

Discussion summary
Discussions focus on espionage concerns involving the European Parliament, US tech dependency, and potential government responses. Participants question the influence of lobbyists, the role of NSO Group, and the effectiveness of security measures.
What the discussion says
- Lobbyists may be paid to sell EU citizens' data to US companies.
- US tech dependency in EU media platforms is problematic.
- Lockdown mode on iOS could prevent some espionage but impacts usability.
- No significant consequences are expected; more regulations or fines are likely.
“How much are lobbyists paid to sell out data of EU citizens?”
“US tech dependency in EU media platforms is concerning.”
Comments
Hacker News
There is enough money to go around for certain.
by shevy-java
by jongjong
by r3trohack3r
by aussieguy1234
by Hizonner
by r_lee
by CalRobert
by inigyou
by greatgib
by throw1234567891
by permalac
- if yes -> extremely stupid suggestion: why cant people in government positions use a nokia 1100 as work phone and some other phone as a personal phone?
by vivzkestrel
If they did want to use spyware, it would be significantly cheaper because that phone is (decades?) out of date misses (thousands?) security patches.
by Cider9986
by 0x_rs
by notrealyme123
by jojobas
"The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense."
by juliusceasar
You should threat a phone as an infected ground and do not keep anything important there.
Some leaders simply do not use smartphones and are protected from electronic spyware.
by codedokode
by spixy
Does EU parliment not have a policy of seperating work and personal devices?
by bawolff
by rich_sasha
He didn’t have medical information on the phone.
by drdexebtjl
by dewey
Wow, so Apple is able to detect threat, but does not remove or prevent it, and waits silently for months before notifying a user?
If this is not a security theatre I don't know what is.
by zx8080
PRISM.
by hulitu
by elorant
by freehorse
https://notesfrompoland.com/2026/02/26/poland-charges-former...
Everything looks like a nail if you have a hammer.
by Krasnol
by tsoukase
Who has "authorization to spy in multiple European countries"?
In this older article [0] about one of the mentioned russian exiles case it is mentioned that estonia and netherlands have used pegasus outside their borders, but there could be also others with such license
> the Netherlands’ General Intelligence and Security Service (AIVD) and an unnamed Estonian government agency, appear to use Pegasus extensively outside their borders, including within multiple European countries
However if the link between the russian exiles cases and kouloglou checks (through use of same mode of attack), a country like estonia sounds more likely. However, it can always be that an agency with access to pegasus uses it collaborating with/on behalf of an agency without.
[0] https://www.accessnow.org/publication/hacking-meduza-pegasus...
by freehorse
Join the discussion
Write your take first — we'll ask for email only when you're ready to publish.
- Hacker News
- Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
There is enough money to go around for certain.
by shevy-java - It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.by jongjong
- Pro tip: if you’re going to try a propoganda - don’t be so transparent on your redirect.by r3trohack3r
- Of course, NSO group had nothing to do with it /sby aussieguy1234
- How is it that any NSO employee is still able to travel outside Israel without getting arrested? Seems like they're involved in criminal conspiracies in like half the countries in the world.by Hizonner
- same for CIA/NSA employees/contractors right?by r_lee
- Would lockdown mode on iOS stop this?by CalRobert
- Probably, that's the point of it, however your smartphone becomes a very dumbphone in lockdown mode, intentionally to reduce attack surface. It's only really practical if you just need a dumb phone system endpoint to send and receive SMS and PSTN calls and check the time.by inigyou
- There will be no real consequence, as always, just more paperwork, so how to expect that anything will change?by greatgib
- They’ll quickly make up some law forcing someone to do something, or throw some hefty fine at someone, and it’ll be sorted pronto. Someone’s gotta be held responsible.by throw1234567891
- The catalan MEPs also were targeted with Pegasus, and I don't remember the details but at that time the only client were nation states, so Spain was the one to hire the service. Nothing happened.by permalac
- - extremely stupid question: can they hack you with pegasus spyware if you use a nokia 1100?
- if yes -> extremely stupid suggestion: why cant people in government positions use a nokia 1100 as work phone and some other phone as a personal phone?
by vivzkestrel - If you're using a nokia, there's no need for expensive mercenary spyware because your messages and calls aren't E2EE.
If they did want to use spyware, it would be significantly cheaper because that phone is (decades?) out of date misses (thousands?) security patches.
by Cider9986 - Just for context, some european contries have been abusing spyware such as Pegasus so much Israeli firms have cut ties with them, one such example below with Italy. Others have pointed out Greece and Poland. It's quite laughable that a member of the EU parliament would be subject to the same kind of spying activities innocent journalists, activists and possibly normal people are, all of that by the member states of the union, directly contributing to the Israeli companies developing and spreading malware.by 0x_rs
- Cutting ties after there has been an outcry is damage controll. I would assume that the product is still available under another sub vendor to the same people.by notrealyme123
- Euro Parliament/Euro Commission are comically open to espionage. French/Belgian counterintelligence are not allowed to do much, and there is little in terms of EU counterintelligence.by jojobas
- This couldn't have happened without the knowlege of Israeli government.
"The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense."
by juliusceasar - Isn't it the problem with software architecture choices like large monolitic kernels, lots of unnecessary telemetry/marketing services, legacy APIs, unsafe languages like C, lack of static analysis, etc?
You should threat a phone as an infected ground and do not keep anything important there.
Some leaders simply do not use smartphones and are protected from electronic spyware.
by codedokode - Which is difficult since smartphones are used as 2FA, and not every service has web interface, only mobile one (some banks, chats, dating, uber, etc..)by spixy
- One interesting thing here, is they imply that both confidential personal medical information and confidential gov docs might have been compromised via the same phone.
Does EU parliment not have a policy of seperating work and personal devices?
by bawolff - If you're off sick and need to provide a doctor's letter, at some point it will need to touch your employer servers. Just one example.by rich_sasha
- From what I understood, he took his compromised work phone to the hospital, and the concern is that it may have recorded conversations that contained personal medical information.
He didn’t have medical information on the phone.
by drdexebtjl - Having a policy and what happens in the real world are most of the time very different things (Understandably, as the line between work and personal time is often blurry).by dewey
- > It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
Wow, so Apple is able to detect threat, but does not remove or prevent it, and waits silently for months before notifying a user?
If this is not a security theatre I don't know what is.
by zx8080 - > I don't know what is.
PRISM.
by hulitu - Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.by elorant
- small correction, that is predator/intellexa, not pegasus/nso. So this is differentby freehorse
- Same story in Poland:
https://notesfrompoland.com/2026/02/26/poland-charges-former...
Everything looks like a nail if you have a hammer.
by Krasnol - No, it was the Predator rootkit that presumably was introduced directly from the PM to infect many politicians, even of his own party. This lead to the uncovering of the long-standing agricultural scandal of OPEKEPE gov org and is going to lead to the largest constitutional change in modern Greek history, after and only if he wins the elections next spring: among others lifting of minister immunity and reduction of the number of parliament members. Through the revelation of corrupt politicians' acts based on their phone data leakage, the public opinion turns against them and accepts the changes easier.by tsoukase
- > we note an overlap between the first infection and a previously identified Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe, suggesting a Pegasus customer with authorization to spy in multiple European countries is responsible.
Who has "authorization to spy in multiple European countries"?
In this older article [0] about one of the mentioned russian exiles case it is mentioned that estonia and netherlands have used pegasus outside their borders, but there could be also others with such license
> the Netherlands’ General Intelligence and Security Service (AIVD) and an unnamed Estonian government agency, appear to use Pegasus extensively outside their borders, including within multiple European countries
However if the link between the russian exiles cases and kouloglou checks (through use of same mode of attack), a country like estonia sounds more likely. However, it can always be that an agency with access to pegasus uses it collaborating with/on behalf of an agency without.
[0] https://www.accessnow.org/publication/hacking-meduza-pegasus...
by freehorse
Related stories
Every new car sold in the European Union must include a driver monitoring camera
allaboutcookies.org · 737 points · 969 comments
Chat Control passed first round in EU Parliament
heise.de · 567 points · 246 comments
Reform UK leader 'in real trouble' against Count Binface
mirror.co.uk · 32 points · 19 comments
Decoding the obfuscated bash script on a Uniqlo t-shirt
tris.sherliker.net · 1072 points · 181 comments
StreetComplete: Fixing OpenStreetMap, one tiny quest at a time
streetcomplete.app · 761 points · 182 comments
Chat Control 1.0 and 2.0 Explained
fightchatcontrol.eu · 645 points · 238 comments