Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

Back in 2014, Mexico became the first nation to pass a sugary-drinks tax, overcoming massive pushback from the soda industry. Big Soda resisted the tax for good reason—Mexico boasts the globe’s second-highest per capita soda consumption (trailing only Chile), and Coca-Cola and Pepsi together account for more than 60 percent of the market.

And now, in a strange twist, comes the revelation that several of the most prominent public-health experts who promoted the tax were targeted last summer by malicious spyware from NSO Group—”an Israeli cyberarms dealer that sells its digital spy tools exclusively to governments and that has contracts with multiple agencies inside Mexico,” reports the New York Times.

The attacks came in the form of text messages from unknown numbers with compelling but fake appeals to click infected links: stuff like, “your daughter has been in a serious accident,” with a purported link to a hospital. Once the link is clicked and the phone is hacked, the spyware can “trace a target’s every phone call, text message, email, keystroke, location, sound and sight,” even capturing “live footage off their cameras.”

The cyberattacks, which occurred during the summer of 2016, came just as the researchers were engaged in an ultimately failed campaign to double the tax, the Times notes.

At this point, the source of the attacks is unclear. A spokesperson for ConMéxico, Big Soda’s powerful trade group in the country, told the Times that the industry had no knowledge of the hacks, adding that “frankly, it scares us, too.”

NSO Group, for its part, claims it sells its spyware only to governmental law enforcement agencies, and maintains “technical safeguards that prevent clients from sharing its spy tools,” the Times reports, adding that an NSO spokesman “reiterated those restrictions in a statement on Thursday, and said the company had no knowledge of the tracking of health researchers and advocates inside Mexico.”

While NSO Group says its spyware is designed to be used by governments to track terrorists, criminals, and drug lords, these revelations don’t mark the first time these tools have been turned on other targets, according to the Times: “NSO spyware was discovered on the phone of a human-rights activist in the United Arab Emirates and a prominent Mexican journalist in August.” That journalist, investigative reporter Rafael Cabrera—who has broken several embarrassing stories about President Enrique Peña Nieto—was the target of an unsuccessful hacking attempt with NSO software last year.

So just as Mexico has emerged as a policy laboratory for reducing soda consumption, it is also demonstrating some pretty innovative tools for keeping tabs on anti-soda agitators. And delivering an important reminder: Think hard before you click on a link texted to you from an unknown number, no matter how compelling the story is.

Read more: 

Text Messages Might Be the New Way Hackers Try to Steal Your Info