The Israelis had come to Mexico to close an important sale: the Mexican Army was about to become the first customer to purchase their product, the world’s most advanced spyware.
But before they could close the deal, an argument broke out over price and how quickly the spy tool could be delivered. A Mexican General overseeing the negotiations called for a pause until later that night, according to two people present and a third with knowledge of the conversations. “We will pick you up at your hotel and we will make sure to provide a better environment,” they recalled her saying.
That night, a couple of cars pulled up to the Israeli executives’ hotel and took them to a strip club in the heart of Mexico City. The General’s security team ordered the other customers to leave, the three people said, and talks resumed. It was in that dark cabaret in March 2011, between dancers and shots of tequila, where the most powerful cybernetic weapon that exists began.
Spyware, known as Pegasus, has since become a worldwide byword for the chilling scope of state surveillance, a tool used by governments from Europe to the Middle East to hack thousands of mobile phones. And no place has had more experience with the promise and danger of technology than Mexico.
A New York Times investigation based on interviews, documents and forensic evidence of hacked phones shows the secret deals that led Mexico to become Pegasus’ first customer and reveals that the country became its most prolific user.
Mexico went on to use the surveillance tool against civilians who oppose the state — abuses the country insists have stopped. But The Times found that Mexico has continued to use Pegasus to spy on human rights defenders, even in recent months.
Many tools can infiltrate digital life, but Pegasus is exceptionally powerful. It can infect your phone without any hint of intrusion and extract everything on it—every email, text message, photo, calendar appointment—while monitoring everything you do with it, in real time. You can record every keystroke, even when using encrypted apps, and watch through the camera or listen through the microphone, even if your phone appears to be turned off.
It has been used to fight crime, helping to dismantle child abuse rings and arrest notorious figures like Joaquín Guzmán Loera, the drug lord known as El Chapo. But also has been illegally deployed to spy on and stifle human rights defenders, defenders of democracy, journalists and others who oppose corruption and abuses.
In 2021, alarmed at how Pegasus had been used to “maliciously target” dissidents around the world, the Biden Administration blacklisted the NSO Group, the Israeli company that makes the spyware. Soon after, Israel’s Defense Ministry — which must approve the export of Pegasus to other nations — said it would ban sales to countries where there was a risk of rights violations.
Yet despite ample evidence of Pegasus abuses in Mexico, the Israeli government has not ordered a halt to its use in Mexico, according to four people with knowledge of the technology contracts.
In fact, the four people say, the Mexican Army has attacked more cell phones with spyware than any other government agency in the world.
After the revelations that Pegasus had been brandished against critics of his predecessor’s government, President Andrés Manuel López Obrador, who took office in 2018, has vowed to stop what he called the “illegal” spying of the past. But previously undisclosed evidence shows that, as recently as the second half of 2022, Pegasus infiltrated the cell phones of two of the country’s leading human rights defenders, who provide legal representation to the victims of one of the most notorious mass disappearances in the history of Mexico.
The Israeli Defense Ministry declined requests for comment. A spokesman for the Mexican president also declined to comment. Mexico’s defense ministry declined to address the recent hack, but said it followed the government’s position, which says intelligence gathering “is not intended” to invade the private lives of political, civic and media figures.
This was the second wave of attacks on Santiago Aguirre’s phone, one of the human rights defenders. He had also been attacked with Pegasus during the previous Administration, he discovered Citizen Lab, a surveillance group based at the University of Toronto. “This government made so many promises that things would be different,” he said. “Our first reaction was to say, ‘This can’t be happening again.'”
The beginnings of Pegasus in Mexico have been shrouded in secrecy for a long time. After the night at the strip club, Israeli executives from NSO Group, then a fledgling startup, returned to Tel Aviv with the outlines of their first sale.
A few months later, a team of NSO representatives returned to Mexico to show the spyware to some of the most powerful people in the country. Two people who were at the demo said it had taken place at a military base on the outskirts of Mexico City, where the first Pegasus machine would be installed.
when they came then President Felipe Calderón and his Secretary of Defense, Guillermo Galván Galván, watched as a phone was hacked, the attendees said. Udi Doenyas, chief technology officer of NSO Group, who invented the Pegasus architecture, confirmed that he had connected the Pegasus system to a display and delivered a BlackBerry phone to senior Mexican officials. As they did so, the phone showed no indication of being compromised, but the Pegasus system methodically began extracting each piece of information, transmitting it to a screen for all to see.
Miguel Ángel Sosa, Calderón’s spokesman, acknowledged that the former president had visited a military installation for “presentations on tasks” that were being carried out, “including the collection of data and intelligence.” But he said Calderón was never told if he ultimately bought the spyware.
At that moment, Mexico desperately needed a way to hack BlackBerry phones, a device favored by drug cartels. The criminals were careful, former officials said, moving around and turning off their phones to avoid capture. “It didn’t give you time to launch an operation,” said Guillermo Valdés, former director of CISEN, the equivalent of the CIA in the country, from 2007 to 2011.
The military signed the contract shortly after the demo. In September 2011, NSO employees flew to Mexico to install Pegasus and instruct a Mexican team on how to operate it, according to three people familiar with the installation. The team was a secret arm of the Army.
After Enrique Peña Nieto took office in 2012, two more agencies bought it: the attorney general’s office and CISEN, according to Mexican officials and people with knowledge of the contracts. In all, Mexico has spent more than $60 million on Pegasus, Mexican officials say.
The Mexican Army has acknowledged having had Pegasus only between 2011 and 2013. But a group of independent experts investigating the disappearance of 43 students who were planning to attend a protest said the military had him when they were abducted in 2014 and that he was spying on the people involved in the crime the night the events occurred.
After López Obrador took office, he dissolved the Federal Police and replaced the Mexican spy agency with a new entity. Since 2019, only the Army has had Pegasus, say four people with knowledge of the contracts. And spyware has continued to be used against journalists, human rights defenders and an Opposition politician, Citizen Lab analysis shows.
In December, Aguirre received an email that sounded like a spy novel. “Apple believes you are under attack by state-sponsored attackers attempting to remotely compromise the iPhone associated with your Apple ID,” the message read. “These attackers are likely to attack you individually because of who you are or what you do.”
Aguirre, executive director of the Miguel Agustín Pro Juárez Human Rights Center, ran down the hall to the office of María Luisa Aguilar, who is in charge of the group’s international work. She had received the same email. The two contacted the Mexican digital rights group known as R3D, which had their phone data analyzed with Citizen Lab. The latter confirmed that both were hacked multiple times by Pegasus from June to September 2022.
“In the eyes of the armed forces, we represent a risk,” Aguilar said. “They don’t want to lose the power they have accumulated.”
NATALIE KITROEFF AND RONEN BERGMAN
THE NEW YORK TIMES
BBC-NEWS-SRC: https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html, IMPORTING DATE: 2023-04-28 16:30:07
#Pegasus #advanced #spyware #world #Mexico #acquired #Israel