“You don’t have the balls to watch how I make out with your partner.” That’s the kind of text message several journalists and human right activists in Mexico received as part of a campaign to hack into their phones.
The messages could be traced back to government spyware, according to a new report by the Citizen Lab, a research center based at University of Toronto’s Munk School of Global Affairs. The results of the analysis, which were first reported by the New York Times, don’t lead to any particular Mexican government official or agency, but suggest that whoever was responsible had access to governmental offices and computers in Mexico.
The maker of the spyware, Israeli security firm NSO Group, says it sells it to governments for legitimate investigations into crime and terrorism. But Citizen Lab has gathered several examples of questionable use, including another case in Mexico, which is reportedly an NSO client. Earlier this year, the Lab released a report documenting attempts to infiltrate the phones of scientists IN MEXICO?YES who advocated for a soda tax. Once installed, NSO software can essentially unlock a phone, making all communications visible to whoever is spying.
The latest batch of text messages shows the range of tactics—and their varying degrees of credibility— that the hackers employed to lure their targets into clicking a malicious link. (They were collected with the help of several Mexican non-profits, which participated in the study.)
Malicious links
Carmen Aristegui, a well-known journalist who broke a story about the Mexican president’s inappropriate ties with a government contractor, received dozens of text messages.
One was a notification of a big purchase with her credit card; another, a fake Amber alert. Others tried to be more manipulative: One text says one of her major competitors has been badmouthing her. “Look at what he wrote about you today, it is urgent to deny it: [malicious link.]”
When Aristegui didn’t take the bait, the hackers moved on to her son, who at the time was under the age of 18 and living in the US. One of the texts he received was a fake alert from the US Embassy saying there was a problem with his visa. “Please go promptly to the Embassy. See details: [malicious link.]”
Carlos Loret de Mola, a TV anchor at one of Mexico’s biggest networks, got a message allegedly linking to pictures of him with a woman at dinner. “Check them out!” it said next to the link. (At the time, Loret de Mola was reporting the potential involvement of government officials in a massacre.) Two male journalists, one associated with a non-profit fighting corruption, got the exact same text daring them to see the author make out with their partners.
The hackers also used fake news. An official at the Mexican Institute for Competitiveness, which was involved in drafting an anti-corruption law, got a fake message from a news service with the headline: “The story of corruption behind the Mexican Institute for Competitiveness.”
Another non-profit official, Mario Patron, who works at a human rights group, received a text promising a story about how the government planned to handle damning findings by an independent group of experts investigating the disappearance of 43 students in the state of Guerrero. The message arrived just as the findings were about to become public, and when activists such as himself were anxious to find out how the government would react.
He clicked on the link.