×
Tebi, the new startup by Adyen’s departed cofounder, raises a fresh M from Alphabet’s CapitalG

Tebi, the new startup by Adyen’s departed cofounder, raises a fresh $30M from Alphabet’s CapitalG

Dutch payments firm Adyen now has a market cap of over $61 billion, but that didn’t stop its cofounder Arnout Schuijff from stepping down in 2021 to focus on his new startup, Tebi.

Now an Amsterdam-based fintech startup with 35 employees, Tebi helps restaurants, bars and other hospitality businesses manage their operations with an all-in-one subscription-based platform that can handle payments, reservations, inventory, and more.

This means that Tebi has a wealth of competitors, from POS systems to reservation platforms and analytics-driven solutions for inventory optimization. But it hopes to have an advantage by tying this all together with enterprise-level functionalities and pricing.

To a casual observer, this appears as something that Adyen could have done. But given its focus on enterprise, building a product for SMBs was better done on the outside, Schuijff said. “That was a much more logical step for me than to try and do it within the context of Adyen.”

However, Tebi wasn’t meant to fill a gap left by Adyen. Nor was it meant to find a new role for Schuijff, who had stayed in his CTO role after the 2018 IPO that made him a billionaire, at least on paper. “My move was really a positive one. I didn’t need to go. I was still enjoying my job,” he recalled. 

What he was missing, though, was coding; and this impulse to code was how Tebi was born. During Covid lockdown, Schuijff decided to revisit his attempt to make it easier for his favorite bar to handle value-added tax (VAT) and other reporting hassles.

On a tech level, this was similar to the accounting platform he built for Adyen, and before that, for Bibit, which then RBS-owned Worldpay acquired in 2004. But by 2020, Schuijff had more tools at his disposal. Using streaming, he was able to support instant transaction updates — and it grabbed him.

From side project to company

While this isn’t the case in the Netherlands yet, “you see a move towards tax departments requiring hospitality businesses to report instantly when the sale is happening,” Schuijff said. But more generally, he saw the need for less manual reconciliation work. This was also confirmed to him by bar owner Mazdak Nasori, who became one of Tebi’s five cofounders.

Eventually, Schuijff told Adyen CEO Pieter van der Does he would leave to focus on Tebi full-time. But his goal wasn’t to build another Bibit or Adyen, and still isn’t. “It was just that I got so inspired by the coding and by the opportunity to contribute something to society in another way by helping out a lot of local business owners,” Schuijff told TechCrunch.

As Tebi’s CEO, Schuijff’s role doesn’t involve much programming, and the irony isn’t lost on him. “I miss doing the coding, but then I figured out that I could add more value and increase the success chances of Tebi by actually doing what a CEO is supposed to be doing, which is building the team and many other aspects, helping with the strategy and all these things.” 

One of these things is sales. When he goes out to eat or have a drink, Schuijff can’t help talking to owners about their pain points, checking what they are using, and introducing Tebi. “I consider I am doing them a favor, almost,” he laughed.

Image Credits:Tebi

Still, joining forces with former Adyen EVP Technology Rob Vonk as Tebi’s CTO made for a tech-heavy team that needed balancing, Schuijff said. So he also hired Aki Tas as COO, who was formerly head of business strategy and operations at Notion, and recruited Patrick Studeneer, as CCO, formerly COO at Wolt. “Now we managed to level out the boat and start focusing much more on the commercial side and the expansion side.”

Means for expansion

After using a hyperlocal deployment approach Tebi is now available across the Netherlands, where it says merchants are already processing nine figures of payments annually on the platform. With open roles in Amsterdam and London and plans to double its headcount by the end of the year, its next step is to start serving the U.K. market, followed by “many countries in the coming years,” Schuijff said.

This rollout will be supported by funding. Eight months after raising a €20 million Series A led by Index Ventures (approximately $22 million), Tebi has now closed a €30 million investment (approximately $34 million.) Led by CapitalG, Google parent Alphabet’s growth fund, with participation from Index, it brings its total funding to €56 million (about $64 million).

Although San Francisco-based, CapitalG partner Alex Nichols is a really-thesis driven investor who also has Europe on his radar. He recently led a deal into Belgian startup Odoo, which joined a portfolio that already includes Monzo and Pennylane. He sought out Tebi after observing that European SMBs are underserved by costly, bank-dominated payment solutions. 

“This setup closely resembles the U.S. market 15 years ago before the rise of software-embedded payments reduced bank share to less than 30%” he told TechCrunch in a written comment.

That Nichols had done his research was what ultimately won CapitalG the deal, in addition to all the “touch points” between Tebi and Alphabet properties such as Android, Gemini, Google Cloud and Google Maps. “We were not looking for an investment, but we thought, yeah, this is they’re bringing much more than just money,” Schuijff said.

The money in question will fund more than Tebi’s international expansion. It will also let it add more AI features, in addition to what it already implemented for onboarding to automatically pull menu, visual identity and reservation settings. “The future vision,” Schuijff said, is that on top of its all-in-one platform, there will be “an AI platform that will help you run your business better.”

Building this vision and expanding across Europe will take Tebi’s bandwidth for a while. But after that, and “as soon as we are confident that we can grab a significant part of the market there,” a U.S. expansion is in the cards.

Source link
#Tebi #startup #Adyens #departed #cofounder #raises #fresh #30M #Alphabets #CapitalG

Previous post

कैटरीना कैफ बनीं मालदीव की ग्लोबल टूरिज्म एम्बेसडर: भारतीय पर्यटकों को आकर्षित करने की कोशिश, #BoycottMaldives ट्रेंड के बाद 40% तक कम हुए थे टूरिस्ट

Next post

साक्षी ने चेन्नई में आयोजित नेशनल वुशु चैंपियनशिप में जीता सिल्वर मेडल

The video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.

Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.

This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:

Those lenses, too, are created using discs:

ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”

Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”

All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.

According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.

#Sonys #PlayStation #disc #factory #repurposedGaming,News,PlayStation">Sony’s PlayStation disc factory is already being repurposedThe video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:Those lenses, too, are created using discs:ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.#Sonys #PlayStation #disc #factory #repurposedGaming,News,PlayStation

video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.

Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.

This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:

Those lenses, too, are created using discs:

ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”

Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”

All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.

According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.

#Sonys #PlayStation #disc #factory #repurposedGaming,News,PlayStation">Sony’s PlayStation disc factory is already being repurposed

The video game disc is dead, and Sony’s been planning to kill it for some time, according to a report out of Austria. The man who leads Sony’s discmaking operations, Sony DADC president Dietmar Tanzer, told ORF Salzburg that the company’s Thalgau plant produces 600,000 discs every day, half of which are for PlayStation. But since it’ll only be making 10 percent of that volume in 2028, it’s planning to retrain all 300 employees to work on optical microlenses instead.

Thalgau isn’t just one of Sony’s disc plants. It’s where the disc-making division is headquartered, and appears to be its only remaining wholly owned disc manufacturing facility. Sony made discs in the United States for decades, originally in Terre Haute, Indiana and later in New Jersey, but it closed the latter plant in 2011 and moved all manufacturing from Indiana to Thalgau in 2022. Today, the Indiana facility markets itself to automakers who need help packaging and assembling headlights and the like instead.

This transition didn’t happen overnight. A behind-the-scenes video from December 2024 shows that the Thalgau plant was already working on microlenses as of then:

Those lenses, too, are created using discs:

ORF Salzburg writes that Sony has now invested €30 million to manufacture these microlenses, and that mass production may begin “as early as next year.”

Microlenses are theoretically used in all kinds of emerging applications where you might want to bend light, including headsets, but it appears that Sony may cater to automakers here, too. The head of Sony’s micro optics division gave ORF Salzburg the example of “a car turn signal that is projected onto asphalt.”

All of this is to say: Sony didn’t make this decision in a hurry, and it isn’t likely to change its mind despite the predictable backlash. It’s been winding down disc manufacturing for decades, and it’s ripping off one last band-aid with PlayStation.

According to Sony DADC’s website, it has produced over 26.4 billion discs to date — the vast majority, 23 billion of them, were made between 1983 and 2022 in Terre Haute, Indiana.

#Sonys #PlayStation #disc #factory #repurposedGaming,News,PlayStation
Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reigniting fresh controversy over governments abusing spyware to collect information about their critics.

The researchers at the University of Toronto’s digital rights unit The Citizen Lab say the confirmed phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware.

Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was “reckless.” One serving European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the rule of law,” and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc.

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics.

Citizen Lab’s researchers did not attribute the phone hacking to a specific country, but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe.

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication.

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke in and stole his data without needing any interaction on his part.

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focusing in Cyprus, Greece, Hungary, Poland, and Spain. 

The hack also lines up at the exact time that Kouloglou was in the hospital at the time for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time.

Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report.

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses.

He described anger when he learned that his phone had been hacked. 

“You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he told TechCrunch.

Kouloglou said he plans to sue NSO Group, the Israeli-headquartered spyware maker. NSO remains largely banned from use in the United States following a Biden-era executive order that outlawed the government’s use of spyware that could violate people’s human rights. 

Last year, the spyware maker confirmed an unnamed American investment group funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses.

Kouloglou said he was going public with his story “for democracy, human rights, and the fight against corruption.”

“Corruption concerns everybody,” he said.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

#Politician #investigated #spyware #abuses #phone #hacked #Pegasus #spyware #TechCrunchSpyware,Pegasus,cybersecurity,NSO Group">Politician who investigated spyware abuses had his phone hacked with Pegasus spyware | TechCrunch
Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reigniting fresh controversy over governments abusing spyware to collect information about their critics.

The researchers at the University of Toronto’s digital rights unit The Citizen Lab say the confirmed phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware.







Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was “reckless.” One serving European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the rule of law,” and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc.

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics.

Citizen Lab’s researchers did not attribute the phone hacking to a specific country, but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe.

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication.

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke in and stole his data without needing any interaction on his part.

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focusing in Cyprus, Greece, Hungary, Poland, and Spain. 

The hack also lines up at the exact time that Kouloglou was in the hospital at the time for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time.







Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report.

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses.

He described anger when he learned that his phone had been hacked. 

“You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he told TechCrunch.

Kouloglou said he plans to sue NSO Group, the Israeli-headquartered spyware maker. NSO remains largely banned from use in the United States following a Biden-era executive order that outlawed the government’s use of spyware that could violate people’s human rights. 

Last year, the spyware maker confirmed an unnamed American investment group funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses.

Kouloglou said he was going public with his story “for democracy, human rights, and the fight against corruption.”

“Corruption concerns everybody,” he said.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.#Politician #investigated #spyware #abuses #phone #hacked #Pegasus #spyware #TechCrunchSpyware,Pegasus,cybersecurity,NSO Group

tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware.

Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was “reckless.” One serving European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the rule of law,” and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc.

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics.

Citizen Lab’s researchers did not attribute the phone hacking to a specific country, but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe.

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication.

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke in and stole his data without needing any interaction on his part.

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focusing in Cyprus, Greece, Hungary, Poland, and Spain. 

The hack also lines up at the exact time that Kouloglou was in the hospital at the time for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time.

Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report.

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses.

He described anger when he learned that his phone had been hacked. 

“You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he told TechCrunch.

Kouloglou said he plans to sue NSO Group, the Israeli-headquartered spyware maker. NSO remains largely banned from use in the United States following a Biden-era executive order that outlawed the government’s use of spyware that could violate people’s human rights. 

Last year, the spyware maker confirmed an unnamed American investment group funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses.

Kouloglou said he was going public with his story “for democracy, human rights, and the fight against corruption.”

“Corruption concerns everybody,” he said.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

#Politician #investigated #spyware #abuses #phone #hacked #Pegasus #spyware #TechCrunchSpyware,Pegasus,cybersecurity,NSO Group">Politician who investigated spyware abuses had his phone hacked with Pegasus spyware | TechCrunch

Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reigniting fresh controversy over governments abusing spyware to collect information about their critics.

The researchers at the University of Toronto’s digital rights unit The Citizen Lab say the confirmed phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware.

Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was “reckless.” One serving European lawmaker described the hacking of Kouloglou’s phone as a “direct attack on the rule of law,” and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc.

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics.

Citizen Lab’s researchers did not attribute the phone hacking to a specific country, but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe.

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication.

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke in and stole his data without needing any interaction on his part.

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focusing in Cyprus, Greece, Hungary, Poland, and Spain. 

The hack also lines up at the exact time that Kouloglou was in the hospital at the time for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time.

Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report.

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses.

He described anger when he learned that his phone had been hacked. 

“You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he told TechCrunch.

Kouloglou said he plans to sue NSO Group, the Israeli-headquartered spyware maker. NSO remains largely banned from use in the United States following a Biden-era executive order that outlawed the government’s use of spyware that could violate people’s human rights. 

Last year, the spyware maker confirmed an unnamed American investment group funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses.

Kouloglou said he was going public with his story “for democracy, human rights, and the fight against corruption.”

“Corruption concerns everybody,” he said.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

#Politician #investigated #spyware #abuses #phone #hacked #Pegasus #spyware #TechCrunchSpyware,Pegasus,cybersecurity,NSO Group

Post Comment