Canada’s Citizen Lab says dozens of journalists, activists in El Salvador targeted by spyware

Canada’s Citizen Lab says the cellphones of nearly three dozen journalists and activists in El Salvador, several of whom were investigating allegations of state corruption, have been hacked since mid-2020 and implanted with spyware sophisticated generally available only to governments and law enforcement.

The alleged hacks, which took place in an environment increasingly hostile in El Salvador to media and the rights organizations of populist President Nayib Bukele, were uncovered late last year by the Citizen Lab, which studies the spyware at the Munk School of Global Affairs at the University of Toronto.

Human rights group Amnesty International, which collaborated with Citizen Lab on the investigation, said it later confirmed a sample of Citizen Lab’s findings through its own tech arm.

Citizen Lab said it found evidence of incursions on phones between July 2020 and November 2021. It said it could not identify who was responsible for the deployment of the Israeli-designed spyware known as Pegasus. The software was purchased by state actors around the world, some of whom used the tool to monitor journalists.

During the attack in El Salvador, the heavy focus on editors, journalists and activists working inside that one Central American country points to a local client with a particular interest in their business, Scott said. Railton, Principal Investigator at Citizen Lab.

“I can’t think of a case where the near-exclusive targeting of Pegasus in one country would not have ended up being a user in that country,” Scott-Railton said.

The government of President Nayib Bukele, seen here in 2019, has said it is not a customer of NSO Group Technologies, the company that developed the Pegasus spyware. (José Cabezas / Reuters)

Bukele government claims he is the victim

Citizen Lab released a report on its findings on Wednesday.

In a statement to Reuters, Bukele’s communications office said the government of El Salvador was not a client of NSO Group Technologies, the company that developed Pegasus. He said the administration was investigating the alleged hack and had information that some senior administration officials may have seen their phones infiltrated as well.

“We have indications that we government officials are also victims of attacks,” the statement said.

Pegasus allows users to steal encrypted messages, photos, contacts, documents, and other sensitive information from infected phones without the users’ knowledge. It can also turn handsets into listening devices by silently activating their cameras and microphones, according to product manuals reviewed by Reuters.

A logo adorns the wall of a branch of the Israeli company NSO Group, near the town of Sapir, in southern Israel. The company did not want to say whether El Salvador was a customer of Pegasus. (Sebastian Scheiner / The Associated Press)

NSO, which has long kept its client list confidential, declined to say whether El Salvador was a Pegasus client. The company said in a statement that it sold its products only to “controlled and legitimate” intelligence and law enforcement agencies to fight crime and that it was not involved in surveillance operations. . NSO has stated that it has a “zero tolerance” policy for the misuse of its spyware for activities such as monitoring dissidents, activists and journalists and that it has terminated the contracts of some customers who have it. do.

Citizen Lab researchers said they began a forensic analysis of El Salvador’s phones in September after being contacted by two reporters there who suspected their devices could be compromised.

Researchers said they eventually found evidence that spyware was installed on a total of 37 devices belonging to three human rights groups, six news outlets and a freelance journalist.

Under surveillance for 17 months

The El Faro online news site was hit the hardest. Citizen Lab researchers said they found revealing traces of spyware infections on the cellphones of 22 journalists, editors and administrative staff – more than two-thirds of the company’s staff – and evidence that data had been stolen from many of these devices, including a few that had mined several gigabytes of material.

El Faro has been under constant surveillance for at least 17 months, between June 29, 2020 and November 23, 2021, with editor Oscar Martinez’s phone infiltrated at least 42 times, Citizen Lab claimed.

“It’s hard for me to think or conclude anything other than the government of El Salvador” was behind the alleged hacks, Martinez said. “Obviously there is a radical interest in understanding what El Faro is doing.”

During the time of the alleged infiltrations with Pegasus, El Faro made extensive coverage of scandals involving Bukele’s government, including allegations that he was negotiating a financial deal with violent street gangs in El. Salvador to reduce the homicide rate in order to strengthen popular support for President New Ideas’ party. .

Bukele, who speaks frequently with the press, publicly condemned El Faro’s reporting of the alleged talks as “ridiculous” and “false information” in a September 3, 2020 Twitter post.

Telephone espionage is not new in El Salvador, according to Citizen Lab. He alleged in a 2020 report that El Salvador was among at least 25 countries using bulk surveillance technology designed by an Israeli company called Circles. Circles technology differs from Pegasus in that it sucks data from the global telephone network instead of planting spyware on specific devices. The report claimed that the Circles system had been operational in El Salvador since 2017.

Circles could not immediately be reached for comment.

Sofia Medina, Bukele’s communications secretary, noted that her administration was not in power in 2017 and claimed, without providing evidence, that the alleged Pegasus attacks appeared to be a continuation of surveillance launched by a “powerful group. ” unknown.

Citizen Lab’s latest investigation in El Salvador was conducted in conjunction with digital rights advocacy group Access Now, with investigative assistance from human rights groups Frontline Defenders, SocialTIC, and Fundacion Acceso.

Leave a Reply

Your email address will not be published. Required fields are marked *