Mexico investigating spyware attacks on journalists, activists

CANCUN – Mexican prosecutors have opened an investigation into the reported targeting of journalists, lawyers and activists with spyware that is sold exclusively to governments, authorities said.

In a statement, the federal Attorney General’s Office said its division responsible for investigating crimes against freedom of expression will probe possible violations such as intercepting private communications and illegally accessing computing equipment.

Prosecutors will seek to analyze the targeted cellphone numbers and identify the source of the spyware attacks, and they will also contact the providers of the technology for information on which government entities have acquired it.

“The Attorney General’s Office energetically condemns the illegal intercepts of communications,” the statement said.

The action follows the call of Human Rights Watch upon the government to hold accountable anyone found responsible for using the spyware against activists and journalists.

The New York Times reported on June 19, 2017, that the spyware had targeted lawyers working for the prominent human rights group Centro Prodh, which represents family members of the 43 students who disappeared in 2014 in Guerrero State and other abuse victims, an academic who advocated for anti-corruption legislation, and two influential journalists who exposed government corruption and abuse. The Mexican government has “categorically denied” it is engaged in surveillance of defenders, journalists, and activists without judicial authorization.

“It’s deeply disturbing that sophisticated cyberweaponry like this could be turned on ordinary citizens – and especially when these are rights defenders and journalists working to expose corruption and abuse,” said José Miguel Vivanco, Americas director at Human Rights Watch. “The Mexican government has denied responsibility, but they need to do much more to find who’s responsible and hold them accountable, and make sure this doesn’t happen again.”

Technical analysis published by Toronto-based research center Citizen Lab strongly indicates the attacks involved spyware called Pegasus, sold by Israeli cyber arms manufacturer NSO Group. Once a smartphone is infected with the spyware, NSO Group’s software allows government agencies to monitor all activity on the phone, including emails, files, contact lists, location information, and chat messages. The spyware also enables governments to secretly record audio or video using a phone’s built-in microphone and camera.

The invasive spyware was developed by the NSO Group, an Israeli surveillance technology firm that has contracts with multiple agencies within Mexico, The New York Times previously reported based on internal NSO Group emails. In response to media reports, the company has stated that it sells “only to authorized governmental agencies” and that agreements signed with customers require that its products “only be used in a lawful manner … for the prevention and investigation of crimes.” However, the NSO Group relies on the governments themselves to monitor its use.

NSO Group should investigate potential abuses of its product in Mexico and immediately cease all service and support to agencies where abuses are found, Human Rights Watch said.

Brazil’s federal government responded by saying it conducts intelligence operations to fight organized crime and for national security purposes but denying that it carried out any surveillance that was not properly approved by the courts.

Also, Mexico’s National Human Rights Commission urged the Defense Department, the Navy, the Attorney General’s Office and the Interior Department to abstain from using spyware against journalists, civil society groups and human rights defenders if they are in possession of the technology, as is presumed.

It also called on those government entities to instruct their employees not to make use of or make public any such information that may have been improperly collected.

“This violates their human rights to honor, to intimacy, privacy, to dignity and not to be bothered,” the commission said in a statement.

Citizen Lab said the use of the software was so brazen and obvious — sending multiple messages from the same domains or sending identically worded messages to multiple targets — as to suggest that the perpetrators wanted it to be known as a form of intimidation.

The report comes at a time when Mexican journalists and human rights defenders already feel under attack, with six journalists slain in the country since early March.