One day in May 2017 after the investigative journalist Javier Cárdenas was assassinated in Mexico, two of his colleagues at the Ríodoce newspaper began receiving text messages claiming to have information about the killer.
The texts sent to Andrés Villarreal and Ismael Bojórquez, Ríodoce’s director, included links promising evidence that would prove a Mexican drug cartel was behind Cárdenas’ death. But the messages in fact were a surreptitious attempt by a Mexican government-linked organization to hack the journalists’ phones with Pegasus, a hacking tool that would have allowed operators to monitor their text messages, pictures, location and covertly activate the phones’ microphone and camera.
Neither man clicked the links, suspicious that public officials were somehow behind the ruse. Researchers later confirmed their hunch, according to the New York Times.
“I believe they wanted to search our conversations and messages for clues to the murder of Javier, but we are absolutely against this,” Bojórquez told the Times. “Nothing obtained illegally should be used in an investigation, and especially not from those who are involved professionally and emotionally to the victim.”
The attempted hacks were revealed in a report published Tuesday by Citizen Lab, a human-rights and digital-security group that now pegs the number of individuals targeted with the Pegasus malware in Mexico at 24. Pegasus is sold by NSO Group, an Israeli digital arms dealer that provides governments with tools meant only to help combat terrorism and criminal activity. But a growing body of research provides evidence that Pegasus increasingly is used by repressive governments to stifle investigative journalism, anti-corruption watchdogs and forms of political dissent.
The Mexican government is one of many that has purchased the Pegasus spying tool.
Saudi Arabia was in negotiations with NSO Group in June 2017, just before Crown Prince Mohammad bin Salman began consolidating power by purging political rivals from government, according to Haaretz. NSO Group has maintained that it does not violate any laws, though Haaretz reports that Saudi Arabia has used the company’s technology to spy on activists living in London and Canada.
Journalist Jamal Khashoggi also was tracked with the Pegasus spyware before he was murdered by Saudi Arabian government agents in October, according to Edward Snowden.
Citizen Lab in its report Tuesday also said infection attempts have occurred against targets located in the U.S., U.K., the United Arab Emirates, and elsewhere.