Mexican journalists, lawyers targeted with government phone spyware

Journalists and human rights and anti-corruption defenders in Mexico have been targeted by advanced government surveillance software, according to new research.

The Toronto-based Citizen Lab, in partnership with several Mexican nongovernmental organizations, has identified dozens of instances in which Mexican journalists, lawyers, and others have received SMS messages containing exploit links connected to the NSO Group. 

According to the research, released on Monday and first reported by The New York Times, the targets all had one thing in common: they were involved in investigations into possible corruption or human rights abuses involving the Mexican government. 

{mosads}The NSO Group is an Israel-based company that sells smartphone surveillance software exclusively to governments. The software, called “Pegasus,” provides access to cellphones if successfully deployed to a target. 

According to the research, the exploit framework was served to targets in 2015 and 2016 via SMS messages designed to inspire fear and get them to click on the exploit links. Some of the messages, for example, looked like fake AMBER Alerts. 

Citizen Lab partnered with Mexican NGOs R3D, SocialTic and Article 19 to conduct the investigation, which turned up 76 messages holding NSO Group exploit links. Those targeted included 10 Mexican journalists and human rights lawyers, one minor and one U.S. citizen.

Citizen Lab previously found how supporters of Mexico’s soda tax were targeted with NSO exploit links and has exposed the use of the spy software to target an activist in the United Arab Emirates.

While the latest investigation uncovered no conclusive evidence linking the spyware-laden messages to the Mexican government, the research pointed to “circumstantial evidence” of this — including the fact that the targets were working on domestic issues of concern to the government.

The Times reported in 2016 on leaked emails showing that the Mexican government had spent millions on contracts with the NSO Group.

“The targets share a basic connection: they have been involved in investigating or working on reports of high-level official corruption, or government involvement in human rights abuses,” the Citizen Lab report states. 

“The infection attempts often coincided with work on specific high-profile investigations and sensitive issues between January 2015 and August 2016,” it states. 

The NSO Group maintained a very low profile until Citizen Lab uncovered its advanced “Pegasus” spyware last August and has said that the software is meant to help governments combat crime and terrorism.

CyberScoop recently reported that the company is being shopped around at a price tag north of $1 billion.