Italy now finds itself at the center of a digital surveillance storm. The WhatsApp spyware scandal has raised urgent questions about government accountability, press freedom, and the ethical use of cyberweapons. At the heart of this controversy lies the misuse of Graphite spyware, developed by Israeli firm Paragon Solutions, to monitor journalists and activists across Europe—without consent.
Paragon Solutions Cuts Ties with Italy
Paragon Solutions didn’t stay silent. Upon discovering that Italian clients used its spyware for unauthorized surveillance, the company immediately terminated their contract. The spyware, called Graphite, had allegedly targeted dozens of individuals through zero-click attacks—a method that requires no user interaction to infect phones.
Although the tool was originally marketed for anti-terrorism operations, the actual usage revealed something much darker.
WhatsApp Confirms Targeting of 90 Users Globally
In a public statement, WhatsApp confirmed that at least 90 users in multiple countries—including Italy, Spain, Portugal, Greece, Sweden, and Belgium—were victims of spyware infiltration. The malware gained access to messages, calls, camera, and microphone feeds, all without the users’ knowledge.
Although WhatsApp’s security team acted quickly to patch vulnerabilities, the revelations have had a chilling effect on digital privacy advocates worldwide.
Italy Confirms Seven Citizens Were Hacked
Following WhatsApp’s disclosure, Italian officials admitted that seven citizens had been targeted. However, Prime Minister Giorgia Meloni’s office denied any direct state involvement. The administration insisted that no government agency ordered or sanctioned surveillance of journalists or activists.
Despite these denials, Italy’s National Cybersecurity Agency (ACN) launched an internal investigation to determine whether public institutions failed in oversight—or worse, participated.
Critics Demand Accountability
Opposition leaders didn’t hold back. Giuseppe Conte, leader of the Five Star Movement, warned:
“Spying on journalists is an assault on democracy. The fact that Paragon walked away for ethical reasons speaks volumes.”
Many critics argue that Italy must address systemic flaws in oversight and cybersecurity transparency. The country’s failure to prevent the misuse of surveillance tools has fueled a broader call for reforms.
Identified Victims in Italy
So far, three individuals have publicly confirmed being targeted:
- Francesco Cancellato – Investigative journalist and editor-in-chief at Fanpage.
- Husam El Gomati – Libyan human rights activist residing in Sweden.
- Luca Casarini – Founder of Mediterranea Saving Humans, a migrant rescue NGO often at odds with the government.
Each of these individuals had openly criticized public policy or advocated for marginalized communities, making their selection highly suspect.
Zero-Click Attacks Explained
Unlike traditional phishing methods, zero-click attacks require no interaction from the target. In these cases, attackers delivered spyware through WhatsApp call features or messaging backends, exploiting software vulnerabilities.
Once installed, Graphite granted attackers full access to victims’ private lives—reading encrypted chats, tracking locations, activating microphones, and recording video.
WhatsApp and Tech Firms Call for Reform
A WhatsApp spokesperson responded strongly:
“Spyware companies must be held accountable. This attack reinforces the need for international protections that preserve the right to private communication.”
Experts now argue that governments and international bodies must impose stricter controls on spyware exports and enhance regulations around surveillance software.
Is Italy Alone? Not Likely.
While Italy is currently in the spotlight, the larger problem spans borders. Several democracies have already come under fire for employing commercial spyware against political dissidents, lawyers, and journalists. Similar allegations have surfaced in Poland, Greece, Hungary, and India.
Without coordinated legal frameworks, many fear that democratic institutions could erode under the guise of national security.
What Happens Next in Italy?
Italy’s cybersecurity watchdog will continue investigating whether government agencies indirectly enabled the surveillance. Parliament may also hold hearings to review laws governing spyware procurement and oversight.
International scrutiny is expected to increase, especially if further victims or emails linking officials to the scandal surface.
Frequently Asked Questions
What is the WhatsApp spyware scandal in Italy about?
The scandal involves the misuse of Graphite spyware to surveil journalists and activists in Italy and other countries, leading to a contract termination by the Israeli developer.
What are zero-click attacks?
These are cyberattacks that infect devices without the user’s interaction, often by exploiting app vulnerabilities.
Who were the confirmed Italian targets?
Victims include journalist Francesco Cancellato, activist Husam El Gomati, and NGO founder Luca Casarini.
What did the Italian government say?
Officials denied any direct role in the surveillance and pledged cooperation with the ongoing investigation.
What has WhatsApp done?
WhatsApp patched the vulnerabilities, notified victims, and publicly condemned the spyware abuse.
Could this lead to legal consequences for Italy?
Potentially. Depending on investigation results, Italy could face domestic or international legal action.