Call for Hungarian ministers to resign in wake of Pegasus revelations

Shaun Walker in Budapest

28 July 2021 at 3:56 am·9-min read

Hungary’s opposition has called for ministerial resignations from Viktor Orbán’s far-right government over allegations it selected journalists, media owners and opposition political figures as potential targets for invasive Pegasus spyware.

The allegations, published last week by the Guardian and other members of the Pegasus project consortium, were backed up in a number of cases with forensic analysis of mobile devices carried out by Amnesty International, which showed phones had been infected with Pegasus, sold by the Israeli company NSO Group.

The Pegasus project is a collaborative journalistic investigation into the NSO Group and its clients. The company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International had access to a leak of more than 50,000 phone numbers selected as targets by clients of NSO since 2016. Access to the data was then shared with the Guardian and 16 other news organisations, including the Washington Post, Le Monde, Die Zeit and Süddeutsche Zeitung. More than 80 journalists have worked collaboratively over several months on the investigation, which was coordinated by Forbidden Stories.

“At the very least, the minister of justice has to resign,” said Gergely Karácsony, the mayor of Budapest and the most likely challenger to Orbán for the prime minister’s post at elections next spring, in an interview at Budapest’s city hall on Tuesday.

On Monday evening, a protest against the government over the Pegasus affair drew about 1,000 people. “This scandal shows we cannot talk about the rule of law anymore in Hungary,” said Anna Donáth, a Hungarian MEP with the opposition party Momentum, told the Associated Press news agency at the rally. “Our demand is the resignation of the government.”

Hungarian law provides that in cases where national security is at stake, the intelligence services can order surveillance with no judicial oversight, only the signature of the minister of justice.

The justice minister, Judit Várga, has declined to comment on whether the Hungarian government uses Pegasus, but said “every country needs such tools”. She has not addressed what the national security justification could be for surveilling journalists, businesspeople or politicians.

In an interview earlier this month with Le Monde, a Pegasus project partner, Várga first said it was “a provocation” when asked if she would authorise the surveillance of a journalist. Later, her office asked for the question and the answer to be removed from the interview.

Last week, the Budapest prosecutor’s office opened an investigation into unauthorised secret information gathering. Few expect this to produce real results, though, with the government accused by opposition figures of ignoring the allegations.

What is in the data leak?

The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group, which sells surveillance software. The data also contains the time and date that numbers were selected, or entered on to a system. Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the list and shared access with 16 media organisations including the Guardian. More than 80 journalists have worked together over several months as part of the Pegasus project. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.

What does the leak indicate?

The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals some targets were selected by NSO clients even though they could not be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds.

What did forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the handsets had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backup copies” of four iPhones with Citizen Lab, a research group at the University of Toronto that specialises in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods, and found them to be sound.

Which NSO clients were selecting numbers?

While the data is organised into clusters, indicative of individual NSO clients, it does not say which NSO client was responsible for selecting any given number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the pattern of targeting by individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citizen Lab has also found evidence of all 10 being clients of NSO.

What does NSO Group say?

You can read NSO Group’s full statement here. The company has always said it does not have access to the data of its customers’ targets. Through its lawyers, NSO said the consortium had made “incorrect assumptions” about which clients use the company’s technology. It said the 50,000 number was “exaggerated” and that the list could not be a list of numbers “targeted by governments using Pegasus”. The lawyers said NSO had reason to believe the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. They said it was a list of numbers that anyone could search on an open source system. After further questions, the lawyers said the consortium was basing its findings “on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers' targets of Pegasus or any other NSO products ... we still do not see any correlation of these lists to anything related to use of NSO Group technologies”. Following publication, they explained that they considered a "target" to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, and reiterated that the list of 50,000 phones was too large for it to represent "targets" of Pegasus. They said that the fact that a number appeared on the list was in no way indicative of whether it had been selected for surveillance using Pegasus.

What is HLR lookup data?

The term HLR, or home location register, refers to a database that is essential to operating mobile phone networks. Such registers keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts. Telecoms and surveillance experts say HLR data can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone. The consortium understands NSO clients have the capability through an interface on the Pegasus system to conduct HLR lookup inquiries. It is unclear whether Pegasus operators are required to conduct HRL lookup inquiries via its interface to use its software; an NSO source stressed its clients may have different reasons – unrelated to Pegasus – for conducting HLR lookups via an NSO system.

Opposition MPs had demanded an emergency meeting of parliament’s national security committee on Monday, but the four MPs from Orbán’s Fidesz party did not show up, meaning there was no quorum.

“The government’s plan is not to discuss the issue,” said Péter Ungár, an opposition MP who sits on the committee. “I don’t know what you would call this, but it’s certainly not oversight.” He also said Várga should resign if she could not offer an adequate explanation about whether and why the surveillance had taken place.

At least five Hungarian journalists appeared on a leaked list reviewed by the Pegasus papers consortium, of numbers selected by NSO clients ahead of possible surveillance, including two from the investigative outlet Direkt 36, a Pegasus project partner. Also on the list was the number of the opposition politician György Gemesi, the mayor of the town of Gödöllő and head of a nationwide association of mayors.

“He’s been the mayor of a small town for 30 years, and for me it’s completely unthinkable that there would be any legitimate criminal or national security interest in surveilling him,” said Karácsony, who knows Gemesi well.

Karácsony, whose number is not on the leaked list, said the revelations about government surveillance were not that surprising. In 2019, during his campaign for mayor against the Fidesz-backed incumbent, audio was leaked of Karácsony discussing infighting among the opposition. He said that now, if he has sensitive discussions, he does so without phones or laptops in the room.

The liberal Budapest mayor is the favourite to win a primary vote, to be held among a broad group of opposition parties who want to field a united candidate to take on Orbán in elections next spring. Orbán, who is looking to win a fourth consecutive term, has clashed with the EU over rule of law, corruption and a recent anti-LGBTQ+ law.

Last week, Orbán announced the government would hold a referendum on “child protection”, involving a set of leading questions about sex education and sex changes, in what is being seen as an attempt to sow division and rally the conservative base of Fidesz around a “culture war” on LGBT issues.

Karácsony attended Saturday’s Budapest Pride march, in which tens of thousands of people marched through the capital, and the rainbow flag is flying for Pride month outside Budapest’s city hall.

“This is a very desperate attempt to divert attention from their weaknesses,” said Karácsony of the recent campaign, adding that the best option would be to boycott the “ridiculous” referendum.

Wales Online
Drivers 'mind blown' after realising their car handle has 'secret' function
Many people have been left impressed after finding out about the 'little known' function they never knew existed
6 hours ago
Sky News
Warwick Davis's wife Samantha dies aged 53
Samantha Davis, the wife of Star Wars and Harry Potter actor Warwick Davis and herself an actress, has died aged 53. Samantha co-founded the dwarfism charity Little People UK and featured in the final Harry Potter film, alongside Warwick. Warwick announced the news in a statement to the BBC, revealing she had died on 24 March.
19 hours ago
OK! Magazine
Prince William's heartbreaking 2-word promise to Kate Middleton as she continues recovery
The Prince of Wales has made his first public appearance since his wife, the Princess of Wales, announced she was battling cancer last month, and made a sweet promise to a Royal fan
6 hours ago
Manchester Evening News
This Morning's Ben Shephard responds as Jon Bon Jovi 'walks off show' after awkward moment
The rock legend appeared live on the show with Ben and Cat Deeley to celebrate and reflect on his 40-year career with his band
a day ago
Chronicle Live
Barclays issues warning to anyone with £14,000 in their bank account
The bank has issued a warning to its customers, with the 21 to 40 age group making up nearly half of all reported cases
a day ago
The Telegraph
Ukraine’s frontline is collapsing – and Britain may soon be at war
While Western eyes are fixed on Tehran and Tel Aviv, Ukraine’s frontlines are showing clear signs of crumbling. There is a very real possibility they could crumble this summer if we do not throw the kitchen sink at Russia. Even if we do, it may already be too late for the weapons and munitions long promised by the West to save the day.
10 hours ago
Daily Record
Woman refused to move bag off train seat for 'demanding' man - and people think she's right
Leaving bags on train seats is usually a no-no, but people have praised one woman for her actions.
a day ago
Daily Record
Prince Harry and Meghan Markle 'in difficult position' over King Charles' Balmoral invite
King Charles is said to have extended an olive branch to his youngest son and his wife by 'hinting' they should visit Balmoral this summer - but it could put the couple in a 'difficult position'.
11 hours ago
Hello!
Victoria Beckham's rarely-seen sister shares incredible photo alongside Spice Girl - and they could be twins
Victoria Beckham marked her 50th birthday on Wednesday and her rarely-seen sister shared a fabulous photo of her Spice Girl sister. See photo.
16 hours ago
Devon Live
Helen Skelton fans issue complaint minutes into her TV return
Springtime On The Farm returned to Channel 5 with Helen Skelton and Jules Hudson but fans had the same complaint for the show and the former Blue Peter presenter
10 hours ago
Hello!
BBC Breakfast star Carol Kirkwood absent from show following health update
BBC Breakfast star Carol Kirkwood has been missing from the show this week. The weather presenter's absence comes after she shared an update on her health last week…
12 hours ago
Birmingham Live
Prince Harry stuns fans with reaction to Meghan Markle kissing polo teammate
Meghan Markle was on hand to congratulate her husband Prince Harry and his Royal Salute Sentebale team after they won the Royal Salute Polo Cup in Wellington, Florida
a day ago
Teesside Live
Aldi issues urgent food recall over item with 'active police investigation'
The supermarket is urging customers to return the product for a full refund
2 days ago
Manchester Evening News
BBC Strictly Come Dancing's Giovanni Pernice supported by fans as he confirms break
The dancer confirmed the news to fans ahead of the BBC One dance contest returning later this year
14 hours ago
Chronicle Live
Vera ITV viewers lose it as star killed off in 'unbelievable' scenes in hit drama
There was a treat for Vera fans earlier this week when ITV aired the first ever episode of the much loved drama
a day ago
The Telegraph
Europe is revolting against the tyranny of electric cars
The rest of Europe, Remainers like to tell us, is forging ahead into a glorious green future while Brexit Britain is stalling, the government backsliding one by one on its net zero commitments.
7 hours ago
Daily Record
ITV This Morning guest stunned as she learns real value of £10 charity shop bargain
This Morning guest Catherine was left stunned as she learnt the real value of her £10 charity shop bargain during the latest episode of the ITV chat show.
8 hours ago
Daily Record
Meghan Markle fears Archie and Lilibet will grow up resenting her for being 'deprived' of one thing
Meghan Markle is said to be missing "some aspects" of life in the UK and is worried that her children may grow up to "blame her" if they are "deprived" of the chance to be working royals in the UK.
a day ago
Hello!
The antiquated rule Lady Louise Windsor has to follow with her brother James, Earl of Wessex
The Duke and Duchess of Edinburgh's daughter Lady Louise Windsor has to follow a very antiquated rule with regards to her younger brother James, Earl of Wessex
11 hours ago
The Independent
Woman arrested for wheeling corpse into bank to co-sign a loan
The woman appeared to be propping up the dead man’s head in a video of the incident
a day ago

Latest stories