Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Feb 02, 2026 · 5 min read

Spain Drops Pegasus Investigation After Israel Refuses to Cooperate

The Spanish prime minister's phone was hacked five times with 2.5 gigabytes of data stolen. Three years later, nobody will be held accountable.

Spain's highest court has shelved its criminal investigation into the hacking of senior government officials with Pegasus spyware, citing Israel's "manifest breach of its international obligations." Judge Jose Luis Calama accused Jerusalem of ignoring five separate requests for cooperation over a period of nearly three years.

The investigation, launched in 2022, found evidence that Prime Minister Pedro Sanchez's phone was infected with Pegasus spyware five times between 2020 and 2021. More than 2.5 gigabytes of files were stolen from his device, and three other cabinet ministers were also targeted. Despite clear evidence of what the judge called illegal gathering of classified information that jeopardized Spain's national security, no one will face prosecution.

Spanish courthouse with heavy doors symbolizing a closed investigation

What We Know About the Hacking

The scope of the surveillance was extensive. According to court documents:

  • Prime Minister Pedro Sanchez was infected five times, with 2.5 gigabytes of data exfiltrated
  • Defense Minister Margarita Robles' phone was accessed four times over five months in 2021
  • Interior Minister Fernando Grande-Marlaska and Agriculture Minister Luis Planas were also targeted
  • The hacking sparked a political crisis that led to the resignation of Spain's spy chief

The investigation could not determine who purchased the Pegasus license used in the attacks or who ordered the surveillance. That information exists only in NSO Group's records and Israeli government files, neither of which were provided despite repeated requests.

Israel's Wall of Silence

Judge Calama detailed how Israel stonewalled the investigation at every turn. His court sent five formal requests for cooperation between May 2022 and February 2025, asking for:

  • Documents identifying which governments purchased Pegasus licenses
  • Records of which entities received licenses capable of targeting Spanish officials
  • Permission to question then NSO Group CEO Shalev Hulio
  • Technical information about how the spyware was deployed

Israel did not respond to any of these requests. The diplomatic relationship between the two countries deteriorated further after Spain recognized Palestinian statehood in 2024, making any future cooperation even less likely.

Why This Matters Beyond Spain

This case illustrates a fundamental problem with commercial spyware: accountability is nearly impossible. NSO Group operates under Israeli export controls, which means the Israeli government must approve every sale of Pegasus. But Israel treats these export records as state secrets and refuses to cooperate with foreign investigations.

NSO has consistently denied wrongdoing, stating that its software is licensed to governments for fighting crime and protecting national security. The company claims it cannot monitor how clients use the technology. But without access to sales records, courts cannot determine whether NSO's clients violated their agreements or whether the company had reason to know its tools were being misused.

A Pattern of Impunity

Spain is not alone. Investigations into Pegasus abuse have stalled in multiple countries:

  • Mexican prosecutors abandoned cases involving journalists and activists targeted with Pegasus
  • Hungarian authorities declined to investigate surveillance of reporters and opposition figures
  • Indian courts have not compelled the government to disclose whether it purchased Pegasus
  • Polish investigations into opposition politician surveillance remain unresolved

Amnesty International called the Spanish case's closure "another example of how the lack of cooperation from Israel enables impunity for human rights abuses facilitated by spyware."

The Spyware Problem Is Getting Worse

While legal accountability remains elusive, the spyware market continues to expand. NSO Group was recently acquired by American investors, raising questions about whether the company might seek access to US government contracts despite being on the Commerce Department's Entity List.

Researchers at iVerify reported finding Pegasus infections at a rate of 2.5 per 1,000 devices scanned, far higher than previous estimates. The targets include journalists, government officials, and corporate executives, many of whom had no idea their devices were compromised.

What Can Be Done

For individual users, defending against state sponsored spyware like Pegasus is extremely difficult. The most sophisticated attacks require no user interaction at all. However, security experts recommend:

  • Keep your device software updated to patch known vulnerabilities
  • Enable Apple's Lockdown Mode if you are at elevated risk
  • Use secure messaging apps that notify you of potential compromise
  • Consider using a dedicated secure device for sensitive communications

At the policy level, advocates are pushing for stronger export controls on surveillance technology, mandatory transparency about spyware sales, and treaties that would require countries to cooperate in investigating cross border surveillance. Until those reforms materialize, cases like Spain's will continue to end without accountability.