Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

A Hacked Newsroom Brings a Spyware Maker to U.S. Court | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


NSO Group’s business is founded on secrecy; it has refused to publicly identify its clients. In the statement, the company said it sells its software only to “legitimate government agencies” for use in state intelligence and law-enforcement efforts, and maintained that its tools “have proven to save thousands of lives around the world.” It claimed that the firm “cannot know who the targets of its customers are.” Yet it cites its own “rigorous and unique compliance policies” and says it has “terminated contracts when misuse was found.”

Many of the Salvadoran journalists who were hacked told me that they believe that whoever deployed Pegasus against them is connected to the Bukele regime. Citizen Lab said that its findings point to the existence of an NSO client operating Pegasus in El Salvador, and reporters were often hacked as they worked on stories of importance to the Bukele regime. “We analyzed the exact time line,” Herrero, the Access Now investigator, recalled. “If somebody was reporting on corruption, then, boom, they got hacked seven days a week.” Carlos Martínez, an El Faro reporter and the brother of Óscar Martínez, the executive editor, told me, “It’s very clear for us that the Bukele government is trying to stop us, to stop our job and to destroy us as individuals and as an organization.”

The Bukele administration did not respond to repeated requests for comment. They have previously denied involvement, with a spokesperson telling the A.P., “El Salvador is no way associated with Pegasus and nor is a client of NSO Group.”

Born in Fort Wayne, Indiana, Gressier was brought up in the Church of Jesus Christ of Latter-day Saints, by an American mother and a French father. He maintains both citizenships. Slight, with light brown hair and blue eyes, he learned to speak fluent Spanish while proselytizing to Mexican and Central American immigrants in Washington state. Over time, he became increasingly interested in working in Central America itself. After his first year at Brigham Young University, which is supported by the church, he transferred to John Jay College of Criminal Justice at the City University of New York. After graduating, he worked at restaurants in the city and as a Spanish-language translator. In 2018, he broke with the church he was raised in. Initially, he struggled to find a sense of place and purpose. “I think my fallout with the Mormon church just created a big vacuum, an identity vacuum,” he told me.

Roman Gressier.Photograph by Matthew O’Neill

When he discovered El Faro’s extensive coverage of migrants, he felt a connection to his previous mission work. “I had broken bread for years with people that could very well have been like subjects of these stories,” he recalled. “It was an ‘Aha!’ moment of, ‘This speaks to me.’ It feels like this contributes something to these communities. And I want to be a part of that.” Gressier decided to attend the City University of New York’s graduate school of journalism. As part of the degree, he did an internship with the English edition of El Faro, and after graduating, in December, 2020, he asked for a job with the publication. He purchased a ticket to El Salvador before he’d received an offer. “It just felt like this is where I need to be right now,” he said.

When Gressier arrived in San Salvador, in January, 2021, staffers at El Faro were already concerned about surveillance. The year before, as several reporters prepared a story exposing the Bukele administration’s secret negotiations with members of the MS-13 criminal gang, one of their colleagues warned them that they were being surveilled. The person played audio of a private conversation between the Martínez brothers. “We were naïve at that time,” Óscar Martínez recalled. “There were a lot of signs, a lot of signals that we ignored.” Carlos Dada, El Faro’s co-founder and editor-in-chief, added, “For some years, we had high suspicions that we were being tapped.” In a running joke, the staff of El Faro admonished one another not to divulge sensitive details in newsroom meetings, lest Peter Dumas, the head of the country’s intelligence agency, overhear them.

Days after the first infection of Gressier’s phone, in May, 2021, his phone was hacked again. At the time, he had just published a column for The Baffler that documented the ouster, by Bukele’s party, of five Supreme Court magistrates and the Attorney General. He was also in the middle of a protracted process of applying to the Salvadoran government for a work permit, which included trips to both the Salvadoran police and to the United States. The second hack occurred only hours before he travelled to the U.S. The following month, his phone was hacked a third and fourth time.

By the time the final hacks occurred, in June, 2021, Gressier had begun to suspect that he was being surveilled, either in person, digitally, or both. On one occasion, he became convinced that a car was following him as he walked to a news conference at Central American University. On others, he saw a car and a motorcycle idling near his home that both sped away when he drew close. “I definitely felt uncomfortable after those, and stayed with a friend,” he said. “I felt like that apartment had become too ‘hot.’ ” Ultimately, he was denied a work permit, as was the Mexican journalist Daniel Lizárraga, who was an El Faro investigations editor. That June, amid uncertainty about his immigration status and fears of surveillance, Gressier boarded a bus out of El Salvador. “By the time I left, I was under the impression . . . that I was just being, like, old-fashioned tailed,” Gressier recalled. “I very keenly felt that.”

El Salvador, which spent the nineteen-eighties mired in a bloody civil war, has since suffered from gang violence and entrenched political corruption. Bukele, an iconoclastic mayor who campaigned for the Presidency in leather biker jackets and backward baseball caps, positioned himself as a bulwark against crime and corruption. Since winning in a landslide in 2019, at the age of thirty-seven, Bukele has become an increasingly brazen strongman, dismissing judicial rulings and stacking the country’s Supreme Court with loyalists who ruled that he could make an unconstitutional run for a second consecutive five-year term. After the U.S. placed the Supreme Court justices who backed Bukele’s reëlection bid on a list of corrupt actors and a senior American diplomat complained of a “decline in democracy” in El Salvador, Bukele changed his Twitter biography to “the coolest dictator in the world.”

Bukele is perhaps best known internationally for his embrace of cryptocurrency. One of Gressier’s stories last year was an investigation of Bukele’s apparent plan to create El Salvador’s own cryptocurrency. At that point, Bukele had already made the country the world’s first to adopt Bitcoin as a national currency, a move that has proven economically destabilizing and failed to gain popular support. But it has made Bukele a darling of the international crypto community, members of which have typically cast themselves as supporters of digital rights. “He has massive support from the crypto community, which is in general the kinds of people who care about Pegasus,” John Scott-Railton, of Citizen Lab, told me. “Everyone talks about Bitcoiners being liberation people, except when it comes to El Salvador.”

As Bukele has attacked journalists, El Salvador has fallen thirty places on Reporters Without Borders’ annual ranking of countries that respect press freedoms. In 2020, his administration accused El Faro of money laundering, without providing evidence. El Faro has denied this and has said that the allegation is part of a campaign to silence its reporting. “Ever since Bukele took office, in June, 2019, his harassment towards El Faro has been so big,” María Luz Nóchez, El Faro’s opinion editor, told me. “It’s not like previous governments have not followed members of El Faro before. But nothing like this.”

The first confirmations of the journalists’ fears came in the fall of 2021. That September, Xenia Oliva, a reporter at GatoEncerrado, a local news outlet, and Julia Gavarrete, who covers human-rights issues at El Faro, began exchanging messages about the peculiar behavior of their phones. The devices had been draining their batteries rapidly. Gavarrete’s was overheating and sometimes refusing to open the messaging app Signal. Oliva’s was blocking attempts to perform software updates, and once rebooted on its own. Gavarrete was especially suspicious: earlier that year, she had arranged, via text messages, a meeting with a source. When she arrived, she was greeted by military officers, who questioned her and her source and blocked them from entering a building. “That confirmed to me that they are reading our messages,” she told me.

Access Now’s digital-security help line connected the journalists to Citizen Lab, which tested their phones and confirmed that they had been infected with Pegasus. Gavarrete ultimately learned that two of her phones had been infected eighteen times, between February and September, 2021. The phones contained private exchanges with family members and doctors about her father’s struggle with colon cancer, from which he eventually died. “This obsessive spying and targeting that they did with us means that not only do they want to know about our work,” Gavarrete told me. “They want to know about our lives.”

After learning her phones had been hacked, Gavarrete called Óscar Martínez, the executive editor, and told him that they needed to speak in person. The two met at a Texaco station near Martínez’s home, in San Salvador, within view of the volcano in nearby El Boquerón national park. Hoping to avoid surveillance cameras, they sat on the ground in a parking lot behind the station. Gavarrete told Martínez to turn off his phone. “What’s going on?” he asked. She told him that phones belonging to her and Oliva had been infected with Pegasus. “Probably your phone and most of El Faro could be targeted as well,” she told him. “We need to move quick.”

Martínez alerted Dada, the editor-in-chief, and then convened an emergency meeting with senior members of the newsroom. In subsequent meetings, the journalists, speaking via video conferencing, agreed to work with Citizen Lab and Access Now to test roughly thirty phones used by other El Faro reporters for Pegasus infections. Amnesty International’s security lab then independently verified a sample of the findings. In the next several months, almost all the phones tested positive.

In late November, Apple sent emergency notifications to more than a dozen Salvadoran journalists and civil-society members, informing them that they may have been targeted in the hacking campaign. “ALERT: State-sponsored attackers may be targeting your iPhone,” the message read. “These attackers are likely targeting you individually because of who you are or what you do.”

Near the end of the year, the El Faro newsroom gathered to review a spreadsheet with reporters’ names and the dates their phones were infected. They noted the corresponding reporting that may have been compromised. “The general mood in the newsroom had been, yeah, of course, we’re being surveilled. We just don’t know how,” Gressier, who attended the meeting virtually, recalled. “And then this was just, like, all right, well, now we’re starting to get a trail of receipts.”

To ease the tension, the reporters jokingly ranked one another in terms of who had been surveilled most extensively. “You could see the small faces of people in the video call furiously texting jokes, like ‘Oh, I beat you. I’m more interesting than you,’ ” recalled Nelson Rauda Zablah, a reporter who covers national politics and cryptocurrency. But Zablah, like several of his colleagues, also recalled being afraid: “I was just wanting the meeting to end to start going into my agenda and my phone, see, where was I, what was I doing. And I spent, like, the whole afternoon, maybe way into night, doing that.” Gavarrete added, “Just the feeling that someone can break into your life, have this kind of software that can follow all your steps—it’s intimidating.”

Unlike many of his colleagues, Gressier hadn’t received the warning from Apple. “Maybe I’m in the clear,” he recalled thinking. When he saw the dates of the hackings, he realized that they coincided with the days he suspected that he was being surveilled. “The hacks sort of confirmed my gut suspicions,” he told me.

The reporters’ inquiries ultimately revealed a systematic campaign of espionage against targets throughout El Faro. Some of the targeted individuals were monitored dozens of times. “The person in charge of sales was hacked, people in management were hacked, and even the general manager—people who do not have roles in any way related to journalism were hacked,” Daniel Reyes, the chief technology officer, recalled. “It was astonishing.” In January, 2022, the reporters published their findings, undertaking the uncomfortable work of reporting on themselves. “We are journalists. We don’t expect to be the victims,” Gavarrete said. “We don’t expect to be the story.” Dada added, “When we finally published it, I realized what it meant for me personally. I had to take a shower because I felt so invaded and so dirty that people have been living with me without me knowing.”

In recent weeks, the El Faro journalists have grappled with the decision of whether to join what may prove to be protracted and bruising litigation. Several told me that they felt that the prospect of transparency was worth it. “What I really want to know is: Where is our information? Who has it?” Gavarrete told me. “Because, at some point, they are going to use it.”

This June, Gressier published a column in El Faro disclosing his sexuality, a difficult step in light of his Mormon upbringing. In the piece, he wrote that he had been motivated by “the possibility that my sexuality could be used as a weapon against me.” He now lives in another Central American country, and, like the other hacked El Faro journalists, still reports on the Salvadoran government’s abuses. Last month, in the living room of the apartment he shares with a roommate—and with both of our phones turned off—Gressier told me that he chose to join the suit against NSO Group in part because he was tired of the lack of accountability for the spyware attacks. “Part of the role of this type of spyware is also to intimidate,” he said. “It’s, like, we don’t only want to get information from you, we also want to let you know that nowhere is safe. And we also want you to feel corralled, and in a corner. We want you to feel like your sources aren’t safe.”

After our interview, he went to his bedroom, a tidy, austere room with a mattress and a narrow wooden desk from which he files his pieces. He was reporting a new story about the Bukele regime releasing gang leaders from prison in secret deals. He had repeatedly called a hospital where gang leaders were covertly taken, and received mostly hostility and hang-ups. Gressier kept trying. “Ready to play some cat and mouse?” he said. Then he turned on his phone and prepared to make another call. ♦

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW