Pegasus spyware found on phone of Mexico’s Ayotzinapa investigator
Pegasus has been found on the cellphones of Alejandro Encinas, the undersecretary for human rights in Mexico’s Government Ministry, and at least two other people in his office, according to three people briefed on the matter, who spoke on the condition of anonymity because of the sensitivity of the case.
Citizen Lab, a digital research center at the University of Toronto, confirmed the presence of the malware on Encinas’s phone via a forensic audit last year, according to one of the people. Citizen Lab declined to comment, as did Encinas. The hack was first reported by the New York Times.
President Andrés Manuel López Obrador said Encinas had informed him that his phone had been bugged. But at his daily news conference on Tuesday, the president downplayed the high-tech attack and said he didn’t believe the army was at fault.
The surveillance is particularly striking because Encinas and López Obrador have been close allies for decades since rising in prominence together as members of Mexico’s leftist opposition. When López Obrador became president in 2018, he tasked Encinas with investigating one of Mexico’s most notorious scandals: the disappearance of 43 young men studying at a teachers college in Ayotzinapa in 2014. In a report last August, Encinas blamed the police, the armed forces and civilian officials, as well as drug traffickers, for the disappearances and what he called a subsequent coverup.
Encinas’s office has also led a probe into the disappearances of hundreds of people in the 1960s and 1970s during the military’s “Dirty War” against a left-wing insurgency.
López Obrador had promised to investigate and finally reveal the truth about those dark episodes in Mexican history. “There will be no impunity,” he said in December 2018, when he created a truth commission on the Ayotzinapa case. But he has increasingly come to rely on the military for a host of high-priority tasks, from combating drug traffickers to building airports and a new tourist train in the Yucatán.
“This seems like the most dangerous chapter of the Pegasus story in Mexico,” said Kate Doyle, a senior analyst at the National Security Archive. “If the Mexican military is spying on one of the president’s top aides without his knowledge, then the Mexican military is operating outside of civilian control.”
Ángela Buitrago, a member of an international body of experts that has spent eight years investigating what happened to the missing Ayotzinapa students, said the surveillance of Encinas and his team was “a sign of the deterioration of the freedoms and guarantees of democracy.”
López Obrador said Tuesday that he had assured Encinas he wasn’t a government target. “I told him not to worry, since there was no intention of spying on anyone,” the president told reporters. Pressed on whether the military was behind the surveillance, López Obrador said no. He noted the Defense Ministry itself was targeted last year by a mysterious hacker’s group that calls itself Guacamaya.
The Defense Ministry, in a message to The Washington Post, declined to comment.
Mexico has a long history of political espionage, with federal and state officials eavesdropping on their rivals, opposition parties and others. But the use of Pegasus has been particularly notorious in recent years.
Amnesty International, Citizen Lab and Mexican nongovernmental organizations found signs of the spyware on the phones of 26 Mexican journalists, activists and politicians between 2015 and 2017. In 2021, the Pegasus Project, a consortium of 17 news organizations around the world including The Post, discovered further abuses.
The U.S. Commerce Department last year blacklisted the Israeli-based NSO Group, which licenses Pegasus.
López Obrador had pledged to end political spying. His administration has said the attorney general’s office and CISEN, the domestic spy agency, no longer use Pegasus. But revelations by a coalition of Mexican digital rights groups indicate the military might have continued to use the technology.
Last year, the coalition published documents — some hacked from the Defense Ministry, others obtained through Freedom-of-Information requests — revealing that the army had acquired a “remote monitoring service” in 2019 from a company that reportedly had the sole authorization to provide Pegasus to the Mexican military.
This year, the coalition made public more hacked documents indicating the military was spying on the phone of a human rights activist in the border city of Nuevo Laredo who had been investigating alleged army abuses. The phone of the activist, Raymundo Ramos, was subsequently found to have been surveilled with Pegasus. The coalition reported that two human rights lawyers representing the parents of some of the Ayotzinapa students had discovered their phones were infected by Pegasus last year.
Another document hacked from the Defense Ministry and reviewed by The Post showed that as of last August, the army had a team of analysts tasked with monitoring the “intervention of private communications.” The document was previously reported on by local news outlet El Sur.
“There is ample evidence that the military has used Pegasus against human rights defenders, journalists and now even officials who are investigating human rights violations carried out by the armed forces,” the Mexican digital rights group R3D said in a tweet on Tuesday. “We condemn the government’s complicit silence on military espionage.”
López Obrador has defended the military’s surveillance activities, saying it has targeted organized crime groups and hasn’t pursued journalists or opposition politicians. “They carry out intelligence activities, not espionage,” he said Tuesday. The military has said it used Pegasus only from 2011 to 2013.
The NSO Group says it limits the licensing of Pegasus to governments and does not operate the spyware. It says its technologies have helped prevent terrorist attacks and broken up rings trafficking in drugs and sex.
Encinas told The Post in 2021 that he had been the target of government spying for decades, dating to the 20th century, when Mexico was an authoritarian one-party state. To do phone surveillance, he noted, security forces need a judge’s order — something they often failed to get.
“In every case in which we learn of espionage, no one has been punished,” he said. “I think we are quite lacking in terms of investigations, to end the impunity associated with these types of practices.”
There was no indication that this latest case would be any different. Asked Tuesday whether there would be an investigation into the Pegasus attacks, López Obrador said no.
“The thing is,” he said, “we don’t spy.”