Mexican journalists, lawyers and activists were targeted by spyware that is sold exclusively to governments, according to an internet watchdog group’s investigation published Monday, AP reports:
Titled “Reckless Exploit,” the report by Citizen Lab at the University of Toronto said the targets included people, such as prominent journalists Carmen Aristegui and Carlos Loret de Mola, who were investigating alleged government corruption and purported human rights abuses by security forces.
Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists, The New York Times reports:
The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. … The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.
“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness, who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.
“I think that any company that sells a product like this to a government would be horrified by the targets, of course, which don’t seem to fall into the traditional role of criminality,” said John Scott-Railton, a senior researcher at Citizen Lab.
In the past five years it has become increasingly clear that civil society is under threat from the misuse of powerful spyware tools exclusively sold to governments, Citizen Lab reports. Research has repeatedly shown how governments around the world use digital spying tools designed for criminal investigations and counterintelligence to target journalists, human rights defenders, and others.
The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts. But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved, The Times adds.
“The fact that the government is using high-tech surveillance against human rights defenders and journalists exposing corruption, instead of those responsible for those abuses, says a lot about who the government works for,” said Luis Fernando García, the executive director of R3D, a digital rights group in Mexico that has helped identify multiple abuses of Pegasus in Mexico. “It’s definitely not for the people.”