Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Report: Mexico Continued to Use Spyware Against Activists

The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.

The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.

Press freedom groups said Monday they found evidence of recent attempts to use the Israeli spyware program Pegasus against activists investigating human rights abuses by the Mexican army. The Pegasus infection was confirmed through a forensic investigation by the University of Toronto group Citizen Lab.

According to a report by the press freedom group Article 19, The Network for the Defense of Digital Rights and Mexican media organizations, the targets included rights activist Raymundo Ramos.

Ramos has worked for years documenting military and police abuses, including multiple killings, in the drug cartel-dominated border city of Nuevo Laredo. Ramos’ cellphone was apparently infected with Pesgasus spyware in 2020.

“They do not like us documenting these types of cases, for them to be made public and have criminal complaints filed,” Ramos said.

The other victims included journalist and author Ricardo Raphael in 2019 and 2020, and an unnamed journalist for the online media outlet Animal Politico.

Daniel Moreno, the director of Animal Politico, said “if the president didn’t know, that is very serious because it means the army engaged in spying without his consent. If the president did know, that is also very serious.”

López Obrador took office in December 2018 pledging to end government spying. The president said he himself had been the victim of government surveillance for decades as an opposition leader.

Advertisement. Scroll to continue reading.

“We are not involved in that,” Lopez Obrador said in 2019, in response to questions about the use of Pegasus. “Here we have decided not to go after anybody. Before, when we were in the opposition, we were spied on.”

The report Monday alleged the Mexican army has requested price quotes for surveillance programs from companies connected to the distribution of Pegasus, which the company says is sold only to governments.

The report said the hacker group Guacamaya found army documents listing requests for price quotes from 2020, 2021 and 2022.

The victims of the spyware attacks said they assumed the military was responsible, because of the nature of their work and the timing of the espionage.

Leopoldo Maldonado, the director of Article 19, said, “All of this indicates two possible scenarios: the first, that the president lied to the people of Mexico. The second is that the armed forces are spying behind the president’s back, disobeying the orders of their commander in chief.”

Contacted for comment, a spokesman for Mexico’s Defense Department said it had no immediate comment on the allegations.

In 2021, a Mexican businessman was arrested on charges he used the Pegasus spyware to spy on a journalist, but the Israeli spyware firm NSO Group distanced itself from that man. The businessman has long been described in Mexico as an employee of a firm that acted as an intermediary in the spyware purchases.

López Obrador’s top security official has said that two previous administrations spent $61 million to buy Pegasus spyware.

The NSO Group has been implicated in government surveillance of opponents and journalists around the world. The company said “NSO’s technologies are only sold to vetted and approved government entities.”

Mexico had the largest list — about 15,000 phone numbers — among more than 50,000 reportedly selected by NSO clients for potential surveillance.

López Obrador has relied more on the military and given it more responsibilities — from building infrastructure projects to overseeing seaports and airports — than any of his predecessors.

That has raised concerns that the Mexican army — which has traditionally stayed out of politics — may be turning into a force unto itself, with little oversight or transparency.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...