The cellphones of nearly three dozen journalists and activists in El Salvador, several of whom were investigating suspected state corruption, have been hacked since mid-2020 and tipped with sophisticated spyware normally only available to governments and law enforcement agencies, a Canadian research institute said has found.
The alleged hacks, which took place in El Salvador in an increasingly hostile environment to media and human rights organizations under populist President Nayib Bukele, were discovered late last year by The Citizen Lab, which investigates spyware at the University of Toronto’s Munk School of Global Affairs. Human rights group Amnesty International, which partnered with Citizen Lab on the investigation, said it later confirmed a sample of Citizen Lab’s findings through its own branch of technology.
Citizen Lab said it found evidence of break-ins on the phones that occurred between July 2020 and November 2021. It said it couldn’t identify who was responsible for delivering the Israel-developed spyware. The software known as Pegasus has been purchased by government actors around the world, some of whom have used the tool to monitor journalists.
In the El Salvador attack, the heavy focus on editors, reporters and activists working in this only Central American country points to a local customer with a particular interest in their activities, said Scott-Railton, a senior researcher at Citizen Lab.
“I can’t see a case where almost exclusive Pegasus targeting in one country didn’t become a user in that country,” said Scott-Railton.
Citizen Lab released a report on its findings on Wednesday.
In a statement to Reuters, the Bukele communications bureau said the El Salvador government is not a customer of NSO Group Technologies, the company that developed Pegasus. It said the government is investigating the suspected hacker attack and has information that their phones may also have been infiltrated by some high-ranking government officials.
“We have indications that we government officials are also victims of attacks,” the statement said.
Pegasus enables users to steal encrypted messages, photos, contacts, documents and other sensitive information from infected phones without the users’ knowledge. According to product manuals verified by Reuters, it can also turn cell phones into eavesdropping devices by silently activating their cameras and microphones.
NSO, which has kept its customer list confidential for a long time, did not want to comment on whether El Salvador was a Pegasus customer. The company said in a statement that it only sold its products to “verified and legitimate” crime-fighting intelligence and law enforcement agencies and was not involved in surveillance operations. NSO said it has a “zero tolerance” policy for the misuse of its spyware for activities such as monitoring dissidents, activists and journalists and has terminated the contracts of some customers who have done so.
Citizen Lab researchers said they began forensic analysis of the phones in El Salvador in September after being contacted by two journalists who suspected their devices might be compromised.
The researchers said they eventually found evidence that spyware was installed on a total of 37 devices by three human rights groups, six news publications, and an independent journalist.
The online news site El Faro was hardest hit. Citizen Lab researchers said they found telltale traces of spyware infections on the phones of 22 reporters, editors, and administrative staff – more than two-thirds of the company’s employees – and evidence that many of those devices, including some Data was stolen after extracting gigabytes of material.
El Faro was continuously monitored for at least 17 months, between June 29, 2020 and November 23, 2021, with editor-in-chief Oscar Martinez’s phone being infiltrated at least 42 times, Citizen Lab claimed.
“It is difficult for me to think anything else than the government of El Salvador or to infer from it,” said Martinez behind the alleged hacks. “It is evident that there is a radical interest in understanding what El Faro is doing.”
During the alleged infiltrations with Pegasus, El Faro reported extensively on scandals surrounding Bukele’s government, including allegations that he was negotiating a financial deal with the violent street gangs of El Salvador to lower the homicide rate in order to increase public support for the president’s New Ideas party raise .
Bukele, who often walks with the press, publicly condemned El Faro’s coverage of these alleged conversations in a Twitter post on September 3, 2020 as “ridiculous” and “false information”.
Phone sniffing is not new in El Salvador, according to Citizen Lab. A 2020 report claimed that El Salvador was among at least 25 countries that use mass surveillance technology from an Israeli company called Circles. Circles technology differs from Pegasus in that it soaks up data from the global telephone network instead of installing spyware on certain devices. The report claimed the Circles system had been in operation in El Salvador since 2017.
Circles was not immediately available for comment.
Bukele’s communications secretary, Sofia Medina, found his government was out of power in 2017 and claimed without evidence that the alleged Pegasus attacks were a continuation of surveillance by an unknown “powerful group”.
The latest investigation by Citizen Lab in El Salvador was carried out in collaboration with digital rights group Access Now with investigative support from human rights groups Frontline Defenders, SocialTIC and Fundacion Acceso.
Check out the latest from the Consumer Electronics Show on Gadgets 360 in our CES 2022 hub.