Following a digital espionage attack on my office, yesterday I filed a criminal complaint together with the Society for Civil Rights (GFF) against Hungarian Prime Minister Viktor Orbán and persons unknown. In 2024, in the middle of the European election campaign, attackers unsuccessfully attempted to install spyware on our devices. There are indications that the Hungarian secret service is behind the attack. If the attack had been successful, the perpetrators would have had access to all communications in our office, calendar data, and contacts of whistleblowers and contacts in Hungary.

I have been criticizing Orbán and his corruption for years. I successfully campaigned for more than half of all EU funds for Hungary to be frozen. Orbán has explicitly attacked me verbally for this in the past. The spyware attack on me was a further escalation. Digital espionage attacks particularly often target activists and journalists who campaign against authoritarian regimes. Spyware thus also jeopardizes freedom of expression, freedom of the press, and ultimately democracy as a whole. 

The attack was carried out using software from the provider Candiru, which is also used by Hungarian authorities. Experts estimate that using Candiru can cost more than €1 million. With this software, all it takes is one click on a manipulated link for the spyware to install itself: we received a fake email that purportedly came from a Ukrainian student.

The aim of the criminal complaint is to investigate and prevent spyware attacks. They violate the privacy of those affected on a massive scale. They also violate fundamental IT rights and telecommunications secrecy.

“It is unacceptable that countries such as Hungary can simply attack critics in Germany with spyware,” comments Franziska Görlitz, lawyer and procedural coordinator at the GFF. “Spyware attacks from abroad jeopardize fundamental rights and, not least, our democracy. The state must effectively protect those at risk and all of us from spyware.” According to Görlitz, there is currently a lack of effective vulnerability management. Such a system ensures that security authorities report particularly dangerous software vulnerabilities and do not use them themselves for digital surveillance.

If a device is infected with spyware, attackers can not only access all stored data and communications. They can also activate the camera and microphone to listen in on conversations live. Among other things, this allows foreign intelligence services to monitor people remotely. The GFF is therefore working with the SpywareShield initiative in Germany and Europe to restrict the use of spyware, prevent its spread, and improve digital security.

Daniel Freund, Member of the European Parliament for the Greens, comments:

“According to the EU Parliament’s IT experts, the Hungarian government could be behind the eavesdropping attack on me. This comes as no surprise: Orbán despises democracy and the rule of law. If the suspicion is confirmed, it would be an outrageous attack on the European Parliament – and by an ally within the EU. No one in Europe should have to fear being monitored because they stand up for democratic values. This case shows how urgently we need effective measures against spyware – to protect all citizens.”