Hungarian president’s closest bodyguards targeted with Pegasus spyware

Heads of the Presidential Protective Detail protecting the President of the Republic of Hungary János Áder and his family have been selected for targeting with Pegasus spyware in 2019, a Direkt36 investigation has found.

One of the targets is Brigadier General Sándor Pomozi, who established and commands the Presidential Protective Detail, and held the rank of colonel at the time of his targeting. His close relationship with the President of the Republic is well illustrated by the fact that he was already on the protection detail of Áder (who was Speaker of the Parliament back then) as early as 1999. The other target is Attila Viplak, one of Pomozi’s former closest subordinates, who was head of the counter assault team of the Presidential Protective Detail (commonly known as commando or special forces unit) at the time. He typically accompanied President Áder on private activities and trips abroad and also protected the president’s family.

These Pegasus targets are the security heads with the deepest access to the president and his family’s detailed calendar, including their private schedules and meetings and trips to foreign countries. Pomozi oversees everything and has all the information about the personal protection of the President of the Republic and his family. Viplak is no longer a member of the protective detail, but his former prominent role is evidenced by the fact that, during his service, he was the bodyguard assigned to move into a secret government bunker with President János Áder in the event of a terrorist or military attack threatening the leadership of the country.

Direkt36 has identified the telephone numbers of both in a leaked database of more than 50,000 numbers containing targets selected for targeting by foreign clients of NSO Group, the Israeli company manufacturing Pegasus. In the summer of 2019, Viplak was targeted by the Israeli spyware through both his personal and work phone numbers. The phone number of Pomozi, who appears to be the main target, was selected for surveillance for a much longer period, at least several months starting in the spring of 2019.

The database was obtained by Forbidden Stories, a Paris-based network of journalists and international human rights organization Amnesty International, and it became the basis of a global investigation of 17 media outlets, including Direkt36 from Hungary. The database containing the telephone numbers of Pegasus targets does not reveal who used the spyware – sold exclusively to governments and state agencies – against Hungarian targets. However, senior Fidesz politician Lajos Kósa recently publicly acknowledged that the Orbán government had acquired and used the Israeli tool. We have previously identified journalists, media company owners critical of the government, opposition politicians, as well as government and national security officials among the targets.

The Orbán government’s official statements usually repeat the same line, that surveillances have always been lawful in Hungary. They do not elaborate why Pegasus was being used against specific individual targets – the government did not respond to our inquiry this time either -, so it is not entirely clear why President Áder’s bodyguards were chosen as targets. However, based on Direkt36’s investigation, it seems likely that this move is connected to an internal conflict between security agencies, which intensified after Hungary’s Counter Terrorism Center (TEK) wanted to obtain detailed information about President Áder’s schedules.

János Áder, who has been President of the Republic since 2012, was originally protected by TEK. By 2015, however, the president’s confidence had been severely eroded in the agency headed by János Hajdu, the former chief bodyguard of Prime Minister Viktor Orbán. The conflict was uncovered by crime reporter Brigitta Csikász: according to her article, the reason for the loss of confidence was specifically that TEK passed on information about President Áder’s private schedule to Orbán. Csikász’s phone was also targeted with Pegasus years later, and a forensic analysis has also found traces of the spyware on her device. However, there is no information that the journalist’s surveillance in 2019 was related to her article on TEK.

Targeting President Áder’s bodyguards with Pegasus is particularly interesting because the loyal security detail of the President, led by Sándor Pomozi, resisted efforts to provide precise information about the president’s schedules and meetings to TEK. The fall-out between Pomozi’s men and TEK happened after a suspicious technical device was found at the President’s residence. Subsequently, President Áder’s bodyguards seceded from TEK in 2015 and established the Presidential Protective Detail, which operates within the Rapid Response and Special Police Service.

Years later, in 2019, the conflict between the Presidential Protective Detail and TEK escalated again, as the Presidential Protective Detail then tried to strengthen its independence with strong institutional guarantees and the transformation into an independent territorial police body. It was during this period that Pomozi and Viplak were targeted with Pegasus.

We asked the Office of the President of the Republic in detail about all the significant claims in this article. They did not deny any of them, only wrote that “our Office does not wish to comment on the assumptions contained in the letter.” According to the President’s Office, they have “neither a task nor a competence” in the personal protection of the President of the Republic and his family – this is the job of the Rapid Response and Special Police Service – and they do not have “data and records related to the circumstances” listed in our media request. We also sent our inquiry to the Counter Terrorism Center, but they did not react.

Pomozi, who is currently still in charge of the Presidential Protective Detail, responded to Direkt36’s request that he is not allowed to comment to the media, but Attila Viplak, who had already quit the police, answered our questions in detail. President Áder’s former bodyguard said that the most concerning thing for him was that those who could surveil him and his superior could also gather information about the President and his family through them.

We have protected not only the safety of the President of the Republic, but also his dignity. This means, for example, that no one has anything to do with what the President and his family does, where they go, who they meet. In addition, if this information falls into unauthorized hands, it could even endanger the safety of the protected person,” Viplak said.

The leaked database does not in itself prove that someone’s device was successfully hacked with Pegasus, but forensic analyses of the devices have previously detected traces of spyware many times. We were unable to check Pomozi’s phone as he did not even wish to comment, and Viplak’s phone could not be analyzed because he had already discarded his phones used in 2019. In theory, Pegasus spyware could access all phone information and can even remotely turn on the device’s microphone and camera.

(To be continued.)

  • Szabolcs Panyi

    Szabolcs graduated from Eötvös Loránd University where he studied Hungarian language and literature. Between 2013 and 2018, he was an editor and political reporter at At Arizona State University, he studied investigative journalism on a Fulbright Fellowship in 2017-2018. In the fall of 2018, he joined Direkt36, where he mainly works on stories related to national security and foreign policy. Meanwhile, he helped launch, a Warsaw-based cross-border investigative journalism initiative for the Visegrád region, where he is currently leading the Central Eastern European investigations. He received the Quality Journalism Award and the Transparency-Soma Award four times each, and he was also shortlisted for the European Press Prize in 2018 and 2021.