The Mexican government purchased a controversial type of spying software, which is supposed to be used for anti-terrorism surveillance, and deployed it against a team of human rights lawyers looking into the disappearance of dozens of students.
The allegations, set out in a New York Times report, provide more grist for critics who fear governments are abusing so-called “spyware,” which uses a person’s phone or computer to track their activities.
The spyware in question, known as Pegasus, is directed at iPhones and is activated if a target clicks on a link sent by text message. If the recipient clicks on the link, the spyware records every bit of activity on the device—it can even control the phone’s microphone and camera—and relays it to the snooper.
In the case of Mexico, the Times reports the spyware was used as a broader campaign to harass and interfere with the team of international human rights investigators as they sought to find 43 students, who had disappeared in 2014 after clashing with police:
The main contact person for the group of investigators received text messages laced with spyware known as Pegasus, a cyberweapon that the government of Mexico spent tens of millions of dollars to acquire, according to an independent analysis. The coordinator’s phone was used by nearly all members of the group, often serving as a nexus of communication among the investigators, their sources, the international commission that appointed them and the Mexican government…
The effort to spy on international officials adds to a sweeping espionage offensive in Mexico, where some of the country’s most prominent journalists, human rights lawyers and anticorruption activists have been the targets of the same surveillance technology.
The company that sells the spyware is an Israeli outfit called NSO group. The firm says it only sells its hacking tools to governments, and only on the condition they are deployed against criminals and terrorists. But as the Mexico case suggests, it can be hard to ensure the spyware is used for its stated purpose.
Get Data Sheet, Fortune’s technology newsletter.
As a researcher from the digital rights group Citizen Lab told the Times, his team is “finding people targeted with NSO spyware almost wherever we look in Mexico.”
Citizen Lab and the security firm Lookout discovered the Pegasus spyware last year when unknown hackers attempted to install it on the iPhone of an activist in the Middle East.
In response to the initial Pegasus reports, Apple scrambled to fix the software flaw that allowed hackers to take over its phones. Currently, Pegasus no longer works so long as iPhone owners have installed routine software updates. But it’s likely firms like NSO group are peddling similar spyware tools that rely on yet-undiscovered bugs.
