Mexican Government was spying on Journalists and Activists with Pegasus Surveillance software

Journalists and activists in Mexico accused the government of spying on them with the powerful surveillance software Pegasus developed by the NSO Group.

Journalists and activists in Mexico accused the government of spying on them with a powerful surveillance software. According to the journalists, the authorities used an Israeli spyware to hack their mobile devices. The surveillance software is the questionable Pegasus that is developed by the Israeli surveillance NSO Group and sold exclusively to the governments and law enforcement agencies.

NSO Group is owned by US private equity firm Francisco Partners Management. it made the headlines after the investigation conducted by The New York Times.

People familiar with the NSO Group confirmed that the company has an internal ethics committee that monitors the sales and potential customers verifying that the software will not be abused to violate human rights.

Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organizations and terrorist groups.

Unfortunately, its software is known to have been abused to spy on journalists and human rights activists.

“There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”

The discovery is the result of an investigation conducted by Mexican NGOs and the CitizenLab organization.

R3D, SocialTic, Article 19 and CitizenLab published a report that details the surveillance illegally operated by the Mexican government through the spyware.

Authorities have been sending malicious links to individuals’ phones, in order to trick victims into opening the messages they were specifically crafted and in some cases, the attack involved also family members if the victims were not compromised.

“The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats.” states the report. “The operation also included more mundane tactics, such as messages sending fake bills for phone services and sex-lines. Some targets only received a handful of texts, while others were barraged with dozens of messages over more than one and a half years. A majority of the infection attempts, however, took place during two periods: August 2015 and April-July 2016″.

The Pegasus spyware leverages zero-day exploits to compromise both iOS and Android devices.

The government targeted individuals that exposed evidence on government corruption and activists who revealed human rights violations by the Mexican Government.

The researchers observed at least two periods of intense targeting:

• Period 1 (August 2015) when the Mexican President was officially exonerated for his role in the “Casa Blanca” scandal on which Carmen Aristegui, a well-known reporter, had first reported, and Carlos Loret de Mola was questioning the government’s role in extrajudicial killings. Aristegui revealed that President Enrique Pena Nieto’s wife had bought a $7 million Mexico City mansion from a government contractor.
• Period 2 (April- July 2016) when revelations of government involvement in human rights abuses and extra-judicial killings were made public.

According to the New York Times report, at least three Mexican federal agencies have purchased some $80 million of spyware from NSO Group since 2011.

Companies like the NSO Group operate in the dark, in a sort of “legal gray area,” despite the Israeli government exercises strict control of the export of such kind of software, surveillance applications could be abused by threat actors and authoritarian regimes worldwide.

Let me close with Key Findings of the report

• Over 76 messages with links to NSO Group’s exploit framework were sent to Mexican journalists, lawyers, and a minor child (NSO Group is a self-described “cyber warfare” company that sells government-exclusive spyware).

• The targets were working on a range of issues that include investigations of corruption by the Mexican President, and the participation of Mexico’s Federal authorities in human rights abuses.

• Some of the messages impersonated the Embassy of the United States of America to Mexico, others masqueraded as emergency AMBER Alerts about abducted children.

• At least one target, the minor child of a target, was sent infection attempts, including a communication impersonating the United States Government, while physically located in the United States.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Pegasus Spyware, Mexican government)

[adrotate banner=”13″]