On October 11, 2017, the Hungarian parliament’s national security committee voted on what seemed to be a routine matter: the possibility for Hungarian intelligence services overseen by the committee to acquire certain equipment without a public procurement procedure, excluding competition and publicity. In a closed session, MPs had to decide on three such requests.

The last item on the list was the purchase of a technology that can access all the data stored on mobile phones by hacking them. The brief description presented to MPs did not specify or name the technology but made it quite clear that it was a highly sophisticated spyware. It was the agency in charge of carrying out technical surveillance and interception, the Special Service for National Security (SSNS/Nemzetbiztonsági Szakszolgálat, NBSZ), which requested this acquisition.

MPs in the committee voted as they almost always had in the past. Whenever the SSNS argued convincingly in favor of a new technical device, even opposition MPs typically supported their request. This time, too, government and opposition MPs voted unanimously, without question, to exempt the spyware from public procurement, three sources with concrete information about the meeting told Direkt36.

The spyware turned out to be Pegasus, manufactured by Israel’s NSO Group. More than three and a half years later, Direkt36, as part of the Pegasus Project, an international team of investigative journalists led by Forbidden Stories, found out that the spyware was used to monitor Hungarian journalists, media company owners, lawyers, opposition politicians and government officials. Pegasus has access to all the data on a mobile phone and can even turn it into a covert listening device by remotely activating the microphone and camera.

According to sources familiar with the details of the spyware’s acquisition, the SSNS did not directly purchase Pegasus from the Israeli NSO Group. The seller was a Luxembourg-registered company of NSO (there are at least nine companies related to NSO in the small European state, which is also popular for tax optimization), while the buyer was a Hungarian intermediary company, Communication Technologies Ltd. This is a company whose owners since 2019 include László Tasnádi, a confidant of Interior Minister Sándor Pintér. The company has won several other state contracts in recent years, generating annual revenues of two to three billion forints and profits of several hundred million forints.

According to the sources, the purchase of Pegasus cost a net amount of around six million euros – at the exchange rate of the time, this was between 2.5 and 3 billion forints gross. In its request for exemption from the public procurement procedure, the SSNS argued that this was the cheapest offer for such technology on the market. The sources did not provide details of any other expenses that may have been incurred later on in the operation of Pegasus.

Of the opposition members of the national security committee who supported the purchase of Pegasus at the time, only Zsolt Molnár of the MSZP (Hungarian Socialist Party) responded to our request. He said that he could not comment on specific acquisitions, but as a long-time member and former chairman of the committee, he could generally confirm that

“the Special Service for National Security used to submit professionally sound, correct proposals, which cannot be said of all state bodies. In my experience, there has always been confidence in the procurements of the SSNS, even from opposition MPs.”

Direkt36 contacted all parties involved in the story – including the Hungarian government, NSO Group, the CEO of Communication Technologies Ltd. and László Tasnádi – but received no response from anyone. We have no information on whether the intermediary company was involved in the operation of Pegasus after its import and, if so, what data it had access to, for example, whether the company knew the identity of the targets.

A versatile businessman

The owner and managing director of Communication Technologies Ltd., which was involved in the acquisition of Pegasus, was Péter Neuman (with a woman of the same address also owning a share). He had long been a known player in the small market of trading with security and cyber security equipment, a former high-ranking Hungarian intelligence officer told Direkt36. The source claimed that Neuman was involved in several other state procurements, the details of which are classified. According to his LinkedIn profile, Neuman also attended the US Department of Homeland Security’s cybersecurity training course in 2013. He is actively engaged in studying the philosophy of science and artificial intelligence, and publishes regularly. According to his social media profiles and address in the public company database, he currently lives in the UK.

However, Neuman has been active in other areas during his time in Hungary, including politics and the media. A former Fidesz MP from the party’s liberal era, for example, said he knew Neuman from the 1980s when they used to party together, while another former Fidesz member worked with him on a campaign in the 1990s. Among Neuman’s friends on Facebook are many well-known former left-wing and liberal politicians, including former mayor of Budapest (1990-2010) Gábor Demszky and former MSZP chairwoman Ildikó Lendvai. A political consultant working for the Hungarian opposition told Direkt36 that he knew Neuman from a 2002 communications training course for Hungarian Socialist Party candidate for prime minister Péter Medgyessy (Neuman also taught techniques of negotiation and presentation at the Budapest University of Technology a few years ago).

Neuman had already won state contracts during the MSZP-SZDSZ (Socialist-Liberal) governments of the 2000s. In 2007, Pesti Group Ltd., another company he owned, was one of the winners of a HUF 42 million (€170 000) communications tender for Hungary’s electronic toll collection system. Neuman also spoke on behalf of Pesti Group in 2008-2009 when the company tried to enter the market as Hungary’s fourth mobile network operator.

In the mid-2010s, Neuman was already known to many as an executive and adviser to the media interests of the Unified Hungarian Jewish Congregation (EMIH), led by Rabbi Slomó Köves, who has good relations with the Orbán government (Köves and his followers are coming from the Hasidic Chabad-Lubavitch movement). After the EMIH-affiliated Brit Média Ldt. became the owner of 168 Hours (168 Óra), a Hungarian left-wing weekly, through a company called Telegráf Kiadó Ltd., Neuman took on the role of Telegráf’s managing director for one and a half years in 2018-2019. “He was Slomó’s delegate at the weekly and was present at several meetings where he gave his opinion on 168 Hours. These were more brainstorming sessions, he had no say on the content,” one of Neuman’s colleagues at the time recalled.

According to one of his other former 168 Hours colleagues, some of Neuman’s remarks indicated that he had ties to the national security apparatus. In the spring of 2018, for example, when 168 Hours organized a conference titled ‘Budapest, the liveable city’, Neuman suddenly suggested that a friend of his, a former senior intelligence officer who used to head Hungary’s cyber defense agency, should be invited to speak.

“We couldn’t understand why Neuman was so insistent, as his friend had little to do with the theme of the conference,”

a journalist working for 168 Hours at the time said.

After the Pegasus spyware revelations last summer, Neuman initiated several conversations about the reports, repeating that he believed the investigative articles had anti-Israel overtones, one of his acquaintances told Direkt36. According to the source’s recollection, Neuman described the articles on the Pegasus surveillance as superficial, for example, arguing that it was illogical to think that the Mossad (Israeli intelligence) would have access to the information gathered by the spyware, because in that case no one would buy Pegasus. The source also said that it was clear that Neuman was an expert on the subject, as he started to list German, Italian and British companies that produce similar spywares.

Péter Neuman’s name was last in the public eye when he was involved in the acquisition of Est Média in 2019 through a company called Nun Tav Technologies. However, it turned out that someone had bought into Est Média’s shares, now renamed Delta Technologies Plc, at a cheap price just the day before Est Média announced it was buying IT company Delta Systems Ltd, which had been a winner of a string of state contracts. Naturally, Est Média’s share price jumped immediately after the announcement.

Subsequently, an investigation was launched into suspected insider trading. In June 2022, the Hungarian National Bank announced that the suspicions were well-founded, and fined an unnamed individual HUF 58 million (€140 000). According to the Hungarian National Bank, this person “obtained the shares at a fraction of their real value through the use of supplementary information in his possession”. The individual was identified by news site 24.hu as Péter N. (We asked Neuman whether he was the person concerned, but he did not respond to this question either.)

The interior minister’s confidant emerges

In the months following the national security commitee’s approval of the Pegasus acquisition, at the end of 2017, a new owner, László Hetényi, appeared in Communication Technologies, first with a 10 and then 33 percent stake. He had known Neuman for some time, having held a brief stake in the company back in 2003.

Hetényi was a media entrepreneur in the past decades, for example, he was the exclusive Hungarian representative of the Economist and the Wall Street Journal, according to his CV, quoted in an earlier HVG article. However, the article also noted that Hetényi is coming from az Interior Ministry background, having graduated from the Police College and then served as a security officer in the Interior Ministry between 1979 and 1988.

Two years after the approval of the Pegasus purchase, at the end of 2019, another oldschool security officer, László Tasnádi, acquired a 33 percent stake in the broker company. Tasnádi is a former state secretary at the Interior Ministry and a close confidant of Minister of Interior Sándor Pintér. Tasnádi also became a business partner of Neuman and Hetényi in the acquisition of Est Média/Delta Technologies.

Currently, László Tasnádi is the chairman of the board of Civil Security Service Ltd, the former private security empire of Sándor Pintér, but between 2010 and 2016 he was first chief of staff to the minister and then state secretary overseeing the intelligence services, among other things. His political career took a hit after details of his past in the Communist secret police were made public in 2014. After public criticism from within the government, he resigned in 2016.

Tasnádi started his career in the security apparatus of Communist Hungary. He first worked for the foreign intelligence in the counter-terrorism field, before moving to the counter-intelligence directorate and the Budapest police department. HVG reported that, during the reburial of Imre Nagy (hero Prime Minister of the 1956 anti-Soviet revolution) in 1989, where a young Viktor Orbán made his famous speech, Tasnádi worked as a counter-intelligence security officer monitoring the crowd. He was receiving reports on what was happening there from undercover agents, including a former ÁVH officer. (ÁVH (Államvédelmi Hatóság, State Protection Authority) was the brutal secret police of the 1950s. They fought on the Soviet side during the Hungarian uprising.)

Tasnádi responded to these allegations by saying that he would not resign because he did not consider his activities at the time reprehensible. “I did intelligence work, but I did not report on anyone. I did my job with honor,” Tasnádi told HVG, and said that counter-intelligence was “a profession” like any other. He added that his pre-1989 state security past was known to everyone when he was appointed.

However, after Tasnádi was promoted to lieutenant general by President János Áder in 2016, on the 60th anniversary of the 1956 revolution, the controversy over his past resurfaced. János Lázár, then head of the Prime Minister’s Office, who had several conflicts with Sándor Pintér, responded to a journalist’s question by saying that Tasnádi’s promotion on the anniversary of the revolution was “embarrassing and unpleasant. It is more than strange.” Lázár added, referring to the Orbán government, that “everyone felt that this was not right”, and he even spoke to PM Viktor Orbán about the issue.

Soon after the criticism, Tasnádi submitted his resignation and left for the private sector – but he did not go far from his former profession and network. In recent years, he has been involved in several companies active in the field of national security and law enforcement.

The spyware business seems to be lucrative

Although the NSO Group, which developed Pegasus, claims to sell its spyware exclusively to state actors and institutions, in the world of intelligence services, transactions are sometimes carried out through intermediaries. These broker companies are typically either front companies – set up by the services themselves to disguise their activities and deals to the public – or businesses owned by former intelligence officers with close links to the state and politics and which generate substantial profits for their owners.

Communication Technologies openly advertises the kind of products it is selling:

“Today’s wars are fought fully or partially in cyberspace. Tools to fight these wars are part of our solution portfolio. On the other hand, cyberspace solutions are necessary for conventional security, too. Cyber weapons and tools to prevent cyber attacks are constantly in focus for our colleagues. We keep track of the latest and most effective solutions, so that we can offer them to our clients,”

reads the company’s website under the heading “cyber intelligence”.

Until 2018, Communication Technologies Ltd. did not have revenues that stood out in the market of security technology. It was after the Pegasus deal that the company became spectacularly successful, as its net sales suddenly jumped from HUF 150 million (€470 000) in 2017 to HUF 3.5 billion (€11 million) in 2018.

Sources who gave details of the acquisition to Direkt36 did not say how much the company profited on the brokerage. The company report of Communication Technologies reveals that the owners at the time – Neuman and the woman living at the same address owned 90 percent and Hetényi 10 percent at the time – took out HUF 123 million (€384 000) in dividends for that year on the record turnover of HUF 3.5 billion (no dividends were paid in previous years).

In the last few years, when Hetényi and Tasnádi, alongside Neuman, had 33-33 percent stakes in the company, annual net sales of HUF 2-2.5 billion have been accompanied by dividend payments of several hundred million. Most recently, in 2021, for example, the owners took home 734 million forints. (Currently, the trio owns Communication Technologies Ltd through another company, Nun Tav Technologies).

A comparison of how much a broker company can profit on Pegasus can be made with the case of Poland, where serious abuses were also discovered in the use of Pegasus. Moreover, the Poles bought the spyware for a similar amount (PLN 33.4 million, around €7 million) to the Hungarian purchase. The Poles also entrusted the purchase to an intermediary company which is linked to former Polish Communist intelligence officers. According to investigations by Polish newspapers based on documents they obtained, the local intermediary company, Matic Ltd., made PLN 8 million (about €1.7 million) on the deal, meaning they generated a profit of almost 25 percent on Pegasus.

However, in Hungary, Communication Technologies Ltd’s profits are not only coming from Pegasus, as the company has won several other major contracts from law enforcement agencies after the spyware deal. For example, in May 2018, without competition, it won a tender worth HUF 1.4 billion net from the National Police Headquarters for the supply of an electronic house arrest surveillance system. Later, they also won a contract worth almost HUF 2 billion net from the National Prison Service, following a so-called negotiated procedure (without real competition or bidding, again). Later, they were also awarded the contract to supply the Rapid Response and Special Police with forensic-criminal investigation equipment, and more recently, they were included in a HUF 204 billion (€486 million) framework contract by the Hungarian Digital Government Agency.

On its website, the company claims it is selling multiple types of cyber weapons and advertises itself as offering ”state-of-the-art solutions designed and developed to maintain and guarantee the security of nations.” It also claims that ”we are constantly searching for cutting-edge solutions in the international market to integrate them into our portfolio, primarily catering to government-sector clients in Central and Eastern Europe. We not only sell solutions of others, but take part in the implementation and integration of solutions, as well.”

Few people knew it was called Pegasus

According to a former Hungarian intelligence officer with knowledge of how Pegasus was operated, the SSNS first obtained a quota for 50 devices, meaning the number of mobile phones that could be monitored with Pegasus at a time. According to the source, the quota was later increased by a few dozen more, but the source did not say how or why this happened (e.g. through a new contract or a contract amendment).

According to sources familiar with the circumstances of the Pegasus acquisition, the spyware was used by the SSNS in the same way as other technologies it operated for surveillance and intelligence gathering. If a national security or law enforcement agency needed secret surveillance during an investigation, and it was authorised by the Minister of Justice or a judge, the SSNS would carry out this surveillance on their behalf and then pass the information collected to the agency requesting the surveillance.

Direkt36 has also previously identified the telephone number of an SSNS officer in the leaked database of targets selected for Pegasus surveillance by NSO Group clients. A former intelligence officer has now confirmed that this SSNS officer was actually one of the operators of the spyware and that his own phone number may have been included in the leaked target database due to the SSNS officer just testing the spyware.

According to the sources, the SSNS used Pegasus in operations on behalf of all Hungarian civilian national security agencies, namely:

• Constitution Protection Office (CPO/Alkotmányvédelmi Hivatal, AH – counter-intelligence),
• Information Office (IO/Információs Hivatal, IH – foreign intelligence)
• National Protective Service (NPS/Nemzeti Védelmi Szolgálat, NVSZ – internal counter-intelligence)
• Counter Terrorism Centre (CTC/Terrorelhárítási Központ, TEK – counter-terrorism)
• as well as the police.

However, none of the sources has reported that the SSNS have also used the Israeli spyware for the Military National Security Service (MNSS/Katonai Nemzetbiztonsági Szolgálat, KNBSZ – military reconnaissance, intelligence and counter-intelligence).

According to a former intelligence officer, the strict quota limits and the extremely high costs, as well as the unprecedented effectiveness of the tool, meant that the SSNS could only use Pegasus in priority cases and only with top-level ministerial or director-general approval. The directors-general of the national security agencies after the acquisition of Pegasus were Hedvig Szabó (SSNS), János Hajdu (TEK), Zoltán Bolcsik (NPS), Zoltán Kiss, then Szabolcs Bárdos (CPO) and István Pásztor (IO).

The possible role of József Czukor, who headed IO between mid-2018 and 2020, has been previously reported. Czukor, who was in Viktor Orbán’s closest circle as the Prime Minister’s chief foreign policy and national security advisor at the time, travelled to Israel in February 2018, just as the spyware was about to start its normal operational use in Hungary. In Israel, Orbán’s advisor met with the then Israeli Prime Minister Benjamin Netanyahu himself. (We asked the government about Czukor’s role last year, but we did not receive a reply to this request either.)

However, apart from the Prime Minister and the Interior Minister’s inner circles, the heads of the intelligence agencies and the IT specialists and their superiors working with Pegasus, very few people could have known that Hungary possessed the technology to fully hack mobile phones. Even fewer were aware that it was in fact Pegasus.

For example, according to several sources, Péter Szijjártó, the foreign minister who was the first government official to react to reports on the spyware surveillance last summer – and who denied everything – was not lying, he was just not aware of the existence of Pegasus. Moreover, the foreign minister later said that he first thought that NSO meant National Sport Online (Nemzeti Sport Online), the website of the popular Hungarian sports daily newspaper.

According to several former national security and law enforcement officers, even few in the intelligence services knew about the existence of the Israeli spyware. However, it was already widely suspected that such a tool had been acquired by the SSNS.

One former counter-intelligence officer, for example, said that he had indirectly discovered that the Hungarian state could now monitor so called end-to-end encrypted messaging applications – which could only be done by hacking into the endpoints, i.e. the mobile phones. Around 2018-2019, the former counter-intelligence officer received a series of notifications on his phone that his colleagues who were still active had registered for Signal, Viber and other similar end-to-end encrypted messaging apps. He could draw a conclusion from this because, for security reasons, intelligence officers are only allowed to use messaging apps that can be cracked by the SSNS.

There were other, quite banal reasons for the secrecy. According to a former law enforcement officer, the existence and operation of the spyware was kept confidential “because otherwise everyone would have asked for Pegasus for their own investigation”. The spyware, which gives access to virtually all information on the mobile phone, can save a lot of work for a case officer conducting a covert investigation. Even if the SSNS had used Pegasus in a case, they did not necessarily tell the other agencies’ case officers what technology was used to carry out the surveillance for their investigations.

Pegasus was used even after the scandal

Although there were reports last autumn that Israel had restricted the export of Pegasus and similar tools in the wake of the scandal, and that Hungary, among others, no longer had access to the spyware, this is certainly not true. What has actually happened is that Israel has narrowed down the list of countries to which the Israeli Ministry of Defence automatically grants export licences. Exactly which countries have been removed from this list is not known. But even if Hungary is de-listed, this does not mean a total ban, especially not a retroactive one.

In the wake of the surveillance scandals involving EU member states, the European Parliament set up the Pegasus inquiry committee (PEGA committee). This summer, the committee heard Chaim Gelfand, NSO’s chief compliance officer, whose testimony did not suggest that Hungary was a particularly problematic country in the company’s eyes. The Israeli representative said that a score is assigned to each country based on human rights and rule of law criteria, and that countries below a certain score should not have access to Pegasus because of the risk of abuse.

According to the scoring system described by Gelfand, Belgium has a score of 80, Spain 75, Poland and Hungary around 64-65 and Saudi Arabia around 30. He said that the minimum threshold used to be set at around 20 points, but “the 20-point threshold has since been raised, so we’ve become stricter. We do not cooperate with countries that score around 20 points.”

After Direkt36 as part of the Forbidden Stories-led ’Pegasus Project’ exposed the Pegasus surveillances in Hungary and Hungarian opposition MPs began investigating, several of them asked questions of intelligence officials behind closed doors. One MP subsequently told Direkt36 that when asked whether Pegasus was still being used, the head of one of the civilian intelligence services repeatedly evaded giving a straight answer.

However, the MP deduced from the answer of the head of the intelligence service that, despite the fact that the technology and the surveillance carried out with it had been exposed, Pegasus had been used again in some cases after the publication of the investigative stories last summer. These are operations where the target is unlikely to be able to detect the Pegasus surveillance because they cannot find traces of the spyware on their own phone, according to the MP’s understanding.

A former Hungarian intelligence officer, on the other hand, was much more explicit in telling Direkt36 that, according to information he received from his colleagues who were still active, the use of Pegasus was suspended for a while, but later it was used again in covert surveillances.

“In Hungary, the investigations launched after the scandal all concluded that everything was perfectly legal, there was nothing to see here. So why not use it?,”

the former intelligence officer told. Moreover, to the source’s knowledge, the Hungarian state has no other spyware for mobile phones as sophisticated as Pegasus.

Meanwhile, NSO Group told the European Parliament’s Pegasus inquiry committee that it had sold its spyware to state agencies in 14 EU member states, but later stopped cooperating with two of them. NSO Group claims that they will do so if their internal investigation reveals that one of their clients has indeed misused Pegasus.

The Israeli company did not name the two EU member states concerned, nor is it known when their access to Pegasus was suspended. Although AP news agency reported that MEPs in the inquiry committee suspect Hungary and Poland, they have no concrete evidence of this so far. Moreover, a third EU member state, Spain, has also reportedly misused the Pegasus spyware.

However, Pegasus is just one of many tools, and Communication Technologies Ltd has helped the Hungarian state to gain access to other types of surveillance technology as well. When the company issued HUF 2 billion worth of bonds under the Hungarian National Bank’s so-called growth loan program this spring, it had to disclose an information document listing the types of foreign technologies it was trading.

NSO Group is not mentioned there – as the procurement was not public, they cannot do so – but a number of other companies, mostly Israeli, are listed as suppliers. For example, the Tel Aviv-based Attenti Group from which the Hungarian company bought electronic surveillance systems (electronic trackers), or the Petah Tikva-headquartered Cellebrite, which “develops forensic mobile phone data recovery tools”.

The document also mentions two other Tel Aviv-based suppliers (Corsight AI Ltd. and Viisights Solution Ltd.) that are developing video surveillance systems based on artificial intelligence. Corsight’s system “uses facial recognition to identify individuals and assigns them to predefined databases”, while Viisights’ product “is able to recognize certain behaviors or events, such as a fight, a car accident or a person involved in an accident, depending on its use”.

In addition to Israel, the company also has US suppliers. One example is Cobwebs, whose artificial intelligence-based solutions “can collect and analyse social media data from different depths of the web, as well as open web, deep web and dark web data”.

The document made public at the time of the bond issue states, without providing further details, that ”a growing share of the company’s revenues are from government contracts”. Since the annual company reports show that Communication Technologies Ltd’s revenues are almost exclusively from sales in Hungary, it can be inferred that the above-mentioned Israeli and American surveillance and information processing technologies were largely purchased by various agencies of the Hungarian state.