Author: AZAM AHMED and NICOLE PERLROTH / Source: New York Times
Azam Ahmed: One morning earlier this year, I got a call from Mario E. Patrón, a prominent human rights lawyer in Mexico. He wanted to talk in person. When he arrived at The New York Times’s Mexico bureau, he took a seat in the conference room and asked me for my phone. He then collected the phones of everyone else in the room, walked them outside and placed them in our lobby. Out of earshot. “Our phones are being monitored,” he told me.
Mr. Patrón went on to explain that he and two other lawyers on his staff at Centro Prodh, including the one representing the families of 43 students missing from a teachers college in Ayotzinapa, had been targeted by highly sophisticated spyware that could take over a cellphone, including the microphone. The spyware, known as Pegasus, could monitor calls, emails, calendar appointments and even encrypted messages. It essentially turned a phone into a personal bug.
Mr. Patrón then introduced me to Luis Fernando García, a digital rights activist who had been tracking the use of the software against activists, journalists and others. He showed me more cases where he suspected individuals had been targeted. I got suspicious that perhaps others had also been targeted, and went looking myself.
As described in an article published Monday, we found that many people were targeted: anti-corruption academics, journalists and the family members of at least two of those who were targeted, including the teenage son of Carmen Aristegui, one of the country’s most prominent reporters. Nearly every person I interviewed did the same thing Mr. Patrón had — moved their phones into a separate location. Carlos Loret de Mola, a well-known journalist, had another approach. He carried some seven cellphones with him at any given time, and used them intermittently to foil any spying attempts.
The messages that were sent to Ms. Aristegui — which included a link to click on that would then install the spyware — especially interested me. As I reviewed them, I began to panic. I’d received identical messages, I recalled, and I remembered clicking on one of them. The link was broken, and I was taken to a blank page. I thought little of it at the time — this was before there had been any reporting on the NSO Group, an Israeli cyberarms manufacturer that made the software, and the suspected misuse of it by the Mexican government. But for months after, my phone often malfunctioned. Dropped calls, calls that would not connect, apps suddenly shutting down. It got bad enough that I wiped the phone.
Of course, that meant we could never check to see if the phone had been targeted. I no longer had the original message with the link to check; and if the software had indeed been downloaded, it was now erased. I continued working, but used a separate phone to conduct my research.
In researching the software, I realized that the person who had written the most about NSO was my own…
Click here to read more