Mexican Businessman Arrested For Using NSO Spyware To Target A Journalist

from the NSO's-long,-international-SEO-nightmare-continues dept

No news is the only good news for Israeli tech company NSO Group. The problem is it’s impossible to generate no news when you can’t go more than a few days without generating more bad news.

Since the leak of data showing its customers were targeting journalists, activists, religious leaders, and other government officials with powerful malware capable of intercepting cellphone communications, the headlines NSO has racked up range from bad to worse to nightmarish.

Multiple countries are now following up on investigations performed by entities like CitizenLab, performing investigations of their own to determine whether they’ve been breached by NSO’s malware or if government customers have violated rights. The United States has effectively blacklisted the company, forbidding US government agencies from buying its products and US exploit developers from selling to NSO.

One country was host to a large percentage of the numbers on the leaked list of potential NSO Group malware targets: Mexico. 15,000 of the 50,000 phone numbers on the list were located in that country. Perhaps unsurprisingly, Mexico is home to the first arrest related to abuse of NSO spyware.

Mexican prosecutors said Monday they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.


A federal official not authorized to be quoted by name said the suspect is Juan Carlos García Rivera, who has been linked to the company Proyectos y Diseños VME and Grupo KBH. He was detained on Nov. 1.

Mexico buys a lot of spyware from NSO. The AP report says the Mexican government spent $61 million on Pegasus licenses (NSO’s most popular — and most powerful — phone exploit) from 2006 to 2018. That quote was given to the Associated Press in July. It has since been updated.

Last week, the government’s top anti-money laundering investigator said officials from the two previous administrations had spent about $300 million in government money to purchase spyware. But that figure may reflect all spyware and surveillance purchases, or may include yet-unidentified contracts.

Supposedly the Mexican government has kicked the spyware habit. Current president Andrés Manuel López Obrador was elected in 2018 and promised never to use exploits like these. It remains to be seen if that promise has been broken or will be broken in the future. According to the head of the government’s Financial Intelligence Unit — which monitors government financial transactions for evidence of corruption — “no transactions” related to the purchase of spyware have been detected.

That’s reassuring but not nearly as reassuring as a statement from a non-government entity would be, given the Mexican government’s long, mostly unsuccessful, battle with internal corruption.

NSO has, of course, responded with another nonsensical non-denial of the facts at hand:

As stated in the past, NSO’s technologies are only sold to vetted and approved government entities, and cannot be operated by private companies or individuals. We regret to see that, over and over again, the company’s name is mentioned in the media in events that has nothing to do with NSO, directly or indirectly.

This certainly looks like the software was “operated” by a private individual. Maybe that first and pretty damn clear impression will change when more facts are in. Just because NSO forbids the use by private individuals doesn’t mean private individuals with access to malware are somehow incapable of deploying it. And, just to be pedantic because NSO insists on pedantry, when issuing defensive statements, this report very definitely has something to do with NSO indirectly. Being angry about the endless stream of bad news doesn’t make NSO right and everyone else wrong about it’s at least tacit involvement with misuse of its products by its customers.

Filed Under: , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Mexican Businessman Arrested For Using NSO Spyware To Target A Journalist”

Subscribe: RSS Leave a comment
David says:


Current president Andrés Manuel López Obrador was elected in 2018 and promised never to use exploits like these.

2018 is 3 years ago. An administration does not turn on a dime regarding how it operates. The first consequence of actual orders (rather than promises) is that the reported results are accompanied by less information about how they have been attained. If the president is serious about this, it creates a certain amount of friction for continuing operations as usual, producing a bit of evolutionary pressure for focusing on different criteria for picking new employees and different weights for choosing a modus operandi.

So in other words: nice to hear. Not much more, but not less.

Anonymous Coward says:

As stated in the past, NSO’s technologies are only sold to vetted and approved government entities, and cannot be operated by private companies or individuals.

Um yeah. I don’t think so.

Unless they are claiming they have a technology better than any bio-metric system in existence (since it not only needs to validate who, but that they are a legitimate government agent… which would require knowledge of even which agents are government agents who the government doesn’t want to acknowledge publicly), I dont think they can actually do this.

I mean, after all the worlds leading DRM system now gets cracked in hours. Do they thing that can do something orders of magnitude more complex (DRM, but also validate that the human is in-fact a government agent) AND be impossible to crack?

I think NSO would come off looking better if they just didn’t say anything at all. Or maybe they like the taste of their own feet.

Anonymous Coward says:

Re: Re: Re:

Can you state precisely what the law that is being broken is called, and what its maximum penalty is currently?? Is there such a law as Invasion of Privacy?

Aside: Do you mean that I can legally spy on my neighbors with binoculars and video cameras, since they’re non-intrusive devices and are not specifically built as spyware??

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...