NSO Spyware Linked to Phone Hacks of Journalists, Activists in El Salvador
Human rights groups say they have identified 35 journalists and activists in El Salvador whose mobile phones were infected with spyware manufactured by the Israeli company NSO Group.
In a statement released on Wednesday, rights groups Access Now, Amnesty International and Citizen Lab said that the people targeted included employees of media groups El Faro and Gato Encerrado, in addition to employees of regional human rights and pro-democracy organizations, such as Cristosal and Fundación Democracia, Transparencia y Justicia.
A spokesperson for NSO group declined to comment on the specific allegations but said that the company provides its technology “only to vetted and legitimate intelligence agencies as well as to law enforcement agencies, who use these systems under warrants by the local judicial system to fight criminals, terrorists and corruption.”
“NSO’s firm stance on these issues is that the use of cyber tools in order to monitor dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools,” the spokesperson added.
Governments and law enforcement agencies use NSO’s flagship technology, known as Pegasus, to hack into people’s mobile phones and covertly record emails, phone calls and text messages. NSO has argued that its technology is a valuable tool to track down terrorists and other serious criminals. But security researchers and human rights groups have previously alleged that the company’s spyware has often been misused to target dissidents and government critics from countries including Rwanda, Togo, Spain, the United Arab Emirates, Saudi Arabia, Mexico, Morocco and India.
NSO has come under increasing pressure in recent months after a string of media reports linking its technology to alleged abuses. In November, the U.S. Commerce Department blacklisted NSO Group, accusing it of supplying spyware to governments that had used the technology to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers. NSO has since explored options that have included shutting down its Pegasus unit and selling the entire company, Bloomberg News reported.
In the case of El Salvador, it isn’t known who was behind the effort to hack the phones of journalists and activists. According to Access Now, many of the people who were targeted work with organizations that have faced persecution from El Salvador’s government.
A spokeswoman for El Salvador’s government didn’t respond to requests for comment. A person familiar with NSO’s operations said that the company didn’t currently have an "active system" in El Salvador though indicated there had been one there in the past.
The people whose phones were infected with spyware were targeted between July 2020 and November 2021, the researchers found. In one case, a journalist’s phone was infected on more than 40 separate occasions, which represents “one of the most persistent and intensive” examples ever discovered of the spyware’s use against a journalist, the rights groups said in a joint statement.
“Infecting people's devices with Pegasus spyware is a very serious violation of their rights,” said Gaspar Pisanu, Latin America policy manager at Access Now. “This is a clear attempt to suppress and control the free press in El Salvador. No government, no corporation has the right to do that.”
Access Now, Amnesty International and a dozen other rights groups are calling for governments to implement a moratorium on the sale, transfer, and use of surveillance technology such as NSO’s Pegasus. They are also asking the United Nations to investigate alleged human rights violations enabled by Pegasus spyware. “The lack of accountability for such egregious conduct by public authorities and private companies allows the surveillance culture to flourish and destroy human rights,” the groups said in a statement.
©2022 Bloomberg L.P.