Researchers confirm two journalists were hacked with Paragon spyware

Recent investigations have unveiled that two journalists in Europe were victims of hacking through government spyware developed by Israeli firm Paragon. A report released by the digital rights organization, The Citizen Lab, details the forensic analysis conducted on the iPhones of Ciro Pellegrino, an Italian journalist, and another unnamed prominent journalist from Europe. The findings indicate that both individuals were compromised by a shared customer of Paragon, marking a significant development in the ongoing spyware controversy, primarily associated with the Italian government. Until now, Pellegrino, who contributes to the online news platform Fanpage, had no prior indication that he was being specifically targeted by Paragon spyware. An alert from Apple in late April referred to a mercenary spyware incident but did not specify any connection to Paragon. These revelations come on the heels of an earlier notification from WhatsApp to approximately 90 users across various countries, including journalists who were also potential targets of Paragon’s spyware, known as Graphite. Notably, Pellegrino's colleague, Francesco Cancellato, was among those identified as targets. While a report from Italy’s parliamentary committee, COPASIR, stated there was no evidence of surveillance against Cancellato, it failed to mention Pellegrino, prompting skepticism about the findings. John Scott-Railton, a senior researcher at The Citizen Lab, expressed concerns about COPASIR’s conclusions, emphasizing the political implications surrounding the hacking of journalists in Italy. Pellegrino himself voiced his distress, feeling that his civil liberties have been violated. He questioned the lack of support from Prime Minister Meloni, a fellow journalist, regarding the rights of those in the media sector. As the investigation unfolds, it appears that both Pellegrino and the unnamed journalist may be part of a targeted group linked to Paragon’s spyware usage. Pellegrino clarified that he was not involved in any controversial investigations that might have prompted such surveillance, suggesting that the motives behind the hack could relate to information gathering about Fanpage. Citizen Lab's analysis confirmed that the unnamed journalist was targeted through a sophisticated zero-click attack via iMessage, with evidence indicating that the spyware was communicating with Paragon’s infrastructure. This type of attack can infiltrate devices without any user interaction, making it particularly dangerous. The report notes that Apple had previously mitigated the vulnerabilities exploited by this spyware in its software updates. The timeline of the hacks, alongside the actions of the Italian intelligence agencies, raises questions about the extent and nature of government involvement in such surveillance activities. The investigation continues, with Citizen Lab analyzing additional cases, highlighting the urgent need for clarity in this growing scandal involving journalists and their right to privacy.