Spyware investigations involving University of Toronto’s Citizen Lab reveal targets in El Salvador, Poland

A joint investigation by the University of Toronto’s Citizen Lab and Access Now reveals that dozens of journalists and activists in El Salvador had their cellphones allegedly hacked by Israeli firm NSO Group’s Pegasus spyware.

John Scott-Railton

The investigation, which identified 35 individuals whose phones were successfully infected with the sophisticated spyware normally used to target criminals, was reported on by the Associated Press, Reuters, the Guardian and other media outlets.

A sample of cases in the report were reviewed by Amnesty International’s Security Lab, which investigates cyberattacks against civil society.

The alleged hacks took place between July 2020 and November 2021, a time of ongoing censorship of journalists who investigated the government of President Nayib Bukele.

“The aggressiveness and persistence of the hacking was jaw-dropping,” John Scott-Railton, senior researcher at the Citizen Lab and an author of the report, told the Associated Press.

“I’ve seen a lot of Pegasus cases but what was especially disturbing in this case was its juxtaposition with the physical threats and violent language against the media in El Salvador.”

In a statement to Reuters, Bukele’s office said it is not a client of NGO Group and that some of the government’s top officials might have also had their phones hacked.

The Citizen Lab, part of the Munk School of Global Affairs & Public Policy in U of T’s Faculty of Arts & Science, has been tracking victims of Pegasus spyware since 2016, helping to identify dozens of cases of inappropriate use. The technology has been used to eavesdrop on journalists, diplomats, lawyers, activists and politicians from the Middle East to Mexico.

Earlier this month, the Associated Press reported that Polish senator Krzysztof Brejza and two other Polish government critics were allegedly hacked by with the Pegasus spyware. The Citizen Lab and Amnesty International say the senator was allegedly hacked multiple times during the 2019 parliamentary elections.

There are also concerns closer to home.

Noura Aljizawi and Siena Anstis, researchers at the Citizen Lab, have interviewed 18 Canadian human rights activists about being the target of cyber attacks and misinformation campaigns, the Toronto Star reports. Some worry that authorities aren’t doing enough to protect them.

“The silence of Canada is giving the attackers more space to launch an attack,” Aljizawi told the Toronto Star.

The researchers say finding ways to stop the export of Canadian-developed technology to countries using it for cyber attacks and providing mental health resources for refugees are just a few of the ways to deal with this complex issue. To bring increased exposure to the dangers faced by newcomers and activists, the Citizen Lab is set to release a report investigating digital transnational repression in the coming months.

Read about the Citizen Lab investigation in El Salvador in the Associated Press

Read the Toronto Star’s article about cyber attacks

/Public Release. View in full here.