Blog dedicated to reporting on Mexican drug cartels
on the border line between the US and Mexico

Saturday, December 1, 2018

Pegasus Spyware Used to Spy on Journalists

Yaqui for Borderland Beat from: Riodoce

After the murder of Javier Valdez, Pegasus Spyware was used to spy on journalists from Ríodoce, specifically co- founder Ismael Bojórquez and Andrés Villarreal, according to a new report prepared by Citizen Lab of the University of Toronto, in conjunction with the organization Article 19, the Network in Defense of Digital Rights (R3D) and SocialTIC.

Juan Omar Fierro collaborator of the portal Aristegui Noticias announced that the report documents six messages with links to the Pegasus malware infrastructure that were sent to the Villarreal and Bojórquez telephones between May 17 and May 26, 2017, that is, that Attempts of infection began two days after the murder  of Javier Valdez, outside the offices of Riodoce in Culiacán,  when the Attorney General's Office had already initiated investigations into the case.

Pegasus is a malware that compromises all the information of a cell phone when the victims click on deceptive content, downloading a computer virus that is installed on their cell phones.

The murder of Javier Valdez occurred in Culiaćan, Sinaloa, on May 15, 2017 when the author of nine books left the premises of the weekly newspaper of which he was a founder. His body received 12 bullet wounds and his assassins, affiliated with narcos, stole the documents he brought to work that day, as well as his computer and cell phone.

The new Citizen Lab report also shows that the authorities allegedly in charge of spyware, whose sale is only allowed to governments according to the company NSO Group, continued to use the intrusive virus two months after the first public complaint that was filed for the use illegal of Pegasus.

On February 11, 2017, Citizen Lab announced the use of intrusive software against three activists for citizen's rights right to health care and in favor of imposing a tax on soft drinks, a list that has been increasing to reach 24 civilian targets, among others:  are the journalist Carmen Aristegui and her son Emilio; the lawyers of the Miguel Agustín Pro Juárez Rights Center and even the members of the Interdisciplinary Group of International Experts (GIEI) who helped in the Ayotzinapa case.

R3D and Citizen Lab noted that this report confirms that the software was used in situations involving the federal government, since representatives of the Criminal Investigation Agency (AIC) were in Culiacán, Sinaloa, to investigate the murder of Javier Valdez.

In no case are judicial authorizations known to spy on the telephone devices of those affected.

Even though the PGR is the only dependency of the federal government in which the acquisition of Pegasus has been verified, Aristegui News documented that also the National Defense Secretariat (Sedena) and the National Security Research Center (CISEN) have allocated almost 500 million pesos to update the malware and increase its espionage capabilities.

Pegasus operators used cartels as hook:

Between the crime of Javier Valdez and the attacks with Pegasus on the phone of Andrés Villarreal, one of his closest collaborators, they spent only two days, since between May 17 and 26 he was the target of four espionage attempts using text messages with links to alleged news content, which actually directed it to domains used by NSO Group, the company of Israeli origin that owns the intrusive software.

One of the alerts sent to the journalist from Sinaloa invited him to fall into the trap with the following text: "The CJNG [Cartel Jalisco Nueva Generación] would have been responsible for the execution of the journalist in Culiacán. See note:"

This message was accompanied by a malicious link attributed to the UNO Noticias service, corresponding to this information service operated by Telcel. However, it actually sent one of the domains used by the NSO Group infrastructure to infect the phones of its victims.

Andrés Villarreal received three other messages on May 19, 24 and 26 of 2018. One of these appeared to be from a relationship, while another sought to engage with a false note from the newspaper La Jornada, a medium for which Javier Valdez had worked as a correspondent in Sinaloa.

The director of Ríodoce, Ismael Bojórquez, received two messages on May 26. In the first, it was again supplanted to UNO News and included a harmful link to the site Animal-Politico.Com, a domain that falsifies the identity of the Animal Politico  portal and that last September 18 was identified by Citizen Lab as part of the infrastructure of Pegasus and NSO Group in Mexico.

The second message received by Villarreal included a link to a supposed photo of a couple's relationship, while the third tried to deceive the journalist with an apparent withdrawal of a credit card for more than 20,000 pesos.

The fourth message received by Villarreal, sent on May 26, cited an alleged news from the newspaper La Jornada about the PGR's clumsiness in handling the Valdez case.

Bojórquez received an identical message to try to capture his attention: "La Jornada: More Awkwardness of the PGR in Investigation of the Javier Valdez Case. "See note:".

The Network for Digital Rights, Social ICT, Article 19 and Citizen Lab state in their report that "social engineering strategies", or design of messages to capture the attention of victims, had already been documented in other reports of # GobiernoEspía, which consolidates the thesis that these are the same operators who are accused of other attempts to infect journalists, human rights defenders and diplomats of the GIEI.

"The use of common infrastructure, as well as the method of infection and its use in conjunctures that affect the outgoing federal government, suggest a common attacker in the cases documented in the last two years," the report concludes.

So far, neither the Israeli company NSO Group, which designed and sold the spy program only to governments, according to their own statements; nor the Mexican government that has it in their possession, they have worked to clarify the case and on the contrary, they hide information from the lawyers of the parties that filed complaints about the illicit espionage of their cell phones.

Citizen Lab has also documented the misuse of spyware against dissidents in the Middle East.
It should be noted that Javier Valdez Cardenas has been granted Canadian Int'l Freedom of the Press's top award for 2018.


  1. Never, ever open up a link to an unknown. That is the lesson.
    Narco's and/or corrupt officials have never been taught a lesson so they go on with impunity, they have no fear of god. Use the tools of technology, but people, dont fool yourselves into thinking your govt will protect you.

    1. You could open an unknown link with an extra device and from their purposely mislead prying eyes.

  2. In the end you can't pin this malicious button to an single individual or group!
    These types of attacks are definitely on the market for those willing to pay. Along with the right connections.
    Cyber security has been a real threat to all nations. Its effectiveness has more damage and impact than military action for most. Regulations will not supersede any privacy concern issues when it pertains to national security.

    Get use to it.
    Everything we do in life leaves a digital footprint for someone to see.


  3. YIKES!!!! right now all i am worried about i an between the lines. thanks Yaqui!!

  4. AMLO officially takes the presidency for Mexico. His portrayal of humbleness and compassion is profound. Moreover, his willingness to change a government of corruption. Quote from his own perspective; we are a regime of people and government are servants of its people.


  5. It's the government of Mexico, that puts spyware, to see want journist are doing.

  6. This comment has been removed by the author.

  7. Vice has a segment on this and how the narcos in michoacan have this software

    1. Whats the vice segment called? That,channel is worth paying for tbh.
      I wonder what will happen when all these demons come face to face where they all go rest. Its truly sad how these peoples lost there souls to the fast life.

  8. So are we all goners now? The lists have been compiled and now narco sicarios are being sent to off commentators who badmouth the petty tyrants.
    Thanks alot Pegasus and Israel for behaving very much like f-ing nazis.


  10. "NSO Group, the company of Israeli origin" citizens need to force their government to dissociate with Israel. If you're American, this is prudent. They're giving us tech to spy on American civilians; we help them with matters of warfare.


Comments are moderated, refer to policy for more information.
Envía fotos, vídeos, notas, enlaces o información
Todo 100% Anónimo;