Notorious Israeli surveillance company’s NSO Group’s Pegasus software appears to have been used once again in an authoritarian spying campaign despite recent reports the company itself is haemorrhaging cash over rising debt and growing international scrutiny. This time, Pegasus was reportedly used to infect the devices of 35 journalists and members of civil society in El Salvador, according to a new investigation conducted by The Citizen Lab and Access Now.
The hacking operations, which were carried out between July 2020 and November 2021, appear to have targeted journalists working in at least six publications, some of which were conducting investigations into allegations of state corruption. 12 journalists at a single publication, El Farro, reportedly received a “state-sponsored spyware” alert from Apple tipping them off to the spying attempts.
As a refresher, once a target is successfully infected, Pegasus software allows the end-user to surveil the target’s photos, documents, and even encrypted messages without the target ever knowing. Over its 11-year history, NSO Group’s spyware has repeatedly been used to target journalists, human rights advocates, children, and even some political leaders. The company has shown a willingness to sell its services to authoritarian regimes, with previous reports highlighting Pegasus’ use by actors in Bahrain, The United Arab Emirates, Mexico, and Hungary, among others.
NSO Group did not immediately respond to Gizmodo’s request for comment but told Reuters it has a “zero-tolerance” policy for misuse of its products. For what it’s worth, spying on members of the press is considered misuse according to the company. Whether or not that actually means anything in practice is something else entirely. While NSO officially bills itself as a crime-fighting tool used by law enforcement to combat terrorism, its clients have in the past been known to abuse the technology.
The El Salvador operation specifically was notable in its scope and aggression. According to Access Now, the nearly year and a half-long surveillance campaign amount to one of the most “persistent and intensive” known uses of Pegasus to target journalists.
“I’ve seen a lot of Pegasus cases but what was especially disturbing, in this case, was its juxtaposition with the physical threats and violent language against the media in El Salvador,” Citizen Lab researcher Scott-Railton told the AP. “This is the kind of thing that perhaps wouldn’t surprise you in a dictatorship but at least on paper El Salvador is a democracy.”
Though The Citizen Lab Report noted it couldn’t draw a direct connection between the infected devices and the Salvadoran government, the evidence appears to lean in that direction. According to Citizen Lab, most of the attacks occurred around the same time targets were working on projects that would be of interest to President Nayib Bukele’s regime.
In a statement given to the Associated Press, a spokesperson for Bukele, denied the connection, saying, “El Salvador is in no way associated with Pegasus and nor is a client of NSO Group.” That official went on to say the government is investigating the hacking attempts and even claimed she herself had received an alert from Apple informing her that she may have been targeted by a state-sponsored hacking attempt. (Scott-Railton pushed back against the government’s response on Twitter).
7/ El Salvador's crisis management is 'hey some in gov were targeted, too'
Haven't analyzed those cases & don't know who did them.
But.. why am I reminded that autocrats have a bad habit of monitoring 'friends' alongside perceived enemies?
— John Scott-Railton (@jsrailton) January 13, 2022
News of the surveillance operation comes as Bukele, who some have dubbed a “Millennial Dictator”, is taking active steps to manufacture an image of himself for foreign observers as Latin America’s tech-friendly crypto king.
Last year, Bukele famously pushed a controversial new law making bitcoin an official legal tender and requiring its use for payments by businesses. The leader has even spoken of building a literal bitcoin city powered by geothermal energy from the base of a volcano. The mostly tax-free zone would reportedly feature a central plaza that will look like a bitcoin symbol from above and may serve as a hub for energy-intensive crypto mining.
International regulators have expressed concerns over El Salvador’s bitcoin embrace, warning it could make the country a hotbed for money laundering and other financial crimes. Credit rating agency Fitch also expressed concern last year that the new law could essentially funnel Bitcoin traffic through El Salvador which may “increase the risks that proceeds from illicit activities pass through the Salvadoran financial system,” Fitch told Reuters.
Both Citizen Lab and Access now have released statements urging the international organisations to step up efforts to combat surveillance operations moving forward.
“The world is witnessing an unprecedented explosion of the use of government-mandated surveillance, supported by private companies like NSO Group,” Access Now wrote in a statement. “The lack of accountability for such egregious conduct by public authorities and private companies allows the surveillance culture to flourish, and destroy human rights.”