Fri | Dec 1, 2023

Dozens of El Salvador journalists, activists hacked

Published:Saturday | January 15, 2022 | 12:08 AM


Dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with sophisticated spyware over the past year and a half, an Internet watchdog said Wednesday.

Reporting on its latest findings about the use of the Israeli firm NSO Group’s Pegasus spyware, the University of Toronto’s Citizen Lab said it had identified a Pegasus operator working almost exclusively in El Salvador in early 2020.

While the researchers could not conclusively link the hacks to El Salvador’s government, the report said “the strong country-specific focus of the infections suggests that this is very likely”.

Sofía Medina, spokeswoman for President Nayib Bukele, said in a statement that “El Salvador is no way associated with Pegasus nor is a client of NSO Group.” She said the government does not have licences to use this type of software.

The government is investigating the use of Pegasus to hack phones in El Salvador, she said.

Medina said that, on November 23, she, too, received an alert from Apple, as other victims did, saying she might be a victim of state-sponsored hacking. She said El Salvador’s justice and security minister received the same message that day. The Citizen Lab investigation did not include government officials, Medina said.

NSO, which was blacklisted by the US government last year, said it sells its spyware only to legitimate government law enforcement and intelligence agencies vetted by Israel’s Defense Ministry, for use against terrorists and criminals.

In a statement, NSO said it does not operate the technology once it is given to a client, and cannot know the targets of its customers. But it said the use of its tools to monitor activists, dissidents or journalists “is a severe misuse of any technology and goes against the desired use of such critical tools.” It noted that it has terminated multiple contracts in the past because of client misuse.

NSO does not identify its customers. But people familiar with the company said it does not currently have an active system in El Salvador. The people, speaking on condition of anonymity because they were discussing the company’s clients, said NSO is trying to obtain the phone numbers that were tracked and will investigate to see if there was any misuse.

“The company will act with all measures at its disposal, based on the contractual agreements,” the people said.

Bukele, a highly popular president, has railed against his critics in El Salvador’s independent press, many of whom were targeted in the hacking attacks.

Citizen Lab conducted a forensic analysis of 37 devices after the owners suspected they could be the targets of hacking. Their investigation carried out with Access Now was reviewed by Amnesty International’s Security Lab.

John Scott-Railton, senior researcher at Citizen Lab and an author of the report, said the “aggressiveness and persistence of the hacking was jaw-dropping”.

“I’ve seen a lot of Pegasus cases but what was especially disturbing, in this case was, its juxtaposition with the physical threats and violent language against the media in El Salvador,” Scott-Railton said.

“This is the kind of thing that perhaps wouldn’t surprise you in a dictatorship, but, at least on paper, El Salvador is a democracy,” he said.