Mexican journalist and human rights lawyers have been getting some troubling texts.
Some come in the guise of bills to pay, according to a new report from Citizen Lab. Some are dressed as AMBER alerts. Then there are texts that threaten kidnapping, and those that flaunt details of the recipients’ lives.
The texts are bait. Click on a link and spyware called “Pegasus” will infect your phone, which can be used to collect phone calls and text messages, and even take photos and record audio.
The sender of the texts is unclear—but it’s not hard to guess why the targets have been singled out.
“The targets were working on a range of issues that include investigations of corruption by the Mexican president, and the participation of Mexico’s federal authorities in human rights abuses,” according to the report.
Citizen Lab followed the trail of texts and realized the built-in spyware matched up with Pegasus, made by an Israeli firm known as NSO Group, which sells versions of its tools only to government clients.
Which, by the way, is a lucrative business if you can get into it. Governments love to buy surveillance tools.
Late last week, for example, a Danish newspaper called Dagbladet Information and the BBC co-published an investigation into how a UK company sold a surveillance system called “Evident” to the governments of Algeria, Morocco, Oman, Qatar, Saudi Arabia, and the United Arab Emirates.
The system lets users search a target’s location, what they’ve looked up online, what their texts say (reportedly encrypted or otherwise), and more.
As for NSO Group, Mexican agencies have spent more than $80 million on its spyware since 2011, according to the New York Times. Sadly, it’s part of a burgeoning industry in which companies sell surveillance tools to governments to the detriment of their citizens.