Report: Dozens of El Salvador journalists, activists hacked
Dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with sophisticated spyware over the past year and a half, an internet watchdog said Wednesday.
Reporting on its latest findings about use of the Israeli firm NSO Group’s Pegasus spyware, the University of Toronto’s Citizen Lab said it had identified a Pegasus operator working almost exclusively in El Salvador in early 2020.
While the researchers could not conclusively link the hacks to El Salvador’s government, the report said “the strong country-specific focus of the infections suggests that this is very likely.”
Sofía Medina, spokeswoman for President Nayib Bukele said in a statement that “El Salvador is no way associated with Pegasus and nor is a client of NSO Group ” She said the government does not have licenses to use this type of software.
The government is investigating the use of Pegasus to hack phones in El Salvador, she said.
Medina said that on Nov. 23 she, too, received an alert from Apple as other victims did saying she might be a victim of state-sponsored hacking. She said El Salvador’s justice and security minister received the same message that day. The Citizen Lab investigation did not include government officials, Medina said.
Bukele, a highly popular president, has railed against his critics in El Salvador’s independent press, many of whom were targeted in the hacking attacks.
Citizen Lab conducted a forensic analysis of 37 devices after the owners suspected they could be the targets of hacking. Their analysis was reviewed by Amnesty International’s Security Lab.
John Scott-Railton, senior researcher at Citizen Lab and an author of the report, said the “aggressiveness and persistence of the hacking was jaw-dropping.”
“I’ve seen a lot of Pegasus cases but what was especially disturbing in this case was its juxtaposition with the physical threats and violent language against the media in El Salvador,” Scott-Railton said.
“This is the kind of thing that perhaps wouldn’t surprise you in a dictatorship but at least on paper El Salvador is a democracy,” he said.
While Citizen Lab is not blaming the mass hack on the Bukele government, Scott-Railton said all the circumstantial evidence points in that direction. The victims are almost exclusively in El Salvador.
The infrastructure used to infect Pegasus victims is global so the command-and-control servers managing the surveillance in this case would not be expected to be local.
Twenty-two of the journalists targeted work for the independent news site El Faro, which during the period of hacking was working on stories related to the Bukele administration’s alleged deal-making with El Salvador’s street gangs to lower the homicide rate and support Bukele’s party in mid-term elections in exchange for benefits to gang leaders.
Bukele has vehemently denied there was any negotiation with the gangs.
In December, the U.S. Treasury designated two officials from Bukele’s government, and alleged as El Faro had that the administration made a deal with the gangs.
El Faro wrote Wednesday that “the iPhones of the editorial board, reporters, and administrative team were compromised, in some cases for as long as a year. The analysis identified a total of 226 intrusions gaining unfettered access to messages, calls, and all content stored on the devices.”
NSO, which was blacklisted by the U.S. government last year, says it sells its spyware only to legitimate government law enforcement and intelligence agencies vetted by Israel’s Defense Ministry for use against terrorists and criminals.
Associated Press writer Christopher Sherman reported this story in Mexico City and AP writer Frank Bajak reported from Boston.