Leer en español. As the son of Mexico’s most famous journalist, Emilio Aristegui Flores is used to people clamoring for a moment of his mother’s time. Carmen Aristegui, the dogged investigator and press freedom advocate, draws near-constant attention from her fellow reporters and citizens in the street alike. In a country long ruled by corrupt and powerful strongmen, Aristegui, a relentless woman with a microphone, has been an inspiration — and irritant — to many. For 18-year-old Emilio, it’s a dynamic he’s grown up with, and one that makes sense. What’s harder for him to wrap his head around is that his own government would go so far as to deploy multimillion-dollar spying tools designed to take down terrorists and other national security threats against him, a teenage kid, in order to get at his mother. Carmen and Emilio Aristegui had their phones targeted by a sophisticated hacking tool called Pegasus beginning two years ago, in a far-reaching surveillance scandal that has just been revealed in recent months. Forensic experts investigating the tools in question say the aggressiveness of the campaign in Mexico is unlike anything they have ever seen. And while the surveillance targets include many Mexican media figures, a government scientist, and international human rights investigators — each united by challenges they have publicly posed to the administration of Mexican President Enrique Peña Nieto — so far, it appears nobody got it worse than Emilio and his mother. An examination of their phones revealed that each were targeted dozens of times with tailor-made messages to entice them to click, including while Emilio, who was 16 years old when the attacks started, was attending high school in the United States. In an interview with The Intercept, Aristegui called the attacks “sinister.” By targeting her family with tools designed to fight terror and crime, Aristegui told The Intercept, the Mexican government is treating its critics like “enemies of the state.” And she is demanding answers not only as a journalist, but as a parent as well. “What did they want to know about my son, Emilio?” Aristegui asked. “Why did the government of Enrique Peña Nieto want to know about the friendships, the communication my son had, his photos, what he does, what he says in real time? That is what Pegasus does. When you are with somebody, they are listening to you. When you are speaking, watching, or doing something with someone in your house or in a cafe or wherever you may be, they are there listening to you, watching everything that you do. Everything that you do in your bedroom, the shower, in your kitchen, in your office with your friends or whoever.” The story of how Aristegui and her son were wrapped up in a sprawling surveillance scandal underscores the increasingly dire situation for reporters in Mexico — a nation where murders of journalists go unsolved — and reflects the danger in marketing private spy gear to weak democracies with a tendency toward authoritarianism. In conversations with The Intercept — Emilio’s first ever with a media outlet — the Aristeguis described how the attacks began, what they say about tolerance for dissent in Mexico, and how the family plans to move forward. The accounts of the hacking that they experienced are backed up by a series of recent reports published by Citizen Lab, a forensics research outfit at the Munk School of Global Affairs at the University of Toronto, in collaboration with a crew of Mexican NGOs, including R3D, Social Tic, and Article 19. The forensics reports have been further fleshed out by a collection of stories published by the New York Times’s Mexico City bureau. To date, there is no definitive evidence concretely linking the Mexican government to the hacking efforts — though Citizen Lab’s experts have noted that the forensic information they have gathered pointing to government involvement is “about as good as it gets.” The New York Times has reported that “since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware” from NSO Group, the Israeli company that manufactures Pegasus. The company insists that its products are sold only to governments, and the use of such invasive technologies against activists and political opponents would be illegal under Mexican law. In Aristegui’s view, there is no question where responsibility lies. “The Mexican government is responsible for all this because Pegasus, which is an Israeli system, is only sold to governments, and the Mexican government has acquired this and other spying systems, and that only leaves us to say that the Mexican government was responsible for this spying,” she said. “The Mexican government has to explain clearly why and to what end they used these spying systems, with public money that paid for it, to spy on journalists, the son of a journalist, and human rights lawyers.” Yet she has little faith that the government will conduct a credible investigation into itself. “That is why those of us who are the ones affected by this situation and people who are worried by the issue are calling for an investigation independent from the Mexican government,” Aristegui said, “that would preferably include independent international experts, an investigation that will sanction those who are behind Pegasus.”

Mexican journalist Carmen Aristegui speaks during an interview with AFP about the New York Times reporting on the spyware scandal in Mexico City on June 22, 2017. Photo: Bernardo Montoya/AFP/Getty Images

As far as Aristegui and the forensic experts examining her case can tell, the veteran journalist’s troubles began after her website, Aristegui Noticias, broke a major story in November 2014 revealing that President Peña Nieto’s wife, Angélica Rivera, had received a sweetheart real estate deal from a contractor close to her husband, paving the way for the purchase of a roughly $7 million home well outside of the family’s budget. “This house was located in one of the most luxurious areas of Mexico, and it was registered in the name of a contractor, a businessman, who was friends with the president and possessed the legal register of this residence that the president and his family lived in,” Aristegui explained. The so-called Casa Blanca scandal eventually forced the first lady to give up the property and, two years later, resulted in an apology from the president himself. Though a far cry from official accountability, it was an achievement of sorts — but it came at a price. “This journalistic investigation, for those of us journalists who participated in it, came with a high cost and led to us getting kicked off the radio in Mexico,” Aristegui said. In the months that followed, Aristegui’s office was broken into and she was targeted with a series of lawsuits, including one accusing her of “excessive use of freedom of speech.” “They have tried to annihilate us using censorship and lawsuits against us and attacks like a break-in,” Aristegui said. In the wake of Casa Blanca, Aristegui started to get mysterious text messages on her personal cellphone. The first appeared on January 12, 2015, two months after the Casa Blanca story broke. The text informed Aristegui that her “previous message was not sent” and provided a link. More than two dozen messages would follow over the next year and a half. The content varied and evolved over time. Several of the early messages reflected familiar phishing attempts — claims about past due balances in various accounts — but they soon became more specific. One text, delivered in July 2015, reported that Anonymous had announced plans to hack Aristegui’s website and provided a link for more info. Another purported to come from the U.S. Embassy, advising Aristegui that there was a problem with her visa. Aristegui did her best to disregard the dubious links filling her inbox. “At one point in the beginning I consulted with people who told me, this is a system that installs itself on your phone, just don’t open it, don’t pay attention to it, and that is what we did,” she said. But the messages kept coming, and in March 2016, whoever was sending them began intensifying their focus on Aristegui’s son, Emilio, who was attending high school in Massachusetts. The first message Emilio had received, in August 2015, appeared tailor-made to grab his attention: a link to a news website reporting that the presidency was considering jailing journalists involved in the Casa Blanca reporting. Others appeared to come from friends asking if Emilio had changed his Facebook and Twitter accounts. Like his mother, Emilio received a faked message from the U.S. Embassy concerning his visa — a potential violation of U.S. law considering Emilio’s status as a student legally studying in the United States at the time. For Emilio, the electronic onslaught was bewildering. “It is a situation that you, as a teenager, find yourself in and you don’t know what to do because it is not part of your upbringing where they tell you this is going to happen — there is no preparation someone can give you regarding this situation,” Emilio said. “I am still in shock.” While he initially tried to ignore them, Emilio described the messages he received as “devilish” in their design, baiting him with “information about who I am, what I am interested in, who I hang out with, messages that are made for me to make me interested enough to click so that my phone gets tapped.” By summer 2016, the attackers targeting the Aristegui family shifted their tactics again, alternating between mother and son with new messages every few days. “Emilio and myself each received so many of these kinds of messages,” Aristegui said. “There were a lot of attempts to gain access to our private conversations.”

Photo: Alfredo Estrella/AFP/Getty Images

Though it was obvious to Aristegui that something was afoot, a deeper understanding of what was going on did not become possible until earlier this year, when the researchers at Citizen Lab published a report revealing that a prominent scientist working with the Mexican government’s National Institute for Public Health, as well as two NGO directors, had been targeted with sophisticated surveillance technology exclusively marketed to governments. Each of the targets had been involved in a campaign to support a tax on sugary drinks — an issue that public health experts consider critical given the soaring rates of obesity and related illnesses in Mexico. Efforts to raise taxes on soda in Mexico have been met with intense corporate and political pushback, with the CEO of Coca Cola going so far as to personally call President Peña Nieto to solicit his support in opposing a tax. Citizen Lab had previously investigated a similar case in the United Arab Emirates, one in which an activist’s cellphone was hacked with high-end, government-exclusive spyware. Citizen Lab determined that the secretive Israeli company NSO Group was responsible for the technology that allowed for the hacking of the activist’s phone, and it seemed the same tool was at work in Mexico. Marketing itself as “a leader in cyber warfare,” NSO has insisted that its surveillance tools are strictly designed for use by “authorized government agencies,” as a means to combat “terror and crime.” The product that has made NSO famous, despite the company’s efforts to keep a low profile, is Pegasus, a tool designed to allow government customers to gain remote access to cellphones by tricking targets into clicking links that expose the phone’s operating system. Once described by Forbes as “the world’s most invasive mobile spy kit,” Pegasus allows NSO customers virtually unfettered access to the phone’s most sensitive features, including its microphone, camera, text messages, contact list, and so on — in real time. While the company is Israeli, NSO maintains significant U.S. ties. Francisco Partners Management LLC, an American private equity firm, purchased the company for $120 million in 2014 (NSO is reportedly now up for sale again, with a price tag exceeding $1 billion). The company, operating under a different name, also at one point paid former Trump administration National Security Adviser Michael Flynn more than $40,000 to serve as an advisory board member. After Citizen Lab published its report in February concluding that the same Pegasus technology it detected in the UAE case had been used against the soda tax campaigners in Mexico, Aristegui got in touch with local researchers on the ground in Mexico and turned over the messages that she and Emilio had received. The Aristeguis’ suspicions were confirmed — they too had been targeted with Pegasus spyware. And they were not alone. In a report published in June, Citizen Lab and its partners in Mexico revealed that they had uncovered “over 76 messages with links to NSO Group’s exploit framework.” The affected individuals included two of Aristegui’s colleagues — Rafael Cabrera and Sebastián Barragán — as well as Carlos Loret de Mola, a well-known Mexican investigative journalist and TV anchor. Around the time that he began receiving disturbing messages, Mola was reporting on a potential cover-up on the part of the federal government stemming from an operation in which Mexican security forces killed 42 suspected drug traffickers. Forensic evidence also pointed to cellphone hacking attempts targeting journalists Salvador Camarena and Daniel Lizárraga. According to Citizen Lab, at the time that the two journalists began receiving Pegasus-linked text messages, they were “investigating evidence of offshore holdings linked to corrupt officials and prominent individuals in Mexico.”

Civil society activists and journalists pretend to turn themselves in outside the attorney general’s office in Mexico City during a protest against alleged government spying on the media and human rights defenders, June 23, 2017. Photo: Alfredo Estrella/AFP/Getty Images