The Mexican government has been sending its critics among journalists and activists text messages loaded with advanced spyware in an attempt to tap into their data, according to a new report.

An investigation by the Citizen Lab of the University of Toronto in Canada and Article 19, an NGO dedicated to the freedom of expression, concluded that a series of links sent to critics of the government beginning in 2015 contained a piece of malicious software known as Pegasus.

Between January 2015 and July 2016, dozens of ominous text messages were sent to journalists and activists, claiming an irregularity with their visa status: "USEMBASSY.GOV/ WE DETECT A PROBLEM WITH YOUR VISA PLEASE GO TO THE EMBASSY TO SEE DETAILS." The text ended with the link "hxxp: // smsmessage [.] Mx" where they could go, the message said, to learn more about their predicament.

If they opened the link, the malware would then download onto the user's phone, allowing it to extract the information contained within — files, contacts, messages, and emails — and forward it to a hidden server. The malware also took control of the phone's microphone and the camera — all without the user knowing.

In their new report — "Government Spy: Systematic monitoring of journalists and human rights defenders in Mexico" — the Citizen Lab and Article 19 assert that all evidence points towards the Mexican government itself being behind the espionage.

The Pegasus software, the report says, was developed by an Israeli firm known as the NSO Group, which has been compared to a "cyber arms dealer." A spokesperson for the group previously told the New York Times that it only offered its services to legitimate governments. The malware's purchase "has been documented by at least three units in Mexico: the National Defense Secretariat (SEDENA), the Attorney General's Office (PGR) and the National Security and Investigation Center (CISEN)," the report reads.

Far from being random, the researchers say, the messages were highly targeted, sent as the recipients were nearing publication of news stories or releasing information in investigations that would be damaging to the government and particularly Mexican President Enrique Peña Nieto.

Among those swept up in the hacking: activists with the Miguel Agustín Pro Juárez Center for Human Rights (Centro Prodh); members of the Mexican Institute for Competitiveness (IMCO); journalists working for the Mexican nonprofit Against Corruption and Impunity; and other journalists working at Aristegui Noticias, the news site run by Carmen Aristegui; and Carlos Loret de Mola, an anchor for TV network Televisa.

This story was originally posted in Spanish.



