NSO, the Israeli company, at the center of the controversy.  AP Photo

The cellphones of dozens of journalists and human rights defenders in El Salvador were hacked repeatedly with Pegasus, a sophisticated spyware over the past year and a half, an internet monitoring group assured Wednesday.

In a report on its latest findings on the Israeli company’s Pegasus spyware use NSO Group, the University of Toronto Citizen Lab said it had identified a Pegasus operator who worked almost exclusively in El Salvador in 2020.

While investigators were unable to conclusively link the hacks to the Salvadoran government, the report noted that “the robust focus on infections in a specific country leaves see that this is very likely ”.

NSO, which the US government blacklisted last year, says it sells its spyware only to law enforcement and intelligence agencies of legitimate governments that the Israel Defense Ministry has given the go-ahead to use. against terrorists and criminals.

Sofia Medina, spokesperson for President Nayib Bukele, stated in a statement: “The government of El Salvador is in no way related to Pegasus and is not a client of NSO Group,” and assured that it does not have the permissions to use this type of software. .

The investigation

NSO, the Israeli company, at the center of the controversy. AP Photo

The government is investigating the use of Pegasus to hack phones in El Salvador, he said. Medina noted that she also received an alert from Apple on November 23, as claimed by the other victims, in which she was told it existed. the possibility that he was being the victim of state-sponsored hacking. He said that the Minister of Justice and Public Security of El Salvador received the same message that day. The Citizen Lab investigation did not include government officials, Medina said.

NSO, blacklisted last year by the US government, says it only sells its spyware to legitimate government intelligence and security agencies approved by the Israeli Defense Ministry for use against criminals and terrorists.

In a statement, NSO said it does not manage the technology once it is delivered to a customer and has no way of knowing who its customers are following. But he claimed that using his tools to follow activists, dissidents or journalists “It is a serious abuse of any technology and it goes against the desired use of such critical tools. “

The firm said that it has canceled several contracts in the past due to misuse by clients. NSO does not identify its customers. But people familiar with the company indicated that at this time it does not have an active system in El Salvador. These people, who spoke on condition of anonymity to speak about the company’s clients, indicated that NSO is trying to obtain the cell phone numbers that were monitored and will investigate if there was any inappropriate use.

“The company will use all the measures at its disposal in accordance with its contractual agreements,” these people indicated.

Bukele, an extremely popular president, has lashed out at his critics in El Salvador’s independent press, many of whom which were affected by the hacks.

Citizen Lab performed a forensic analysis of 37 devices after their owners suspected they might be being hacked. Amnesty International’s Security Laboratory reviewed their analysis, and the human rights body independently confirmed the hacks.

Nayib Bukele, President of El Salvador.  AFP photo

Nayib Bukele, President of El Salvador. AFP photo

John Scott-Railton, a Citizen Lab researcher and author of the report, stated that the “aggressiveness and persistence of the hack was surprising.”

“I have seen many cases of Pegasus, but what was particularly disturbing in this case was its juxtaposition with physical threats and language. violent against the press in El Salvador ”, commented Scott-Railton.

“These are some of the things that might not surprise you in a dictatorship but, at least on paper, El Salvador is a democracy,” he said.

Pegasus, performing since 2015

Citizen Lab identifies Pegasus victims since 2015, when spyware abuses against journalists and human rights activists were discovered in Mexico and autocratic Middle Eastern countries such as Saudi Arabia.

Dozens of cases have since been uncovered, including a dozen U.S. State Department employees in Uganda, British lawyers, and a Polish senator who led the campaign for the opposition in the 2019 elections.

While Citizen Lab does not blame the Bukele government for the massive hacking, Scott-Railton indicated that all circumstantial evidence points in that direction. The victims are almost exclusively in El Salvador.

The infrastructure used to infect Pegasus victims is global, so you would not expect the command and control servers that manage the espionage in this case were local.

Twenty-two of the affected journalists work for the independent news portal El Faro, which at the time of the hacks was working on reports related to the alleged pact between the Bukele government and the Salvadoran gangs to reduce the homicide rate in the country and provide support for the president’s party in parliamentary elections in exchange for benefits for the leaders of criminal organizations.

Bukele has strongly denied that there has been any negotiation with the gangs.

In December, the United States Department of the Treasury appointed two officials of the Bukele government to receive financial sanctions, and assured, as did El Faro, that the government had reached out to an agreement with the gangs.

El Faro wrote on Wednesday that the “phones of the editorial headquarters, journalists and administrative staff were tapped -in some cases- for up to a year and constantly. The analysis determined a total of 226 interventions in which the phones were infected. This espionage allows total control of the device: intercept messages, calls and extract all the information stored in the phones “.

With information from AFP

Leave a Reply