The Polish National Public Prosecutor’s Office has reportedly been caught wiretapping officials using a spyware system more advanced than the infamous Israeli spyware package Pegasus.
According to information obtained by the liberal Gazeta Wyborcza newspaper, the prosecutor’s office purchased the spyware system for 15 million Polish zloty (about $3.5 million), not counting renewable subscription fees, in the spring of 2021, and subsequently used it to wiretap officials, opposition politicians, judges and prosecutors “suspected of disloyalty” to the Law and Justice government in power at the time.
The spyware, known as Hermes, is reportedly more advanced than Pegasus, which Polish authorities were previously also caught using, to the point where it cannot be detected using normal scanning tools because it burrows deep into low-level systems, and can compromise the encrypted systems of popular messengers such as WhatsApp and Signal.
According to Gazeta Wyborcza’s information, the Prosecutor’s Office hired two former employees of the Internal Security Agency – Poland’s domestic counterintelligence and security service, to operate the spyware, with one of them receiving 1,000 zlotys (about $250 US) per hour of work.
The current leadership of the National Prosecutor’s Office reportedly became aware of Hermes’ existence by accident after receiving an invoice from the company that makes the spyware, which is characterized as an innocuous-sounding “specialized analytical program.”
Poland’s TVN24 News says a probe into the information could begin next week, pending a decision by the government.
The report follows comments by Prime Minister Donald Tusk last month accusing his predecessors of using Pegasus, and saying he had the evidence to prove it.
Law and Justice Party leader Jaroslaw Kaczynski confirmed in 2022 that Warsaw purchased Pegasus, but assured it was used by the security services, not to spy on politicians.
Bogdan Swieczkowski, who ran the Prosecutor’s Office between 2016 and 2022, and who is now a judge of the powerful Constitutional Tribunal, denied purchasing any spyware during his time as prosecutor general.
“It’s a very serious matter, similar to Pegasus,” Prime Minister’s Office head Jan Grabiec told media Monday. “This is about the use of very advanced spy and surveillance system. I don’t want to express any hasty opinions before the national prosecutor and prosecutor general comment on the matter,” he said.
The origins of the Hermes system is not clear, and some Polish media have questioned Gazeta Wyborcza’s characterization of the spyware as being more advanced than Pegasus.
Cryptography expert Adam Haertle says Pegasus operates on the lowest level file system level possible, and that as far as he is aware, Hermes really is “an analytical tool – more specifically, a tool for automating processes of collecting information from open, so-called OSINT sources.”
“What can it do? If we provide it with data on the object of interest, it can search through information available publicly on the internet (search engines, social networking sites, forums, specialized websites) and download everything it finds about a given name, surname or nickname, and save the collected data for further analysis…Interestingly, there are many free tools with similar capabilities. Why did the Prosecutor’s Office decide to spend millions on a commercial tool? That is a much more interesting topic of investigation for real journalists,” Haertle suggested.