Juan Carlos García was arrested on Nov. 1 by Mexican federal police for infecting a journalist’s mobile device with Pegasus in order to access her communications data, in what authorities are calling an undermining of freedom of expression.
García is the first individual in Mexico arrested for accessing another person’s communications with the NSO Group’s spyware.
Although the journalist in question is not named, Carmen Aristegui, a highly-regarded investigative reporter from Mexico, said that the tapping of her phone back in 2015 and 2016 is part of the case, according to The Washington Post.
Pegasus has become renowned for its ability to inconspicuously infect a person’s mobile device and give the perpetrator free access to the victim’s calls, texts, emails, and location.
It is even capable of activating the infected phone’s camera and microphone at the perpetrator’s discretion. Essentially, the software can turn any phone into a live mobile spying device.
Reportedly, Aristegui said that her phone was compromised by Pegasus in 2015 after she and her colleagues broke a story on a real estate scandal involving then-Mexican President Enrique Peña Nieto’s wife, according to The New York Times.
As a result of her investigative work, both Aristegui and her son - who was a minor at the time - discovered that their phones had been infected.
NSO Group, creator of the Pegasus spyware, has stated that it vets its clientele carefully, only giving access to government, intelligence, and law enforcement agencies who will use it to combat terrorism, investigate serious crimes, and deter threats to national security.
García, however, reportedly does not work for the Mexican government, but a private firm that NSO licensed to use Pegasus, according to The Washington Post.
NSO has generated significant controversy following multiple international investigations that exposed how its clients used Pegasus to illegally monitor journalists and activists worldwide, rather than fight crime.
In response, the Israeli surveillance firm stated that it does not have access to the data of its customers.
Despite their claims of innocence, international investigations have resulted in the group now having to defend themselves in court.
On Monday, a U.S. circuit court denied NSO’s motion to claim “foreign sovereign immunity” for how their clients use their spyware, in a lawsuit brought against them by WhatsApp.
And earlier this month, American authorities blacklisted the Israeli surveillance firm outright for actions deemed to have threatened U.S. national security and enabled foreign governments to conduct transnational repression.