It's not clear who the culprit may be. Soft drink industry group ConMéxico says this is the first time it heard of the spyware intrusion, and it's not clear which government agency would oppose the soda tax so vehemently that it would spy on prominent supporters. While there was a separate incident where a journalist fell victim to spyware after uncovering a presidential housing scandal, there's no evidence that the soda campaign was ordered at the highest levels.

Whoever's responsible, there's one overriding concern: how did NSO Group's tool find its way into the wrong hands? The company says it only sells to law enforcement agencies after a thorough vetting process, and there are software measures that stop customers from sharing the technology. Either corrupt officials misused the software to further a pro-soda agenda, or some private actor had unauthorized access. And if the government was involved, it suggests that companies like NSO should have a stricter screening process that rules out sales when there's a realistic chance of misuse.