Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
Hey, it's Al, and today is the last
0:04
episode of our rebroadcast of Mississippi
0:07
Goddamn. We got a whole slate
0:09
of original shows coming your way this
0:11
fall, and we need your support now
0:14
more than ever. See, Reveal
0:16
is a non-profit. That means we
0:19
can prioritize investigating what
0:21
the public needs to know. It also
0:23
means that we depend on listeners like
0:26
you. To show your support
0:28
for non-profit investigative journalism
0:30
that holds the powerful
0:32
accountable,
0:33
please donate today. Visit
0:36
revealnews.org slash donate.
0:38
Again, that's revealnews.org
0:40
slash donate. Thank
0:43
you.
0:51
This episode is brought to you by Progressive Insurance.
0:54
Whether you love true crime or comedy, celebrity
0:56
interviews or news, you call the shots
0:59
on what's in your podcast queue. And guess what?
1:01
Now you can call them on your auto insurance, too, with the
1:03
Name Your Price tool from Progressive. It
1:05
works just the way it sounds. You tell Progressive
1:08
how much you want to pay for car insurance, and they'll
1:10
show you coverage options that fit your budget. Get
1:12
your quote today at Progressive.com
1:15
to join the over 28 million drivers
1:17
who trust Progressive. Progressive Casualty
1:19
Insurance Company and Affiliates. Price
1:21
and coverage match limited by state law.
1:28
From the Center for Investigative Reporting and PRX,
1:31
this is Reveal. I'm Al Edson.
1:34
This past decade has been brutal for
1:37
journalists. Around the globe, more
1:39
than 500 reporters and media
1:41
workers have been killed in the line of
1:43
duty according to the Committee to
1:46
Protect Journalists. One of the most
1:48
notorious cases was Jamal Khashoggi.
1:50
An explosive new report this morning. The
1:53
Washington Post. Turkish officials have
1:56
audio and video recordings
1:57
of the gruesome murder of Jamal Khashoggi.
2:00
Jamal Khashoggi inside the
2:02
Saudi Arabian consulate in Istanbul. After
2:05
Khashoggi's murder came another disturbing
2:08
revelation. A joint investigation
2:10
has revealed evidence suggesting
2:12
spyware was used to monitor those
2:14
in his inner circle before
2:16
and even after his death. Researchers
2:19
believe the cell phones of Khashoggi's
2:22
wife and friends were infected with
2:24
Pegasus, a military-grade
2:26
surveillance software. It can copy
2:28
your messages, harvest your photos, and
2:31
even record you by controlling your phone's
2:33
own camera and microphone. Pegasus is
2:35
probably the most advanced piece of spyware
2:37
ever developed. It is effectively the most
2:40
invasive form of surveillance imaginable. This
2:43
summer, Khashoggi's widow filed
2:45
a lawsuit against the Israeli company that
2:47
makes Pegasus, the NSO group.
2:50
NSO has denied its software
2:52
was used to target Khashoggi, and
2:54
they say Pegasus is only
2:57
sold to governments for tracking and capturing
2:59
criminals and terrorists. But over
3:01
the years, many confirmed targets
3:03
of Pegasus have not been criminals
3:06
or terrorists. They're human rights activists,
3:08
scholars, journalists. Today
3:12
we're partnering with the podcast series Shoot
3:14
the Messenger, produced by Exile Content
3:17
Studio. Scientists Rose Reed
3:19
and Nando Villa investigate
3:21
how Pegasus was weaponized to
3:24
go after an entire newsroom. Reporters,
3:27
editors, photographers, accountants, all
3:30
working in one of the most dangerous countries
3:32
in the Western Hemisphere, El Salvador.
3:37
Carlos Dada is an award-winning
3:39
journalist who for more than two decades
3:42
has run the newsroom of Alfaro,
3:44
based in the capital San Salvador.
3:46
It's an online media that
3:48
turns 25 years old this year,
3:50
which means we were born
3:53
before Google,
3:54
we were born in a country
3:56
where
3:57
not many people had access
3:59
to the internet. internet in 1998
4:02
and we started it just as an experiment.
4:06
Here we are. El Faro is a special
4:08
newsroom because it was the first exclusively
4:11
digital newspaper in Latin America. In
4:13
English, El Faro means the lighthouse.
4:16
Known for its investigative reporting,
4:19
El Faro has been referred to as,
4:21
quote, a breakthrough digital newspaper
4:24
blazing an independent and ethical
4:26
trail in Central America.
4:28
I think that we were able to attract
4:31
a very talented
4:33
generation of Salvadoran journalists,
4:36
all children of the post-war.
4:40
When Carlos references the war, he's talking
4:42
about El Salvador's civil war in the 1980s and
4:45
early 90s. The
4:49
12-year conflict pitted a leftist guerrilla coalition
4:52
backed by Cuba against the government and
4:54
far-right paramilitary groups, which
4:56
received more than a billion dollars in
4:58
military support from the U.S. The
5:00
Reagan administration in Washington is backing
5:03
the government drive with arms, money and
5:05
advisers.
5:06
It's estimated that more than 75,000 civilians
5:10
were killed.
5:11
Nearly a quarter of the Salvadoran population
5:14
moved to the U.S. The devastating
5:16
effects of the conflict lasted
5:19
for decades, and El Faro
5:21
has reported on all of that, including
5:24
government corruption and gang violence.
5:26
We do long-featured
5:28
stories that deal with
5:30
violence, with organized crime,
5:32
with corruption, with human
5:35
rights violations and with politics.
5:39
Carlos and his colleagues are no stranger
5:42
to threats. Over the years,
5:44
police have made unofficial visits to the newsroom,
5:47
unidentified people in unmarked cars
5:49
showing up unannounced to the El Faro offices
5:52
to intimidate its journalists. We've
5:54
received messages from organized
5:57
crime. We've received real
5:59
threats from public officers. Gangs
6:02
publicly said that if it was up
6:04
to them we should not exist. We
6:07
have been harassed in the form of
6:09
physical harassment of having strange
6:12
people standing out
6:15
of our homes. We have
6:17
received drones standing
6:19
by our windows.
6:23
And it wasn't just outside
6:25
his windows. Carlos says one
6:27
time a drone actually flew
6:30
into his apartment. It hovered
6:32
for about a minute in his living room
6:34
and then darted away. Because
6:38
they've been operating in such a dangerous
6:41
environment for so long, Carlos's
6:44
team takes extra precautions when
6:46
they're working with their
6:46
sources.
6:48
They're careful with how they communicate
6:50
with each other. And they pay attention when
6:52
something seems a little off.
6:54
In 2021, reporter
6:57
Julia Gavirate noticed something
6:59
was off with her brand-new iPhone.
7:02
I started having a lot of problems. For
7:04
example, the battery was
7:05
very, very loved in
7:08
a short time. And an app
7:10
that she relied on to make encrypted
7:12
calls with her sources wouldn't
7:15
open. The
7:16
phone was overheating and
7:18
the screen started turning off or
7:20
opening apps that she was not opening.
7:22
We were just having this sensation
7:25
of that someone was
7:26
reading or someone was in our phones
7:29
but we never thought about
7:31
Pegasus.
7:33
Julia's phone was
7:35
eventually sent to Citizen Lab. It's
7:38
a digital watchdog group that essentially
7:40
tracks human rights violations on
7:43
the internet.
7:44
The lab had been aware that
7:46
something was up in El Salvador.
7:49
There was something going on with Pegasus there.
7:51
John Scott Raleton is a senior researcher
7:53
with Citizen Lab, which is based at
7:55
the University of Toronto's Munk School.
7:58
A lot of their work focuses on the
7:59
on tracking mercenary spyware
8:02
like Pegasus.
8:04
It's not uncommon for us as researchers
8:06
to know that Pegasus spyware might be being
8:08
used in the country, but to have really no
8:11
idea of who those victims are. And the problem is if you just
8:13
go hunting for those people, you're looking
8:15
for needles in a stack of needles.
8:18
John texted Julia. They
8:20
had found Pegasus on her iPhone. He
8:22
was, you know, overwhelming.
8:25
It starts thinking about, okay, I'm not target
8:28
right now. But the thing was, it's
8:30
obvious that it's not only
8:32
me. There are more people here that
8:34
are targeted as well. They
8:37
then started to put the pieces together
8:39
of what was happening, not just
8:41
with Julia, but with her colleagues too.
8:44
There is a pattern to Pegasus
8:46
cases, which is if you find one in
8:48
a given country, you're probably gonna find
8:50
a lot more.
8:51
Well, since they kept asking for more phones,
8:54
we sent all the phones.
8:56
And when researchers took a closer
8:58
look, John says there
9:00
was something different about how Pegasus
9:03
was being used on El Faro.
9:05
It was just like, can that be right?
9:07
I've never seen anything like that.
9:09
It was that they were really targeted
9:12
just in a radical
9:14
manner.
9:15
It's not something that we'd seen before. In anything like
9:17
this volume or this number of cases.
9:20
Cities and lab were so impressed
9:22
by our case. We thought, well, maybe this
9:25
is really big. This is something extraordinary. And
9:28
that's what it was.
9:31
Since the initial discovery
9:34
of Pegasus, we've been on this journey
9:36
to try to understand where it
9:39
is, how it's evolving, who
9:41
the
9:42
customers are, where the targets
9:44
may be. John
9:46
has worked with Citizen Lab for the past decade
9:49
and has been tracking Pegasus since 2016. That's
9:53
when they made their first discovery of a Pegasus
9:55
infection on the phone of a human
9:57
rights activist from the United Arab Emirates.
10:00
named Ahmed Mansour. He's been
10:02
in prison since 2017.
10:04
That journey has kind of continued unbroken
10:07
since those first findings around Ahmed
10:10
Mansour. And that approach gave
10:12
us a trail of digital breadcrumbs that
10:14
we continue to follow to this day.
10:18
Pegasus is the most sophisticated
10:20
spyware made to date. It
10:23
can bypass any encryption because
10:25
it uses a loophole in a phone's software
10:27
to be a hidden but active parasite.
10:31
The NSO group, the company behind Pegasus,
10:34
has said Mexican authorities use their product
10:36
to help capture the drug lord Joaquin Guzman,
10:39
better known as El Chapo, by tapping
10:41
the phones of people in his inner circle. But
10:44
Citizen Lab has confirmed journalists
10:46
have also been targeted. One
10:49
of the components of our work, of course,
10:51
is this constant effort to
10:53
try to understand where Pegasus
10:56
is located in cyberspace,
10:58
whereas the data that's being taken from phones
11:01
going.
11:02
In some cases, our research
11:04
has been able to determine clusters
11:07
of servers that belong to, we
11:09
could say, a single deployment, and then try
11:11
to understand where in the world the infections
11:14
are that are talking to that
11:16
cluster.
11:18
Pegasus allows an operator in one country
11:20
to steal information from phones in
11:22
multiple countries. In Alfaro's
11:25
case, the hackers seem to be close
11:27
to their target.
11:29
Back in 2020, we
11:31
observed an operator that appeared to
11:33
be involved in El Salvador. So
11:36
this means there's a Pegasus operation
11:38
going on in El Salvador. By the
11:40
next year, we were investigating these cases.
11:46
When the Alfaro journalists learned that
11:48
Julia Gavarrete's iPhone was inspected
11:51
with Pegasus, they suspected
11:53
the Salvadoran government was behind
11:55
the attack. The government
11:58
has denied the use of Pegasus But
12:00
as we've heard, harassment of the media
12:02
by the government is hardly new. Carlos
12:05
has covered the terms of six different
12:07
Salvadoran presidents. And some
12:10
of those administrations have tried to
12:12
intimidate or silence independent
12:14
press in El Salvador or
12:16
just make their business difficult.
12:18
In the form of legal
12:20
harassment,
12:21
we are the subject of
12:24
four different
12:26
tax audits.
12:28
Harassment has intensified
12:30
during this administration
12:32
of President Nayib Bukele. Bukele
12:37
was elected president in 2019 at the age of 37. He
12:41
has a beard, wears skinny jeans, leather jackets,
12:43
and backwards baseball caps. He
12:46
once described himself on Twitter as the
12:48
world's coolest dictator. Fluent
12:51
and prolific on social media, he has said
12:53
that Instagram posts can be more important
12:55
than assembly floor speeches. Bukele
12:58
has led a brutal campaign to crack down
13:00
on gangs, which, since El Salvador's
13:02
civil war, have been a powerful force.
13:11
This is Bukele describing his war on gangs
13:13
and corruption in a speech to the nation in June.
13:18
He boasted about opening a mega prison,
13:20
possibly the world's largest. During
13:22
his tenure, more than 65,000 people
13:25
have been arrested for being suspected gang
13:27
members. Before becoming
13:29
president, he was a city mayor, and
13:31
El Fado was one of the few Salvadoran outlets
13:33
to cover his unconventional race for president,
13:36
as Bukele ran outside the two main political
13:39
parties. Mainstream media in El
13:41
Salvador will not cover his
13:44
political messages or his political
13:46
conferences. We did. By
13:49
that time, he was only talking to us
13:51
because we were the only ones willing to talk
13:53
to him. As soon as he became
13:55
president, we started reporting
13:58
on his government.
13:59
In Vucalli's first year in office, he
14:02
began to work on consolidating his
14:04
power. In February of 2020, he
14:07
was trying to push through a loan of $109 million for military equipment
14:12
and was meeting resistance from Parliament.
14:14
After speaking for half an hour, the President
14:17
went into the Legislative Assembly. He
14:19
said he would give the members of the Parliament another week
14:21
to approve this loan. And he said if
14:23
they didn't do that, he would return to
14:25
the Assembly.
14:27
A few weeks later, lawmakers were
14:29
in session.
14:30
Heavily armed police and soldiers
14:33
arrived to occupy El Salvador's
14:35
Parliament building. Soldiers entered
14:37
El Salvador's Parliament as the President
14:40
demanded lawmakers approve a $109
14:43
million loan to equip the military
14:45
and police to fight against violent
14:47
gangs.
14:48
He entered Congress followed
14:50
by soldiers armed like
14:53
four conflict to threaten
14:55
the congressmen that he was
14:58
going to sack them that day. He
15:01
didn't in the end.
15:02
He prayed to God sitting in the chair
15:05
of the President of Congress and
15:07
he left the place and he talked
15:09
to the crowd outside Congress and he
15:11
told the crowd,
15:12
God asked me for patience. I
15:18
said, God, I'm not going to pay for patience, but
15:21
I'm going to work for the president. The
15:24
President was
15:24
pushing Congress, which he didn't get
15:26
control, to approve the loan.
15:29
And Congress was asking for more information
15:31
about it. And
15:33
then what he did was to threaten Congress
15:35
that he was going to stage a coup d'etat
15:37
against Congress.
15:39
Not long after Bucalli threatened a
15:41
coup, El Salvador held parliamentary
15:44
elections.
15:44
He won the majority.
15:54
And on the first session of the new Congress
15:56
that he controlled,
15:57
Congress dismissed.
15:59
from Supreme Court justices
16:02
or judges, which is, of course, unconstitutional.
16:05
And that's how Bukele got in
16:07
control of all the institutions
16:09
of the state.
16:11
El Faro pressed on with their coverage
16:14
of Bukele's power grab and the
16:16
harassment intensified. In
16:19
November of 2020, the president criticized
16:22
El Faro on Twitter saying,
16:24
quote, they say they do independent
16:27
and truthful journalism. At least
16:29
the pamphlets are good for ripening avocados
16:32
or cleaning up after pets. And
16:35
this tweet, quote, El Faro
16:37
and friends have become a website with
16:39
opposition content. If there was any
16:42
journalism left there, it's gone.
16:45
Bukele is not only the president, he's the most
16:47
popular president
16:49
in the whole Western hemisphere.
16:51
He has around 85%
16:52
of popular support.
16:55
When a president
16:58
with that traction,
17:00
with that huge percentage of followers,
17:03
which that divisive speech
17:06
declares you a public enemy, that
17:09
means that a lot of that 85% of the people
17:13
will believe him,
17:15
will believe that we are not publishing
17:21
the truth because the truth is what the government
17:24
says.
17:25
All of this raises some questions.
17:28
If Bukele's propaganda machine is so
17:31
powerful and if he enjoys genuine
17:33
popular support, why
17:35
bother spying on journalists? And
17:38
is there any way to figure out if
17:40
Bukele's government really was
17:43
behind the Pegasus attack?
17:49
One of the reasons Pegasus is so
17:51
powerful is because it's very
17:53
hard to trace an attack back to
17:55
the source. But in this case,
17:58
the hacker left behind some important clues. That's
18:01
up next on Revealed.
18:18
I may sound biased
18:19
here, but I think our stories
18:21
are pretty great. And if you're
18:23
listening to this, I have a feeling that, well, you
18:26
might agree. Have you ever
18:28
been left wanting even more? Revealed's
18:31
newsletter goes behind the scenes. Reporters
18:34
describe how they first found out about
18:36
these stories and the challenges they face
18:38
reporting them. Plus, recommended
18:41
reads and more. Subscribe now
18:43
at RevealedNews.org slash newsletter.
18:53
From the Center for Investigative Reporting in PRX,
18:56
this is Reveal. I'm Al Letzen.
18:59
We're following the spread of a virus,
19:01
a human-made information virus.
19:04
Pegasus is spyware, develops
19:07
to help governments crack into smartphones to
19:09
target drug traffickers and terrorists. But
19:12
Pegasus has also been used against
19:15
journalists, activists, and scholars. And
19:17
in the case of the Alfaro newspaper in El Salvador,
19:20
an entire newsroom. Rose
19:23
Reed and Nando Villa from the podcast
19:25
series Shoot the Messenger are tracking
19:27
the efforts to figure out who was behind
19:29
the attack. In
19:32
the months after Citizen Lab found Pegasus
19:35
on the phone of Alfaro reporter Julia Raborrete,
19:37
the newspaper was facing direct and public
19:40
attacks from President Naive Bukele.
19:43
In trying to connect Bukele's government to the
19:45
phone hack, there was some unique
19:48
evidence. Once again, this is Citizen
19:50
Lab's senior researcher, John Scott
19:52
Railton.
19:59
this infection to a cluster
20:02
of servers that we were monitoring. What's
20:04
interesting about the El Salvador case is we did have
20:07
one case
20:09
where we were able to connect
20:12
one of the infections
20:13
to an operator.
20:15
That case involved an El Faro
20:18
reporter named Carlos Martinez.
20:21
Researchers caught a spyware attack on Carlos's
20:24
phone. The technical term is intermission,
20:27
and they caught it as it was happening,
20:29
in real time.
20:31
We were able to discover that
20:34
there was a failed exploit attempt
20:36
on his device, and we connected that
20:38
failed exploit attempt to the operator that we
20:41
called Torogoz, which had been pretty
20:43
much exclusively targeting within El Salvador.
20:46
They saw the operator live
20:49
in Carlos Martinez's phone. That
20:51
allowed them to geolocate
20:54
the operator. And to no surprise,
20:56
it's based in El Salvador. That's
20:59
who was operating Pegasus in our
21:01
phone.
21:02
Which further adds to the
21:04
suggestive evidence pointing at the likelihood that
21:07
the El Salvadorian government may be the operator
21:09
in this case. With each infection,
21:12
you can kind of hear like a ching in
21:14
the background. As you imagine, the process
21:16
of analyzing the data, the process of targeting
21:18
the person, all of these other pieces it
21:21
would have had to go into it. I imagine just reams
21:23
and reams and reams of paper and documents authorizing
21:26
and requesting infections again and again and again
21:28
and again. And then reports generated
21:30
based on that material.
21:32
The NSO Group, the Israeli company
21:34
behind Pegasus, insists it
21:36
only sells to government agencies like
21:38
security and intelligence services.
21:41
Since Pegasus is classified by Israel as
21:43
a cyber weapon, the NSO Group is
21:45
required to get government approval for
21:47
every sale. It works like a subscription
21:50
service. Countries use a portal and depending
21:53
on the package are allotted a specific number
21:55
of targets. The idea is
21:57
the more you pay, the more targets you get.
22:00
But NSO is very protective about the
22:02
intricacies of their deals. Carlos
22:04
Dada says that makes it all the more difficult
22:06
to figure out who was spying on his
22:09
newspaper. Since
22:12
NSO keeps such a secrecy over
22:15
who they sell Pegasus to, the
22:18
government of El Salvador has
22:20
been able to say it's not ours. Most
22:24
of the time, hacks with Pegasus are
22:26
a single hit, largely because
22:28
of how expensive it is to use. The
22:31
person operating it will break into a phone,
22:33
take a copy of everything and get out. But
22:36
that was not the case with the El Fado hack.
22:39
I'm pretty accustomed to looking
22:42
at the readouts and the number
22:44
of infections that we show when we do an
22:46
analysis. And again
22:48
and again, the results
22:51
from the El Fado would literally fill my
22:53
screen with cases with numbers
22:55
of infections. It was that they were really
22:58
targeted 10, 20, 30, 40 times the same individual. This
23:02
was obsessive every day, constantly
23:05
hacking and rehacking every time this person would restart
23:07
its phone.
23:08
That's really intense.
23:12
In my case, out of a year and a half,
23:14
Citizen Lab says the information
23:16
might have lasted 167 days. That's
23:21
not only getting into your phone, sucking the
23:23
information, that's living with you. Basically,
23:26
I had someone living in my phone next to me, turning
23:28
on the microphone, turning on the camera, knowing
23:31
where I was going and who
23:33
I was meeting with. It
23:36
was more surprising that even people from the
23:39
accounting department, from the managing
23:41
part of the El
23:43
Fado, was also
23:46
contaminated with
23:48
Pegasus,
23:49
which lets you know the
23:51
scope of these intromisions and
23:54
the amount of money they spent
23:57
to find out everything about
23:59
it. our operation and about every
24:02
single one of us.
24:03
It wasn't just one or two people at
24:05
this news organization. It was like somebody
24:07
had done a core sample through the entire organization,
24:10
monitoring people left and right. Journalists,
24:12
editors, publishers, the work.
24:15
Citizen Lab uncovered a total
24:17
of 226 infections detected on 22 members of Alfaro
24:24
over the course of a year.
24:26
We try to get people informed very
24:28
quickly. There
24:29
are times when I will go to sleep knowing
24:31
that the next day I'll have to talk to some people and give them
24:33
some tricky news.
24:35
People often want to know. People
24:38
are relieved to learn that they
24:40
have been hacked. I
24:42
think for a lot of people, it is also
24:45
clarity and truth in
24:47
a scenario where those things are hard
24:50
to come by.
24:54
After the hack was discovered, Carlos
24:57
met with his newsroom to talk about what
24:59
this meant for them personally and
25:01
for their sources.
25:03
Our lifestyle was already different. Everybody
25:06
knew what was going on inside Alfaro. We
25:08
have a very solid team in that sense. I
25:12
felt that my first obligation was
25:15
letting everybody know that
25:18
the healthiest decision would be to leave
25:20
to quit Alfaro and that
25:23
I didn't want anyone to stay
25:26
because they felt some kind of obligation.
25:28
I have been very insistent
25:31
about that. Some people left
25:34
and we all let them
25:36
know they were entitled to that
25:38
and that that was a normal thing.
25:42
But if you wanted to stay, you
25:44
should know that silence is
25:46
not an option. So we
25:48
are not going to let these things
25:51
silence us while we are working
25:53
here.
25:54
You had said that
25:56
people who work at Alfaro that our lives
25:58
are already different. What does
26:00
that mean? How are your lives different working
26:02
at Alfaro?
26:03
I think our public life, meaning
26:06
going out to
26:08
parties, to public places,
26:11
has already diminished a lot.
26:13
Let me give you a good example.
26:15
One day after a tough
26:18
night in HealthWife, I,
26:21
in the morning of Saturday,
26:24
I went to the pharmacy. I think it
26:26
was 8 a.m. to get medicine.
26:28
And I buy a couple
26:31
of Gatorades.
26:32
Fifteen minutes later, the press secretary
26:35
was tweeting a photo of the
26:37
drugstore where I went, saying, Carlos Dada
26:39
was just here,
26:40
buying five Gatorades.
26:43
That's the size of his hangover.
26:45
Let's hope he didn't rape any
26:47
women yesterday night. That's
26:50
the kind of things that were happening.
26:53
The most important thing to the reporters
26:55
at Alfaro was what this would mean
26:57
for their
26:57
sources,
26:58
the people who risked their jobs,
27:01
their careers, and even their
27:03
safety to share with them critical
27:05
pieces of information and evidence about
27:08
Bukele's administration and possible
27:11
corruption.
27:12
We talk to a lot of sources
27:15
every week, so it's impossible
27:17
to talk back to all the sources
27:20
that we have dealt with during
27:23
all the time that turned out that we were being
27:25
tagged with Pegasus. We
27:28
asked cities in lab for the date
27:30
of the information into everybody's
27:33
phones, and we crossed this
27:35
information with our news cycles.
27:38
When they looked at the points in time when their phones were
27:41
being targeted, they noticed something
27:43
startling, that the hacks often
27:45
coincided with their stories on corruption
27:47
and Bukele's deals with gangs.
27:50
There was this nexus of timing
27:53
between reporting on corruption
27:55
and reporting on negotiations with
27:58
murderous gangs like MS-13.
27:59
and some of that targeting.
28:26
He
28:30
was also negotiating with the 18th Street
28:33
Gang, which is the other big
28:35
gangs. Those
28:37
were two big red dots when
28:39
we crossed the data.
28:42
What we have were videos, photography,
28:45
and official paperwork from
28:47
the prisons where the leaders were taking out
28:50
or where government officers would visit
28:52
to talk to them. That proved
28:55
that Bo Kelly had been negotiating with them, and
28:57
that's what explained the
28:59
reduction of the homicide rate in the country.
29:04
El Faro published their article about
29:06
President Bo Kelly's negotiations
29:09
with MS-13 on September 3, 2020.
29:13
The article outlined how Bo Kelly was making
29:15
an alliance and brokering deals
29:18
with the leaders of MS-13 to
29:20
reduce silence in exchange for favors,
29:23
better prison conditions, and the
29:25
release of high-ranking gang leaders from
29:27
prison.
29:29
A few weeks later, Bo Kelly struck
29:31
back. He announced El Faro was
29:33
being investigated for money laundering.
29:40
During the month the article was published,
29:43
at least one El Faro employee
29:45
was surveilled with Pegasus every
29:47
single day. The data indicated
29:49
a strong link between Pegasus infections
29:53
and the newspapers
29:53
corruption investigations.
29:56
Carlos says many of El Faro's findings
29:58
were substantiated earlier this year
30:01
in U.S. court as part
30:03
of an investigation into MS-13's
30:05
transnational operations.
30:07
The United States Justice
30:09
Department presented an indictment
30:13
in New York in a federal court against 13
30:17
members of the MS-13
30:19
gang where they detailed the negotiations
30:23
between the gang and President
30:25
Bukele's administration.
30:28
According to this indictment, they
30:30
were negotiating in exchange for
30:33
economic benefits, for
30:35
territorial control, and
30:37
for the refusal of the Bukele administration
30:40
to extradition
30:43
requests from the United States. We
30:46
in the end also knew and published
30:48
that some Bukele administration
30:51
officers personally took
30:53
out of prison MS-13
30:56
leaders and drove them to
30:58
the border with Guatemala. So
31:01
these are the kind of stories we were publishing
31:03
during this cycle.
31:05
What do you think that the people behind
31:07
the attack were looking for?
31:09
My first impression is that they want to
31:11
know who we're talking to.
31:13
They want to know who our sources are, who
31:15
we meet with,
31:16
because
31:17
we've been publishing inside information
31:19
in
31:20
the last years and that's how we found out
31:22
about Bukele's deals with the gangs,
31:25
that's how we found out about some corruption scandals.
31:27
You can imagine the risk for those people.
31:30
So that's my first impression that they wanted to go
31:32
after that. But as we've seen that
31:34
happened to journalists in other orthocratic
31:37
ruled countries, they are looking
31:40
for
31:41
intimate images that
31:43
they can blackmail the reporters with or
31:45
discredit them by handing
31:48
them to the public.
31:51
We knew that in El Salvador it's hard
31:53
to be a journalist, but now you
31:56
have to be stronger
31:58
if you want to make the right decision.
31:59
the type of work that we are doing.
32:02
When it comes to the Pegasus infections at El Faro,
32:05
reporter Julia Raborite was patient
32:07
zero. And she says it got
32:09
under her skin. It affected her mental
32:11
health. She felt paranoid. She
32:14
had to change the way she lived and worked.
32:17
You have to take care of your sources,
32:20
or you have
32:20
to take care of the information that someone
32:22
shared with you. You have to take care of your
32:24
own family. We keep
32:27
analyzing our devices
32:30
just to check if we are
32:32
still victims of Pegasus. But there
32:34
are more. I mean, Pegasus
32:36
is not
32:37
the only program that they can
32:39
use.
32:40
For John Scott Reilton from Citizen Lab, he's
32:43
seen Pegasus used in all sorts of ways
32:45
by governments trying to stop the press or
32:47
to attack human rights defenders. Maybe
32:50
it's used purely strategically, right? They don't
32:52
want to
32:53
do anything that would show that they have it. And
32:55
so instead, they try to use it to frustrate
32:58
the designs or plans or activities of an
33:00
organization. Maybe in other
33:02
cases, it's going to be used to blackmail people. Or
33:04
maybe it'll be used to try to discredit people. Think
33:06
about all the things that you do on your phone. And
33:09
then imagine what would happen if all
33:11
of those things were dumped out on the table. Think
33:14
about what they might do in your personal life
33:16
and your work life.
33:17
That kind of creativity, unfortunately,
33:19
is the stock and trade of security
33:21
services and authoritarian or repressive regimes.
33:26
We saw in the killing of Saudi journalist
33:29
Jamal Khashoggi that Pegasus has been
33:31
connected to murder investigations. Carlos
33:34
Dada knows this firsthand. In 2017,
33:38
his good friend, Mexican investigative
33:40
reporter Javier Valdez, was shot dead
33:43
in his hometown of Culiacal. Javier
33:46
Valdez investigated corruption and drug
33:48
cartels, the same kind of work
33:50
El Faro does. And police
33:52
investigations have revealed he was killed
33:55
for his reporting. Citizen
33:57
Lab discovered something more, that
33:59
his widow... was targeted with Pegasus
34:01
within weeks of his murder.
34:03
Javier Valdez was a character.
34:08
He was not a Mexican journalist. He was
34:10
Javier Valdez. There's no one like him. With
34:13
a marvelous pen to describe,
34:15
in a very literary way, the horrors
34:18
of drug trafficking and its
34:20
consequences in a place like Sinaloa,
34:23
in Mexico.
34:24
He was exceptional as a journalist,
34:27
but his ultimate fate
34:29
was not exceptional among
34:31
Mexican journalists.
34:33
But again,
34:35
also Mexico is not an exceptional place.
34:37
It may be the worst, if not
34:39
one of the worst places to do journalism, but
34:42
not the only one
34:43
where journalists are being killed.
34:46
The commonality in these countries
34:48
is a level of impunity,
34:50
which
34:51
allows criminals to think
34:53
we can kill a journalist
34:55
and we won't pay the consequences.
35:00
In January, 2022, Carlos,
35:03
Julia, and their colleagues prepared
35:06
to publish an article about how Alfaro's
35:08
newsroom was targeted by Pegasus.
35:11
They wanted to share with the world the scale and
35:14
intensity of the attack
35:17
and warn their sources.
35:19
I told my family, I told
35:22
my girlfriend, I told some of my friends.
35:26
This is what happened. You should know from me before you know
35:29
from her publication at Alfaro.
35:31
I was alone in my house,
35:35
just waiting for the moment that
35:38
everything was going to be released. And
35:40
yes, I was scared a little bit. We
35:43
were telling our own stories. It
35:47
was the first time that I
35:49
worked on something like that.
35:52
We don't use the talk and we don't like the talk
35:55
ourselves. It's
35:56
a horror. It's like we're telling ourselves that
35:58
we have to be able to do this.
35:59
and the Salvador, for a systematic
36:02
experience with software and Israeli Pegasus.
36:06
We became the story,
36:08
which is very uncomfortable for journalists.
36:11
We tell other people's stories. When
36:15
we published the story that we
36:17
had been infected with Pegasus, we felt
36:19
the obligation to run an editorial, which
36:22
was titled, To Our Sources.
36:25
Basically telling our sources we have done anything
36:28
in our hands to protect you.
36:30
So take your own measures, just know
36:32
what is happening. And of course what
36:34
happened the day after is that no one else wanted
36:36
to talk to us anymore. And it
36:39
has taken a long time to
36:41
construct systems
36:44
of communication with sources that
36:46
are safe.
36:49
Carlos says that it was only after
36:51
they published the article about the Pegasus
36:53
attack that he had the time to
36:55
think about all the personal consequences.
36:59
I felt like so invaded that
37:02
the only thing that I felt
37:04
that I needed to do was get into the
37:06
shower and open it. I needed to like clean
37:09
myself from something very dirty. They
37:12
have all my photos. They have all my
37:14
videos. They have the photos of my
37:17
dear ones.
37:18
They have been listening to
37:21
my conversations in my
37:24
apartment with my girlfriend,
37:26
with my friends, with my not so
37:28
friendly friends. They have been living
37:31
with me
37:32
for many, many days.
37:37
Today the staff at Alfaro remain
37:40
dedicated and they found new
37:42
ways to communicate safely. It
37:44
makes their work more difficult, more
37:47
tedious. They often have to travel
37:49
within El Salvador and outside
37:51
the country to work effectively
37:54
and be safe.
37:56
We are going back and
37:58
forth. going out and going
38:01
back in. Some of them have spent
38:03
months
38:04
out of the country and then they go back. We
38:08
are trying to measure
38:10
the risks
38:11
week by week. These
38:14
people are at such risk. And
38:17
clearly, even though they knew that they were at risk
38:19
at the time, there were risks that they didn't
38:21
fully understand, these digital risks. And
38:24
that made me angry. It made me angry because
38:27
I thought that the work that they were doing was critically
38:29
important. So the world would understand what was going
38:31
on in El Salvador. And yet there was
38:33
this digital subversion going
38:35
on on their devices, trying to make it really
38:38
dangerous for them to do trust healing and
38:40
to talk to sources.
38:43
Pegasus is just one
38:45
element of the harassment and
38:47
attacks against independent presidents in
38:49
El Salvador.
38:50
They passed a law
38:52
criminalizing publication
38:54
about gangs that can bring
38:57
a reporter or a publisher or an editor
39:00
up to 15 years in prison
39:02
for publishing a story about gangs
39:05
with the clear intention of silencing us
39:08
who were publishing book-alette secret negotiations
39:10
with gangs.
39:11
Since we decided that silence is not
39:13
an option,
39:14
when we publish a story about gangs,
39:17
we have faced the need to
39:19
take those reporters out of the country
39:22
for some time. Pegasus
39:24
is just another means that
39:27
this government has to attack
39:29
and harass independent press, but far
39:31
from the only one.
39:36
Coming up, what the Pegasus hack
39:38
of El Faro means for the free press around
39:41
the world. Think about what
39:43
happened to El Faro as a canary
39:45
in the coal mine. It is highlighting
39:48
what happens when an unaccountable
39:50
government gets its hand on a powerful
39:53
surveillance tool. It will
39:55
be abused. You're listening
39:57
to Reveal.
40:16
If you like what we do and you want to help, well
40:19
it's pretty simple. Just write us a review
40:21
on Apple Podcast. It's
40:23
easy and only takes a few seconds. Just
40:26
open the Apple Podcast app on your phone, search
40:28
for reveal, then scroll down to where
40:30
you see write a review. And
40:33
there, tell them how much you love
40:35
the host. Your
40:37
review makes it easier for listeners to
40:39
find us. And it really does make
40:41
a difference. And if you do it, you
40:43
will get a personal thank you from me. Like
40:45
right now. Like thank you. Not
40:48
him, not you. Yes, you.
40:51
Thank you so much. Thank you, thank you, thank you, thank you, thank you. Thank
40:54
you. Thank you, thank you, thank you, thank you. All right.
41:04
From the Center for Investigative Reporting in PRX,
41:07
this is Reveal. I'm Al Ledson.
41:10
When Pegasus was developed, it was marketed
41:13
secretly to intelligence agencies
41:15
as a tool for tracking terrorists and
41:17
drug traffickers. Its creators have
41:19
said that sometimes that necessitates
41:22
spying on innocent people. Pegasus
41:25
is the NSO Group's former CEO,
41:27
Shalef Julio, on 60 Minutes, talking
41:29
about how Pegasus helped authorities
41:32
in Mexico capture Joaquin Guzman,
41:34
aka El Chapo.
41:37
They had to intercept a journalist,
41:39
an actress, and a lawyer. Now
41:42
by themselves, they, you
41:44
know, they're not criminals, right? But
41:47
if they are in touch with a drug
41:49
lord, and in order to catch them, you
41:52
need to intercept them. Okay, so
41:54
let's assume that in the right hands, Pegasus
41:58
can help catch the bad guys.
41:59
But in the wrong hands, well, we've seen
42:02
what happened at El Faro and around the globe.
42:05
Traces of Pegasus have been discovered
42:07
on the phones of journalists, human rights activists,
42:10
and politicians. Some of the people spied
42:12
on were either killed or put in prison, but
42:15
to this day, no one knows the
42:17
full story of Pegasus. With
42:19
me to talk about all of this is Shoot
42:22
the Messenger co-host Rose Reed.
42:24
Hey Rose.
42:25
Hey Al, it's great to be here.
42:27
So I gather that one of the many
42:29
frustrations for El Faro and other
42:32
media outlets goes beyond the extensive
42:34
spying and the damage it's caused.
42:37
Yeah, it's really about the total
42:39
lack of accountability for all
42:41
of this. You know, as we mentioned, El Salvador
42:44
has denied using Pegasus. And
42:46
since NSO Group's contracts protect
42:49
the identity of its customers, we
42:51
can assume it's the government of Naibukkali,
42:54
but we don't have exact confirmation.
42:57
Although we did learn that Citizen
43:00
Lab saw in real time
43:02
an operator in El Salvador
43:05
targeting a journalist at El
43:07
Faro. So no one has been
43:09
held accountable in El Salvador for these
43:11
hacks. What else can a media
43:14
organization like El Faro do? Well,
43:16
there's one thing El Faro has done.
43:18
They've teamed up with the Knight First Amendment
43:20
Institute at Columbia University, and
43:23
they are actually suing the NSO
43:25
Group. Their case says
43:27
the attacks violated the Computer
43:30
Fraud and Abuse Act, which is an anti-hacking
43:33
statute that dates back to the 80s. And
43:36
the act itself does say that it
43:38
can extend beyond US soil.
43:41
And I think what's really interesting about this case
43:43
is that if Carlos Dada and
43:46
the 17
43:47
other folks in the newsroom who have sued
43:49
the NSO Group, if they win, the
43:52
client of the NSO Group who targeted
43:55
them will
43:55
be revealed.
43:57
With such intrusive spyware like
43:59
this,
43:59
They can't be the only ones suing the
44:02
NSO group. That's right.
44:03
The legal cases against the NSO group are
44:06
mounting. We mentioned at the top
44:08
of the show that the widow of Jamal Khashoggi
44:10
has filed legal action. There's
44:13
another lawsuit on behalf of META and
44:15
specifically WhatsApp. They alleged
44:18
that Pegasus was used to exploit
44:20
a bug in WhatsApp and target more than 1,400 people.
44:24
That also included activists and journalists. And
44:27
most importantly, Apple is
44:30
suing the NSO group. Apple is saying
44:32
that the NSO group violated
44:35
their infrastructure
44:36
to target these people. And
44:38
that's actually how Pegasus works.
44:41
The whole idea about Pegasus is that it
44:43
finds an exploit in either your iPhone
44:45
or your Android. NSO
44:47
has asked the courts to dismiss
44:50
these cases. The courts have
44:52
not ruled in their favor. So
44:55
it's possible that these cases will
44:57
proceed. And why is that important?
44:59
NSO's business model relies
45:02
on secrecy. And that means keeping
45:05
all of their clients, aka
45:07
governments, countries hidden.
45:10
If the case proceeds and
45:12
moves to court,
45:14
something called the discovery
45:15
phase begins. And
45:17
discovery could bring a lot of
45:20
problems for the NSO group because their
45:22
contracts, documents, emails,
45:25
phone calls, text messages
45:28
could all be subpoenaed. If
45:31
Carlos Dada and Alfaro win their
45:33
lawsuit against the NSO group and
45:35
the client is revealed, it
45:38
would create a strong deterrent for countries
45:40
around the world from using Pegasus and
45:42
spyware like it because they couldn't
45:45
assume protection and secrecy.
45:49
I hear all these stories and see all
45:51
the research has been compiled. It's
45:53
really hard for me to accept the NSO's
45:55
claims that Pegasus isn't involved
45:58
in these attacks.
45:59
One thing I wonder a lot about too, and I
46:02
think a lot of people have given this a lot of thought,
46:04
and you know, there's evidence that Citizen
46:07
Lab and other research groups have collected
46:09
that's really compelling, that Pegasus
46:12
is involved. Now, the executives
46:14
at the NSO group have declined to speak with
46:16
us, but in their defense they've
46:18
said that Pegasus is classified as a cyber
46:21
weapon. So every sale has
46:23
to be approved by the Israeli government.
46:26
Its contracts with other governments and intelligence
46:29
agencies have all kinds
46:31
of restrictions. And so NSO
46:33
also says if a government abuses
46:35
their software and targets
46:38
illegitimate targets, that they're cut off as
46:40
clients. This is Omri Lavi,
46:43
one of NSO's co-founders,
46:44
speaking in an interview that
46:46
was posted on YouTube. We do
46:48
everything within our power to
46:51
prevent and make sure that this
46:53
technology is not misused. We're
46:55
taking the regulation that
46:57
is put on our shoulders and
46:59
taking it even further by having
47:02
our own regulatory leaps and bounds and committees
47:05
and people involved that try and prevent
47:07
as much as possible misuse
47:09
of this technology. But I
47:12
just want to add that nothing
47:15
will ever be 100%.
47:17
He says nothing will ever be 100%, but
47:20
that's quite a caveat when you're talking
47:22
about spyware this powerful. And
47:25
it makes me wonder, how would the
47:27
NSO know if a government
47:29
is violating terms of their contract? Does
47:32
the NSO require its clients to
47:34
reveal the identity of a potential
47:36
target or are these
47:38
just rogue operations?
47:40
Yeah, I think this is where the NSO group
47:42
has really tripped up because
47:45
they basically have said conflicting
47:48
messages. On one hand, they say,
47:50
you know, we do a lot of due diligence
47:53
and we really investigate
47:55
our clients before we sign them onto a contract.
47:58
And they've also said, we...
47:59
We don't know exactly who our
48:02
clients are targeting. We give them
48:04
a portal and they're the ones who are
48:06
operating it. And they don't have control
48:09
over what their clients are doing.
48:12
So basically, you could sum up their
48:14
business model as, trust
48:16
us, we'll investigate. But
48:18
they don't want to give a definitive statement
48:21
on how involved they are with the
48:23
targeting and infections with
48:25
their customers. And I think
48:28
what's really important
48:28
for us to remember is that the
48:30
abuses are still proliferating.
48:35
The NSO group has become so
48:37
controversial, it's been blacklisted by
48:39
the Biden administration, but it's
48:41
also hugely profitable.
48:43
That's right. The co-founders, Shalav
48:45
Julio and Omri Lavi, when they started out
48:47
in the mid 2000s, cybersecurity
48:50
was a budding industry, you
48:53
know, measured in the millions. And
48:55
today, the cyber warfare industry and
48:57
the mercenary companies that support it
49:00
represent more than $43 billion. And
49:03
those are just the reported numbers. Bloomberg
49:06
projects that there are more than 200 companies
49:09
in this space. And the NSO
49:11
group is just one of the most famous
49:14
or infamous.
49:15
Okay, so let's say the lawsuits
49:18
are successful and Pegasus is eventually
49:20
shut down. Even how much money
49:22
is at stake? Could this kind of technology
49:25
just find a new life in some other form?
49:28
People who have thought deeply about this say that
49:30
Pegasus is just a first iteration,
49:34
like so much of how technology evolves,
49:37
so does something like Pegasus. I mean, we've even
49:39
seen it go from one click to
49:41
zero clicks. So I think
49:44
that we're already seeing this
49:46
kind of evolution happen.
49:48
I think a lot about what John Scott
49:51
Reilton from Citizen Lab had to
49:53
say about how the NSO group
49:55
was trying to market Pegasus.
49:58
Think about what happened.
49:59
to El Faro as a canary in
50:02
the coal mine. It is highlighting
50:04
what happens when an unaccountable
50:06
government or unaccountable security
50:08
service gets its hand on a powerful
50:11
surveillance tool. It will
50:13
be abused. We are seeing early
50:16
cases, high-risk places, places
50:18
with maybe, you know, security services
50:21
that are not as good at hiding their tracks. But
50:23
that's not where this ends. It ends in a
50:25
police department near you, and that should
50:27
concern
50:28
all of us.
50:32
So I think the key word
50:35
is vigilance for all of us.
50:38
We need to be vigilant about the nexus, the
50:40
close connections between private industry
50:43
and the government, especially in
50:45
the area of technology. We can't simply
50:47
trust what any government tells
50:49
us, because we've seen how
50:52
some of this advancing technology
50:53
can pose direct threats to democracy
50:56
in places where democracy is struggling or
50:59
where it's under threat to keep it
51:01
that way.
51:03
Rose, thanks so much for talking to me.
51:06
It's a pleasure, El. Thank you for having me.
51:09
Rose Reed is a co-host and executive
51:11
producer of Shoot the Messenger, a podcast
51:14
from Exile Content Studio and PRX.
51:20
So we just heard about how spyware like Pegasus
51:22
continues to evolve. And as
51:24
we're finishing this show, as if on cue,
51:27
there was some news. Citizen Lab
51:29
reported that Pegasus found a new way
51:31
to take over an iPhone through its messaging
51:34
app. No clicks. Pegasus just
51:36
took control. The reported
51:38
target of the hack was a person
51:40
working at an international NGO
51:43
based in Washington, D.C. Apple
51:46
quickly responded with an emergency software
51:48
update. We know the Alfaro
51:51
newspaper is just the tip of
51:53
the iceberg when it comes to Pegasus.
51:55
For deeper dive, you can binge the entire 10
51:58
episode series. murder,
52:01
and Pegasus spyware. That's on
52:03
Shoot the Messenger. Find it anywhere you
52:05
get your podcasts. This
52:13
week's show was produced by Michael Montgomery and Steven
52:15
Rascone. Michael also edited the
52:17
show. Special thanks to Nando Villa, Sabine
52:20
Jansen, Gail Reed, Carmen
52:22
Graderol, Isaac Lee, and the entire
52:24
team at Exile Content Studio. Thanks
52:27
also to the Committee to Protect Journalists.
52:30
Nikki Frick is our fact checker. Victoria Baranetsky
52:32
is our general counsel. Our production manager
52:35
is Zulema Cobb. Score and sound
52:37
designed this week by Pachi Quinones.
52:40
With help from Jay Breezy, Mr. Jim Briggs,
52:42
and Fernando Mamayo Arruda.
52:44
Our CEO is Robert Rosenthal. Our COO
52:47
is Maria Feldman. Our interim executive
52:49
producers are Taki Telenides and Brett Myers.
52:51
Our scene music is by Kamarato, Lightnin.
52:54
Support for reveals provided by the Reeve and David
52:56
Logan Foundation. The Ford Foundation,
52:58
the John Dee and Catherine T. MacArthur Foundation,
53:00
the Johnson-Logan Family Foundation, the Robert
53:03
Wood Johnson Foundation, the Park Foundation,
53:05
and the Hellman Foundation. Reveal is
53:07
a co-production of the Center for Investigative Reporting
53:09
and PRX. I'm Al Letzen,
53:12
and remember, there is always more to
53:14
the story. From
53:33
PRX.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More