MEXICO CITY – Mexico’s scandal of high-tech spying against journalists and human rights defenders widened Thursday with expert confirmation that leading members of a main opposition party were also targeted by Israeli-made spyware sold exclusively to governments.
The conservative National Action Party (PAN) had asked internet watchdog Citizen Lab to investigate suspicious messages after the University of Toronto-based cyber-sleuths exposed the scandal last week.
On Thursday, Citizen Lab released a research note saying it had determined that the mobile phones of the party president, its chief spokesman, and the party’s leader in the Senate were all sent text messages containing links to the same malware.
#Mexico accused of spying on journalists and activists using cellphone malware https://t.co/0xzCbXLyYP #espionage
— Ak Baş (@wittich) June 19, 2017
The spyware, known as Pegasus, is made by NSO Group, which says it only sells to government agencies for use against criminals and terrorists. It turns a cellphone into an eavesdropper with the ability to remotely activate its microphone and camera and access its data.
“This case makes it crystal clear that NSO has been used widely and recklessly across a swath of Mexican civil society and politics,” said Citizen Lab’s John Scott-Railton. “Once again we see “government-exclusive” spyware being used for seemingly political ends.”
The PAN is the party of former Mexican presidents Vicente Fox Quesada and Felipe Calderón Hinojosa. The report says its Senate leader, Roberto Gil Zuarth, received three messages in June 2016 with links designed to surreptitiously plant Pegasus on his cellphone.
“As cases continue to emerge, it is clear that this is not an isolated case of misuse, but a sustained operation that lasted for more than a year and a half,” Scott-Railton said.
Like other attempts against journalists and consumer and rights activists, the messages sought to entice the intended victim to clicking on an irresistible message. One message to Gil Zuarth was about a news article mentioning him. Another announced a death. The PAN president, Ricardo Anaya Cortés, received one message around the same time. About one month later, party spokesman Fernando Rodríguez Doval got a message.
“This is something an authoritarian regime would do,” Rodríguez Doval said. “It must be investigated thoroughly and those responsible must be punished.”
While the report reached no specific conclusions about who was responsible, it noted that anti-corruption legislation was being debated in Congress around the time the victims’ phones were targeted.
Citizen Lab said in a June 19 report that while it had no conclusive proof of government involvement in the sending of 76 text messages targeting 12 prominent journalists and rights activists, the targets were all investigating or critical of the government. Some had uncovered corruption.
Using Texts as Lures, Government Spyware Targets #Mexico Activists and Their Families https://t.co/W6411WPAbx #espionage
— Michael Deibert (@michaelcdeibert) June 19, 2017
Anaya said in a news conference two days later that the PAN politicians, too, had been targeted. Out of caution, he said, none had clicked on the links.
“What is clear is that they tried to upload spyware onto our phones, to spy on us,” Anaya said. “That is totally unacceptable.
“We energetically condemn this type of espionage,” Anaya said, adding “We will take all means available to us in this case” to ensure those responsible are punished.
Mexican President Enrique Peña Nieto has dismissed allegations that his government was responsible and promised an investigation.
The Centro Miguel Agustín Pro Juárez, a human rights group that has investigated a number of high-profile human rights cases, has said its staff members were targeted. Other targets included well-known journalists Carmen Aristegui Flores and Carlos Loret de Mola.
In February, Citizen Lab and its Mexican partners published a report detailing how Mexican food scientists and anti-obesity campaigners who backed Mexico’s soda tax were also targeted with Pegasus.
Last year, the watchdog group exposed the use of Pegasus to spy on a prominent human rights activist in the United Arab Emirates.