El Salvador: Pegasus spyware used against journalists

Amnesty confirms 35 cases of journalists and members of civil society whose phones were infected with Pegasus, the notorious spyware from Israeli surveillance company NSO Group

joint investigation by Access Now, an organisation defending digital rights of users at risk globally and the Citizen Lab, an organisation that studies digital threats to civil society has identified the use of NSO Group’s notorious Pegasus spyware against journalists and members of civil society organisations in El Salvador.

Technical experts from Amnesty International’s Security Lab have peer-reviewed the report and independently verified forensic evidence showing that Pegasus has been misused in the country.

Erika Guevara-Rosas, Amnesty International’s Americas Director, said:

“The use of Pegasus for the surveillance of communications in El Salvador reveals a new threat to human rights in the country.

“The authorities must stop any efforts to restrict freedom of expression, and conduct a thorough and impartial investigation to identify those responsible.

“It’s unacceptable that reports of harassment and threats against journalists and human rights defenders, who work in a hostile environment and are at serious risk, are becoming more and more common in El Salvador.

“This investigation shows that, yet again, the Pegasus spyware continues to be abused in the world to unlawfully surveil journalists on a massive scale even after the groundbreaking revelations of the Pegasus Project.

“So far, not enough has been done globally to rein in unlawful targeted surveillance. We urgently need governments to implement a global moratorium on the sale, transfer, and use of spyware until human rights regulatory safeguards are in place.”

Censorship on freedom of expression

Since El Salvador’s President Nayib Bukele took office in 2019, the human rights situation in the country has deteriorated swiftly.

Last November, it became known that several journalists and members of civil society organisations had received an alert from the tech company Apple warning them that they were possibly being subjected to targeted surveillance by “state-sponsored attackers”.

Amnesty Security Lab analysing data

Technical data from a sample of individuals identified as Pegasus targets in the joint Access Now and Citizen Lab investigation was analysed by Amnesty’s specialist Security Lab. This sample included multiple journalists from two media outlets. The forensic analysis confirmed that each device was successfully infected with NSO Group’s Pegasus spyware. The earliest evidence of compromise from the sampled devices was on or around 30 July 2020. Signs of compromise or attempted targeting continued as recently as 15 November 2021.