Surveillance Spyware Targeted At Journalists In Mexico

Uploaded on 2018-12-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The messages arrived at a familiar moment of crisis for Mexico’s fragile journalist community, another reporter killed in the line of duty.

Javier Valdez, a prominent investigative reporter, had been shot dead only a day earlier. Then came a sudden breakthrough: According to a text message received by his colleagues, his killers had been detained.

Despite the tragedy, his co-workers were suspicious. More than 90 percent of murders go unsolved in Mexico. How did the authorities solve the case so soon?

More likely, they worried, the text messages were an attempt to infiltrate their smartphones, part of a pattern of hacking attempts involving sophisticated spying technology bought by the Mexican government.

They were Right

The messages were infected with a spyware known as Pegasus, which the Mexican government purchased from an Israeli cyber arms dealer called the NSO Group, according to a forensic analysis by the Citizen Lab at the Munk School at the University of Toronto.

A simple click on the links embedded in the messages would have infected the cellphones with spyware powerful enough to break through encrypted messaging, monitor emails and remotely activate the camera and microphone.

Someone was trying to spy on Mr. Valdez’s closest friends and colleagues the day after he was killed last year, most likely the Mexican government, according to those targeted.

“I believe they wanted to search our conversations and messages for clues to the murder of Javier, but we are absolutely against this,” said Ismael Bojórquez, the co-founder and news director of Rio Doce, the news organization where Mr. Valdez worked. 

“Nothing obtained illegally should be used in an investigation, and especially not from those who are involved professionally and emotionally to the victim.”

The illegal use of the surveillance technology in Mexico first emerged during the administration of Mr. Peña Nieto, which bought the spyware on the condition that it be used only to target terrorists and criminals.

But in the last year and a half, the Citizen Lab has confirmed nearly two dozen highly questionable targets, including some of Mexico’s most prominent journalists, human rights lawyers and anticorruption activists.

When news of the surveillance erupted last year, the Mexican government denounced the spying and opened a federal investigation into any misuse of the technology.

But the federal investigation has gone nowhere. Not a single individual has been punished for abusing the system.

Well aware of the scandal, Mr. Bojórquez said he had little faith in the messages he was receiving. He and another target, the news director, Andres Villareal, refused to click on the links. They had reason to be suspicious.

The men were running one of the few independent news groups in the nation, dedicated to covering organized crime and exposing the underbelly of Mexico’s vast nexus of crime and corruption.

Their work made them few friends. Threats came with the territory, and not just from organised crime. Government data show that public officials are responsible for the greatest number of assaults and attacks on journalists.

But Mr. Valdez’s work and international profile, they figured, protected him. He was known and beloved by local and foreign journalists alike, and was the recipient of awards and recognition globally.

His death and the subsequent targeting of newsroom leaders exposed two of the most devastating risks to the freedom of expression in Mexico today.

One is the physical threats to journalists and, by extension, freedom of speech in Mexico. More than 47 journalists have been killed since Mr. Peña Nieto took office in late 2012, 15 of them after Mr. Valdez’s death in May of last year, according to Article 19, a journalist protection group.

“We believed that a journalist as prestigious as Javier was untouchable,” Mr. Bojórquez said.

“When they killed Javier, we understood from that point on that they could kill anyone,” he added. “We understood that the paradigm had been broken.”

The second risk is a separate but connected facet of the rule of law in Mexico: There is essentially near total impunity when it comes to how it is broken or applied, a dynamic underscored by the use of illegal spyware to intimidate and spy on pro-democracy voices.

Dating back to 2016, the target list has been a who’s who of Mexico’s most prominent voices aiming to bring accountability to the nation, including the directors at Rio Doce.

Mr. Bojórquez said he and others had become aware of the government’s potent spyware in February 2017, when the Citizen Lab and The New York Times published articles outlining its illicit use against backers of a nationwide soda tax.

The investigations detailed the purchase of the spyware by the Mexican government, and included details about its proper use. The Israeli company claimed it had sold the software only to governments, and said it had measures in place to ensure that its clients followed the ethical guidelines stipulated in purchasing agreements.

Mexico’s government was deeply embarrassed by the scandal. And yet months after the attempted hacking of doctors and activists promoting a tax on sugary drinks in Mexico, which is suffering a diabetes crisis, the targeting did not stop.

Mexico has become an emblem of problematic use of spyware. In a series of articles in 2017, The Times and the Citizen Lab detailed the extensive use of the malware against journalists, minors, human rights lawyers, politicians and anticorruption activists. It also included critics of the president.

The NSO Group claimed that it monitored abuses of its software and intervened to stop clients from targeting people who did not fall within the permitted categories.

But even after suspicious targeting was unveiled in February 2017, operators in Mexico continued their illicit spying.

A new government comes into office in the next week, arriving on a wave of popular support. But whether the status of journalists will change in the country, and whether their targeting and abuse, and state overreach will subside, is an open question.

“A change in government does not mean there will be a change in the context of impunity or aggressions against journalists,” Mr. Bojórquez said. “If there is no change to the impunity, the murder of journalists will continue.” 

New York Times:

You Might Also Read:

Spyware Proliferates To 45 Countries

« GCHQ Doesn't Always Tell Vendors If Their Software Is Vulnerable
Artificial Intelligence Or Deep Learning? What's The Difference? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

National Cryptologic Foundation (NCF)

National Cryptologic Foundation (NCF)

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Core42

Core42

Core42 provides a full-spectrum of AI enablement solutions covering cloud, data, cybersecurity and digital services designed for customer success.