Prokuratura Krajowa, Poland
The Prokuratura Krajowa is Poland's state prosecutor. Image: gov.pl

Current and former Polish officials face probe of alleged spyware abuse

Polish prosecutors are now actively building a case against current and former government officials believed to have deployed powerful commercial spyware against opposition party members and their allies in a rapidly unfolding spyware investigation. 

In recent days, prosecutors have asked 31 victims whom they believe were likely targeted by Pegasus spyware to share their stories. Senior government officials have said the investigation could lead to arrests.

A probe into abuse of powers and dereliction of duties began on March 18 and is homing in on how officials used Pegasus from 2017 to 2022, according to Polish news reports citing a spokesperson for the prosecutor’s office.

The prior Polish ruling party, known as Law and Justice (PiS), is said to have targeted opposition leaders and others with the spyware, including amid the country’s election season. The spyware scandal has rocked the country since it first came to light in December 2021.

In September, Poland's Senate released the results of a special commission’s probe into the spyware’s usage, paying particular attention to the hack of an opposition politician in 2019, describing "gross violations of constitutional standards.”

The commission revealed at the time that it had alerted prosecutors to the potential for criminal charges against former and current Polish ministers for using or abetting the use of spyware.

Current Polish President Andrzej Duda is a former PiS member who is thought to remain loyal to the party, but the country has elected the leader of a different and more centrist party, Donald Tusk, as its new prime minister. Duda has served as president since 2015.

Tusk, who became prime minister in December, said in February that he can prove state authorities used the powerful spyware to monitor a “very long” list of individuals.

The prime minister also revealed at the time that he had found documents which “confirm 100%” the prior administration illegally used Pegasus, according to local news reporting at the time.

Spyware has long been a scourge in Europe with prior scandals enveloping Spain, Greece, Hungary and Serbia. Mercenary spyware is also used on a global scale. On Wednesday, Apple sent alerts to users in 92 countries, warning they may have been targeted by foreign commercial surveillance tools like Pegasus, primarily through attempts to compromise iPhones from afar.

John Scott-Railton, a security researcher at the Canada-based Citizen Lab who helped surface the Polish spyware problem, said he is watching the proceedings carefully.

“Poland has gone from being a troubling centerpiece in EU spyware scandals to showing clear signs of a concerted effort towards accountability,” Scott-Railton said via text message, citing the country’s recent decision to join a White House-led coalition of 17 countries working to fight the spread and use of spyware. “The recent developments would have been deeply unthinkable until the election.”

He added that Poland’s quest for accountability has “already gone further than most investigations in the EU.”

Scott-Railton said the fact that opposition party leader Krzysztof Brejza was hit with Pegasus during parliamentary elections in which he played a key role in setting strategy is an “ominous sign of potential election interference.”

The Polish scandal and the aftermath of its investigation will send an important signal across the continent, he said.

“As authoritarianism grows and dangers to EU democracy fueled by Russia increase, ensuring that European democracies are free from the danger of spyware abuse could not be more critical,” he said.

A second expert, white-hat hacker Runa Sandvik, said the 31 victims called to appear as witnesses may represent just a small fraction of the total scale of spyware abuse in Poland. 

“It’s important to remember that this number — 31 — is the number the National Prosecutor’s Office has decided to release,” said Sandvik, who founded Granitt, a startup focused on helping journalists, human rights activists and other vulnerable populations targeted by spyware.

Sandvik said she believes the Polish government also likely used spyware to investigate crime, corruption and terrorism meaning the total number of people hit with Pegasus could be much higher.

“The number on its own does not tell us how many people were targeted, or for what purpose,” Sandvik said via email. “I hope the investigation will help shed some light on this.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Suzanne Smalley

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.