Hear this story and other latest updates on our Let's Talk Security Podcast Episode here:

Listen on Apple Podcasts

Mexico has become a significant importer of spying kit but officials are accused of colluding with criminal groups – and innocent individuals are often targeted

Corrupt Mexican officials have helped drug cartels within the country obtain state-of-the-art spyware which might be be used to hack mobile phones, consistent with a senior DEA official.
As many as 25 private companies – including the Israeli company NSO Group and also the Italian firm Hacking Team – have sold surveillance software to Mexican federal and state police forces, but there's little or no regulation of the arena – and no way to control where the spyware finally ends up, said the officials.

“The police who have the technology would just sell it to the cartels.”
Over the past decade, Mexico has become a significant importer of spyware, as officials insist they have to equip themselves against the powerful organised crime groups that have helped drive the country’s murder rate to record levels.

But the surveillance kit has also been used to target individuals not accused of any wrongdoing.
John Scott-Railton of Citizen Lab at the University of Toronto, which researches spyware, said that they found extensive evidence of targeting and that targeting touched all parts of Mexico’s civil society, similarly as its political culture.

An investigation by the Cartel Project can reveal that a tenth Mexican journalist – editor of the country’s foremost investigative magazine – was targeted with the “Pegasus” spyware sold by the Israeli company NSO Group, in line with technical analysis by Amnesty International.

More than 20 other companies offering spyware are active within the country, per the DEA official.
“It seems that nearly every tech out there at some point has either been pitched to Mexico, demoed there or perhaps used there,” said Scott-Railton.

In the US trial of drug capo Joaquín “El Chapo” Guzmán Loera, one engineer testified that he bought “interception equipment that enables access to phone calls, the web, text messages” for the Sinaloa cartel. But crime factions who don't have their own engineers can easily corrupt officials who, in step with the DEA, comply with hack targets in exchange for bribes.

This nexus between state and criminal forces led to a wave of violence which have made Mexico the foremost dangerous country for journalists in the world
According to statistics from the Mexican government, over a 3rd of attacks on journalists were committed by public officials.

Political spying isn't new to Mexico. within the state of Veracruz, where 19 journalists were killed since 2012, a complicated espionage unit by the public security ministry has been in situ since the 1990s, per well-placed government sources.
According to a article on the guardian, The unit kept detailed files on journalists, activists and political opponents detailing their professional relationships, political affiliations, and sexual orientation, the sources said. Intelligence officers maintained a network of paid informants – including waiters, shoeshiners, street vendors, small scale drug dealers, as well as bogus activists and journalists – were paid in cash, gifts and political favours.
The state’s surveillance technology was upgraded between 2016 and 2018, when the unit acquired high tech spyware from Europe, sources confirmed.
But, leaked emails from Hacking Team revealed that by 2012, Veracruz already had access to a trial version of the company’s remote control System (RCS), which infects computers through malicious files.

Ironically, Hacking Team’s emails were hacked and published online in 2015.
In 2018, the current governor of Veracruz announced an end to such activities, but it’s unclear if the spying was suspended or dismantled permanently.
The newly elected President López Obrador said that the govt would stop using Pegasus software, but has not commented on the subject since.

But, David Kaye, the UN special rapporteur on freedom of expression until July 2020, said: “We’re in a situation where we will have to assume that these tools are still available to be used, and it’s up to the govt to demonstrate that they’ve put them under significant rule of law constraint.”

This story originally appeared on The Guardian.