This Journalist Used to Joke About Being Spied On. Then Israeli Spyware Was Found on His Phone - National Security & Cyber - Haaretz.com
Italy's Prime Minister Giorgia Meloni in Rome, on Monday.Credit: AFP / Filippo Monteforte
Francesco Cancellato, an Italian journalist known for his complex undercover investigations, never imagined he would become a target himself – not to his own government, which appears to have spied on him for his sharp exposés, or to his fellow journalists, now eager to interview him, after it was made public that he was a victim of a likely state-backed hack.
Cancellato's phone was hacked using Graphite, a spyware made by the Israeli firm Paragon. The revelation made him the first publicly known victim of the firm's spyware, previously untarnished by allegations of human rights violations and, at least on paper, sold only to Western states supposedly less likely to abuse it.
Cancellato heads an independent journalism organization known for its in-depth investigations into Italy's ruling party's ties to far-right and neo-fascist movements.
- Trump, NSO and Paragon: Israeli spyware torn between U.S. and Netanyahu politics
- Israel struggles with Iran's recruiting of its citizens for spying
- 'Expulsion to Spain': Israeli hackers flock to Barcelona in big spyware shift
"No journalist wants to be the story," he told Haaretz this week. Yet for the past two weeks, Cancellato has found himself at the center of a political, international, and technological firestorm – one that entangles Meta, the owner of WhatsApp; the far-right government of Giorgia Meloni, a frequent subject of his reporting; and an Israeli cyber arms firm founded by a former commander of Unit 8200 and former prime minister Ehud Barak.
After WhatsApp revealed that the spyware had been deployed against more than 90 people, including journalists and civil society figures, Cancellato had his phone examined. After the hack was confirmed by Citizen Lab, he publicly disclosed that he had been a target.
Francesco Cancellato.Credit: Ciaopeople
"I believed – mistakenly, in hindsight – that I lived in a democratic country where journalists weren't spied on. It never even occurred to me to check my phone until WhatsApp sent me that alert," he said. "We used to joke on the phone with sources that the police were probably listening, but it was just a joke."
Upon receiving WhatsApp's notification, he turned to Citizen Lab, a digital rights research group specializing in spyware investigations. Though they confirmed his phone had been hacked, Cancellato says much has still to be revealed in his case: "It's one thing to speculate about being surveilled – it's another when someone calls to tell you that you were actually a target, but they don't know by whom, for how long, or what was taken." While the breach of his phone was confirmed, it remains unclear whether the Italian government was indeed behind it.
"This case underscores why journalism is so important. I want to go back to being a journalist and investigating this story, because we haven't yet definitively proven it was Italy. As journalists, we have to demand higher standards of proof and verify the full details," he said.
"This entire ordeal highlights just how crucial journalism is. You can't trust governments or spyware firms – you can only trust the press to investigate and apply pressure. Even though I don't like being the story, because of the exposure around me, the public now knows something they weren't supposed to. Thanks to The Guardian and Haaretz reporting on my case, other journalists will continue digging. I hope my situation leads to more revelations like this."
Since coming forward, it has emerged that Cancellato was only one of seven known targets in Italy. Among them: the director of a migrant rescue NGO and a Sudanese refugee activist, whose case was revealed Tuesday.
Following the initial exposure, Paragon demanded that Italy investigate the claims. Italy's government subsequently said that seven mobile phone users in the country had been targeted by the spyware, which is intended for use on criminals. It denied any involvement in the illicit hack and called for an investigation. After the Italian government issued a sweeping but unconvincing denial, the Israeli cyber firm said it revoked access to the spyware, which had been developed for counterterrorism and national security purposes.
Paragon has two clients in Italy, one of which is the external intelligence service, known as AISE. Despite Paragon's claim that AISE was disconnected from the spyware and would remain so until a parliamentary inquiry in Italy completes its investigation, Italy's goverment denied its access to the system has been blocked.
"Paragon has never suspended the service and has not terminated its contract," the cabinet undersecretary for intelligence matters, Alfredo Mantovano, told reporters Wednesday. According to Reuters, Luca Ciriani, the minister for parliamentary relations, also addressed the issue in a parliamentary session, reiterating that Italy's intelligence service had respected the law and had not used the Paragon software to spy on "entities specifically protected by that law, primarily journalists".
"Italy had two options," Cancellato explained. "They could have admitted that someone within their ranks went rogue and misused this tool against an illegitimate target like me, promising to investigate and address the issue. Or they could have said it was a foreign state. They didn't choose either."
Haaretz asked Paragon whether they checked if their software was indeed used to spy on the journalist, whether an official Italian source is behind the case, and whether the country's authorities were indeed cut off from the system. Paragon, as well as the Defense Ministry, which oversees its exports, declined to comment.
Illiberal spyware
Today, Cancellato is worried – not just about the existence of spyware, but about how Western democracies exploit it. His stance is surprising. Most victims of surveillance tech have joined the growing calls for an outright ban on the spyware industry and the prohibition of sales of such intrusive and dangerous technologies.
Cancellato, however, sees the problem differently. "There is a legitimate need for spyware within Western security agencies. If they abuse it – using it to target journalists instead of criminals – they're actually undermining their own national security," he says.
Paragon CTO Igor Bogdalov, left, Chief Research Officer Liad Abraham, CEO Idan Norik, and founders Ehud Barak and Ehud Schneorson.
"This helps the bad guys. I'm not naive. We live in an era of cyberwars. Spyware is bigger than me or my case. It's like guns – if criminals and terrorists have them, then the state needs them too. If they have spyware, so should we. The problem isn't spyware itself; the problem is who uses it and how. If it's not being used against terrorists and the mafia, that's the real issue," he says.
In Italy, the revelations have ignited a political storm. The opposition is demanding answers, and the story has dominated headlines for over a week. The Italian spyware debate is similar to the scandal that rocked Greece a few years ago, when an investigative journalist Thanasis Kokkinakis was the first victim of the Predator spyware, created by the cyber intelligence firm Intellexa, and used by the Greek government to spy on the reporter as well as a string of other figures, including political opponents.
Amid the government's efforts to distance itself from the scandal, Matteo Salvini, Meloni's deputy and leader of a far-right party, floated a theory that the abuse stemmed from internal intelligence agency power struggles – essentially shifting blame onto what right-wing figures often refer to as the "deep state."
Such deflections are exactly what concerns Cancellato. "The state of democracy today is not good. That's why, even though I believe in the need for spyware, I'm also deeply concerned – not just for Italy," he says.
Cancellato's case isn't just an Italian affair – it's part of a larger international battle, one that has placed Israeli cyber firms at odds with both U.S. security interests and Meta's broader campaign against spyware vendors.
The Italian scandal also unfolds against a backdrop of political and technological shifts in the U.S.: On one hand, Meta, under Mark Zuckerberg, has been making overtures toward the second Trump administration. On the other hand, Meta is now in direct conflict with Meloni's government, which enjoys close ties with Trump.
According to Reuters, Meloni visited Trump in Florida just two weeks after his electoral victory, and is positioning herself as his main European ally within liberal democracies.
The fact that the majority of identified targets were involved in migrant-related activism – an issue at the heart of Meloni's policies, Trump's agenda, and far-right populist movements worldwide – underscores just how vulnerable these technologies are to abuse in today's political climate.
"This case is alarming because it signals a shift in how governments treat journalists – redefining us as national security threats," Cancellato warned. "We can't remain silent. Today, it's one journalist in Italy. But if we don't do something, and say it's not normal, it won't stop here."