After a recent investigation, Mexican NGOs allege that the Mexican government is deploying sophisticated mobile spying software on local journalists, lawyers and activists. Using fake custom messages, such as news, pictures and text messages to lure victims into clicking various URLs, a series of zero-day vulnerabilities would be exploited to allow remote control of the targeted devices.
The spying software, dubbed Pegasus, is believed to have been developed and sold to governments by Israel’s NSO Group, sporting capabilities that allegedly allow its buyers to remotely compromise popular operating systems such as Android, iOS and Blackberry. Governments willing pay an initial $500,000 installation fee and per-device fees that range from $60,000 to $650,000 – depending on the targeted mobile OS – are allegedly given the tools to gain “unlimited access to a target’s mobile devices” without leaving any traces.
The journalists allegedly infected with the software have filed charges with the attorney general’s office against the Mexican government, as they believe they have been spied upon illegally. The nine plaintiffs are known to have been investigating and exposing human rights violations by the Mexican government.
“This is an operation by the Mexican state, in which state agents — far from doing what they should legally do — have used our resources, our taxes, our money to commit serious abuses,” said journalist Carmen Aristegui. “What does the Mexican president have to say today about this treacherous, illegal spying?”
Although NSO Group claims to vet clients before selling them their surveillance software, so that it is only used against terrorists or criminals, at least three Mexican federal agencies have allegedly purchased $80 million-worth of cyber tools from NSO Group since 2011, according to the New York Times.
“The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars,” writes the New York Times. “It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.”