Dániel Németh, a Budapest-based photojournalist, has tried to hold back in his groundbreaking work examining and documenting the luxurious lifestyles of Hungary’s ruling elite.
Although his name is not known, the 46-year-old managed to use his drone and public flight and ship tracking data to find and photograph politicians and pro-government businesspeople and reveal their hidden luxuries such as yachts in exotic locations.
Now it turned out that someone was watching him too.
An investigation by Direkt36, an investigative media company and member of the Pegasus project consortium that investigated the NSO Group, found that two of Németh’s phones were recently hacked by a government customer of the Israeli spyware company.
Forensic analysis of Németh’s phones, carried out by researchers at the University of Toronto’s Citizen Lab and confirmed by researchers at Amnesty International’s security lab, found the phones were infected with the NSO Group’s Pegasus monitoring software that users use to make phone calls monitor a victim. Text messages, pictures and physical location. The spyware can also turn a cell phone into a remote listening device.
The hacks came in July 2021 when Németh shared the whereabouts of one of Prime Minister Viktor Orbán’s childhood friends, Lőrinc Mészáros, a former gas installer who has become one of Hungary’s richest men in recent years.
Mészáros has built a multi-sector business empire since Orbán came to power in 2010, and its companies often win lucrative government tenders. In 2019 he was named the richest person in Hungary by Forbes.
Orbán repeatedly declined to comment on Mészáros’ meteoric rise, saying politics and economics should remain separate. Mészáros avoids media attention, but in a 2014 interview with a Hungarian outlet he attributed his success to “God, Happiness and Viktor Orbán”.
A spokesman for the Mészáros company said in a statement: “Mr. Mészáros pays no attention to Dániel Németh, nor to the activities, whereabouts or related incidents of paparazzi.”
It is true that it cannot be forensically proven which of the NSO customers targeted Németh, since such an analysis only examines whether a phone has been infected, The new revelation comes as Orbán’s far-right government in Brussels comes under scrutiny for its alleged use of the Pegasus spy tool against journalists, media owners and political opposition figures.
Didier Reynders, European Commissioner for Justice, recently told MPs that the bloc had “totally condemned” alleged attempts by national security services to illegally access information on political opponents through their phones. Reynders said the EU executive is closely following an investigation by the Hungarian Data Protection Agency into allegations that Orbán’s government improperly used the spy tool.
A consortium of 17 media companies, including the Guardian and coordinated by the French nonprofit media organization Forbidden Stories, announced in July that NSO’s global clients had used hacking software to attack human rights activists, journalists and lawyers. Among those hacked with Pegasus were two Direkt36 journalists, András Szabó and Szabolcs Panyi.
Hungarian law provides that in cases where national security is at stake, the secret services can order surveillance without judicial oversight, only the signature of the Minister of Justice. Hungary’s Justice Minister Judit Varga declined to comment, but said: “Every country needs such instruments”.
A spokesman for the Hungarian government did not respond to a request for comment.
NSO has stated that its spyware should only be used by licensed law enforcement agencies against suspected terrorists and criminals. The company has stated that it does not have access to the data of its clients’ targets and is investigating any credible abuse allegations.
NSO declined to comment specifically on the case.
After the Pegasus project was published in July, which documented cases of misuse of NSO technology by government customers, Németh reached out to Citizen Lab through an acquaintance and asked the researchers to analyze its phones. The researchers found traces of the spyware on the devices, which prompted Németh to alert Direkt36. The media company then asked experts from Amnesty Tech, AI’s security lab, to do a second analysis of the phones. Amnesty’s forensic analysis revealed that Németh’s two phones were successfully hacked with Pegasus spyware, one from July 1-9, 2021 and the other from July 5-9.
During this time, Németh was in Hungary after returning from a reporting trip to southern Italy, where he followed the movements of Mészáros.
“Amnesty Tech’s confirmation of Pegasus infection on Dániel Németh’s device is another outrageous example of NSO Group’s spyware being used as a tool to silence journalists,” said Likhita Banerji, researcher at Amnesty Tech .
A former security officer of a Hungarian secret service told Direkt36 that, to the best of his knowledge, Hungarian services started using Pegasus in 2018.
John Scott-Railton, a senior researcher at Citizen Lab, said the case shows how the Hungarian government is trying to target “politically inconvenient” individuals who reported about people close to the government.
“Once again, this is aimed at a journalist. There is no excuse for this and no reason to believe that Hungary is using them for legitimate purposes. It seems pretty clear what’s going on, ”said Scott-Railton.
On Németh’s most recent mission – which included two trips to Naples, Italy – he had decided to leave his usual iPhone at home and instead rely on an older device with a prepaid SIM card. The phone hadn’t been active for so long that he was forced to reactivate the Sim. The very next day, a forensic analysis shows that the phone was also hacked.