An Italian parliamentary investigation has concluded that the country’s intelligence services utilized spyware developed by the Israeli cyberintelligence firm Paragon Solutions to target immigration activists involved in Mediterranean rescue operations. In a detailed report published by Italy’s parliamentary oversight committee known as COPASIR (Committee for the Security of the Republic), lawmakers officially confirmed that two particular activists from the nonprofit Mediterranea Saving Humans—Luca Casarini and Giuseppe Caccia—were lawfully monitored by government agencies. Their surveillance took place as part of investigations related to alleged facilitation of illegal immigration.
However, the report stated clearly that there is no evidence the Italian agencies targeted Francesco Cancellato, a prominent journalist who received a notification from WhatsApp warning him of potential spyware penetration. COPASIR investigators said a thorough search through the intelligence agencies’ spyware databases and audit logs revealed no signs of surveillance directed towards Cancellato, nor requests from prosecutors or Italy’s Department of Information for Security (DIS), which oversees the national intelligence community.
Despite this finding, several key aspects of the spyware campaign remain unclear, particularly how or why the journalist appears to have been targeted. The report indicated that Paragon Solutions maintains contracts with multiple foreign governments, hinting at the possibility that other states may potentially have been behind the attempt to infect Cancellato’s phone. Nevertheless, COPASIR offered no definitive evidence to support that hypothesis.
WhatsApp first raised concerns in January by issuing warnings to approximately 90 users globally, informing them that their devices may have been compromised by Paragon’s spyware named Graphite. This revelation prompted several Italian individuals, including activists, to come forward, igniting controversy in a country already familiar with spyware-related scandals.
Furthermore, the report mentioned Italian priest Mattia Ferrari, associated with Mediterranea Saving Humans, and David Yambio, co-founder of the advocacy group Refugees in Libya. COPASIR found evidence that Yambio had indeed been placed under lawful surveillance, although it clarified that he was not targeted with the Graphite spyware. No proof emerged indicating surveillance of Ferrari.
COPASIR’s extensive investigation also examined Paragon’s engagements with Italy’s intelligence agencies, detailing that AISE (Italy’s foreign intelligence service) and AISI (the domestic service) both had contracts with Paragon, though these arrangements have since been terminated. AISE reportedly adopted Graphite spyware in January 2024 for cases involving counterterrorism, organized crime, and immigration, targeting an undisclosed but described as “extremely limited” number of individuals. AISI similarly used the spyware to extract stored chat messages and monitor real-time communications, again emphasizing a limited and legally authorized use.
The committee found no systemic abuses of Graphite against journalists or human rights defenders, noting that the contracts explicitly prohibited spying on such figures. Additionally, COPASIR revealed detailed insights about Graphite spyware’s infrastructure, confirming that each deployment, audit, and surveillance action records detailed logs stored on clients’ controlled servers, inaccessible to Paragon itself, and that such records cannot be deleted by client users.
Despite the report’s depth, numerous questions persist—particularly the mystery surrounding the attempted targeting of journalist Francesco Cancellato and potentially his colleague Ciro Pellegrino, who received similar warnings from Apple regarding spyware attempts. Responding to the report, Cancellato called the findings incomplete, urging additional clarifications. The cybersecurity watchdog group Citizen Lab, which specializes in studying spyware threats, echoed these sentiments, stressing that the unresolved questions place ongoing scrutiny on Paragon Solutions.
Thus, while COPASIR’s report has resolved some critical aspects of Italy’s spyware controversy, it leaves important questions unanswered, both regarding the full scope of possible surveillance abuses and precisely who attempted to compromise key figures such as Cancellato.
