Report: Mexico Continued to Use Spyware Against Activists

The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.

Press freedom groups said Monday they found evidence of recent attempts to use the Israeli spyware program Pegasus against activists investigating human rights abuses by the Mexican army. The Pegasus infection was confirmed through a forensic investigation by the University of Toronto group Citizen Lab.

According to a report by the press freedom group Article 19, The Network for the Defense of Digital Rights and Mexican media organizations, the targets included rights activist Raymundo Ramos.

Ramos has worked for years documenting military and police abuses, including multiple killings, in the drug cartel-dominated border city of Nuevo Laredo. Ramos’ cellphone was apparently infected with Pesgasus spyware in 2020.

“They do not like us documenting these types of cases, for them to be made public and have criminal complaints filed,” Ramos said.

The other victims included journalist and author Ricardo Raphael in 2019 and 2020, and an unnamed journalist for the online media outlet Animal Politico.

Daniel Moreno, the director of Animal Politico, said “if the president didn’t know, that is very serious because it means the army engaged in spying without his consent. If the president did know, that is also very serious.”

López Obrador took office in December 2018 pledging to end government spying. The president said he himself had been the victim of government surveillance for decades as an opposition leader.

“We are not involved in that,” Lopez Obrador said in 2019, in response to questions about the use of Pegasus. “Here we have decided not to go after anybody. Before, when we were in the opposition, we were spied on.”

The report Monday alleged the Mexican army has requested price quotes for surveillance programs from companies connected to the distribution of Pegasus, which the company says is sold only to governments.

The report said the hacker group Guacamaya found army documents listing requests for price quotes from 2020, 2021 and 2022.

The victims of the spyware attacks said they assumed the military was responsible, because of the nature of their work and the timing of the espionage.

Leopoldo Maldonado, the director of Article 19, said, “All of this indicates two possible scenarios: the first, that the president lied to the people of Mexico. The second is that the armed forces are spying behind the president’s back, disobeying the orders of their commander in chief.”

Contacted for comment, a spokesman for Mexico’s Defense Department said it had no immediate comment on the allegations.

In 2021, a Mexican businessman was arrested on charges he used the Pegasus spyware to spy on a journalist, but the Israeli spyware firm NSO Group distanced itself from that man. The businessman has long been described in Mexico as an employee of a firm that acted as an intermediary in the spyware purchases.

López Obrador’s top security official has said that two previous administrations spent $61 million to buy Pegasus spyware.

The NSO Group has been implicated in government surveillance of opponents and journalists around the world. The company said “NSO’s technologies are only sold to vetted and approved government entities.”

Mexico had the largest list — about 15,000 phone numbers — among more than 50,000 reportedly selected by NSO clients for potential surveillance.

López Obrador has relied more on the military and given it more responsibilities — from building infrastructure projects to overseeing seaports and airports — than any of his predecessors.

That has raised concerns that the Mexican army — which has traditionally stayed out of politics — may be turning into a force unto itself, with little oversight or transparency.