How Pegasus spyware came to dominate illegal surveillance in LATAM
New accusations against Colombia show that the use of the Israeli cyberweapon may be far more widespread than we realize
Mexico was the first Latin American country to acquire Israeli-made Pegasus spyware. The country has enthusiastically used it against not just criminal targets, but also journalists, opposition politicians, activists, and even political allies.
The country has since become the biggest user of the spyware in the world, despite President Andrés Manuel López Obrador’s (AMLO) promises to reign in its use, and the military has been accused of using it to spy on potential political adversaries, even allies of AMLO, who has greatly expanded military power during his administration, as recently as last year.
And they are far from alone in the region among countries who use it. El Salvador, which is in the midst of a brutal years-long crackdown on civil society is also a client. Most recently, Colombia was accused of using it against activists, journalists, and protesters by current president Gustavo Petro during the administration of his predecessor Ivan Duque.
Pegasus, which grows more sophisticated with every generation of updates, has been banned by the U.S. government. In 2023, the private cyberweapons company which created it, NSO Group, was blacklisted from U.S. markets and the Biden administration declared the software has been “misused by foreign actors to enable human rights abuses around the world."
But what makes Pegasus so scary, and so effective that autocrats across the globe have raced to secure it, even at the exorbitant prices charged by the NSO group? It’s one of the most powerful cyberweapons in the world, and certainly the most powerful created by a private company.
The perfect spyware
Pegasus is spyware designed to take control of cell phones that use Android and IOS operating systems. Newer generations of the spyware use design exploits inherent to those operating systems to take complete control of devices in “zero-click” infiltrations which means they don’t rely on phishing scams or malicious links that require users to click them— and devices often don’t leave any trace of being infiltrated.
Pegasus can access passwords, chat histories, social media accounts, location history, and anything else on the phone, including activation of the camera or microphone to record the user without their knowledge.
Pegasus camouflages itself masterfully once installed on devices and is programmed to self-destruct to eliminate evidence if unable to communicate with its command-and-control server for more than 60 days. Newer iterations of the program can also be installed “short-term” in the devices' temporary memory, wiping itself completely the next time a device is powered down. If it is not possible to compromise a target device by simpler means, Pegasus can be installed by setting up a wireless transceiver near a target device, or by gaining physical access to the device
The NSO group says that the software was designed to combat “terrorism and sophisticated crime networks” and that they only sell to “allies of Israel” in sales approved by the Israeli Ministry of Defense.
However, the spyware has been utilized by authoritarian regimes around the world, including in the brutal assassination of Jamal Ahmad Khashoggi by the Saudi government in 2018. It has also become one of the electronic weapons of choice in international espionage.
However, it is the domestic use of Pegasus by NSO group clients that has drawn international criticism, lawsuits, and condemnations from organizations like Amnesty International, which has helped investigate the human rights abuses committed by governments around the world using cyberweapons on their own people.
The Pegasus flies to LATAM
Mexico was the first country in the world to purchase Pegasus, likely in 2011, the same year the software proved instrumental in capturing Joaquín Guzmán, better known as “El Chapo”.
But in the more than a decade since, the use of the software has expanded greatly. Evidence that the country used Pegasus to mass-infiltrate the phones of journalists, corruption investigators, academics, activists, and domestic political opponents began to emerge in 2018.
AMLO, who took office that same year, promised to curtail the use of the powerful cyberweapon, but allegations of abuse continue. When a list of 50,000 phone numbers of potential Pegasus surveillance targets (selected by individual client governments) was leaked in 2021, over a third of them were Mexican.
As of late 2023, the government had spent over $60 million on Pegasus software, updates, and support.
Pegasus has also been used by drug cartels in Mexico, who have deep connections to the political class, to surveil journalists, criminal rivals, and even military officials in the Mexican government.
Panama purchased Pegasus in 2012. It has since been widely used for both domestic and foreign spying on political opponents, judges, union leaders, and the competitors of well-connected businessmen. Ex-president Ricardo Martinelli even allegedly used it to monitor his then-mistress in 2022
El Salvador under Nayib Bukele, who has dismantled civil rights and engaged in widespread crackdowns on impoverished communities has also been accused of using Pegasus to illegally spy on journalists.
In 2022, El Faro newspaper, as part of an investigation with Citizen Lab, revealed that the majority of its staff had their devices infiltrated using Pegasus software. The same investigation revealed that 13 other media companies in El Salvador had been spied on as well.
El Faro has been a sharp critic of the Bukele administration and unearthed evidence of corruption, informal agreements with gang leaders, and severe human rights violations.
Bukele denied his government was responsible for the illegal spying. The NSO group does not disclose client lists, so it is impossible to know when (and we suppose technically “if” as well) the Bukele administration decided to purchase the cyber weapon technology.
The company also allegedly sold Pegasus software to Colombia in 2019, according to a March investigation by Israeli newspaper Haaretz. This week, current president Gustavo Petro presented additional information on the transaction, which was paid in cash using money seized from anti-narcotics operations to disguise the purchase in official government records by Petro’s predecessor, Ivan Duque.
The administration of Duque allegedly used the software as part of already-proven spying efforts on journalists, both domestic and foreign, as well as opposition politicians, activists, and protesters during the country’s “national strike” in 2021, in which over 60 protesters were killed by security forces.
UN investigators, which are already investigating human rights abuses and state violence during protests in Colombia in 2019, 2020, and 2021, have demanded an official investigation.
Journalists in the Dominican Republic in 2022 also uncovered evidence that their phones were infiltrated using Pegasus by unknown parties.
A creeping danger growing in the shadows
As this week’s accusations in Colombia show, we have no idea which countries in Latin America are using Pegasus. As the NSO group keeps their client-list a tightly-held secret (though presumably shared with the Israeli MoD), all public information about its use has come from either state leaks or private investigations by journalists and human rights watchdog groups.
In addition, because Pegasus is so difficult to detect once it infiltrates a device, the vast majority of its case-uses have gone undetected as well. This means that hundreds of thousands of devices have likely been accessed using software that was never documented by anyone other than those who have gotten their hands on the cyberweapon.
To make matters worse, cyber security experts are reasonably certain that just as the researchers at Toronto University and Citizen Lab who first captured Pegasus in the wild in 2016, actors who have gotten ahold of active copies of Pegasus and inspected its code have likely been able to determine how it works.
In August 2022, security experts revealed code strikingly similar to NSO Pegasus software being reused by Russia-linked agencies. They pointed out at the time that the uncontrolled proliferation of surveillance tools as advanced as the NSO Groups to authoritarian states had already begun.
Many Latam countries justified their purchase of the software as a method to build their own intelligence apparatus rather than rely on the U.S. for signal intelligence. But once those capabilities were acquired, they have, in all known cases, been unable to resist the temptation to turn those spying capabilities on civil society.
The idea that states like Venezuela and Nicaragua have similar spyware capabilities, acquired from their allies, is far from idle conjecture. It is almost a certainty.
We won’t know the full extent of the damage caused by the NSO Group for years, if ever. But even with the incomplete picture we do possess, real privacy in Latin America is already a casualty of the global information war.
The Big Headlines in LATAM (the Venezuela update)
Edmundo Gonzalez, the opposition presidential candidate, fled Venezuela late Saturday night after being granted asylum in Spain. Earlier this week the Venezuelan government had issued a warrant for his arrest.
“After taking refuge voluntarily at the Spanish embassy in Caracas a few days ago, [Gonzalez] asked the Spanish government for political asylum,” Venezuela’s Vice President Delcy Rodriguez said on social media, adding that Caracas had agreed to his safe passage.
This likely marks the end of any negotiated outcome to a political crisis that has been ongoing since a hijinx-filled election process on July 28, in which Maduro declared himself the victor without releasing voting data, and in which opposition officials mounted a massive vote-observation campaign that they say shows they won in a landslide.
A massive crackdown by security forces in the weeks that followed caused hundreds of opposition volunteers to flee the country and resulted in the arrests of at least 1500 people.
In case you missed it, we wrote an analysis for paid subscribers about what likely comes next, and none of the options are good.
Meanwhile, security and intelligence officials have surrounded the Argentinian embassy, where many opposition leaders and staffers have taken shelter. Responsibility for the mission was taken over by Brazil after Maduro cut diplomatic relations with the Argentinian government.
On Saturday, Venezuela announced that it was invalidating Brazilian custodianship of the embassy grounds, and declared that diplomatic immunity to the grounds no longer applies.
As security crackdowns continue, many users on social media have deleted their accounts, or gone private. One contact of PWS, via Twitter, summed up the situation as follows.
“Maria Corina allowed Edmundo to win as well as prove the victory [with voting data]., But beyond that, we were always in the terrain of the unknown and what came after was an epic of terror previously unseen. There is no plan for the opposition.”
Spanish Word of the Week
chancla-
The translation for chancla is simple— sandal. But the cultural meaning in Latin America goes far deeper. The chancla isn’t just footwear, it is also a non-lethal missile weapon employed by mothers everywhere to discipline their children.
Even the threat of a mother waving a chancla is often enough to intimidate children into behaving, or at least submitting.
This week we saw a video of the “chancla effect” in action, which illustrates “chancla power” succinctly.
Please enjoy.
Hasta pronto, piratas!
That video transferred into my smile.
The only reason why the U.S. would ban Pegasus (and not use it secretly) is if they've got something as good or better.
so creepy. in Peru, Pedro Castillo was also accused of wanting to buy Pegasus, and Boluarte's lawyer said one of her interior minister's was trying to pitch some sort of Israeli chuponeo technology to her
https://larepublica.pe/amp/politica/actualidad/2023/03/09/pedro-castillo-el-espanol-espia-del-expresidente-lo-que-quiero-es-intervenir-todo-176670
https://www.infobae.com/peru/2024/05/14/tengo-pruebas-mateo-castaneda-abogado-de-dina-boluarte-implica-en-trama-de-corrupcion-a-carlos-moran-y-asegura-que-buscaba-ser-ministro/?outputType=amp-type