Spyware found targeting Mexican journalists, lawyers and activists

News by Max Metzger

NSO Group spyware has been found attempting to surveil the communications of Mexican citizens, engaged in high profile corruption investigations.

Spyware has been spotted targeting the phones of journalists, lawyers and television personalities. The Canada-based Citizen Lab and a number of Mexican NGOs identified the spyware's activities in a recent report.

The report uncovers the targeting of 10 Mexican citizens, including journalists, human rights lawyers and public health officials by malware, suspected to be Pegasus spyware.

The alleged targets were all sent SMS text messages with links inside which would have installed the spyware on their phones. Lures included impersonating members of the United States Embassy in Mexico, bills for phone services and warnings of kidnapping attempts.

The targets were all engaged in investigations into official corruption and human rights abuses, which regularly coincided with infection attempts between early 2015 and mid-late 2016.

This is not the first time NSO spyware has been seen employed in domestic surveillance operations. Citizen Lab flagged the appearance of Pegasus spyware last year on the iPhone of Emirati human rights activist Ahmed Mansoor.

The United Arab Emirates government had been doggedly surveilling Mansoor for his work, and he had spent more than one spell in an Emirati jail. In 2015, he received a number of suspicious texts with the promise of news of torture in UAE jails if only he clicked on a link contained within the text message.

He sent the texts to Citizen Lab, who collaborated with Lookout Security to find that, had Mansour followed the link he would have downloaded a piece of spyware which could have surveilled nearly all aspects of his mobile communication.

Dubbing the spyware “Pegasus”, researchers found that the spyware could track calls, read texts, collect passwords and gather information from apps like WhatsApp, Gmail and Skype.

Pegasus was noted for being the first existence of a remote jailbreak exploit that had been discovered within iPhones.

Pegasus is developed by the NSO Group, an Israeli firm who spend little time in the public eye. The group was purportedly founded by former members of the Israeli army's elite cyber team, Unit 8200.  The company's first foray into the spotlight may have come with the discovery of Pegasus. When The Guardian pressed them on Pegasus, they responded tersely: it did not have any knowledge of any specific incidents and only provided “authorised governments with technology that helps them combat terror and crime.”

Citizen Lab researchers prefaced their report with the recognition that cases like these are far from isolated to one government, country or company. They noted that, “research has repeatedly shown how governments around the world use digital spying tools designed for criminal investigations and counterintelligence to target journalists, human rights defenders, and others.”

Privacy International has been tracking the development of the surveillance technology industry since the late 1990s. “From our perspective companies like NSO group are not rare and stories like this are not rare”, Scarlet Kim, legal officer at Privacy International told SC Media UK.

Privacy International keeps a public data of companies like the NSO Group which currently number over 550:  “It's very much a rich ecosystem of companies that develop and sell these products and NSO is just one.”

While admitting to not possessing “conclusive evidence”, Citizen Lab suspects that there are governmental bodies at work here. The NSO Group has reportedly worked for the Mexican government before and the subject of the targets were working on “domestic issues of immediate concern to powerful Mexican interests, and the government.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews