A new report from the Citizen Lab at the Munk School of Global Affairs details a spyware campaign targeting Mexican journalists, lawyers, and anti-corruption investigators. The software is developed by Israeli firm NSO Group, a self-described cyber warfare company, and is sold exclusively to governments.

The report details more than 75 infection attempts against 12 high-profile targets, who are investigating issues like the forced disappearance of Mexican students, corruption by the Mexican President, and possible human rights abuses committed by the Mexican federal government. The spyware campaign uses fake text messages, such as AMBER alerts about abducted children and warnings about personal safety, as bait to trick targets into clinking links to the NSO Group’s exploit infrastructure. One target, the child of a journalist, was sent over 20 infection attempts, including a text impersonating the United States government. “The cross-border targeting of a minor child with a government-exclusive spyware is distasteful. Doing so by impersonating the United States government is reckless, and might have violated the law,” says John Scott-Railton, senior researcher at Citizen Lab.

The Citizen Lab has extensive experience uncovering the abuse of commercial spyware and has produced numerous reports on surveillance companies such as FinFisher, Hacking Team, and NSO Group. In August 2016, Citizen Lab researchers released a report uncovering how United Arab Emirates (UAE) activist Ahmed Mansoor was targeted with NSO infrastructure and exploits designed to infect his iPhone 6 via a malicious link in an SMS text message. In February 2017 Citizen Lab, with assistance of Mexican non-governmental organizations (NGOs) R3D and SocialTic, documented how Mexican government food scientists, health, and consumer advocates also received links to infrastructure that were connected to NSO Group. “Time and again, companies like these, when presented with evidence of abuse, effectively pass the buck, claiming that they only sell to ‘government agencies’ to use their products for criminal, counterintelligence, or anti-terrorism purposes,” says Ron Deibert, director of the Citizen Lab. “The problem is that many of those government clients are deeply corrupt; what constitutes a ‘crime’ for officials and powerful elites can include any activity that challenges their position of power — especially investigative journalism.”

June 19, 2017

Read the full report.

Read blog post from Ron Deibert.

Follow this report in the news:

Using texts as lures, government spyware targets Mexican journalists and their families (New York Times)
This report says the Mexican government deployed spyware against journalists and activists (Buzzfeed)
Mexican journalists, activists targeted with spyware (Washington Post)
Report: Mexican journalists, activists targeted with spyware (Financial Post)
Mexico’s Sloppy Hacking Attempts Expose Customers of a $1 Billion Spyware Company (Motherboard)
Report: Mexican journalists, activists targeted with spyware (ABC News)
Mexican journalists targeted by spyware after investigating government corruption (The Verge)
Fake evidence of affairs and other creepy ways government spyware is targeting Mexican journalists (Quartz)
Mexico to Investigate Spying Campaign Against Journalists and Activists (New York Times)
Mexico probes spyware attacks on journalists, activists (National Post)