In 2014, 43 students from Mexico’s Ayotzinapa Rural Teachers’ College went missing in Iguala, in the state of Guerrero: they had been detained by police, who turned them over to a criminal militia, who are presumed to have murdered them.
Today, Citizen Lab has revealed that the independent investigators into the mass disappearance were targeted for surveillance by Pegasus spyware, made by the US-Israeli NSO group and exclusively sold to governments.
NSO claims that it carefully vets the clients it sells its cyberweapons to, but the evidence from Mexico shows that at least some of their customers use NSO products to preserve corrupt political arrangements. Earlier Citizen Lab reports demonstrated that NSO’s Mexican government customers had targeted anti-corruption journalists and lawyers (going so far as to target the child of a journalist, while that child was in the USA); the same tactics were used against activist who agitated for curbs on the marketing of sugary drinks.
But those forms of corruption are abstract and dry, while the Iguala disappearances shocked the conscience of the nation and the world. It resulted in the formation of the Interdisciplinary Group of Independent Experts (GIEI), convened by the Inter-American Commission on Human Rights (IACHR), with investigators from Colombia, Chile, Guatemala and Spain.
GIEI says its investigations were hampered throughout the process, but the Pegasus attacks came at the very end, just before they were to release their report.
Pegasus is the NSO Group’s flagship product. The NSO Group is a self-described “cyber-warfare” company based in Israel, whose primary investor is the United States based private equity firm Francisco Partners, who are reportedly planning to sell NSO for $1 billion, a move that would coincide with NSO’s re-branding as Q Cyber Technologies, which would make it harder for casual searchers to link evidence of NSO’s complicity in crimes against humanity with the company.
The GIEI investigation into the 2014 Iguala Mass Disappearance was targeted with infection attempts using NSO Group’s Pegasus spyware. The attempts came while the GIEI was preparing their final report, and just over a week after they had publicly criticized the Mexican government for interference in their investigation.The GIEI was created with the agreement of the Mexican government and the Organization of American States to serve as an independent, impartial body to conduct an investigation into a serious event: the disappearances of 43 students. The infection attempts were clearly intended to compromise the privacy and integrity of the GIEI investigative process. We speculate that the operators behind these attempts may have sought to learn the theories, sources, and substance of the investigation as the final report was being prepared.
Notably, GIEI report strongly contradicted key statements and theories by the Mexican government. The report also highlighted irregularities in the investigation led by Mexico’s Office of the Prosecutor (PGR), a known NSO client.It is self evident that elements of the Mexican government would be interested in the activities of the GIEI during the time-frame in which the targeting with NSO took place.
We previously reported that lawyers representing families of the victims were targeted with NSO spyware. Taken together with the GIEI targeting, this suggests the NSO operators were heavily involved in attempting to monitor various parties to the case that had been critical of the Government’s handling of the investigation.
Reckless III: Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware
[John Scott-Railton, Bill Marczak, Bahr Abdulrazzak, Masashi Crete-Nishihata, and Ron Deibert/Citizen Lab]