Green EU MP files criminal complaint after spyware attack
Following a spyware attack, Green MEP Daniel Freund has filed a criminal complaint. He accuses Hungarian Prime Minister Viktor Orbán.
Viktor Orbán (2nd from left) at a press conference in the European Parliament in 2018.
(Image: Marc Dossmann/Europ. Parlament)
Green MEP Daniel Freund and the Gesellschaft fĂĽr Freiheitsrechte (GFF) have filed criminal complaints following an alleged spyware attack on the politician last year. Freund and the GFF announced this on Wednesday. Last May, Freund was apparently the target of an attempted attack with spyware from the Israeli company Candiru.
Criminal complaint against Orbán
The criminal complaints are directed against unknown persons and the Hungarian Prime Minister Viktor Orbán. Freund accuses the Hungarian head of government of being behind the attack. "According to the assessment of the IT experts of the EU Parliament, the Hungarian government could be behind the eavesdropping attack on me," says Freund.
The Green politician considers this plausible because he is one of Orbán's vocal critics and Hungary is considered a customer of Candiru. "Should the suspicion be confirmed, this would be an outrageous attack on the European Parliament," emphasizes Freund.
The complaints were filed with the Central and Contact Point for Cybercrime of the North Rhine-Westphalia Judiciary, the public prosecutor's offices in Cologne and Krefeld, and the Cybercrime Competence Center of the North Rhine-Westphalia State Criminal Police Office, Freund's office confirmed upon request.
Spyware attack in May 2024
The background is a suspected attack with the spyware Candiru in May 2024, when Freund was in Krefeld for the election campaign. At that time, Freund received an email with a link that allegedly came from a Ukrainian student.
"The IT security of the EU Parliament warned of a potential malware attack within a very short time," explains a spokesperson for Freund's office. "The experts then carried out a forensic investigation. The forensic analysis revealed that the software used was Candiru with a medium to high probability."
However, there are apparently no concrete indications of Hungarian involvement. Freund's office speaks of a "suspicion". "Hungary is known to have monitored opposition figures and activists using spyware in the past," explains the spokesperson. Freund has been criticizing Orbán for years, who called him the "most corrupt person."
Videos by heise
"Hungary the only plausible actor"
"This makes Hungary the only plausible actor in this scenario," concludes Freund's spokesperson. "We hope that the authorities will succeed in assigning blame here."
Candiru is an Israeli company that, like the NSO Group, operates in the opaque market for spyware. Customers of these providers include governments and intelligence agencies – including, presumably, the German federal government and the Federal Criminal Police Office.
The US government under Joe Biden placed NSO and Candiru on the 'Entity List' of companies in 2021, which are subject to trade restrictions. The entries remain in place to this day.
In the past, Candiru has been known for exploits for zero-day vulnerabilities in popular browsers. The company is attributed with spyware tools for various platforms such as iOS, Android, Windows, or macOS, including a tool called DevilsTongue.
(vbr)
