An Italian parliamentary committee confirmed that the Italian government used spyware made by the Israeli company Paragon to hack several activists working to save immigrants at sea. The committee, however, said its investigation concluded that a prominent Italian journalist was not among the victims, leaving key questions about the spyware attacks unanswered.
The Parliamentary Committee for the Security of the Republic, known as COPASIR, published a report on Thursday that concluded a months-long inquiry into the use of Paragon’s spyware, known as Graphite, across Italy. Israeli newspaper Haaretz first wrote about the report.
In January, WhatsApp began sending notifications to around 90 of its users, alerting them that they may have been targeted with Paragon’s spyware. Several people in Italy came forward after receiving the notifications, prompting a scandal in Italy, which has a long history of hosting spyware companies, as well as its government’s own spyware uses and abuses.
Since then, COPASIR has investigated the allegations with the goal of clarifying exactly what happened.
COPASIR specifically investigated the targeting of Luca Casarini and Giuseppe Caccia, who both work for Mediterranea Saving Humans, an Italian nonprofit with the mission of rescuing immigrants who try to cross the Mediterranean Sea. In both their cases, the committee concluded that they were lawfully targeted by Italian intelligence agencies as part of investigations related to the alleged facilitation of illegal immigration into the country.
But the COPASIR committee concluded there was no evidence that Francesco Cancellato, a journalist who also received a notification from WhatsApp warning him he had been a target of Paragon’s spyware, had been targeted by Italy’s intelligence agencies.
The committee wrote that its representatives were able to query the intelligence agencies’ spyware database and audit logs for Cancellato’s phone number, and did not find any relevant records. The committee said it also did not find evidence of any legal requests to spy on Cancellato from the country’s top prosecutor’s office, nor from the Department of Information for Security, or DIS, a top Italian government department that oversees the activities of the country’s two intelligence agencies, the AISE and AISI.
The report noted that Paragon has foreign government customers that could potentially target Italians, leaving the door open that this may be how the targeting of Cancellato’s phone can be explained. COPASIR did not provide any evidence to support this theory.
Contact Us
Do you have more information about Paragon, and this spyware campaign? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Cancellato is the director of Fanpage.it, an Italian news website that is known for several investigations, including one on the youth-wing of the far-right ruling party in Italy, led by Prime Minister Giorgia Meloni. That investigation revealed that, in private, the members made racist remarks and chanted fascist songs and slogans.
The report made no mention of Ciro Pellegrino, a colleague of Cancellato, who received a notification from Apple at the end of April saying he had been targeted with government spyware. It’s unclear if Pellegrino was targeted with Paragon’s spyware, and the Apple notification did not say.
The Italian government, as well as COPASIR, did not respond to a request for comment, specifically asking about Cancellato and Pellegrino.
Cancellato responded to the report in an article published on Friday, in which he questioned COPASIR’s conclusions on his case, and asked for more and better explanations.
“Case closed? Not at all,” Cancellato wrote.
For John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that investigates spyware abuses (including the recent cases of abuse in Italy), determining who was targeting Cancellato is the top question left unanswered by the report.
“This report creates a problem for Paragon Solutions because the report leaves the most politically sensitive case unanswered: Who targeted this journalist? This outcome can’t make Paragon happy,” Scott-Railton told TechCrunch. “Because Francesco Cancellato’s case remains completely unexplained, all eyes are back on Paragon for an answer.”
Scott-Railton also said that Citizen Lab is still investigating Cancellato’s case and analyzing his phone and data. Cancellato also confirmed this to TechCrunch.
Paragon did not respond to a request for comment.
COPASIR also investigated the cases of Mattia Ferrari, the chaplain on the rescue ship of Mediterranea Saving Humans; and David Yambio, the president and co-founder of the non-government organization Refugees in Libya, which is active in Italy. COPASIR said it did not find evidence that Ferrari was targeted, but confirmed there was evidence Yambio had been a lawful target of surveillance, although not with Paragon’s spyware.
New details uncovered by the investigation
As part of its investigation into the Italian government’s alleged use of spyware, COPASIR set out to find information about the use of Paragon in the country, requesting information from other government bodies, as well as from Citizen Lab, and WhatsApp’s owner Meta.
According to the report, the national anti-mafia prosecutor told COPASIR that no prosecutor’s office in Italy had acquired nor used Paragon’s spyware. (In Italy, every local prosecutor’s office has some level of freedom in procuring spyware.) The Carabinieri military police, the national Polizia di Stato, and the financial crimes agency Guardia di Finanza gave the committee the same answer.
Paragon told COPASIR that it had contracts with Italy’s two intelligence agencies, AISE and AISI. The report said that COPASIR representatives visited the DIS, as well as the two agencies’ offices, and examined the spyware’s database and audit logs to see how the agencies used Paragon’s spyware, including who they targeted. The representatives concluded that there were no abuses related to the surveillance of the people who came forward as spyware targets in the last few months.
COPASIR’s report also revealed new details on how Paragon’s spyware system works behind the scenes. COPASIR said it verified that to use Paragon’s spyware, an operator has to log in with a username and password, and each deployment of the spyware leaves detailed logs, which are located on a server controlled by the customer and not accessible by Paragon. But, according to COPASIR, the customer cannot delete data from the audit logs on their servers.
The committee also uncovered details about the relationship between Paragon and its Italian intelligence customers, AISE and AISI, which said they have since rescinded their contracts with Paragon.
Italy’s foreign intelligence agency AISE, which started using Graphite on January 23, 2024 after signing a contract a month earlier, has been using Paragon’s spyware with the goal of investigating “illegal immigration, searching for fugitives, smuggling of fuels, counterintelligence, countering terrorism and organized crime, as well as for the internal security activities of the agency itself.”
In doing so, the report said AISE targeted an “extremely limited” but unspecified number of phone users and accessed both real-time and stored communications sent over end-to-end encrypted apps.
COPASIR said that AISI, Italy’s domestic intelligence agency, started using Graphite earlier in 2023 and its now-canceled contract would have expired on November 7, 2025. Like AISE, AISI used Graphite in a small but undisclosed number of cases related to acquiring real-time communications, while the cases are “a little more numerous” when it comes to exfiltrating chat messages stored on a target’s devices.
For every spyware deployment, the agencies said it had the appropriate legal approval, according to the report.
COPASIR said it had a chance to review Paragon’s contracts with its Italian customers and verify that there are clauses that forbid the use of the spyware against journalists and human rights activists.
In March, following an investigation, Citizen Lab published a report on Paragon that named the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore as likely customers of the spyware maker.
Last year, American private equity giant AE Industrial reportedly purchased Paragon for a deal that could reach $900 million.
Source: techcrunch.com
