Abuse of Cyber-Weapons

July 21, 2017 North America , Opinion , OPINION/NEWS , Security

By

Ricardo Swire

Some governments have started to quietly use spyware, originally designed as a cyber-weapon to combat terrorists and drug cartels, for authoritarian practices such as unofficial monitoring of political adversaries and apposing community groups.

Such political administrations perceive the only way to successfully monitor mobile phone traffic is by using private businesses that exploit unknown vulnerabilities in smartphone software.

In Mexico, local law stipulates only a Federal judge can authorize surveillance of private communications, after internal security agencies prove sound basis for such requests. Starting in 2011 three Mexican Federal Agencies have exploited “Pegasus” spyware to secretly monitor calls, texts, emails, contact lists and calendars stored on targeted individuals’ smartphones and digital devices.

Mexico’s Pegasus software, created by the NSO Group, an Israeli Cyberarms company, was purchased for US$80 million. Mexico’s Center for Investigation & National Security (CISEN) use this spyware to transform targeted smartphones to personal electronic “beacons.” The NSO Group retails Pegasus exclusively to governments. The electronic tool is accompanied by a formal agreement that restricts use to battling terrorists, organized criminal groups or drug cartels.

After the NSO Group licenses copies of Pegasus and installs the software in a national intelligence or law enforcement agency, the company has no records of how the spy tools are used or whom they are used against. The NSO Group charges each government based on the individual number of surveillance targets. For using Pegasus to spy on ten iPhone users the Israeli company charges US$650,000, on top of the basic US$500,000 installation fee. Pegasus spyware can only be used by the government agency in which it is installed.

Mexico’s Pegasus scandal served as a warning to domestic drug traffickers, their lawyers, money launderers and business partners. A clear message to avoid electronic communications and be guarded against phishing. Such attempts were highly personalized, several Mexican Federal Agencies’ phishing messages designed to inspire fear and influence targets to click on a particular link that provided unfettered access to their cellphones.

Intelligence reports on Pegasus surveillance reflect an extensive, labor-intensive shadowing operation. Such governmental use of the Israeli made spyware demonstrates a fundamentally unsound and unethical approach to national crime policy. One Mexican Federal Agency target was besieged by a spyware operator posing as the United States Embassy in Mexico. Pegasus originated communication instructed the Mexican female to click on a link that would resolve an issue with her American visa. Independent cyber-experts, with capability to verify types of spyware, confirmed Mexico’s government or a rogue state actor utilizing Pegasus was involved.