Report: Wife Of Slain Mexican Journalist Targeted With Spyware
On May 15, 2017, Javier Valdez was killed in Sinaloa, where he reported on cartels and drug trafficking. Ten days later, his widow journalist Griselda Triana received bait messages connected to a Mexican spyware program called Pegasus, Citizen Lab reported.
The Toronto-based watchdog group says it’s one of 25 confirmed attempts to infect the cell phones of Mexican journalists, activists and others with the spyware.
Pegasus allows for the monitoring of cell phones, said said John Scott-Railton, a senior researcher with Citizen Lab and an author on the new report.
"And it works by getting onto the phone either through trickery or some kind of remote exploitation, and then turns the phone into a virtual spy in your pocket," that can access the phone's content as well as the microphone and camera, he said.
The Mexican government purportedly bought the program from the Israeli company NSO Group to combat crime and terrorism.
But the people being targeted put that into question, Railton said.
“We don’t really know what the motivation is, but it doesn’t appear to be a lawful motivation," he said.
The 25 cases reported by Citizen Lab bring up concerns about justice for the people targeted, he said, but they also point to a lack of checks on the use of this kind of technology, both by the Mexican government and the company that licenses it.
Earlier reports from Citizen Lab about the misuse of Pegasus spurred the Mexican government to start and investigation, Railton said. But there hasn't been much progress and there is concern evidence may have been destroyed.
In addition to Triana, there have been several other people with ties to someone who was killed or disappeared in a cartel-related incident who have been targeted with Pegasus, Railton said, including two of Valdez's colleagues, who also received infected messages, he said.
“We just see again and again this kind of scary nexus of cartel-linked murder and Pegasus, targeting the family members and their advocates. It’s a very concerning state of affairs," he said. “This is what makes it so troubling to see that it looks like somebody in an official position is using this kind of tool to target people.”
He added that Citizen Lab has also tracked Pegasus outside of Mexico and has detected an infected device in Arizona.
“We found in some scanning work that we did last year that there appeared to be a number of infections within United States IP space, and one of those infections appears to be localized around Arizona," he said. "So we don’t know what that may be or who the victim may be. But it’s certainly very concerning. The possibility that this kind of stuff could spill across the border is very troubling.”