Spain's Civil Guard uses a spyware program which, like Pegasus software, can hack and take control of devices remotely. This is what the record shows in the Volhov case, the investigation underway since the end of 2019 in which a Barcelona judge has overseen probes by the Spanish paramilitary and judicial police force into alleged illegal financing in the Catalan independence movement and private businesses. In a report, the Civil Guard detailed that in addition to having had court permission for many months to monitor telephone calls by David Madí, a former official of the now-defunct Catalan party Convergència, and Xavier Vendrell, a former ERC politician and Catalan government minister, the judge Joaquín Aguirre also authorized the body to "install software to remotely and telematically examine" Madí and Vendrell's mobile devices in August 2020. The court report does not specify the software that was used for this. The politicians are also listed among the 65 people spied on using the Pegasus program itself, made by Israeli company NSO, which only sells the program to governments. According to the research by The Citizen Lab at the University of Toronto, it is not possible to detail when Madí's phone was infected, while Vendrell suffered Pegasus hacking between November 2019 and April 2020, when he was already being monitored by the Civil Guard in the Volhov case.
When the case of espionage against more than 60 Catalan pro-independence politicians, activists and contacts was revealed a week ago in the Citizen Lab's CatalanGate report, the Spanish interior ministry came out quickly to deny that the two major Spanish police bodies, the National Police and the Civil Guard, were using Pegasus. The ministry stated that they only use the SITEL wiretapping system, an affirmation which the Volhov case judge's report now shows to be incorrect, although it does show they had judicial authorization for the remote spyware program they empoyed. As for Spain's National Intelligence Centre (CNI), it has been assured that this body does have the Israeli software, but it has only been used with judicial permission - specifically, authorisation by a Supreme Court judge in cases where an investigation invades people's privacy. The ability for such permission to be granted has been questioned in the CatalanGate scandal given the massive-scale espionage against people not accused of committing any crime, as well as, in some instances, against lawyers, which would imply a serious violation of the right to a defence, as well as privacy.
Pegasus can access mobile phones via a "zero-click" method - that is, without the victims even having to click on a link - copy everything stored on it, from photos to text, use its microphone and camera, and cover its tracks when it leaves. The Citizen Lab investigation has been able to find the traces left by Pegasus from old attacks in cases where the devices are Iphones or other Apple devices, but not Android devices - and the latter make up the vast majority of phones in Spain. This fact suggests that the real number of people hacked in the CatalanGate affair is significantly larger than the 65 named in the report. The explanations given on the authorship of this unprecedented espionage attack at the meeting on Sunday between Spanish minister Félix Bolaños and her Catalan counterpart Laura Vilagrà failed to satisfy the government of Catalonia.
Russia and cryptocurrencies
In the investigation into the Volhov case, the Civil Guard does not detail the software it used to carry out the remote hacking of devices belonging to Madí and Vendrell. Their defence lawyers do not know either, despite the fact that the police body was granted judicial permission on August 24th, 2020. “For now, the application of this measure has only been partially successful in the case of David Madí, but no elements of interest have been found for the investigation," said the head of the investigation in an October 2020 report. The Civil Guard requested the intervention in the phones of the former pro-independence party officials at the end of 2018 when, in a case investigating the Diputació de Barcelona for subsidies to entities linked to Convergència, they discovered two audios stored on the mobile phone of Víctor Terradellas, president of the Catmon foundation and former secretary of international relations for Convergència. These were two separate interviews with Madí and Vendrell, in which Terradellas assured them of the Russian government's alleged support for the Catalan independence movement. A secret part of the investigation was then created with the phone hacking and monitoring, until they were arrested, along with around 20 others, in October 2020.
The Civil Guard justifies the monitoring of phones as well as the installation of remote control software on the basis that there is a plot "led by Carles Puigdemont", and involving Madí, Vendrell, Xavier Vinyals, president of the Plataforma Proseleccions Catalanes, and IT expert Jaume Cabaní, "with the goal of implementing a system based on the Bitcoin cryptocurrency to operate outside the control of European and Spanish authorities, but acquiring the cryptocurrency with public funds diverted from the corruption cases which have been emerging in recent years and in which Terradellas was also involved.” Two years after this hypothesis was made, however, nothing has been confirmed, although the Civil Guard unit has still not presented the reports on all the mobile phones and devices it confiscated from those arrested.
Car audio
In the Volhov case, judge Aguirre authorized monitoring of the suspects for months, a measure most commonly associated with cases against dangerous groups of drug traffickers, but also, in a permission given by the National Audience judge Manuel García Castellón, against the nine pro-independence CDR activists arrested on September 29th, 2019 and charged with terrorism. Thus, in addition to the intervention of communications with the SITEL system (monitoring incoming and outgoing messages), the key Catalan independence activists investigated in the Volhov case had beacons fitted to their cars so that they could be followed, as well as audio devices to record conversations heard inside the vehicle. When those investigated in this case were arrested on October 27th, 2020, the judge also allowed the use of forensic software to view data that could have been deleted from all of their devices.
In a report, the Civil Guard reported the disappointing fact that "those investigated use alternative channels to communicate with third parties and take security measures in their communications." However, the Spanish police body managed to get conversations from Vendrell, which according to the investigators implicated him in a property operation at Vila Bugatti, in the Catalan locality of Cabrera de Mar, and in which he also asked for the support of different officials Catalan education ministry officials, such as the current minister Josep González Cambray. Meanwhile, they accuse Madí of taking advantage of his political contacts in business deals. For now, everything is still under investigation. Nothing is firm.
At the same time, this week it is expected that the first judicial complaints will be lodged by those affected by Pegasus.