A substitute member of the European Parliament’s PEGA Committee, Stelios Kouloglou, was found to have been infected with Pegasus spyware twice, according to a report released Friday by the University of Toronto’s Citizen Lab. This marks the first public identification of a committee member falling victim to the surveillance technology that the committee was established to investigate.
The revelation of Pegasus spyware on Kouloglou’s phone, a Greek journalist and former Member of the European Parliament, occurred years after the committee’s extensive investigation into the abuses of spyware across the European Union. The PEGA Committee was formed following journalistic exposés concerning government use of NSO Group’s Pegasus technology.
Pegasus Spyware Infects PEGA Committee Member
Citizen Lab reported that Kouloglou’s phone was infected with Pegasus spyware on two separate occasions: once around October 2022 and again in March 2023. The researchers stated they concluded this finding with “high confidence.”
Kouloglou expressed surprise at the discovery, noting that he had conducted security checks on his phone prior to joining the PEGA Committee in 2022. He stated, “I didn’t think anyone would be bold enough to try to infect my phone once I became a member.” The potential for a significant scandal, given Greece’s own use of Predator spyware, was a deterrent he had considered.
### Timing of Infections
The first infection occurred as the PEGA Committee was preparing for significant hearings and drafting its initial report. During this period, Kouloglou was in the hospital and received a visit from another Greek journalist who had previously testified before the committee and had also been a victim of spyware. The ability of spyware to record audio from an infected device raises concerns about compromised health data protections.
The second instance of infection coincided with the committee’s final drafting stages and further hearings. Citizen Lab noted that these were “crucial moments” for the committee’s work.
### Citizen Lab’s Involvement
The Citizen Lab investigation into Kouloglou’s phone began in May of this year. Kouloglou recounted that a lawyer informed him about the possibility of sending his phone data to the research organization. At the time, Kouloglou was engaged in investigative reporting and writing a regular column for a publication.
“I said, ‘Why not? Let’s do it,’” Kouloglou told CyberScoop. He had engaged in investigative reporting and writing a “scandal of the week” column at the time.
Implications for Democratic Processes
Hannah Neumann, a member of the PEGA Committee and a Member of the European Parliament from Germany, described the infections as frustrating, especially given the committee’s efforts to enhance its IT security. “Many of us were expecting some hacks during the committee, but it’s still frustrating now to figure out that it really happened,” she said.
The motive behind the targeting appears clear to both Kouloglou and Neumann. Ron Deibert, founder and director of Citizen Lab, highlighted the irony of the situation. “Someone, somewhere likely wanted to breach parliamentary privilege and find out what was going on in that committee,” Deibert said. He characterized the mercenary spyware industry as “poisonous to democratic processes” due to its unregulated and often abused nature.
Kouloglou plans to pursue legal action against NSO Group, the maker of Pegasus spyware. While winning lawsuits against such companies can be challenging for victims, success is not unheard of. NSO Group did not respond to a request for comment.
Neumann emphasized the need for members of national and European parliaments to regularly check their devices for spyware. “Apparently they don’t respect European democracy and parliamentarism,” she stated.
### Call for Action
Both Neumann and Kouloglou stressed the urgency of enacting the recommendations previously made by the PEGA Committee. “I don’t know how much more it needs for member states and the commission to wake up and actually start implementing the very good recommendations of our PEGA committee,” Neumann urged. She believes further committees are unnecessary and that action is the immediate requirement.
John Scott-Railton, a senior researcher at Citizen Lab, warned that Kouloglou is unlikely to be the last parliamentarian targeted. He noted that other members have been targeted both before and since the PEGA Committee’s work. “Providing highly secretive government agencies with surveillance tools supplied by unaccountable and often unethical mercenary firms is a recipe for the abuse of power,” Scott-Railton told CyberScoop.
The immediate next step is for European Union member states and the Commission to respond to Neumann’s call for action regarding the PEGA Committee’s recommendations. The continued possibility of parliamentarians being unaware their devices are compromised remains a significant concern.

