There’s a disturbing possibility that the Mexican government, the soda industry, or some combination of both used spyware to harass health advocates who support Mexico’s soft-drink tax. According to a new report by Citizen Lab, an outfit at the University of Toronto that investigates hacking, somebody harassed them — it’s just a question of who, although logic would dictate a pretty short list.
The New York Times says that right as this group was fighting last year to increase the soda tax, the world’s first when it passed in 2014, the attackers targeted them with “an invasive form of spyware” purportedly only sold to governments. Basically, the hackers would text an outrageous claim of some sort (like that one of their children had been in an accident, or “evidence” of an affair), then urge the recipient to click a link that would infect the phone with spy tools, allowing this mystery infiltrator to “trace a target’s every phone call, text message, email, keystroke, location, sound and sight.” That included hijacking the camera and secretly recording footage.
The spyware was developed by an Israeli cyberarms dealer called NSO Group that the Times says “has contracts with multiple agencies inside Mexico.” That’s suspicious, and then the timing is seemingly pretty coincidental as well: One week after the advocates held a news conference launching their campaign to double Mexico’s 10 percent tax (the effort’s not been successful yet), they started getting the weird, spyware-infected texts.
To date, Big Soda has reportedly spent more than $67 million just to halt America’s budding anti-soft-drink movement. Mexico is Coke’s biggest market as a matter of per-capita consumption, and one of the ways the soda maker responded to the tax in 2014 was to pledge Mexico another $8 billion worth of investments. Big Soda’s industry group down there, ConMéxico, swears it wasn’t them playing dirty: “This is the first we’re hearing of it,” its director told the Times. “And frankly, it scares us, too.” A senior researcher with Citizen Lab says the hacks, regardless, are “one of the most brazen cases of abuse we have ever seen.”