For Immediate Release
Toronto, Canada (11 February 2017) — The University of Toronto’s Citizen Lab published a report today on a cyber-espionage operation targeting Dr. Simon Barquera, a prominent scientist at the Mexican National Institute for Public Health (INSP) and the directors of two Mexican NGOs working on public health and sugar consumption, Alejandro Calvillo and Luis Encarnación. These individuals have been active supporters of Mexico’s soda tax to reduce the consumption of sugary drinks. The messages that they received tried to trick them into visiting malicious links which served iOS exploits that would compromise an iPhone and load “Pegasus” malware sold to governments by NSO Group, an Israeli “cyber warfare” company.
NSO Group sells equipment and intrusion software to remotely compromise mobile devices. In a previously released report, the Citizen Lab documented NSO Group’s technology and an iPhone zero day being used against Ahmed Mansoor, a human rights defender based in the United Arab Emirates, who was targeted with malicious links sent over SMS. Clicking on the links would have silently infected the target’s phone with NSO’s Pegasus malware, which would enable the use of the phone’s camera and microphone to snoop on activity in the vicinity of the device, record WhatsApp and Viber calls, log messages sent in mobile chat apps, and track movements and location.
In August 2016, Apple responded to the threat promptly by releasing the iOS 9.3.5 patch, which closes the vulnerabilities that NSO appears to have been supplying to remotely hack iPhones.
“Vendors like to make the argument that incidents of abusive surveillance are isolated, and customers are diligently vetted. We see again that their self-regulation has failed.” – Bill Marczak, Senior Researcher, The Citizen Lab, Munk School of Global Affairs, University of Toronto
The messages sent to Dr. Barquera, Calvillo, and Encarnación all contained links pointing to domains previously identified as part of our investigation into NSO’s infrastructure. Our continued research yielded evidence that it was also used to target Mexican journalists and others in Mexican civil society. While we only had evidence of a handful of likely targets in Mexico at the time, the report released today presents evidence of additional targeting with NSO’s exploit infrastructure and malware.
“Governments often justify surveillance as being necessary to monitor for criminal or terrorist activities, but spying on the phones of scientists and food advocacy groups concerned about children eating too much sugar can hardly be construed as anti-criminal or anti-terrorist activities. “ – John Scott-Railton, Senior Researcher, The Citizen Lab, Munk School of Global Affairs, University of Toronto
Research by the Citizen Lab and others has consistently shown that some governments are willing to use “lawful intercept” tools like NSO Group’s Pegasus to recklessly target and harass journalists, activists, and human rights defenders. This report adds more categories to the list: federal scientists and consumer advocacy organizations.
“Our report shows the value of careful documentation of suspicious incidents, and ongoing engagement between researchers, civil society organizations, and those who are targeted by malicious actors who wish to do harm. The epidemic of targeted digital attacks facing civil society will require an all-of-society defense.” – Ron Deibert, Director, The Citizen Lab, Munk School of Global Affairs, University of Toronto