Spyware: The smartphone as an undercover agent
Digital spy attacks have a massive impact on the privacy of affected individuals and, furthermore, threaten democracy and freedom of the press
The case of Daniel Freund
In May 2024, Daniel Freund, Member of the European Parliament, received an email claiming to be from a Ukrainian student. The message contained a link that allegedly led to the team page of a student organization. However, the link had been manipulated – had Freund clicked it, spyware from vendor Candiru would have completely infiltrated his device.
Hungary has long been criticized for its human rights-violating surveillance measures and has been proven to have used Candiru spyware. Daniel Freund is one of the most prominent critics of former Hungarian Prime Minister Viktor Orbán in the European Parliament. For example, he played a decisive role in passing European sanctions against Hungary. Viktor Orbán has explicitly attacked Daniel Freund verbally in the past.
The case of Trung Khoa Lê
Based in Germany, journalist Trung Khoa Lê runs Thoibao.de—one of the most important and widely read Vietnamese-language news sites. Lê regularly criticizes the Vietnamese government’s policies on the site. He has already been physically attacked several times and is under police protection.
In February 2023, unknown perpetrators left a comment under a post on Thoibao’s X account. The comment also contained a malicious link—had Lê clicked it, the spyware Predator from provider Intellexa would have been installed.
What is spyware capable of?
If spyware is installed on a device, the attackers can access all data stored on the compromised device and monitor all communications passing through it. They are also capable of activating the smartphone’s microphone and camera, thereby monitoring its surroundings in real time.
This gives the perpetrators deep insights—not only into the private lives of those targeted, but also into potential political activities, activism, or journalistic work. In the cases of both Daniel Freund and Trung Khoa Lê, this involves conversations with opposition figures in authoritarian regimes, for example.
The unknown perpetrators are therefore suspected of having attempted to violate the confidentiality of communication (Section 201 of the Criminal Code). Generally speaking, digital spying attacks deeply intrude upon the privacy of those affected and violate the so-called fundamental IT right, which protects the confidentiality and integrity of digital systems.
Who is at risk?
Foreign intelligence agencies are using spyware in Germany to target primarily activists and journalists critical of authoritarian governments, such as Trung Khoa Lê, but increasingly also members of parliament like Daniel Freund. Beyond infringing on the individual fundamental rights of affected individuals, they thereby also threaten civil society, freedom of the press, and democracy as a whole.
What are we trying to achieve?
Through our complaints, we aim to get the relevant public prosecutors to launch investigations and investigate the attacks. Furthermore, the German government must do more to protect vulnerable individuals from spyware attacks. A key component of this is effective vulnerability management: this means that government agencies must inform developers about particularly dangerous security vulnerabilities in their software.
So far, they sometimes leave these backdoors open intentionally so they can use them themselves for surveillance with so-called state trojans.
The SpywareShield initiative, led by the GFF, is committed to limiting the use of spyware, preventing its spread, and establishing robust vulnerability management.
