Pegasus, the spyware manufactured by Israeli cybersecurity firm NSO Group has been in use in Hungary for years against targets such as investigative journalists and wealthy media owners as well as against people in their close circles, Direkt36 has found as part of an international team of investigative journalists, ‘The Pegasus Project’. During our investigation, we have found multiple examples of indirect evidence suggesting that Hungarian authorities were behind the secret surveillance.
In total 17 media outlets participated in this joint international investigation led and coordinated by Forbidden Stories, a Paris-based network of investigative journalists. Forbidden Stories together with international human rights group Amnesty International (AI) have obtained a database related to the activities NSO clients. This contains over 50,000 phone numbers which, according to the investigative project’s findings, NSO client countries selected as targets for surveillance from 50 countries, from as early as 2016.
If a phone number appears in this database, it does not necessarily mean that the target was actually attacked with Pegasus and that the hacking was successful. However, AI’s posterior technical forensic analyses of targets’ mobile phones have proved in multiple cases that devices selected for targeting were indeed hacked with NSO’s tool.
Pegasus takes advantage of so-called zero-day vulnerabilities of softwares running on mobile phones, meaning built-in flaws that not even developers and manufacturers are aware of. This not only means that targets’ phone calls could have been wiretapped through these breaches, but even their most sensitive information, for example, emails and other messages as well as photos and videos could have been accessed.
This tool is regarded as such a serious cyberweapon that NSO can only export Pegasus to other countries with the permission of Israel’s Ministry of Defense. Officially, this tool can only be used against targets suspected of terrorism or taking part in organized crime. However, the investigative project has uncovered that many clients routinely target journalists, human rights defenders, opposition politicians, lawyers and businessmen with Pegasus.
From over 300 leaked Hungarian telephone numbers, we have identified the following Hungarian targets so far:
- Four journalists, including two with Direkt36, Szabolcs Panyi and András Szabó. The forensic analyses of their phones have confirmed that their devices have been hacked with NSO’s spyware. Former hvg.hu journalist Dávid Dercsenyi and another journalist involved in investigative work who asked not to be named.
- A photographer who was working as a local fixer for an American journalist who reported on the Russia-led International Investment Bank that relocated to Hungary in 2019.
- Central Media Group owner Zoltán Varga – who has frequently been attacked from government circles – and multiple other businessmen who all attended a dinner at Varga’s house discussing public life affairs. Technical forensic analyses have confirmed that at least one of the participants’ phones was indeed hacked with NSO’s spyware. Another participant was professor Attila Chikán, an economist and former minister in Viktor Orbán’s first government who has become a critic of Orbán in recent years. Chikán’s phone number also appears in the leaked data.
- The son and one of the closest confidants of former oligarch Lajos Simicska. They were both selected as targets before the Hungarian national election of April 2018. Back then, Simicska was the owner of a media empire and he was openly waging a war against the Orbán government. (It would have been futile to target Simicska with this spyware as he did not use smartphones.)
- Adrien Beauduin, a foreign student of the Central European University. He was detained by Hungarian police during an anti-government protest in 2018.
In addition to them, phone numbers of multiple Hungarian public figures also appear among those selected for targeting, including that of a prominent lawyer and an opposition politician – we will cover their stories in the coming days.
The database obtained and analysed by the international group of journalists does not directly reveal who actually deployed and used the spyware against targets. However, there is circumstantial evidence strongly suggesting that Hungarian targets were selected for surveillance by Hungarian authorities.
NSO claims that they only provide their services to governments and state agencies. The company needs the Israeli government’s approval for exporting Pegasus, and there is information suggesting that the spyware appeared in Hungary after high-level Israeli-Hungarian government meetings in 2017 and 2018.
A security officer formerly with one of Hungary’s intelligence services told Direkt36 that, according to his knowledge, Hungarian services started using Pegasus in 2018 as a direct result of ties between Israel and Hungary becoming closer. A former NSO employee also confirmed to one of the project’s partners that Hungary indeed procured the Pegasus software. Moreover, Canadian tech research group Citizen Lab has uncovered traces showing that Pegasus was used in Hungary in 2018. This discovery was part of an international analysis.
But in many cases, even the identity of certain Hungarian targets point to the fact that they were selected for targeting by Hungarian authorities. Based on their phone numbers, we managed to identify multiple targets – such as convicted criminals – who were investigated or prosecuted by the Hungarian authorities, according to publicly available information. The Pegasus Project has also found that local authorities of other NSO client countries have used the cyberweapon for legitimate purposes, but at the same time also abuse it.
The team of journalists sent a detailed series of questions to NSO, which did not respond to questions about Hungary. The company disputes that the phone numbers obtained by Forbidden Stories could have indeed been targeted by Pegasus. According to them, these numbers may be part of a larger list “used by NSO Group customers for other purposes”. According to the company, it is possible that the numbers in the database only come from a publicly available so-called HLR database. HLR (Home Location Register) is a system that helps mobile phone networks to function by keeping track of the geographical location and other identifiers of each device, thus allowing calls and sms to be directed.
However, this register can also be a useful step in launching surveillance operations. HLR allows NSO customers to check whether a device connected to a phone number in interest is actually turned on and where it is physically located (this is important because there are restrictions on the countries in which customers can use Pegasus.) A source with close knowledge of NSO’s systems told a member of the investigative project that HLR is also used by the company’s clients.
Amnesty International’s security team examined 67 devices that may have been targeted in spyware attacks based on the leaked database. In 23 of these cases, it was found that the phones had indeed been hacked with Pegasus, and in 14 other cases traces of an attempted intrusion were discovered. There were no such results in the remaining 30 forensic analyses, but in many instances this was due to the fact that since the date of the suspected surveillance, people have already replaced their phones and therefore lost data. In addition, among the phones examined were 15 Android devices, which, unlike iPhones, do not store the kind of information that would allow AI’s staff to clearly determine the device’s hacking. However, even among these Android phones were three that showed signs of hacking attempts, as they were found with text messages bearing the traces of Pegasus.
AI also shared the data on which some of their forensic analyses were based with researchers from University of Toronto’s Citizen Lab, who confirmed that these devices were indeed hacked with Pegasus. Citizen Lab also reviewed AI’s methodology and found that it is solid.
Hungary’s government has also received a detailed set of questions, including about all the relevant statements in this article, and they did not deny them or respond to them in a meaningful way. They stated that “we are not aware of any alleged data collection claimed by the request”. The government added that Hungary is “governed by the rule of law, and as such, when it comes to any individual it has always acted and continues to act in accordance with the law in force.”
Surveillance and interception are very loosely regulated in Hungary. Authorities – especially national security agencies – can practically put anyone under surveillance without strong external oversight.
“Hungary has one of the worst situations in the Northern hemisphere regarding national security surveillance,” said Máté Dániel Szabó, director of programs at the Hungarian Civil Liberties Union (HCLU), a human rights organization. “In most countries, there are either strict rules about who and when the state can monitor, or there is strong, not only political, but also legal control over how various agencies carry out their work. None of these are present in Hungary”, he added.
Dinner under surveillance
On June 5, 2018, two months after Prime Minister Viktor Orbán’s Fidesz party had won another two-thirds majority in Hungary’s parliamentary election, a small group of seven people gathered at billionaire businessman Zoltán Varga’s house in the hills of Buda. On this pleasant summer evening, guests sat on the huge terrace behind the house, at a table packed with all kinds of fingerfood.
Most of the guests were also businessmen, although none of them as well known as the host, who has long been on the lists of the richest Hungarians. Varga owns Centrál Media Group, one of the largest Hungarian media companies, which, for example, publishes the news site 24.hu. In addition to the businessmen, one of the most respected Hungarian economics professors, Attila Chikán also attended the dinner. He was a minister in Prime Minister Viktor Orbán’s first government, but in recent years he has been an outspoken critic of Fidesz’s policies. Several other guests were critical of the government too and were disappointed with the election results.
The meeting was called to discuss the creation of a new think tank that would be researching issues of public interest. The idea was that this organization would not only conduct research, but would publish their findings in the form of data visualizations or other easily understandable ways in order to reach as many people as possible. The institute would have operated independently of the political parties, but the whole idea came up in part with the aim to counterbalance the Orbán government’s political propaganda.
“These days, the opposition and the media are just reacting to what the government is doing. It would be up to the intellectuals to present the public with an independent explanation of what is happening. And the question is how to bring complicated, data and fact-based subjects into the public discourse in a way that it is also well wrapped up,” said one of the participants in the conversation about the background of the idea discussed at the dinner.
However, the idea of establishing a think tank did not come to fruition. The discussion at Varga’s place quickly turned into a general and somewhat directionless conversation about the political situation. “It was a typical Hungarian discussion. We sat there and everyone said like, fuck, the situation sucks, but then nothing came out of it,” recalled one participant.
At the same time, this gathering seems to have attracted the attention of those who operate Pegasus in Hungary. The phone numbers of every single participant in the meeting were selected as targets for the NSO spyware, according to information obtained by the international team of journalists.
We managed to examine the devices of two participants of the meeting, and it turned out that in the case of one of them, the phone was successfully hacked – all data on it was up for grabs. According to the results of the forensic analysis, it was on June 1, 2018 – four days before the dinner – that the phone was first breached. The organization of the meeting was already well underway then, as Varga had invited the participants weeks earlier. AI’s forensic analysis revealed that the compromised phone was hacked several other times in the following weeks. The last intrusion took place on July 10, more than a month after the meeting.
In the case of the other participant at the dinner, forensic evidence shows attempts of hacking into the phone, but the analysis could not definitey confirm a successful breach. According to Amnesty International’s inquiry, certain suspicious operations were carried out on the device, but there was not enough data found to establish beyond a reasonable doubt that the phone had been hacked. This may occur when, for example, the phone was turned off or not connected to the Internet during the attempted spyware attack.
It was not a huge surprise to Varga when members of the team of investigative journalists approached him and revealed that himself and his dinner guests were all targeted with a spyware. Shortly after the June 2018 meeting, the businessman had already received a signal that they had been monitored.
“Two weeks after the dinner, someone contacted me to say: I knew you had this dinner, it’s very dangerous, you shouldn’t be doing that,” recalled Varga, who said that this person was a former employee who currently has very close government ties. Varga asked her how she heard about the dinner, but the former employee just said she heard it from someone. “To be honest, I didn’t think it had any significance at the time,” the businessman said, adding that he was confident that information about the dinner conversation had not been leaked by one of his guests.
Varga didn’t feel at all like they were talking about some sensitive topic at that dinner in June. No precautions were taken, everyone had their phones with them, and some even kept the device on the table. As we know from AI’s forensic analysis, at least one of their phones had been hacked with the Pegasus spyware, which could have turned on the device’s microphone and recorded the entire conversation.
It is unclear whether Varga’s device was also successfully hacked with Pegasus, because his phone could not be examined by experts for technical reasons. (The businessman has since switched phones, and his previous device was of a type that requires a lenghty process and special circumstances for analyzing.) Varga, however, is nevertheless confident that he has been under surveillance for years.
“Sometimes cars park outside my house, two people sit inside and they don’t do anything,” the businessman said. He also mentioned other examples: his phone calls were interrupted and he suddenly heard the conversation replayed from the beginning. “I spoke to some experts and they said it was a sign that I was being wiretapped,” he explained.
“Sometimes I had lunch or dinner with colleagues and business partners, and someone came and sat next to us for an hour and a half or two. He did nothing but drink a coffee and type on his phone,” Varga said. He also added that one time he was in the middle of a business negotiation sitting in the corner of an empty restaurant when two men arrived and asked the waiters for a table right next to him.
There were also examples of a helicopter hovering over the garden of his house and making three laps. Varga wasn’t home at the time, but his family was scared and ran into the building. “They were looking at the helicopter from there and they saw two men sitting inside monitoring the place,” said the businessman, who suggested it was clearly some kind of intimidation tactic.
The series of suspicious circumstances didn’t end there. Years ago, he noticed weird things with his phone – for example, apps appeared on it that he didn’t even download – and so he asked a German security company to inspect his device. According to Varga, they found that his phone had been hacked and advised him to switch from the Android he used earlier to an iPhone (we now know that Pegasus can also easily hack iPhones). According to the businessman, German experts also examined his emails and found that his correspondence had been redirected to the IT system of a Hungarian national security agency. We asked Varga to connect us with the German experts he had worked with, but he said they are no longer in touch and he is not in a position to contact them again.
Signs of surveillance and threatening messages began in 2017, according to the businessman. He believes it was around that time it became obvious to government circles that he was refusing to sell his media company and that he would not bow to political pressure. The latter meant that he had received several messages that if he changed the tone or the staff of his media outlets, his companies could also receive public advertisement money. Varga claims that he never gave in to these requests, so apart from a few government advertisements related to the pandemic, they never received government advertisement money. The owner of Centrál Media Group did not say who specifically approached him with takeover bids or attempted to put pressure on him, only saying they were “businessmen who are close to this government or benefit from the government.”
When we asked Varga how he felt about being targeted with a spyware, he replied: “I think it is not normal that innocent people can be surveilled and can be insulted this way. ” He added that he already had the feeling that people in the country were afraid to express their thoughts, for example, even felt dangerous to like a Facebook post. However, he finds it particularly bizarre that the June 2018 dinner was targeted by surveillance tools. “It was a friendly conversation, not a coup,” he said. Several other participants of the dinner recalled to Direkt36 that it was a completely insignificant conversation and they did not understand why anyone wanted to monitor it. Attila Chikán, professor of economics and minister of economy of the first Orbán government, reacted in disbelief at the news that he too had been selected for targeting with the Pegasus spyware.
When we told Attila Chikán that he was among the targets, he replied: “I don’t think my phone was hacked, but even if it was, I don’t care.” He says he always speaks openly about the government, so he doesn’t see the point in being watched. He said that he also talks to Viktor Orbán, whom he has known for more than thirty years, once or twice a year. We offered Chikán to have his phone examined by experts, but he told us he did not want to take the opportunity because he did not want to see the results. “I don’t want to give up on my personal principle that I am not willing to live in fear,” Chikán said.
Spying on journalists
In 2019, Szabolcs Panyi and András Szabó did their work at Direkt36 as usual. They conducted background conversations on sensitive political topics, obtained confidential documents on government-linked business deals, and tried to write articles from all the information they managed to collect and verify. In their work, like other Direkt36 staff members, they used mobile apps for encrypted communication. This is how they spoke to their colleagues and arranged meetings with their sources, and they also shared their draft articles with their editors through such apps.
Despite the precautions, they had no idea that they were closely surveilled for weeks or months. In 2019, they were both targeted with Pegasus.
In their case, a forensic analysis by Amnesty International’s Security Lab revealed that their phones were hacked several times between spring and autumn 2019. While in the past, phones were usually hacked by users receiving a message and carelessly clicking on the malicious link in it, there is no need for this anymore. The examination of Panyi and Szabó’s phone also showed that Pegasus penetrated their device in an invisible way, exploiting the internal flaws of the iMessage messaging application. AI’s findings were confirmed by another research lab, the Citizen Lab at the University of Toronto, which has long followed the activities of the NSO. They also did a forensic analysis of the phone data of Panyi and several other foreign journalists targeted with Pegasus.
According to the forensics, Panyi and Szabó’s devices have been clean since the end of 2019, meaning that no technical evidence of Pegasus infections has been found on them since. There is no data on what specific information pegasus operators were looking for during the hacking and what data was exfiltrated from the device. But in theory, they could have accessed everything that was on the phones, and even turned on the phone’s microphone and camera remotely. It’s not entirely clear why the phones of our two colleagues were hacked. Although both were subjected to this kind of surveillance in 2019, the hacking into the phones did not happen at the same time, and they worked on several unrelated topics during that period.
Panyi’s phone was first hacked in April 2019, shortly after he sent media inquiries to two ministries about a forthcoming article on the Russian-led International Investment Bank, which was relocating its headquarters from Moscow to Budapest. They worked on this article together with Szabó, but the latter was not targeted with Pegasus at the time. In Szabó’s case, the first signs of infection are from June, and he was investigating several topics at the time. In May 2019, he published an article based on confidential internal documents about how Minister of the Prime Minister’s Cabinet Office Antal Rogán and people close to him used luxury cars. During this period of time, however, he also dealt with, for example, stories related to the construction of the new Paks nuclear power plant, and at that time began working on an article about an opposition politician with good government ties, Lajos Oláh.
In the following months, Panyi’s phone was hacked several other times, and he was also working on multiple different topics during this period. On the one hand, he wrote several articles on US-Hungarian relations that had become close at the time, as well as its hidden conflicts. Meanwhile, he also began to explore Israeli-Hungarian relations. In his case, a recurring pattern could be detected based on the forensic analysis of his device: in at least 10 cases, his phone was hacked with Pegasus a few business days after he sent official comment requests to Hungarian government officials.
What connects the two Direkt36 journalists is that they were both in the United States during the time they became targets. Panyi visited Washington in May 2019 and gathered information for his articles on US-Hungarian relations, especially for a sequel to an earlier investigation. Back in the autumn of 2018, he revealed that, at the request of the US Drug Enforcement Administration (DEA), Hungary’s Counter Terrorism Centre (TEK) had secretly busted two Russian arms dealers in Budapest. The Hungarian government, however, eventually extradited the arms dealers to Russia instead of the United States. The case of Vladimir Lyubishin Sr. and Vladimir Lyubishin Jr. has led to a serious diplomatic conflict with Washington.
During his trip to the US capital, Panyi also sought to find out more details about Prime Minister Viktor Orbán and US President Donald Trump’s earlier meeting at the White House in May 2019. For example, he found out that Orbán had unsuccessfully tried to use the potential of purchasing a U.S.-Norwegian missile defense system as leverage in his crackdown on Hungarian NGOs.
Szabo participated in a study tour of the United States in June organized by the US State Department. This trip was attended by journalists and NGO leaders from several other countries. (Such trips are regularly organized by the US State Department as well as by foreign ministries of several Western European countries. In many cases, people close to the Hungarian government have also participated in US trips.)
Multiple sources formerly working with NSO told members of the international team of journalists that, according to an internal directive, in general, Pegasus should not be used for spying either on American phone numbers or on targets currently in the United States. Forensic analyses of the phones of both Direkt36 journalists showed that the surveillance of their devices during their stay in the United States was indeed suspended.
At the same time, Pegasus may have been used against a Hungarian target in such a way that they probably wanted to find out information about the movements of an American person through him. In the spring of 2019, a phone number appeared among the selected targets: it belongs to a Hungarian photographer who was working as a fixer with an American journalist at the time. The American journalist came to Budapest to write about the Russian-led International Investment Bank and allegations of espionage connected to the institution. During his visit, the American reporter also met with Panyi, who was also covering the bank’s story. Forensic analysis of the Direkt36 journalist’s phone shows that the spyware was also activated on the day of their meeting.
In the case of the photographer – who asked not to be named – his phone could not be examined because he had deleted the data on it several times since then. But at least two other Hungarian journalists were selected as targets for the Pegasus spyware.
One of the targets was former hvg.hu journalist Dávid Dercsényi, who currently works as editor-in-chief of the local newspaper of Budapest’s opposition run 8th district. Dercsényi is not specialized in investigative journalism, however, he covers sensitive topics from time to time. He was selected as target in 2019 while he was still working with hvg.hu. That year, he wrote several articles on the case of the Syrian national who was known in Hungarian media as Hassan F. (Fahroud Hassan). The Syrian was accused of terrorism and later sentenced to prison.
The case was extremely important both to the Orbán government which campaigned on linking migration to terrorism, and to the Hungarian Counter Terrorism Centre (TEK). It was an accident that Dercsényi found this story through his Greek family connections – he was checking Greek sites more often as well as Greek sources were sending him links sometimes. He remembers sitting in the newsroom on duty when he found an English language article of a Greek website. This article said that Greek intelligence had fully briefed its European partners months before Hassan F.’s arrest and openly criticized Hungary’s TEK for politicizing the man’s case. Although the article was not published under Dercsényi’s byline, he was the one who sent official comment requests to Hungarian government institutions involved, and who, in the coming months at hvg.hu, followed developments of the story
According to the leaked information, Dercsényi was selected for targeting under three phone numbers: his private mobile phone number, his hvg.hu work phone number, and even a number registered under his name, but actully used by Dercsényi’s ex-wife. When we approached Dercsényi, he was not surprised at all that journalists are being surveilled in Hungary. However, he would not have thought that even a newsroom journalist like himself could become a target. He is mostly outraged because those surveilling him could have accessed content about his children, and because even his ex-wife’s phone could have become a target. As the journalist has already discarded the phones that he used at the time, we were unable to analyze his devices.
In addition to Panyi, Szabó and Dercsényi, the phone number of a fourth Hungarian journalist, who is also involved in investigative work, also appears among the targets. They asked not to be named to protect their sources, and for the same reason they did not want their phone analyzed. “It is hard to surprise me with anything new. I am well aware that they can see my WhatsApp, Viber messages. And I also had a feeling that it was not in a legal way” – the journalist told. In their case, it is hard to tell what made this journalist a target mainly because their articles and information collected for these pieces could have been sensitive to multiple agencies, government officials or government proxies.
“This is how I live and work, it is evident for me that I am under surveillance”, the journalist told while recalling multiple concrete examples from recent years. Once, they received a warning from “very high up”: they should be careful because they are currently surveilled by one of the intelligence services. Another occasion was when a head of a law enforcement agency made it clear to them that he knows exactly which of his subordinates are talking to the journalist. Later, using their right to informational self-determination, they filed an official request and asked which government agencies accessed their personal data stored in various government databases, and why. “The reply turned out to be a long list”, the journalist told, but did not want its details to be published.
According to the director of programs at HCLU, Dr. Máté Dániel Szabó, despite the fact that regulations of surveillance in Hungary are extremely loose, the secret surveillance of journalists is still not necessarily lawful. “Formally, Hungarian law does not distinguish between professions in the case of secret surveillance. But that does not mean that journalists can be monitored under the same conditions as others,” Szabó said. He recalled that the European Court of Human Rights has already ruled in several judgments that, in order to protect their sources, journalists can only be monitored under special conditions. The existence of the conditions must be established by some external actor, such as a court, Szabó explained, adding that Hungarian practice does not comply with this at all.
At the end of 2018, Belgian-Canadian citizen Adrien Beauduin (who now works as a journalist mainly for Belgium’s Le Soir) was a student at the Central European University (CEU) in Budapest at the time he became a target. Beauduin took part in protests against the expulsion of CEU, and in December 2018 he also went to Kossuth Square for a rally against the so-called slave law, during which he was detained and taken to a police station. He was suspected of attacking the police, which he denied, and charges against him were eventually dropped. A forensic analysis of Beauduin’s phone could not clearly establish that the device had successfully been hacked, but AI’s Security Lab did find evidence of attempted intrusion.
Simicska’s people in the crosshairs
Although for a long time, Lajos Simicska was one of Hungary’s most powerful men, he did not keep up with the latest technology. For example, there was no wifi at all in his famous Radóc street office, where at the time ministers and other high-ranking politicians were lining up to meet him. Even in the 2010s, his colleagues were receiving media requests by fax.
Simicska did not use a smartphone either, and if he was in a place where there was no internet connection, his employees had to read him the newspaper articles he was interested in on the phone.
While this was simply due to Simicska’s old-fashioned attitude, according to a former employee, in theory this also had its safety advantages. Since Simicska did not use a smartphone and discussed more sensitive topics in person, it was more difficult to intercept his communication.
However, this was no longer true of his closest circle. Many of them used smartphones, and according to information obtained by the international team of journalists, two people very close to Simicska were also selected for targeting by Pegasus operators.
One of them is the son of the former oligarch, Ádám Simicska, who for a time during the Orbán-Simicska conflict headed the publishing company of Hungarian daily Magyar Nemzet. Sometimes he attacked Fidesz in more aggressive statements than his father (the most memorable of these was when he threatened certain men that their genitals would be cut off every millimeter). The other target is Ajtony Csaba Nagy, a lawyer who not only represented Simicska in various corporate affairs for many years, but also represented him on the board of news site Index, for example. His case is also special because client-attorney privilege could have been compromised because of his targeting.
Both were put in the crosshairs in early 2018, before the Hungarian parliamentary election. At that time Simicska was still supporting Jobbik, an opposition party, and his media empire, which included news channel Hír TV and daily Magyar Nemzet, was harshly critical of the government. After the election brought another Fidesz landslide victory, Simicska gave up his entire business empire, which eventually became the property of businessmen close to Viktor Orbán.
Ajtony Csaba Nagy played an important role in negotiating these issues, according to a source who previously worked for Simicska. “He was a close confidant of Lajos until the very end. He did all the contracts and stuff in the end,” the source recalled. He added that Lajos Simicska also involved his son in certain dealings, although Ádám Simicska was removed from heading the publishing company of Magyar Nemzet in the last months of the election campaign.
We called Ádám Simicska several times and sent him a message explaining why we were trying to contact him, but he did not respond.
Cyberweapon for export
A former Israeli army officer, Shalev Hulio and a business partner founded NSO Group in 2010 when smartphones started spreading rapidly. The company developed technologies to hack into new types of mobile phones and access data stored and transmitted on them, including information sent through encrypted channels.
Although NSO now also has foreign investors, the company still operates with an Israeli headquarters and is also closely linked to the government of the Jewish state. For example, if NSO wants to sell its service to a foreign country, it can only do so with the permission of the Israeli Ministry of Defense.
NSO claims this does not mean that the company is a “tool of Israeli diplomacy”. However, there are examples where the appearance of Pegasus in some countries coincided with a high-level israeli meeting. This is what happened in India, where leaked data showed that the selection of targets started increasing after Indian Prime Minister Narendra Modi’s visit to Israel in July 2017.
In Hungary’s case, the development of closer ties with Israel coincides with the arrival of Pegasus.
In July 2017, Benjamin Netanyahu made a historic visit to Hungary, he was the first incumbent Israeli Prime Minister to take this trip since Hungary’s democratic transition. Netanyahu also opened a Hungarian-Israeli business forum with Hungarian Prime Minister Viktor Orbán, where cybersecurity was one of the topics. In his speech, Netanyahu stressed that he never tried to dictate to the free market except when it came to cybersecurity, which is “the only area where I have interfered in market processes.” In his speech, the Israeli Prime Minister boasted at length that his personal decision had allowed Israel to invest heavily in cyber technology and thus become one of the leading powers in this area.
About six months later, on February 13, 2018, a second meeting took place, this time in Israel. József Czukor, a former intelligence officer and one of Viktor Orbán’s closest and most trusted allies, had a personal meeting with Netanyahu. According to the official explanation, Czukor, who was then a senior adviser to Orbán, discussed the preparations for the upcoming summit between the Prime Ministers of the Visegrad Four countries and Israel. But the reports also revealed that he even held separate talks with Meir Ben-Shabbat, head of Israel’s national security council and Netanyahu’s national security adviser, on “counterterrorism cooperation, deepening bilateral diplomatic-security relations and various other bilateral issues”.`
Several national security and diplomatic sources told Direkt36 at the time that Czukor’s negotiations in Israel attracted attention. They claimed that they did not believe that the topics mentioned in the official readout alone justified Netanyahu personally recieving Czukor. However, according to the list of telephone numbers obtained by the international team of investigative journalists, the meeting took place around the time when someone started targeting Hungarian phone numbers en masse.
A former Hungarian intelligence officer also told Direkt36 that to his knowledge, the Hungarian state started using Pegasus around the beginning of 2018, and that “the procurement has a lot to do with our closing ties with Israel”. According to the source, who requested anonymity, the Hungarian government has long been troubled by the fact that traditional surveillance methods do not allow access to communications that take place on encrypted applications such as Signal or WhatsApp, which is why they were eager to take the opportunity to use the NSO product. By hacking a smartphone, Pegasus operators can see everything that appears on the device’s display, including conversations and messages that run through encrypted apps.
Advanced technology also comes at a high price. For a previously disclosed contract in Mexico, the bill comes out at $64,000 (HUF 19 million) per target, while in a Panama contract the price tag was at $89,000 (HUF 27 million). Journalists of the ‘Pegasus Project’ team have spoken to several sources familiar with the internal affairs of the NSO, and they say that spyware is now probably cheaper than that. It is difficult to say an exact sum because pricing depends on a number of factors (e.g. which region the customer belongs to, how many targets they want to monitor at the same time, or how risky it is to sell to a client in terms of their respect for human rights).
Spywares like Pegasus do not have specific regulations under Hungarian law. The legislation only deals with so-called secret information gathering in general, which includes, for example, traditional phone interceptions or the bugging of an apartment. These rules give the authorities a lot of space to use various instruments, such as Pegasus.
Secret information gathering operations basically have two categories, depending on which authorities are conducting them. On the one hand, law enforcement authorities (police officers, tax inspectors etc.) can apply such methods if they are investigating a specific crime. But they can only do this if they have a permission from a judge and can only continue this activity for a limited period of time. If, during this time, they are unable to obtain sufficient information to corroborate the accusation of a crime, they should in principle destroy the collected data. And if someone is officially charged, data collected in secret must be made “open” or unclassified, i.e. it must be included in the official investigative documents, which the suspect can later learn about.
On the other hand, regulations are looser when national security agencies are collecting such information in secret. They do not need judicial authorisation, but the approval of the Minister of Justice is sufficient (in some cases, they can start collecting information in secret even before obtaining the authorisation). The more than 300 Hungarian phone numbers obtained by Forbidden Stories and AI only show who the Hungarian client of NSO has chosen as the target of surveillance in Hungary. At the same time, the number of all surveillances carried out by Hungarian authorities is much higher.
It was recently reported by Hungarian weekly 168 Óra that secret information gathering operations approved by the Minister of Justice have increased in the past five years. While 1,038 such permits were issued in 2015, the number of permits has increased to around 1,200-1,300 in recent years. This means that on average, more than 3 surveillance permits were issued per day by the minister. In comparison, in 2021, nearly 500 ministerial authorisations were issued in the first three and a half months alone, meaning that 5 approvals were obtained each day.
At the same time, the legislation is rather vague about the cases in which such operations can be carried out by the various agencies. This includes, among others, the Constitution Protection Office, which acts as the domestic counterintelligence, supervised by Interior Minister Sándor Pintér, the Information Office for foreign intelligence under Minister of Foreign Affaris and Trade Péter Szijjártó, and the Counter Terrorism Centre headed by Viktor Orbán’s former personal bodyguard, János Hajdú. Then there is the Special Service for National Security, also overseen by Pintér, which is basically just serving the other agencies by carrying out technological surveillance on their behalf.
A typical example of the broad framework within which these agencies carry out their work is that the Information Office’s responsibilities are described by law as “obtaining, analysing, evaluating and transmitting the information necessary for government decisions”.
In early July, a journalist from France’s Le Monde, who was involved in the Pegasus Project, asked Minister of Justice Judit Varga in an interview if she would authorize the surveillance of a journalist or opposition figure, to which Varga indignantly replied: “What a question! This is a provocation in itself!” Varga argued that only surveillance requests complying with the law could be granted permission, and also added that “there are so many dangers to the state everywhere.”
Later, Varga was also sent a detailed series of questions about Hungarian journalists and media company owners who were selected as targets of surveillance or in fact surveilled, but there was no reaction from the minister.