Canada’s Citizen Lab says the cellphones of nearly three dozen journalists and activists in El Salvador, many of whom were under investigation for alleged state corruption, have been hacked since mid-2020 and implanted with sophisticated spyware which is usually only available to governments and law enforcement.
The alleged hack, which comes amid an increasingly hostile environment in El Salvador for media and rights organizations under populist President Nayib Bukele, was discovered late last year by Citizen Lab, an organization of spyware at the University of Toronto’s Munch School of Global Affairs. studies.
Human rights group Amnesty International, which collaborated with Citizen Lab in the investigation, says it later confirmed a sample of Citizen Lab’s findings through its technology arm.
Citizen Lab said it found evidence of intrusions on phones that took place between July 2020 and November 2021. It said it could not identify who was responsible for deploying the Israeli-designed spyware known as Pegasus. The software has been purchased by state actors around the world, some of whom have used the tool to survey journalists.
In the El Salvador attack, the heavy focus on editors, journalists and activists working inside that single Central American country indicates a local client with a particular interest in their activities, said Scott-Railton, a senior researcher at Citizen Lab.
“I can’t think of a case where almost exclusive Pegasus targeting in one country didn’t end up being a user in that country,” Scott-Railton said.
Bukele government claims it is suffering
Citizen Lab released a report on its findings on Wednesday.
In a statement to Reuters, Bukele’s communications office said the government of El Salvador was not a customer of NSO Group Technologies, the company that developed Pegasus. It said the administration is probing the alleged hacking and is aware that some top administration officials may also have infiltrated his phone.
“We have indications that we, government officials, are also victims of the attacks,” the statement said.
Pegasus allows users to steal encrypted messages, photos, contacts, documents and other sensitive information from infected phones without the users’ knowledge. It can also turn the handset into an eavesdropping device by silently activating its cameras and microphone, according to a product manual reviewed by Reuters.
NSO, which has long kept its client list confidential, declined to comment on whether El Salvador was a Pegasus customer. The company said in a statement that it only sells its products to “retested and legitimate” intelligence and law enforcement agencies to fight crime and is not involved in surveillance operations. NSO said it has a “zero-tolerance” policy for misuse of its spyware for activities such as surveillance of dissidents, activists and journalists and has terminated the contracts of some customers who do so.
Researchers at Citizen Lab said they began a forensic analysis of El Salvador phones in September after they were contacted by two journalists there who suspected their devices may have been compromised.
Researchers said they eventually found evidence that spyware was installed on a total of 37 devices belonging to three human rights groups, six news publications and a freelance journalist.
under observation for 17 months
The hardest hit was the online news site El Faro. Researchers at Citizen Lab said they found telltale tracks of spyware infections on the cellphones of 22 journalists, editors and administrative personnel — more than two-thirds of the company’s employees — and evidence that data was stolen from many of those devices, Some of which several gigabytes of content were extracted.
Citizen Lab claimed that between June 29, 2020 and November 23, 2021, El Faro was under constant surveillance during at least 17 months in which editor-in-chief Oscar Martinez’s phone was hacked at least 42 times.
“It’s hard for me to think or conclude anything other than the government of El Salvador” was behind the alleged hack, Martinez said. “It is clear that there is a radical interest in understanding what El Faro is doing.”
At the time of the alleged infighting with Pegasus, El Faro reported widely on scandals involving Bukele’s government, including allegations that he was trying to reduce the murder rate to promote popular support for the president’s New Ideas party. Were negotiating a financial deal with the violent street gangs of El Salvador. ,
Bukele, who has repeatedly criticized the press, publicly condemned El Faro’s reporting of those alleged talks as “ridiculous” and “false information” in a September 3, 2020 Twitter post.
According to Citizen Lab, phone snooping is not new to El Salvador. It alleged in a 2020 report that El Salvador is among at least 25 countries using bulk surveillance technology created by an Israeli company called Circles. Circle’s technology differs from Pegasus in that it clears data from global phone networks instead of installing spyware on specific devices. The report claimed that the Circle system in El Salvador had been in operation since 2017.
Circles could not immediately be reached for comment.
Bukele’s communications secretary, Sofia Medina, noted that his administration was not in power in 2017 and claimed without evidence that the alleged Pegasus attacks appeared to be a continuation of surveillance launched by an unidentified “powerful group”.
Citizen Lab’s latest investigation in El Salvador was conducted in collaboration with digital-rights group Access Now, with investigative support from human rights groups Frontline Defenders, Social TIC and Fundación Asseso.