Around 35 journalists and activists in El Salvador were targets of the highly invasive Pegasus software to extract information from their cellphones as civil liberties deteriorated in the country, according to a forensic analysis conducted by research and rights groups released Wednesday.
The joint investigation by organizations including Amnesty International and Citizen Lab, a research group at the University of Toronto, found that the spyware made by the Israeli firm NSO Group for government clients was used to hack video and voice recordings, photos, contact information and phone conversations of independent journalists and editors in 2020 and 2021.
“This was jaw-droppingly aggressive and persistent hacking,” said John Scott-Railton, senior researcher at Citizen Lab.
Among those affected, the organizations found, were around 20 journalists from El Faro, a local media publication that has exposed corruption scandals and secret truce negotiations between El Salvador’s government and imprisoned gang leaders on financial and prison benefits.
The groups, which aim to defend internet privacy and freedom of expression, said that they couldn’t establish who was responsible for the cellphone surveillance, but that the hacking campaign came against a backdrop of government-led censorship and harassment targeting independent media in El Salvador.
A spokeswoman for El Salvador President Nayib Bukele denied any involvement in the illegal surveillance of journalists and said that authorities were investigating the use of Pegasus in the country. She added that the government wasn’t a client of the NSO Group and didn’t use its Pegasus spyware.
A spokeswoman for NSO, which makes surveillance software, said the company provides it only to vetted intelligence and law-enforcement agencies to fight criminals, terrorists and corruption, and not to monitor dissidents, activists and journalists. The company declined to say whether El Salvador was a client. It said its contracts prohibit identifying customers.
Carlos Dada, the director of El Faro, said the hacking against journalists and editors coincided with the coverage on secret negotiations with gangs and corruption cases, two topics that the U.S. government is looking closely at.
“Everything points towards the government of El Salvador,” he added.
After El Faro’s revelations of secret talks between the Salvadoran government and gangs were published, the U.S. government imposed sanctions on senior Salvadoran officials involved in negotiations that resulted in making sex workers and cellphones available to the imprisoned gang leaders as part of a truce.
Journalists at several other media outlets and activists at a few organizations were also targeted, according to the forensic analysis.
The sanctions were the latest downward spiral in bilateral relations as senior U.S. officials criticized President Bukele’s efforts to cement power by weakening institutions and the rule of law. In recent decades, rampant violence and endemic poverty in the Central American country have led to mass migration to the U.S.
Access Now, a U.S.-based digital-rights organization, said the El Salvador case was one of the worst it has analyzed. Mr. Dada’s phone was hacked a dozen times for a total of more than 160 days, according to the forensic analysis.
NSO Group software has allegedly been used on people around the world, including targets in the U.K., India, South Africa, Belgium, France, Uganda, Mexico and Morocco, according to Citizen Lab. NSO said it sells its software to governments on the condition that they use it only to target spies, criminals and terrorists, not to monitor critics.
Last year the U.S. government blacklisted the company, restricting it from obtaining some U.S. technology over allegations that Pegasus has been used inappropriately. NSO is currently exploring a potential sale or the closure of its spyware unit, according to a person familiar with the matter.
Apple Inc. sued NSO in late November, alleging that the company misused its products and services. NSO said in response to the lawsuit that thousands of lives were saved around the world thanks to its technologies and that pedophiles and terrorists can freely operate in technological havens.
At the same time, Apple alerted several staffers of El Faro that state-sponsored attackers could be targeting their iPhones to access sensitive data, communications or even the camera and microphone.
“It’s like having someone deep inside your personal life,” said Carlos Martínez, an El Faro investigative reporter whose iPhone, according to the forensic analysis, was hacked for more than 260 days.
Mr. Dada said the alert from Apple led El Faro to request a forensic analysis by the groups, which have been tracking NSO’s activities for years.
“‘It’s like having someone deep inside your personal life.’ ”
— Carlos Martínez, reporter
He said the cellphone hacking was part of a government harassment campaign against El Faro. In 2020, Mr. Bukele accused the news site of money laundering on national television. It is presently undergoing four separate financial audits. Early last year the Inter-American Commission on Human Rights, which investigates human-rights violations, ruled that the government of El Salvador should take measures to “protect the life and personal integrity” of El Faro’s personnel.
Mr. Bukele’s spokeswoman said senior officials including herself and the justice minister were also warned by Apple that their cellphones had been targeted.
She said that by investigating only cases concerning journalists and social activists and not hacking of cellphones belonging to government officials, Citizen Lab and other organizations “are favoring the agenda of the groups behind the attacks.”
Mr. Scott-Railton said: “If I were a member of El Salvador’s government and I had received that Apple notification, I would ask myself if my own government had hacked me.”
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8