Pegasus Was Used Against Mexican Journalists, Activist After President Said ‘No More Abuse’

Findings verified by the cybersecurity watchdog Citizen Lab confirmed that the phones of three individuals were infected with the Israeli spyware during Andres Manuel López Obrador's term.

Listen to this article:

New Delhi: Despite Mexico’s President Andres Manuel López Obrador claiming government agencies did not abuse spyware after he came to power, the mobile phones of at least two Mexican journalists and a human rights activist were infected with the powerful Pegasus spyware between 2019 and 2021, a new investigation has found.

The Mexican digital rights organisation Red en los Defensa de los Derechos Digitales (R3D) documented infections with Pegasus spyware against the three individuals, which occurred after President López Obrador gave assurances that there would be no more abuses of the spyware. The findings were verified and confirmed by the cyber-security watchdog, the University of Toronto-based Citizen Lab. Obrador came to power in 2018.

“The findings of this investigation show that the federal government has reneged on its commitment to end illegal espionage in Mexico, in addition to refuting the theses on which the current administration has relied to deepen militarisation in the country,” said R3D’s report.

The flagship product of the Israeli firm NSO Group, Pegasus is used to target phones selected by clients by sending customised text messages with a link. If the targeted phone user clicks on the link, the NSO client can access all the information on the device, from call records to chats, photos and emails. The phone’s microphone and camera can also be remotely switched on for eavesdropping. The spyware can also be installed through a zero-click exploit, which does not require the target to click on a link.

Though NSO claims that the spyware is sold to “vetted governments” to target criminal and terror gangs, widespread global abuse has been documented.

Also read: Revealed: How The Wire and Its Partners Cracked the Pegasus Project and What It Means for India

Mexico was the first country to buy Pegasus and has been described as a laboratory where the application was developed further. Mexico’s defence ministry had been the first client for Pegasus spyware, but other government agencies followed suit. 

In 2017, Citizen Lab, R3D, SocialTic and Article19 released eight reports on the widespread abuse of Pegasus in Mexico, targeting civil society, journalists, lawyers, anti-corruption groups, politicians and even intentional investigators. 

After President López Obrador took over in 2018, his government announced that the domestic intelligence agency, Cisen, extensively used Pegasus from 2014-17, coinciding with the term of his predecessor, President Enrique Peña Nieto and the Institutional Revolutionary Party (PRI).

Mexico's President Enrique Pena Nieto gives a speech during the opening of the World Cancer Leaders' Summit in Mexico City, Mexico November 14, 2017. Credit: Reuters/Henry Romero/Files

Mexico’s former president Enrique Pena Nieto. Photo: Reuters/Henry Romero/Files

“We have not purchased systems for interceptions, among other things because of the corruption that was involved in the purchase of all of this equipment at very elevated prices, to foreign companies, spy systems, a lot of money was spent, there is still unused equipment purchased in the previous government. We don’t do that. And we don’t do it because it is a matter of principle,” López Obrador assured in 2019, as per a translation provided by Citizen Lab.

As part of the 2021 Pegasus Project, it was found that at least 50 individuals connected to López Obrador were confirmed to be in the leaked NSO data of potential targets between 2016 and 2017. 

Perusing the leaked records, Pegasus Project journalists also detected phone numbers of at least 45 former and current governors of Mexico’s 32 states. This included 29 who were sitting governors in 2016 and 2017.

The Wire had been part of the Pegasus Project, which was steered by France-based media non-profit organisation Forbidden Stories with technical support from human rights watchdog Amnesty International.

Among the leaked database of 50,000 phone numbers of potential Pegasus targets, Mexico had the largest cluster of more than 15,000 phone numbers.

Following the revelations of the Pegasus Project, President Lopez Obrador again gave assurances that his government does not use Pegasus spyware. “This does not happen. The government does not spy on anyone,” he said on July 20, 2021.

But, as the latest report reveals, the public assurances did not seem to have been implemented.

Also read: Pegasus: The New Global Weapon for Silencing Journalists

“The latest findings by R3D indicate that Pegasus abuses continued in Mexico. Their report also highlights evidence of recent contracts between Mexico’s Secretary of National Defense (SEDENA), and companies linked to prior sales of Pegasus to the Mexican government,” said the Citizen Lab report.

Who were the targets?

For over 20 years, as a human rights activist, Raymundo Ramos Vázquez has highlighted human rights abuses by the armed forces in the state of Tamaulipas. His phone was infected with Pegasus three times between August and September 2020 – just after he publicly denounced the video showing the extrajudicial killing of three civilians by the Mexican army in Nuevo Laredo.

R3D noted that during the timeframe of the targeting, Ramos was meeting with representatives of the Office of the United Nations High Commissioner for Human Rights (OHCHR), Mexico’s National Human Rights Commission (CNDH), officials from Mexico’s Navy and the Secretary of Defence, and members of the media

Ricardo Raphael, a prominent journalist, had been first targeted in 2016 and then in 2017 when the media was extensively investigating the 2014 disappearance of 43 students in Ayotzinapa

During the current regime, R3D found that his phone was repeatedly infected in October and November 2019 when he was on a publicity tour for his book, Hijo de la Guerra, which fictionalises the saga of the Los Zetas Cartel and its origins in the Mexican Army.

His phone was again infected with Pegasus in 2020 after he wrote several articles on extrajudicial detentions and official impunity, including in the Washington Post

He had also accused Mexico’s attorney general of grave misconduct in investigating the 2014 student disappearances. His claim was cited by another prominent news outlet, Aristegui Noticias. A day later, his phone was targeted.

In July 2022, Raphael claimed that snippets of a private communication he had in 2019 were taken out of context and shared with his contacts in an apparent effort to discredit him.

Another journalist of Animal Político, a digital media outlet covering issues related to human rights, corruption and accountability, was also targeted on the day of publishing a report on human rights violations by Mexican armed forces.

The journalist, whose identity has been concealed due to security reasons, was attacked with Pegasus on June 10 2021, as per the forensic analysis by Citizen Lab.