Dozens of journalists and human rights defenders in El Salvador had repeatedly hacked their cell phones with sophisticated spyware over the past year and a half, an internet watchdog said Wednesday.
Reporting on its latest findings about Israeli firm NSO Group’s use of Pegasus spyware, the University of Toronto’s Citizen Lab said it had identified a Pegasus operator operating almost exclusively in El Salvador in early 2020.
Although the researchers could not conclusively link the hack to the government of El Salvador, the report said, “the strong country-specific focus of the infection suggests that it is very likely.”
President Nayib Bukele’s spokeswoman Sofia Medina said in a statement that “El Salvador is neither affiliated with Pegasus nor a customer of the NSO Group.” He said that the government does not have a license to use such software.
He said the government was investigating the use of Pegasus to hack phones in El Salvador.
Medina said she also received an alert from Apple on November 23 after other victims said she may have been a victim of state-sponsored hacking. He said El Salvador’s Minister of Justice and Security had received the same message that day. Medina said government officials were not involved in Citizen Lab’s investigation.
NSO, which was blacklisted by the US government last year, says it only sells its spyware to legitimate government law enforcement and intelligence agencies used by Israel’s Defense Ministry against terrorists and criminals. Is.
The highly popular President Bukele has raided El Salvador’s free press against his critics, many of whom were targeted in hacking attacks.
Citizen Lab conducted a forensic analysis of 37 devices after the owners suspected they might have been the target of hacking. His investigation with Access Now was reviewed by Amnesty International’s Security Lab.
“The aggression and persistence of the hacking was jaw-dropping,” said John Scott-Railton, senior researcher at Citizen Lab and author of the report.
Scott-Relton said, “I’ve seen a lot of Pegasus cases, but what was particularly disturbing in this case was its association with physical threats and violent language against the media in El Salvador.”
“It’s something that probably won’t surprise you in a dictatorship, but at least on paper El Salvador is a democracy,” he said.
Citizen Lab has uncovered the use of Pegasus to target journalists, human rights defenders, diplomats and dissidents over the past several years. Targets are from Saudi Arabia, the United Arab Emirates, Mexico and the United States.
While Citizen Lab isn’t accusing the Bukele government of the massive hack, Scott-Relton said all circumstantial evidence points in that direction. The victims are almost exclusively in El Salvador.
The infrastructure used to infect Pegasus victims is global so in this case the command-and-control server that manages surveillance would not be expected to be local.
Twenty two of them targeted work for an independent news site power station, which was working on stories related to the Bukele administration’s alleged deal-making with street gangs from El Salvador during the hacking period, in order to support Bukele’s party in midterm elections in exchange for benefits to gang leaders.
Bukele has vehemently denied that there were any talks with the gang. In December, the US Treasury nominated two officials from Bukele’s government, and charged power station Had the administration struck a deal with gangs.
Julia Navarret, one of them power station Journalists whose phones were hacked said on Wednesday that while the software does not allow anyone to listen to all calls, it is “recorded in the device and extracts all information.”
Carlos Grandfather, power stationThe director of the U.S. said that the high point of interference in his phone was in September 2020, when power station Broke the story about alleged interactions between Bukele’s government and the gangs.
“These coincidences are not so unnecessary in the end,” he said. “Highest intensity of telephone interference against 22 people” power station Happened in the months surrounding our most sensitive and most important government publications. ,
Carlos Martinez, an investigative reporter power stationsaid that the analysis found that the hackers spent 269 days inside his phone.
“It doesn’t stop being frightening,” he said. “It’s hard to process.”
The spyware operator actually tried to re-enter his phone while it was being analyzed, allowing investigators to determine that the operator was in El Salvador.
Apple sued NSO in November, trying to prevent its software from compromising its operating system. Facebook sued the company in 2019 alleging that it was hacking its WhatsApp Messenger app.