Mexican Businessman Arrested For Using NSO Spyware To Target A Journalist

from the NSO's-long,-international-SEO-nightmare-continues dept

No news is the only good news for Israeli tech company NSO Group. The problem is it's impossible to generate no news when you can't go more than a few days without generating more bad news.

Since the leak of data showing its customers were targeting journalists, activists, religious leaders, and other government officials with powerful malware capable of intercepting cellphone communications, the headlines NSO has racked up range from bad to worse to nightmarish.

Multiple countries are now following up on investigations performed by entities like CitizenLab, performing investigations of their own to determine whether they've been breached by NSO's malware or if government customers have violated rights. The United States has effectively blacklisted the company, forbidding US government agencies from buying its products and US exploit developers from selling to NSO.

One country was host to a large percentage of the numbers on the leaked list of potential NSO Group malware targets: Mexico. 15,000 of the 50,000 phone numbers on the list were located in that country. Perhaps unsurprisingly, Mexico is home to the first arrest related to abuse of NSO spyware.

Mexican prosecutors said Monday they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.

[...]

A federal official not authorized to be quoted by name said the suspect is Juan Carlos García Rivera, who has been linked to the company Proyectos y Diseños VME and Grupo KBH. He was detained on Nov. 1.

Mexico buys a lot of spyware from NSO. The AP report says the Mexican government spent $61 million on Pegasus licenses (NSO's most popular -- and most powerful -- phone exploit) from 2006 to 2018. That quote was given to the Associated Press in July. It has since been updated.

Last week, the government’s top anti-money laundering investigator said officials from the two previous administrations had spent about $300 million in government money to purchase spyware. But that figure may reflect all spyware and surveillance purchases, or may include yet-unidentified contracts.

Supposedly the Mexican government has kicked the spyware habit. Current president Andrés Manuel López Obrador was elected in 2018 and promised never to use exploits like these. It remains to be seen if that promise has been broken or will be broken in the future. According to the head of the government's Financial Intelligence Unit -- which monitors government financial transactions for evidence of corruption -- "no transactions" related to the purchase of spyware have been detected.

That's reassuring but not nearly as reassuring as a statement from a non-government entity would be, given the Mexican government's long, mostly unsuccessful, battle with internal corruption.

NSO has, of course, responded with another nonsensical non-denial of the facts at hand:

As stated in the past, NSO’s technologies are only sold to vetted and approved government entities, and cannot be operated by private companies or individuals. We regret to see that, over and over again, the company’s name is mentioned in the media in events that has nothing to do with NSO, directly or indirectly.

This certainly looks like the software was "operated" by a private individual. Maybe that first and pretty damn clear impression will change when more facts are in. Just because NSO forbids the use by private individuals doesn't mean private individuals with access to malware are somehow incapable of deploying it. And, just to be pedantic because NSO insists on pedantry, when issuing defensive statements, this report very definitely has something to do with NSO indirectly. Being angry about the endless stream of bad news doesn't make NSO right and everyone else wrong about it's at least tacit involvement with misuse of its products by its customers.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: journalism, malware, mexico, spyware, surveillance
Companies: nso group