A number of Mexican journalists and lawyers were targeted by spyware when they were investigating charges of corruption by the Mexican President.
76 separate spyware-laced messages were sent to these journalists and lawyers between August 2015 and July 2016.
A new report from security firm Citizen Lab has uncovered a spate of spyware attacks conducted on a number of Mexican journalists and lawyers between August 2015 and July 2016. The spyware involved in the operation exploited a rare iOS vulnerability to infiltrate systems and spy on targeted victims.
According to Citizen Lab, these journalists and lawyers were, at that time, investigating allegations of corruption by the Mexican President as well as of human rights abuses initiated by Mexican federal authorities.
Hackers sending spyware-laced messages to these individuals impersonated the Embassy of the United States in Mexico and also sent separate messages containing kidnapping threats, sexual taunts, fake AMBER alerts and fake bills for phone services and sex-lines.
Citizen Lab determined that the modus operandi of people behind the spyware operation was very similar to the activities of NSO group, a ‘cyber-warfare group’ that sells exploits and spyware tools to governments around the world.
“In February 2017 Citizen Lab, with the assistance of Mexican non-governmental organizations (NGOs) R3D and SocialTic, documented how Mexican government food scientists, health, and consumer advocates also received links to infrastructure that we connected to NSO Group. We suspect that the links were designed to install Pegasus on their phones,” said the security firm.
Messages sent by hackers to these Mexican journalists, lawyers, and human rights activists were laced with NSO exploit links which include Pegasus, a particularly vicious tool that allows hackers to ‘remotely compromise and then monitor mobile phones of all popular operating systems.’
Pegasus can be used by Governments to infiltrate mobile phones and monitor all communications like texts, e-mails, calls, audio recordings and camera pictures. According to Mexican human rights group Article 19, 53% of all acts of violence and intimidation against journalists last year were conducted by officials who didn’t face any legal consequences for their acts.
Citizen Lab also uncovered the fact that most spyware attacks were conducted when journalists, human rights activists, and lawyers were investigating charges of corruption and excesses on part of the government.
“Many Mexican journalists have stated their belief that their communications are monitored by elements within the Mexican government and security services. Prior Citizen Lab research on NSO group also included an example of a targeted Mexican journalist (Rafael Cabrera).
“In another case indicating surreptitious monitoring, a recording of a private phone call between Santiago Aguirre and the parent of one of the victims of the Iguala Mass Disappearance appeared online. Aguirre is one of the targets of infection attempts using NSO exploit links that we examine here,” the firm said.
Government surveillance on common citizens has been a thorny issue over the past few years. Even in the UK, thr GCHQ conducted active surveillance on e-mails sent and received by investigative journalists at the BBC, Reuters, The Guardian, the New York Times, Le Monde, The Sun, NBC and the Washington Post.
The surveillance took place in November 2008 and the journalists’ communications were among 70,000 emails collected in the space of 10 minutes through GCHQ’s numerous taps on fibre optic cables. Some of the emails collected included correspondence between reporters and editors discussing stories, while others were PR emails sent to journalists en masse.
Governments in many countries across the world are also actively pursuing backdoors to encryption protocols implemented by social media and internet services. In the UK, the government is reportedly working on a series of new orders collectively titled Technical Capability Notices. The new orders will allow the government to obtain encrypted messages and content from companies as and when required.
A document leaked by the Open Rights Group has also laid bare the UK government’s attempts to utilize new surveillance techniques to track as many as 6,000 people at any given time. As per the draft Investigatory Powers (Technical Capability) Regulations 2017, the Government aims to ‘remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.’