Dozens of El Salvador journalists', activists' phones hacked with spyware, report finds

Dozens of journalists and human rights defenders in El Salvador have had their phones repeatedly hacked with sophisticated spyware over the past year and a half, an Internet watchdog said Wednesday.

The University of Toronto’s Citizen Lab reported its latest findings on the use of Israeli firm NSO Group’s Pegasus spyware and said it had identified a Pegasus operator in early 2020 that operated almost exclusively in El Salvador.

While the researchers could not conclusively link the hacks to the El Salvador government, the report states, “The strong country-specific focus of the infections suggests this is highly likely.”

Sofía Medina, spokeswoman for President Nayib Bukele, said in a statement that “El Salvador is in no way affiliated with Pegasus, nor is it a customer of NSO Group”. She said the government does not have licenses to use this type of software.

The government is investigating using Pegasus to hack phones in El Salvador, she said.

Medina said that she, too, received a notification from Apple on Nov. 23, as did other victims who said she may have been the victim of government-sponsored hacking. She said El Salvador’s Minister of Justice and Security received the same message that day. Citizen Lab’s investigation did not include government officials, Medina said.

NSO, which was blacklisted by the US government last year, says it only sells its spyware to legitimate state law enforcement and intelligence agencies that have been vetted by Israel’s Defense Ministry for use against terrorists and criminals.

Bukele, a very popular president, has railed against his critics in El Salvador’s independent press, many of whom have been the target of the hacks.

Nayib Bukele celebrates his victory in the 2019 presidential election.Alfredo Zuniga / Anadolu Agency via Getty Images file

Citizen Lab conducted a forensic analysis of 37 devices after owners suspected they might be the target of hacking attacks. Your Access Now research was reviewed by Amnesty International’s safety laboratory.

John Scott-Railton, senior researcher at Citizen Lab and author of the report, said the “aggressiveness and persistence of the hacking is stunning.”

“I’ve seen many Pegasus cases, but what was particularly disturbing about this case was the juxtaposition with the physical threats and violent language used against the media in El Salvador,” Scott-Railton said.

“This might not surprise you in a dictatorship, but at least on paper El Salvador is a democracy,” he said.

Citizen Lab has uncovered the use of Pegasus to attack journalists, human rights defenders, diplomats and dissidents over the past few years. Targets came from Saudi Arabia, the United Arab Emirates, Mexico and the United States.

While Citizen Lab doesn’t blame the Bukele government for the mass hack, Scott-Railton said all the evidence points in that direction. The victims are almost exclusively in El Salvador.

The infrastructure used to infect Pegasus victims is global, so the command-and-control servers that manage the surveillance in this case are not expected to be local.

Twenty-two of those worked specifically for the independent news site El Faro, which was working during the hacking period on stories related to the Bukele government’s alleged deals with El Salvador’s street gangs to lower the homicide rate and give Bukele’s party mid-term election support Exchange for benefits for gang leaders.

Bukele has vehemently denied that there were any negotiations with the gangs. In December, the US Treasury Department appointed two Bukele government officials and, like El Faro, claimed that the government had struck a deal with the gangs.

Julia Navarrete, one of the El Faro journalists whose phone was hacked, said on Wednesday that not only does this software allow someone to listen to all calls, but “it enters into the device and extracts all the information.”

Julia Gavarrete, an investigative reporter at El Faro, who hacked two phones a total of 18 times, including data extracted from her personal phone.Jessica Orellana / Reuters

El Faro director Carlos Dada said the peak of the intrusions into their phones came in September 2020, when El Faro released the story about the alleged negotiations between the Bukele government and the gangs.

“These coincidences are not so groundless in the end,” he said.

Carlos Martínez, an investigative reporter at El Faro, said analysis revealed the hackers spent 269 days inside his phone.

“It doesn’t stop being scary,” he said. “It’s hard to process.”

The spyware operator actually attempted to re-enter his phone during analysis, which allowed investigators to determine that the operator was in El Salvador.

Apple sued NSO in November to prevent its software from compromising its operating systems. Facebook sued the company in 2019, alleging it hacked its WhatsApp messenger app.

Leave a Comment