Espionage Against the European Parliament

Even the lawmakers probing spyware got spied on — and commenters are furious

TLDR: A former EU lawmaker investigating spyware was allegedly hacked by Pegasus at key moments, raising fears that private committee information was exposed. Commenters are split between outrage, gallows humor, and a messy debate over whether this was an attack on Europe itself or just Greece’s spyware scandal getting even uglier.

This story has commenters doing the internet equivalent of throwing popcorn at the screen. A former European Parliament lawmaker, Stelios Kouloglou, was reportedly hacked multiple times with Pegasus, the notorious phone spyware, while serving on the very committee investigating spyware abuse. Yes, really: the man looking into the spying scandal may have been spied on during the spying scandal. Community reaction? A mix of rage, dark laughter, and a whole lot of “of course this happened.”

The biggest fight in the comments is over who this was really an attack on. Some readers say calling it “espionage against the European Parliament” is too neat, arguing this looks more like part of Greece’s long-running spyware mess spilling into Brussels. Others zoomed out even further, saying the real scandal is that Europe has let this kind of surveillance become so normal that even a lawmaker isn’t safe anymore. One especially cynical take asked how much money is floating around for people willing to “sell out” citizens’ data.

Then came the practical horror: commenters were stunned that personal medical information and government work may have lived on the same phone. That sparked a mini pile-on of “wait, they don’t separate work and private devices?” which is the kind of question that sounds boring until you realize it could affect confidential state business. The mood across the thread is basically: this would be absurd if it weren’t so believable. And that’s exactly why everyone can’t stop talking about it. For more context, the report points to findings by Citizen Lab.

Key Points

  • Citizen Lab said Stelios Kouloglou’s iPhone was infected with NSO Group’s Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
  • The infections occurred while Kouloglou was serving on the European Parliament’s PEGA Committee, which was investigating Pegasus and equivalent spyware abuses.
  • The article says investigators are not attributing the infections to a specific government and found no indications that the Greek government was responsible.
  • Citizen Lab linked the October 2022 compromise to the PWNYOURHOME zero-click exploit involving HomeKit and MessagesBlastDoorService.
  • Kouloglou also received Apple threat notifications about mercenary spyware targeting on March 2, 2023, August 29, 2023, and April 10, 2024.

Hottest takes

"It’s quite laughable that a member of the EU parliament would be subject to the same kind of spying activities" — 0x_rs
"I wouldn’t call that an attack against the European parliament" — elorant
"Does EU parliament not have a policy of separating work and personal devices?" — bawolff
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.