Mexico spy on journalists, lawyers and activists using NSO Group’s Pegasus

“Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”

Bill Marczak — Senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs

On Monday, Citizen Lab, along with a handful Mexican organizations, released a new report identifying 76 text messages designed to phish several targets and infect them with NSO’s sophisticated spyware known as Pegasus.

Several prominent journalists and activists in Mexico have filed a complaint accusing the government of spying on them by hacking their phones. Follow us on Twitter: @INTEL_TODAY

RELATED POST: Mexico — Prominent “drug cartels” journalist Javier Valdez shot dead

RELATED POST: Germany — Bruno Kahl: Why is the BND spying on journalists?

RELATED POST: Dutch Secret Services Wiretapped Lawyers and Journalists

The accusation follows a report in the New York Times that says they were targeted with spyware meant to be used against criminals and terrorists.

The newspaper says messages examined by forensic analysts show the software was used against government critics.

A Mexican government spokesman “categorically” denied the allegations.

The report says that the software, known as Pegasus, was sold to Mexican federal agencies by Israeli company NSO Group on the condition that it only be used to investigate criminals and terrorists.

The software can infiltrate smartphones and monitor calls, texts and other communications, the New York Times said. It can also activate a phone’s microphone or camera, effectively turning the device into a personal bug.

But instead of being used to track suspected criminals, the targets allegedly included investigative journalists, anti-corruption activists and even lawyers.

RELATED POST: Former NSA Mike Flynn advised Israeli cyberweapons dealers

RELATED POST: Former Mossad chief: “Mike Flynn was very experienced. Maybe, he has been thrown under the bus.”

RELATED POST: There’s Something That Michael Flynn Knows That Has Trump Extremely Nervous

The Legal Cases

Nine people have now filed a criminal complaint. At a news conference in Mexico City, journalist Carmen Aristegui accused the state of criminal activity.

“The agents of the Mexican state, far from doing what they should be doing legally, have used our resources, our taxes, our money to commit serious crimes,” she said. [BBC]

Miguel Agustín Pro Juárez Centre: One of the most respected human rights groups in Mexico, it has looked into the disappearance and suspected massacre of 43 students in 2014 and other high profile cases, including a military raid that left 22 dead in 2014. Its executive director and two other senior executives allegedly received infected messages

Aristegui Noticias: Award-winning journalist Carmen Aristegui, who also hosts a daily programme on CNN en Español, has reported on suspected cases of corruption and conflict of interest, including a scandal involving the wife of President Enrique Peña Nieto acquiring a $7m (£5.5m) house from a government contractor. Two members of her investigative team and her under-age son allegedly received some 50 messages

Carlos Loret de Mola: A popular journalist at leading TV network Televisa, he allegedly received several messages containing the software

Mexican Institute for Competitiveness (IMCO): It has led efforts for anti-corruption legislation. Two senior members were allegedly targeted.

About NSO Group

NSO Group Technologies is an Israeli cyberarms dealer founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It is reported to employ around 200 people and is based in Herzliya near Tel Aviv. Annual revenues were said to be around $40 million in 2013 and $150 million in 2015.

According to the company, it provides “authorized governments with technology that helps them combat terror and crime”. Malware created by NSO Group has been used in targeted attacks against human rights activists and journalists in several countries.

The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target’s personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred the sale of NSO Group technology.

Two years ago, the NSO Group sold a controlling stake in its business to Francisco Partners, a private equity firm based in San Francisco, for $120 million. Nearly a year later, Francisco Partners was exploring a sale of the company for 10 times that amount, according to two people approached by the firm but forbidden to speak about the discussions. [NYT]

About General Mike Flynn and the NSO Group

In May 2006, Flynn joined a branch (Luxembourg) of the NSO Group. This group — founded by former Israeli Intel officers of the 8200 Unit — develop malware and cyberweapons.

About Pegasus

Among the Pegasus system’s capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls “room tap” can gather sounds in and around the room, using the phone’s own microphone.

Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone’s web browser. And all of the data can be sent back to the agency’s server in real time.

How does the software work? A link is usually sent in a message to a smartphone. If the person taps on it, the spyware is installed, and huge amounts of private data – text messages, photos, emails, location data, even what is being picked up by the device’s microphone and camera – is hacked

Bill Marczak, Ph.D. Candidate, UC Berkeley

The Center for Long-Term Cybersecurity presents a talk by Bill Marczak, a computer science Ph.D. candidate at UC Berkeley, a CLTC research grantee, and a senior research fellow at Citizen Lab. This event, part of the CLTC 2016 Fall Seminar Series, will be held in South Hall Room 205, on the UC Berkeley campus.

Computer security research devotes extensive efforts to protecting individuals against indiscriminate, large-scale attacks such as those used by cybercriminals, as well as protecting institutions against targeted cyber attacks conducted by nation-states (so-called “Advanced Persistent Threats”). Where these two problem domains intersect, however—targeted cyber attacks by nation-states against individuals—has received considerably less study.

Recently profiled in Vanity Fair, Bill Marczak’s research focuses on identifying and tracking nation-state information controls employed against dissidents, as well as government-exclusive “lawful intercept” malware tools, including FinFisher, Hacking Team’s RCS, and NSO Pegasus.

In his talk for CLTC, “Defending Dissidents from Targeted Digital Surveillance,” Marczak will detail his efforts to characterize this space, based on analysis of an extensive collection of suspicious files and links targeting activists, opposition members, and non-governmental organizations in the Middle East over a period of several years. He will present attack campaigns involving a variety of commercial “lawful intercept” and off-the-shelf tools, and explain Internet scanning techniques he used to map out the potential broader scope of such activity.

He will present the results of his IRB-approved research study involving in-depth interviews with 30 potential targets of abusive surveillance in four countries. The results give insight into potential targets’ perceptions of the risks associated with their online activity—and their security posture. Based on his study results, he will propose Himaya, a defensive approach he developed that readily integrates with targets’ workflow to provide near real-time scanning of a subject’s email messages to check for threats. He will explain Himaya’s architecture and provide preliminary data from its beta deployment.

Bill’s past work resulted in the identification of the Great Cannon, an attack tool employed by China that hijacked millions of users’ web browsers around the world to conduct Denial of Service (DoS) attacks for censorship purposes, as well as the discovery of the first iPhone zero-day remote jailbreak seen used in the wild, sold by Israeli firm NSO Group to governments around the world, to facilitate surveillance of mobile phones.


Mexico ‘spied on journalists, lawyers and activists’ — BBC

Murdered journalist Javier Valdez on the risks of reporting in Mexico — BBC

How Spy Tech Firms Let Governments See Everything on a Smartphone — NYT

NSO Group — Wikipedia

Donald Trump’s former intelligence chief Mike Flynn advised Israeli spyware company NSO — Online Intelligence


Mexico spy on journalists, lawyers and activists using NSO Group’s Pegasus

This entry was posted in Israel, Journalism, Mexico and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s