Dozens of journalists in El Salvador hacked with Pegasus spyware

The cellphones of dozens of journalists and human rights defenders in El Salvador were hacked repeatedly with Pegasus, a sophisticated spyware over the past year and a half, an internet monitoring group said Wednesday.

In a report on its latest findings on the Israeli company’s Pegasus spyware use NSO Group, the Citizen Lab at the University of Toronto said it had identified a Pegasus operator who worked almost exclusively in El Salvador in 2020.

While investigators were unable to conclusively link the hacks to the Salvadoran government, the report noted that “the robust focus on infections in a specific country leaves see that this is very likely ”.

NSO, which was blacklisted by the US government last year, claims it sells its spyware only to legitimate government intelligence and law enforcement agencies that have been given the go-ahead by Israel’s Defense Ministry to use it. against terrorists and criminals.

Sofia Medina, spokesperson for President Nayib Bukele, declared in a statement: “The government of El Salvador is in no way related to Pegasus and is not a client of NSO Group,” and assured that it does not have the permissions to use this type of software. .

The investigation

NSO, the Israeli company, at the center of the controversy. AP Photo

The government is investigating the use of Pegasus to hack phones in El Salvador, he said. Medina pointed out that she also received an alert from Apple on November 23, as the other victims claim, in which she was told that there was the possibility that he was the victim of a state-sponsored hack. He said that the Minister of Justice and Public Security of El Salvador received that same message that day. The Citizen Lab investigation did not include government officials, Medina said.

NSO, placed on a US government blacklist last year, says it only sells its spyware to legitimate government security and intelligence agencies approved by the Israeli Defense Ministry for use against criminals and terrorists.

In a statement, NSO said it does not manage the technology once it is delivered to a client and has no way of knowing who its clients follow. But he stated that the use of his tools to follow activists, dissidents or journalists “It is a serious abuse of any technology and it goes against the intended use of such critical tools.”

The firm noted that it has canceled several contracts in the past due to misuse by customers. NSO does not identify its clients. But people familiar with the company said that at this time it does not have an active system in El Salvador. These people who spoke on condition of anonymity to speak about the company’s clients, indicated that NSO tries to obtain the cell phone numbers that were monitored and will investigate if there was inappropriate use.

“The company will employ all measures at its disposal in accordance with its contractual agreements,” these people indicated.

Bukele, a wildly popular president, has lashed out at his critics in El Salvador’s independent press, many of them which were affected by the hacks.

Citizen Lab performed a forensic analysis of 37 devices after their owners suspected they might be being hacked. Amnesty International’s Security Lab reviewed its analysis, and the human rights watchdog independently confirmed the hacks.

Nayib Bukele, President of El Salvador. AFP Photo Nayib Bukele, President of El Salvador. AFP Photo

John Scott-Railton, a researcher at Citizen Lab and author of the report, said the “aggressiveness and persistence of the hack was surprising.”

“I have seen many cases of Pegasus, but what was particularly disturbing in this case was its juxtaposition with the physical threats and language violence against the press in El Salvador,” said Scott-Railton.

“These are some of the things that might not surprise you in a dictatorship but, at least on paper, El Salvador is a democracy,” he said.

Pegasus, performing since 2015

Citizen Lab has identified Pegasus victims since 2015, when abuses of this spyware against journalists and human rights activists were discovered in Mexico and autocratic Middle Eastern countries such as Saudi Arabia.

Dozens of cases have since been uncovered, including a dozen US State Department employees in Uganda, British lawyers and a Polish senator who led the campaign for the opposition in the 2019 elections.

While Citizen Lab does not blame the Bukele government for the massive hack, Scott-Railton indicated that all circumstantial evidence points in that direction. The victims are found almost exclusively in El Salvador.

The infrastructure used to infect Pegasus victims is global, so the command and control servers running the virus would not be expected to espionage in this case were local.

Twenty-two of the affected journalists work for the independent news portal El Faro, which at the time of the hacks was working on reports related to the alleged pact between the Bukele government and Salvadoran gangs to reduce the homicide rate in the country and provide support for the president’s party in the parliamentary elections in exchange for benefits for the leaders of criminal organizations.

Bukele has firmly denied that there has been any negotiation with the gangs.

In December, the United States Department of the Treasury appointed two officials of the Bukele government to receive financial sanctions, and assured, as did El Faro, that the government had reached out to an agreement with the gangs.

El Faro wrote on Wednesday that the “phones of the editorial headquarters, journalists and administrative staff were tapped -in some cases- for up to a year and constantly. The analysis determined a total of 226 tappings in which the phones were infected. This espionage allows total control of the device: intercept messages, calls and extract all the information stored in the phones”.

With information from AFP

By Editor

One thought on “Dozens of journalists in El Salvador hacked with Pegasus spyware”

Leave a Reply