Newly emerged information suggests that Zoltán Páva, a media company owner linked to Hungary’s opposition, may have been surveilled with the Pegasus spyware because another firm led by him was contracted by opposition party Democratic Coalition (DK).
Páva’s smartphone was hacked with the cyberweapon developed by Israeli company NSO on March 16, the very day when it became public information that a company called EagleEye-Marketing Kft. had signed a contract with DK’s parliamentary faction for social media consulting. On behalf of the company, the signatory of the contract was Zoltán Páva.
Direkt36 reported last Wednesday that Zoltán Páva, a former politician of the Hungarian Socialist Party (MSZP) who is currently the publisher of the anti-government news site Ezalenyeg.hu (Ez a lényeg means “this is the point”), was under surveillance this spring. Traces of Pegasus on Páva’s smartphone have been found by security experts from two organizations, human rights group Amnesty International and Canada-based Citizen Lab. According to forensics analyses, the spyware was present on his device between March 16 and 24, as well as between May 23 and 27 this year.
Páva previously told Direkt36 that he did not understand why he had been under observation during this period, as nothing special had happened to him at that time. He recalled that he had started to show symptoms of Covid-19 on March 16th, which is why he only attended a few less significant online discussions in the following weeks.
The contract with DK did not appear to him as a possible reason for his surveillance because it had already been signed at the end of the previous year and his company began work on 1st of January. However, Páva was not aware that details of the contract were only published on the parliament’s website on March 16th.
DK party director László Sebián-Petrovszki told Direkt36 that information on the contract was posted on the parliament’s website much later because this was only possible when the Office of the Parliament completed the book-keeping for the previous year. “This always takes the first months of the year,” the party director explained. He added that each faction is in charge of uploading their own contract data.
Páva’s phone was hacked on March 16 at 11:52 a.m. according to the forensic analyses. Sebián-Petrovszki could not say exactly when their colleague uploaded the contract data of EagleEye-Marketing Kft. We asked the Press Office of the Parliament if they had information on the exact upload time of the data, but they did not respond to our questions.
Sebián-Petrovszki said that it has been clear for his party that the pro-government media is following the social media activities of DK and other opposition parties with great interest. “These topics are constantly recurring panels in the right-wing press,” he added.
The contract concluded with EagleEye-Marketing Kft. also attracted the attention of government propaganda. Just a day after the upload of the contract , on March 17, pro-government news site Origo already published an article about it, emphasizing that Zoltán Páva, who runs the contracted company, is also the publisher of Ezalenyeg.hu, a site criticizing the government.
In July, a team of international journalists published stories as part of the Pegasus Project, which was based on a database of 50,000 phone numbers selected for monitoring by NSO customers. Forbidden Stories and Amnesty International had access to the database, which they shared with 16 other news organizations, including The Washington Post, the Süddeutsche Zeitung and The Guardian. From Hungary, Direkt36 was the only participant.
Páva’s phone number was not on the leaked list, but the reason for that is presumably that the database may have leaked even before he became a target. Direkt36 has no information on when exactly the database was leaked, but the in the spring of 2021, the international collaboration was already underway.
Evidence gathered so far strongly suggests that Hungarian state actors are behind the use of Pegasus in Hungary. A security officer formerly with one of Hungary’s intelligence services told Direkt36 that, according to his knowledge, Hungarian services started using Pegasus in 2018 as a direct result of strengthening ties between Israel and Hungary. A former NSO employee also confirmed to one of the project’s partners that Hungary indeed procured the Pegasus software. The Hungarian government has not denied that they use Pegasus, nor did they deny the surveillance of the people Direkt36 has reported on.
The government did not respond to questions about the surveillance of Zoltán Páva.Now we sent additional questions concerning the connection to opposition party DK, but did not receive a reply.