Report: Dozens of journalists and activists in El Salvador hacked hack

Dozens of journalists and human rights defenders in El Salvador have had their mobile phones repeatedly hacked with sophisticated spyware over the past year and a half, Internet Watch said on Wednesday.

Reporting on its latest findings about the use of Israeli NSO Group’s Pegasus spyware, Citizen Lab at the University of Toronto said it identified a Pegasus operator operating almost exclusively in El Salvador in early 2020.

While researchers have not been able to conclusively link the hacks to the government of El Salvador, the report said that “the strong focus of infection on the specific country indicates that this is highly likely.”

“El Salvador is in no way associated with Pegasus and is not a customer of the NSO Group,” Sofia Medina, a spokeswoman for President Najib Bukele, said in a statement. She said the government did not have licenses to use this type of software.

She said the government is investigating the use of Pegasus to hack phones in El Salvador.

A city said it also received an alert on November 23 from Apple, as did other victims who say it may be a victim of state-sponsored hacking. She said El Salvador’s Minister of Justice and Security had received the same message that day. City said the Citizen Lab investigation did not include government officials.

Bukele, the hugely popular president, lashed out at his critics in the independent press in El Salvador, many of whom have been targeted in the hacking attacks.

Citizen Lab conducted a forensic analysis of 37 devices after their owners suspected they could be hacking targets. Their analysis was reviewed by Amnesty International’s Security Lab.

“The aggressiveness and persistence of hacking have been astonishing,” said John Scott Railton, a senior researcher at Citizen Lab and author of the report.

“I’ve seen a lot of Pegasus cases, but what was particularly disturbing in this case was its comparison to the physical threats and violent language against the media in El Salvador,” Scott-Railton said.

“This is something that probably wouldn’t surprise you under a dictatorship, but on paper at least, El Salvador is a democracy,” he said.

While Citizen Lab does not blame the Bukele government for the mass hack, Scott Railton said all circumstantial evidence points in that direction. The victims are almost exclusively in El Salvador.

The infrastructure used to infect Pegasus victims is global, so the command and control servers that manage the monitoring in this case are not expected to be local.

Twenty-two journalists targeted work for the independent news website El Faro, which during the hacking period was working on stories related to an alleged deal by the Bukele administration with street gangs in El Salvador to reduce the murder rate and support Bukele’s party in midterm elections in exchange for benefits for gang leaders.

Bukele strongly denied the existence of any negotiations with the gangs.

In December, the US Treasury appointed two officials from the Bukele government, and El Faro alleged that the administration struck a deal with the gangs.

El Faro wrote on Wednesday that “the iPhones of editorial staff, journalists, and management team were compromised, in some cases for up to a year. The analysis identified a total of 226 intrusions that gained unrestricted access to messages, calls, and all content stored on the devices.”

NSO, which was blacklisted by the US government last year, says it only sells its spyware to legitimate government law enforcement agencies and intelligence services that have been vetted by the Israeli Defense Ministry for use against terrorists and criminals.


Associated Press writer Christopher Sherman reported this story in Mexico City and Associated Press writer Frank Bajak reported from Boston.

source link

Denial of responsibility! is an automatic aggregator of all the media in the world. In each content, a hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials are to their authors. If you are the content owner and do not want us to publish your material, please contact us via email – [email protected]. Content will be deleted within 24 hours.

Source link

Denial of responsibility! is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.
Andrew Naughtie

News reporter and author at @websalespromo