A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.
It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.
In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.
NSO and Apple have for years been engaged in a battle in which the the spyware company exploits iOS vulnerabilities, Apple patches them, NSO uses new ones, and so on.
More recently, Apple has been alerting owners of infected iPhones, and offered a Lockdown Mode in iOS 16, which protects iPhones against Pegasus, but severely limits functionality to do so.
Pegasus spyware used in Mexico
It was first discovered that the Mexican government was using Pegasus back in 2017, under the previous regime.
Many sectors of Mexican civil society were targeted, including investigative journalists and lawyers for cartel victims’ families, anti-corruption groups, prominent lawmakers, international investigators examining enforced disappearances, and even the spouse of a journalist killed in a cartel slaying.
Following public outrage, when now-president López Obrador came to power, he said that Pegasus had been used against him when he was in opposition, and promised that his government would not use the surveillance system.
When we were in the opposition we were spied on (…) now that is prohibited […] We don’t do that. And we don’t do it because it is a matter of principle.
But Pegasus was indeed used after this promise
Security researchers at Citizen Lab have verified claims that Pegasus has indeed been used after this promise was made.
R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021 […]
The 2019-2021 infections leveraged zero-click attacks: no deception was required to trick victims into clicking. The Citizen Lab’s previous reports on Mexican cases found malicious text messages designed to trick targets into clicking on a link that would trigger an infection.
The researchers say they cannot specifically point to the Mexican government as the culprit, but all the signs point in this direction – and also appear to support claims of continued corruption.
We assess with high confidence that these individuals were hacked with Pegasus spyware. The technical data available for these recent cases (2019-2021) does not enable us to attribute the hacking to a particular NSO Group customer at this time. However, each of the victims would be of intense interest to entities within the Mexican government and in some cases, troublingly, to cartels.
Photo: Miguel Tomás/Unsplash