Catalonia is another victim of spyware pegasus. A report of Citizen Lab confirmed this week that more than 60 representatives or sympathizers of the Catalan independence movement had been spied on through this program between 2017 and 2020. Behind Pegasus is the Israeli company NSO, which has been in the spotlight in recent years for the famous spyware that can only be bought by governments. And behind the efforts to strengthen digital security in the Generalitat is the Cybersecurity Agency of Catalonia. Your manager, Oriol Torruellaexplains to hypertextual that the results of the report were not really a surprise and what are the strategies they use to stop the millions of cyberattacks they receive every day against the Catalan Administration.
From Barcelona, Torruella affirms that in a report released before the pandemic, between the end of 2019 and the beginning of 2020, the spying on political leaders as a latent danger. “We explained that these cases, in the field of geopolitical conflicts, were an issue that could give rise to situations of this type. And unfortunately we have been successful, ”she says in an interview. He also admits that it is very difficult to avoid these cases and that, despite the agency’s measures to increase communications security, Nothing indicates that something similar could not happen again.
Since 2020, the Catalan Cybersecurity Agency has deployed a plan to protect senior officials from threats within the digital sphere. They are not few. Torruella reports that last year, the Generalitat de Catalunya received over 900 million threats, of which 3,000 incidents materialized. Within these security problems, the objectives of cybercriminals range from identity or money theft to, of course, possible cases of espionage.
Pegasus, that old acquaintance from Catalonia
The agency in charge of Oriol Torruella already has experience with Pegasus espionage, after it came to light in 2019 that the cell phone of the president of the Parliament of Catalonia, Roger Torrent, not targeted by spyware. “With Citizen Lab We began to work on the Torrent espionage case and to identify whether it had impacted other high-ranking officials in the Generalitat,” says Torruella. They are still investigating to what extent and at what terminals, she continues. “So much with Citizen Lab as with other organizations we will try to coordinate as much as possible so that this does not happen again“, Add.
Before continuing, Oriol Torruella wants to emphasize that one of the complexities of Pegasus is separate the concept of espionage from that of cybersecurity. These two phenomena come together in a smartphone through which spyware infiltrates, but they are two different realities. “The concept of espionage is linked to the activities of certain intelligence organizations, many of them state-owned, that have specific interests and objectives. And that they use very sophisticated tools to carry out these activities”, he clarifies.
Cybersecurity, on the other hand, consists of the activities of certain criminal groups to sneak into our devices for purposes such as identity theft, funds theft or any other type of cybercrime.
“When the media asks how many citizens Pegasus has been able to spy on, I think that is not the case, it is not happening. But we are subject to many threats linked to cybersecurity. Today there are very powerful cybercriminal organizations that are working in this market”.
Oriol Torruella
The most sophisticated spy methods
Going back to Pegasus, there are few guarantees to prevent something similar from happening again. First of all, the development of the system has evolved a lot over the years; It is becoming more and more complicated to be not even aware that a user is being spied on. The ways for victims to take the bait have also improved. In the case of the Catalan separatists, the spyware sent boarding passes, false notifications from the Treasurymedia news such as The vanguard either The confidential and even emails that seemed to come from the Generalitat itself.
The problem also comes when espionage has been identified and the culprits are sought. That is the case in Mexico, where it came to light that the government of Enrique Peña Nieto spied on more than 15,000 politicians, journalists and activists using Pegasus, but it has had no political consequences. Returning to our homes, Torrent’s case has been on hold for a year. The vanguard reported that the investigating court 32 of Barcelona maintains an investigation open, in which Ernest Maragall was also affected. The judge accepted a letter rogatory to Israel (the country where the software is based) for information and, a year and a half later, they are still waiting.
The expectations to clarify who is behind the espionage of the independentistas, among them the former presidents of the Generalitat Artur Mas, Carles Puigdemont and Quim Torra, as well as the current Catalan president, Pere Aragonès, are not very high. Under the speech that it comes to national security issues, the information given in these cases is limited, if not non-existent. “Obviously there are states that are more or less democratic, but they all have intelligence services and all execute operations on this line”, comments Oriol Torruella in reference to the espionage of Pegasus.
Pegasus espionage is also political
From Catalonia, the fingers point to the fact that Spain could be behind this case and ask for explanations. For her part, the Minister of Defense, Margarita Robles, defends that the National Intelligence Center (CNI) always acts in accordance with the law and that it is subject to judicial control and authorization; although she recognized that this organism cannot defend itself. “The CNI has a limitation by law and that is that everything that refers to the CNI is secret”, he claimed. Therefore, it cannot confirm or deny that the Executive bought the spyware Pegasus.
The consequences of espionage have not been slow to reach the political sphere. Pere Aragonés, the president of the Generalitat and who is among those spied on, has threatened the Government of Pedro Sánchez with break the majority of the investiture if these acts have no consequences. The political tension promises to stretch and Pegasus will continue giving what to talk about in Spain.
For the Cybersecurity Agency of Catalonia, however, this case is not the worst of the scenarios within cyber security. Beyond the relevance and symbology that espionage has on the independentists, Torruella recalls the millions of threats they receive daily in the Generalitat. Of the nearly 2,800 security incidents reported, 60 identify as critical. “That means that we are all with the creeps and running”, he explains to hypertextual.
Pegasus is not the worst thing that can happen to Catalonia
One of the most powerful cyberattacks was at the end of last year, when more than 2,000 applications of the Catalan Administration were dropped. For nearly two hours, it was impossible to access their systems. “This attack of denial of service (DDoS) caused that the medical history of a patient could not be accessed, for example. This has an impact far beyond espionage that affects specific people, ”she maintains.
Despite not taking away iron from this fact, Torruella does emphasize that, in the case of the DDoS attack, all the citizens of Catalonia were affected in some way. “The 60 critical incidents we identified They can leave the population without public service.
Very little is known about the cybercriminals behind this attack. Only that the person or group behind operated from the dark web and that charges in bitcoins. As is often the case in many cases like this, it is very difficult to know for sure who is responsible; and techniques that improve day by day. The digital strategies to become anonymous are very sophisticated, but so are the threats. “That requires more resources to detect and deal with them,” continues the director of the cybersecurity agency.
“If we transfer it to an SME, which does not have its own agency like this one, any of these incidents can turn into a business closure, loss of information and reputation. The problem is that there is a lot of organized, specific and focused activity.”
Oriol Torruella
Approximately 60% of the threats received by the Generalitat are dedicated to the workplace concept, which is understood as the dependencies of the Administration and its officials. This division also includes attacks on senior officials. Protecting and stopping the attacks they receive is increasingly difficult because “it is no longer just a computer with a monitor and a tower; it is a mobile phone, a laptop, two tablets… that further complicates the protection capacity”, reports Oriol Torruella.
The strategy does not change, despite everything
The Cybersecurity Agency of Catalonia tries to ensure that protection tools evolve at the same level as modus operandi used by cyber criminals. The measures go from systems that analyze traffic to avoid malicious codes to digital training for all officials. “There is no magic solution but the more systems used, the better. We have 3 or 4 messaging applications that have different levels of security”, he explains to this medium.
The tools they need have to be increasingly sophisticated, but that challenge has always existed. The espionage of Pegasus to the independentistas has not changed the strategy. “We started in 2020 with the protection program for senior officials and (espionage) was a reality that we had analyzed. We are taking steps to prevent it. (…) But what it does propose is a particular action to improve the security of these terminals”, affirms Torruella.
Pegasus spyware can change some aspects of the Catalan Government’s cybersecurity strategy, but not the substance. The plan, continues Oriol Torruella, is follow their roadmap to deal with the millions of threats that come to them every day. “Unfortunately, reality has proven us right (referring to Pegasus) and that’s why I think we have to continue developing our security model,” he concludes.