Israeli Tech Company's Spyware Still Being Used To Target Journalists And Activists
from the buy-it-for-safety,-use-it-for-evil dept
Israeli exploit/malware developer NSO Group says its products are marketed to governments for legitimate national security and law enforcement purposes. Yet somehow it keeps ending up in the hands of governments with terrible human rights records and deployed against journalists, dissent groups, and activists.
The software sold by NSO is being deployed against journalists in Mexico — ones looking to expose government corruption. This report by the Columbia Journalism Review provides more details on the hacks, building off Citizen Lab’s exposure of NSO’s “Pegasus” spyware.
Mexico has been ground zero for Pegasus’s deployment against journalists. At least six reporters have been targeted there, according to exhaustive research by both Citizen Lab and the Mexican digital rights group R3D. Those attacks coincided with major journalistic investigations that challenged the Mexican government. For example: three reporters who were targeted worked on the “Casa Blanca Scandal,” a major story exposing how Mexico’s first lady was given a mansion by a government contractor who later received lucrative contracts. Mexican television journalist Carlos Loret de Mola was targeted while he was reporting on extrajudicial killings. Although three Mexican federal agencies have access to Pegasus, the government has denied it ever launched any attacks on reporters.
This is more of the same for NSO’s spyware. Citizen Lab also uncovered use of the software by notorious humans rights violators like Saudi Arabia, Kazakhstan, and the United Arab Emirates. In many cases, deployments targeted critics and activists, rather than criminals or national security threats. The deployments are disturbing enough. The tactics are even worse:
The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats.
CJR’s report is supposed to act as a warning for journalists around the world. They are targets, no matter what their governments say and no matter how NSO frames its pitches.
And we’re not completely immune to this in the United States. Although any deployment against journalists would be viewed as a serious violation of Constitutional rights, the fact is US government agencies are seeking to purchase NSO’s spyware for use in their work. The DEA has met with NSO in the recent past and the agency’s own past suggests it isn’t above violating rights to further its own ends. No rights violations have been seen yet but, as we’ve seen before, the government is willing to impersonate journalists to track down suspects. Infecting journalists’ phones to track down leakers and whistleblowers isn’t that much of a step forward.