Conversation, Cybersecurity, Phone security


What is Catalangate and what consequences will it have?

Catalangate is the name that Citizen Lab, a research group based at the University of Toronto that reports on human rights abuses in high technology, gave its investigation into the spying on several pro-independence Catalan politicians , activists and their closest collaborators. According to an investigation by The New Yorker magazine and the research group Citizen Lab, the phones of at least 65 Catalan politicians and members of civil society were infected with spyware between 2017 and 2020 on several occasions. The New Yorker reported on Monday that this is “the largest forensically documented concentration of these types of attacks and infections to date.” The espionage case known as Catalangate has already had political and judicial consequences. 

Who are the main victims?

Although most infection attempts took place between 2017 and 2020, Citizen Lab detected one case in 2015. The victim of this early cyberattack was Jordi Sànchez, the former president of the Catalan National Assembly (ANC) and one of the leaders jailed and later pardoned in the referendum of 1 October 2017. Other targets include all Catalan presidents who have held office since 2010. Artur Mas (in office from 2010 to 2015) was hacked after leaving office, while Quim Torra (2018-2020) had his phone infected while still serving as president. The phone of Pere Aragonès, the leader since 2021, was infected while serving as vice president under Torra’s mandate. Carles Puigdemont (2016-2017) was not directly targeted, but was a relational target as up to 11 of his closest associates, including his wife and lawyer, Gonzalo Boye, had their hacked phones Other political figures with infected phones are the ex-president of the Parliament and current Minister of Enterprise, Roger Torrent, of the coalition partner Esquerra Republicana, who was the object of an attack while he was at the head of the table of the Catalan Parliament, and Laura Borràs, the current president of Parliament, who had her phone hacked when she served as a deputy in the Spanish Congress for Junts, the minority partner in the Catalan government.

What is Pegasus?

Pegasus is a type of spyware that “takes remote control of someone’s device,” according to Bruno Pérez Juncà, a cybersecurity expert quoted by Catalan News. The software “can activate the video and photo camera, the microphone, as well as view all communications and take screenshots at any time,” he added. Whoever uses it can also “access files and add new ones to the phone”, Pérez Juncà explained. The difference between this spyware and others is the “zero-click” option. Usually, “someone sends a link for the victim to download the file that will hack their phone, that’s a ‘click’, but Pegasus can also use ‘zero-click’ vulnerabilities, like in the case of WhatsApp, where you could get a call video and the spyware would be installed automatically without doing anything, not even picking up the call,” Pérez Juncà explained.


Spain violated human rights in the Pegasus case, according to UN rapporteurs

The document, drawn up following a complaint from Esquerra, calls for an investigation, sanctions and for the Madrid government to clarify whether it is responsible for the spying case with Pegasus
Three UN special rapporteurs have denounced “violations of fundamental rights” for the “Catalangate” case and have asked for explanations from the Spanish government. This is stated in a resolution sent last October to the executive of Pedro Sánchez and which, as is mandatory, was made public today, 60 days later.
The document, drawn up following a complaint by Esquerra, calls for an investigation, sanctions and for the Madrid government to clarify whether it is responsible for this case of espionage with the Pegasus program.
The rapporteurs of the report express “very serious concern” about this “extensive and well-coordinated spying program” on pro-independence activists and public figures.
The text denounces that mass spying violated the right to “peacefully assemble and participate in associations”, to “have a private life and privacy in correspondence” and to “be equal before the law”.


The dirty war of the Spanish State against Catalonia

The main difference between the #CatalanGate and other Pegasus cases is the number of confirmed espionage cases: 65 hacks, certified by forensic examinations carried out by the research laboratory Citizen Lab; and of course, the fact that these attacks were carried out against the main actors of a democratic movement: Catalan independence. It is a dirty war that threatens the fundamental rights of the Catalan people.

This is a flagrant case of political espionage in the heart of Europe, and joins the more than 3,000 cases of Catalan independence representatives and activists who have suffered political repression by the Spanish authorities since 2017. Nine of them – seven members of the Catalan government and two leaders of civil society – were sentenced to up to 13 years in prison for organizing the 1-O referendum or for calling for peaceful protests, and spent almost 4 years in prison.

These repressive actions constitute a massive violation of the human rights of the Catalan people, which in recent years have been denounced by several UN human rights bodies, the Parliamentary Assembly of the Council of Europe and international NGOs such as Amnesty International or the World Organization Against Torture. The gravity of the events is a clear reminder that only with an independent State will the Catalan people achieve a guarantee of protection for their civil and political rights.



As published by the newspaper El País on April 26, 2022, citing sources from the Spanish intelligence service, the CNI admitted to having used the Pegasus program to spy on pro-independence leaders, but stressed that it always did so with judicial authorization and individually. In addition, they assured that many of the people in their sixties who appeared on the list uncovered by the Citizen Lab investigation, were never spied on by the center. The Pegasus program was acquired in the middle of the previous decade for a value of six million euros to spy on pro-independence public officials, but it was not clarified whether the last four presidents of the Generalitat were included, as Citizen Lab’s research claimed. The infections for spying, however, were done only on private mobile phones, not the institutional devices provided to deputies of the Congress of Deputies, and that this spying was done to contact “groups of a violent nature, such as the Committees of Defense of the Republic”. The spy list included one of Carles Puigdemont’s companions in Germany in March 2018, at the time of his arrest, which allowed the CNI to track his vehicle. The CNI never asked for judicial permission to spy on independence activists en masse, and according to “one of the CNI judges”, requests were never made for more than three or four people at a time.CNI director Paz Esteban , admitted in the Commission of Official Secrets of the Congress of Deputies, that pro-independence officials and leaders were spied on, but only 18 of the 67 names listed in the Citizen Lab report, and in addition, it showed evidence that it had been done with the authorization of the Supreme Court.