Pegasus Spyware isn’t new to the world and as expected, it can cause a lot of chaos if it goes into the wrong hands which is exactly what happened in El Salvador. A new report states that the cell phones of nearly three dozen journalists and activists in El Salvador have been hacked since mid-2020.
Several of these journalists were investigating alleged state corruption. The cell phones of these journalists were implanted with sophisticated spyware typically available only to governments and law enforcement, as per a Canadian research institute.
This report by Citizen Lab describes the results of a collaborative investigation into the abuse of NSO Group’s Pegasus spyware to target members of the press and civil society in El Salvador. The investigation of the institute led to the identification of 35 Pegasus-infected individuals (37 devices) among members of El Salvador’s media and civil society.
Human-rights group Amnesty International, which collaborated with Citizen Lab on this investigation, says that it later confirmed a sample of the findings by Citizen Lab through its own technology arm.
Citizen Lab says that its investigation began in September 2021 when a group of independent journalists contacted Access Now’s Digital Security Helpline after testing their devices using the Amnesty International Security Lab’s Mobile Verification Toolkit (MVT) tool to detect Pegasus spyware.
Who deployed the Pegasus Spyware?
The research institute further said that it found evidence of incursions on the phones that occurred between July 2020 and November 2021. It said it could not identify who was responsible for deploying the Israeli-designed spyware.
For those unaware, Pegasus Spyware is developed by the Israeli firm called NSO Group. It targets mobile phones running both Android and iOS. Citizen Lab stated that it gathered enough evidence in a subset of cases wherw it can claim that the spyware successfully uploaded data from the phone to Pegasus infrastructure. In several cases, Pegasus apparently exfiltrated multiple gigabytes of data successfully from target phones using their mobile data connections.
NSO, the company behind Pegasus Spyware has kept its client list a secret since the beginning. The company said in a statement that it sells its products only to “vetted and legitimate” intelligence and law enforcement agencies in order to fight crime and that it is not involved in surveillance operations.
El Faro online news website was the worst hit. The findings claim that El Faro was under constant surveillance for at least 17 months, between June 29, 2020 and November 23, 2021. Further, they say that the phone of Editor-in-Chief Oscar Martinez was infiltrated at least 42 times.