After the disclosure of sophisticated global espionage and disinformation campaign aimed to discredit enemies of the state, Citizen Lab researchers exposed the dirty game of the Mexican government and its politics.
The report — “Government Spy: Systematic monitoring of journalists and human rights defenders in Mexico” — published by Citizen Lab today revealed how the Mexican government used advanced spyware tools purchased from the NSO Group to target the country’s most prominent human rights lawyers, anti-corruption activists, and journalists.
The NSO Group, an Israel-based company that produces the most advanced mobile spyware on the planet, sold the tool to governments with an explicit agreement that it should be used only to fight terrorists or criminal groups that have long kidnapped and killed Mexicans.
But, the Mexican government targets include:
- Lawyers looking into the case of 43 Students disappeared in September 2014 from the town of Iguala.
- Two Mexican most influential journalists.
- An American who is representing victims of sexual abuse by the police.
- A child, presumably in an attempt to spy on his mother.
“The targets share a basic connection: they have been involved in investigating or working on reports of high-level official corruption, or government involvement in human rights abuses,” the report says.
According to the report, the purchase of the NSO Group’s exploit “has been documented by at least three units in Mexico:
- the National Defense Secretariat (SEDENA)
- the Attorney General’s Office (PGR)
- the National Security and Investigation Center (CISEN)
The surveillance tool in question is the infamous mobile spyware ‘Pegasus‘ that was also used in targeted cyber attacks against human rights activists in the United Arab Emirates last year.
Pegasus is one of the NSO group’s most advanced mobile spyware tool that can infiltrate Android, as well as iPhones to monitor calls, texts, email, contacts, and calendars, as well as use the phone’s microphone and camera for surveillance, turning a target’s smartphone into a sophisticated bugging device.
According to the report, the targets had received over 76 messages with links to the Pegasus exploit along with uniquely crafted social engineering messages, “troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats.“
Once the victims open the link, Pegasus would then get downloaded onto their smartphones, turning the target’s smartphone into a digital spying tool, which is in the pocket of victims, but fully under the control of the operator.
The malware allows the attacker to extract an incredible amount of data stored in files, contacts, messages, and emails and then forward them to a hidden server. It also takes control of the smartphone’s microphone and camera — all without users’ knowledge.
Among those targeted by the government include:
- Activists with the Centro Miguel Agustín Pro Juárez for Human Rights (Centro PRODH)
- Members of the Mexican Institute for Competitiveness (IMCO)
- TV personality and investigative journalist Carmen Aristegui, along with her son Emilio Aristegui (a teenager)
- Other journalists working for the Mexican non-profit Against Corruption and Impunity
- TV network Televisa anchor Carlos Loret de Mola
A majority of the infection attempts on victims were recorded under two separate events: in August 2015 and between April 2016 and July 2016.
The report asserts that all evidence points towards the Mexican government which itself is behind the cyber espionage.