been used to “conduct transnational repression”.
Joanna Cherry QC, the SNP MP for Edinburgh South West and deputy Chair of the Joint Committee on Human Rights said: “The allegations of spying on elected MEPs and their staff by EU member state Spain are shocking and the president of the European Parliament should conduct an urgent inquiry.
“If Amar Anwar was spied upon while conducting the defence of Clara Ponsati that would be a disgraceful breach of the principle of legal privilege and unworthy of a democracy bound by the rule of law.”
Amnesty International’s Likhita Banerji said: “We urge the European Parliament Committee of Inquiry to leave no stone unturned when documenting the human rights violations enabled by unlawful spyware, including by investigating these new revelations.
“Governments around the globe have not done enough to investigate or stop human rights violations caused by invasive spyware like Pegasus. The use, sale and transfer of this surveillance technology must be temporarily halted to prevent further abuses of human rights.”
A spokesperson for NSO Group said previously: "NSO continues to be targeted by a number of politically motivated advocacy organizations, like Citizens Labs and Amnesty, to produce inaccurate and unsubstantiated reports based on vague and incomplete information.
"We have repeatedly co-operated with governmental investigations, where credible allegations merit."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel