Pegasus (2023) follows the thrilling, worldwide investigation into one of the most powerful and insidious pieces of cyber surveillance software known to date. Beginning with a massive data leak to a small, independent news outlet, it tells the story of how Pegasus came to be, the hundreds of innocent individuals who have had their privacy taken away by it, and the global team of reporters and editors who risked everything to bring the story to light.
Introduction: Follow the journalists who uncovered the truth behind the greatest cyber security threat the world has ever seen.
Think about your smartphone. This small device is, in a very real sense, an extension of your own mind. It stores your photos and notes, like your mind stores memories. You use it for your most private and intimate conversations. It stays with you at all times – tracking your location.
You wouldn’t want someone reading your mind, so imagine if someone had complete access to your phone. Reading your messages as you receive them. Scrolling through your pictures. Secretly turning on your camera and microphone, to see and hear everything around you.
This is exactly what a government, organization, or even an individual can do when they infect your phone with Pegasus – the state-of-the-art cybersurveillance software developed and sold by Israeli company NSO.
If this software concerns you, you’re not alone. When details of this flagrant violation of privacy were brought to investigative journalists Laurent Richard and Sandrine Rigaud, it triggered a global and monthslong investigation. Here are the behind-the-scenes details of how that investigation started, and how the small team of journalists went about shining a light on one of the greatest cybersurveillance threats in history.
A leaked list set the Pegasus investigation in motion.
In 2020 a top-secret meeting took place in a small rented apartment in East Berlin. Laurent Richard and Sandrine Rigaud – investigative journalists from the independent French journalism network Forbidden Stories – were asked to turn off their phones, put them in the next room, and close the door.
These precautions might seem dramatic, but the hosts of the meeting – Claudio Guarnieri and Donncha Ó Cearbhaill from Amnesty International’s Security Lab – could take no risks with the data they were about to share.
They had a leaked list. On that list were about 50,000 private phone numbers which they believed had been selected as potential targets for the state-of-the-art cybersurveillance program, Pegasus. Someone wanted access to these phones, and they didn’t want the owners to know.
The existence of this technology wasn’t new information. The for-profit Israeli company which created it – NSO – claims that the software is only licensed to government agencies, for the purpose of fighting crime and terrorism. It’s easy to take down cartel leaders, drug smugglers and pedophiles when you have a copy of their phone.
However, as the journalists and tech experts began analyzing the list, they found a much darker truth. The phone numbers being targeted weren’t just for bad guys. Many were government officials. Academics. Human rights activists. Political dissidents. The largest group – with over 120 numbers – was journalists.
The implications of this were staggering to Laurent and Sandrine. If NSO’s clients were targeting innocent individuals, then the very nature of free speech and democracy were under attack.
The true danger of having access to this list – why the secrecy and disabled electronics – became apparent when they looked at a series of numbers selected by a Moroccan client, targeting members of the French government. One name in particular stood out: Macron. French president Emmanuel Macron.
If somebody had the audacity to spy on one of the most prominent leaders in the world, then there’s no telling what they would do to keep that secret.
The two journalists knew they had to bring this story to the public. Their mission was as clear as it was difficult: Turn the information on the list into hard evidence, while remaining hidden from one of the largest cybersecurity companies in the world, and their powerful clients.
The first steps of the investigation were slow, methodical, and cautious.
What do you do with a huge case and 50,000 possible leads around the world? Laurent and Sandrine proceeded methodically. Nothing was going to come from a list of phone numbers from an unidentifiable source – they needed to independently verify that those numbers had been targeted for Pegasus infection.
They kept the information within the small circles of Forbidden Stories and Security Lab at first – the more people who knew, the greater the risk of losing the element of surprise. Not even family members or loved ones could be told.
However, the scope of the task meant they would eventually need to expand their circle and reach out to journalists in other countries. The tech experts Claudio and Donncha set about developing a method of secure, encrypted communication which could be used by journalists collaborating on the investigation.
They also created a forensics tool, which could scrape someone’s phone for evidence of Pegasus. It was up to Laurent and Sandrine to convince one of the 50,000 targets to volunteer their private phone for testing.
That first volunteer came in the form of Jorge Carrasco, director of Mexican investigative publication Proceso. In 2016, while reporting on a group of businessmen linked to the infamous Panama Papers, he received a text message from an unknown number, claiming to link to an important memo from a reputed journalism website. He replied “Who is this?”, but wisely did not open the link.
But luckily for Laurent and Sandrine, he also did not delete the message.
When approached by the journalists asking for permission to analyze the data on his phone, Jorge was understandably cautious, but eventually consented. He was working with Forbidden Stories on a different project, and he trusted that Laurent and his team knew what they were doing.
The mysterious text message matched up perfectly with the data they had in the leaked list. This was the first validation of both the authenticity of the data as well as the ability of their forensic tools.
It was the first step in a long journey, but they knew they were on the right track.
By collecting evidence and collaborating with more journalists, the “Pegasus Project” took form.
On top of collecting and corroborating evidence, the project needed partners around the globe prepared to coordinate mass publication of the project findings at an agreed upon date.
In January 2021, during the height of the Covid-19 pandemic and the political unrest of the presidential inauguration, Laurent and Sandrine arrived in the US to enlist the help of the Washington Post. They already had the support of the large European news outlets Die Zeit, Süddeutsche Zeitung and Le Monde, but they knew having journalists in the States would be crucial for the project’s success.
The team revealed what they had found and expected to find regarding the data, and after a 20-minute discussion with Jeff Leen, the head of the Post’s investigative units, they had the resources and support of one of the largest news outlets in the U.S.
The following months involved investigating the data, and coordinating with partners about preparing their articles and making sure nobody revealed their hand before the designated publication date.
The confirmations of the data and evidence of Pegasus’s misuse continued to pile up. The Moroccan government spying on journalists. Attempts in Mexico to subdue protests and criticism of the president. Saudi Arabia spying on journalist Jamal Khashoggi’s relatives, shortly before he was assassinated.
Before the publication date, Laurent and Sandrine reached out to NSO with their findings, to allow the company to make a statement before the news hit. The initial reply was brisk and dismissive, accusing their sources of outright lying. Some news outlets were preemptively threatened by defamation lawyers. However, none of the responses addressed any of the project’s claims directly.
All the editors involved double checked that the language of their articles was clear and precise, and made no claims beyond the evidence gathered. They were ready to go live.
On July 18, 2021, right on schedule, the Pegasus Project was on the front page of seventeen major media outlets across ten different countries.
This summary have shown you the story behind the inception, development, and release of the “Pegasus Project.”
The following days were a whirlwind for Laurent, Sandrine, and all the partners involved. The Kingdom of Morocco attempted to sue Laurent and Sandrine for defamation, for the allegations of spying on the French government.
Meanwhile, the French government began threatening Laurent with legal action if he didn’t share the list and reveal the source. But journalistic ethics and integrity won out, and the source remained safe.
As for NSO, first they vehemently denied the allegations, defending the crime-fighting importance of their software, before eventually saying “enough is enough” and refusing to talk to the media. Eventually, sales of Pegasus dropped, and by mid 2022 it was obvious that the company was not going to recover.
In these days of cybersurveillance and invasions of privacy, it’s important to be vigilant about who is monitoring our activity, and what kinds of agendas they have. Thanks to the hard work of journalists like Laurent Richard and Sandrine Rigaud, these threats to privacy, dignity, and democracy will continue to be brought to the public light.
About the author
Laurent Richard is a Paris-based award-winning documentary filmmaker who was named the 2018 European Journalist of the Year at the Prix Europa in Berlin. He is the founder of Forbidden Stories, a network of investigative journalists devoted continuing the unfinished work of murdered reporters to ensure the work they died for is not buried with them.
For more than twenty years Laurent Richard has been conducting major stories for television. He is the author of numerous investigations into the lies of the tobacco industry, the excesses of the financial sector, and the clandestine actions of Mossad and the CIA.
Since its creation, Forbidden Stories has received numerous awards, including a prestigious European Press Prize, two George Polk Awards, and a RSF Impact Prize for the Pegasus Project, published in 2021.
Sandrine Rigaud is a French investigative journalist. As editor of Forbidden Stories since 2019, she coordinated the award-winning Pegasus Project and the Cartel Project, an international investigation of assassinated Mexican journalists. Before joining Forbidden Stories, she directed feature-length documentaries for French television. She has reported from Tanzania, Uzbekistan, Lebanon, Qatar, and Bangladesh.
Technology and the Future, History, Politics, Society, Culture, Nonfiction, Espionage, Science, Business, True Crime, Civil Rights, Law Enforcement, Social Aspects of Technology, Social Sciences, Privacy and Surveillance, Politics of Privacy and Surveillance, Privacy and Surveillance in Society
Table of Contents
Introduction / by Rachel Maddow
The List / Laurent
“I’m Counting on You to Finish It” / Laurent
First Steps / Sandrine
Plaza del Mercado
To Live and Die in the Free Market
“Closing the First Circle” / Sandrine
Limited Time and Resources / Laurent
“In a Positive Direction”
Three Days in March / Sandrine
“Lacking Due Respect to the King” / Laurent
“Fragile, Rare, and Necessary” / Laurent
“Some Things That You Have Missed Before” / Sandrine
The First Don’t
“New Techniques” / Sandrine
“A Very Important Line of Research” / Laurent
“It’s Not Just Me”
A Choice Between Interests and Values / Laurent
“This Is Going to Be Big” / Sandrine
“We’re Rolling” / Sandrine
“This Is Really Happening” / Laurent
Epilogue / Laurent.
Laurent Richard and Sandrine Rigaud’s Pegasus: How a Spy in Our Pocket Threatens the End of Privacy, Dignity, and Democracy is the story of the one of the most sophisticated and invasive surveillance weapons ever created, used by governments around the world.
Pegasus is widely regarded as the most effective and sought-after cyber-surveillance system on the market. The system’s creator, the NSO Group, a private corporation headquartered in Israel, is not shy about proclaiming its ability to thwart terrorists and criminals. “Thousands of people in Europe owe their lives to hundreds of our company employees,” NSO’s cofounder declared in 2019. This bold assertion may be true, at least in part, but it’s by no means the whole story.
NSO’s Pegasus system has not been limited to catching bad guys. It’s also been used to spy on hundreds, and maybe thousands, of innocent people around the world: heads of state, diplomats, human rights defenders, political opponents, and journalists.
This spyware is as insidious as it is invasive, capable of infecting a private cell phone without alerting the owner, and of doing its work in the background, in silence, virtually undetectable. Pegasus can track a person’s daily movement in real time, gain control of the device’s microphones and cameras at will, and capture all videos, photos, emails, texts, and passwords—encrypted or not. This data can be exfiltrated, stored on outside servers, and then leveraged to blackmail, intimidate, and silence the victims. Its full reach is not yet known. “If they’ve found a way to hack one iPhone,” says Edward Snowden, “they’ve found a way to hack all iPhones.”
Pegasus is a look inside the monthslong worldwide investigation, triggered by a single spectacular leak of data, and a look at how an international consortium of reporters and editors revealed that cyber intrusion and cyber surveillance are happening with exponentially increasing frequency across the globe, at a scale that astounds.
Meticulously reported and masterfully written, Pegasus shines a light on the lives that have been turned upside down by this unprecedented threat and exposes the chilling new ways authoritarian regimes are eroding key pillars of democracy: privacy, freedom of the press, and freedom of speech.
“Pegasus is an alarming and urgent book―an engrossing thriller about cybersurveillance software so sly and powerful that it can take over your cell phone without your knowledge. This is terrifying stuff. Richard and Rigaud reveal how authoritarian regimes can use Pegasus software to spy on dissidents, human rights activists, journalists―and virtually anyone with a mobile phone.” ―David Zucchino, Pulitzer Prize-winning author of Wilmington’s Lie
“Paced like a thriller, Pegasus reveals a manifested dystopia where repressive governments purchase digital bolt-cutters to break into the phones of their critics and adversaries. But it also details the power of investigative journalists to expose a 21st-century arms market whose wares are aimed at civil society.” ―Spencer Ackerman, Pulitzer Prize-winning journalist and author of Reign of Terror
“Paced like a thriller, this is an exposé of invasive malware, and a cautionary tale.” —The Economist
“The story of how investigative journalists exposed the frightening abuse of software that can infect your phone…It makes for absorbing reading…A celebration of journalism and hacking being used to unmask the bad guys.” —The Guardian
Video and Podcast
Read an Excerpt/PDF Preview
The call appeared urgent, in that it was coming at close to midnight Tel Aviv time, August 5, 2020, from somebody in senior management at the NSO Group. Cherie Blair, former First Lady of the United Kingdom, longtime barrister, noted advocate for women entrepreneurs in Africa, South Asia, and the Middle East, a prominent voice for human rights worldwide, was obliged to pick up the phone. Mrs. Blair had recently signed on as a paid consultant to the Israeli firm NSO to help “incorporate human rights considerations into NSO activities, including interactions with customers and deployment of NSO products.”
This was a delicate high-wire act, ethically speaking, because NSO’s signature product, cybersurveillance software called Pegasus, was a remarkable and remarkably unregulated tool—extraordinarily lucrative to the company (NSO grossed around $250 million that year) and dangerously seductive to its clients. Successfully deployed, Pegasus essentially owns a mobile phone; it can break down defenses built into a cell phone, including encryption, and gain something close to free rein on the device, without ever tipping off the owner to its presence. That includes all text and voice communications to and from the phone, location data, photos and videos, notes, browsing history, even turning on the camera and the microphone of the device while the user has no idea it’s happening. Complete remote personal surveillance, at the push of a button.
NSO insists its software and support services are licensed to sovereign states only, to be used for law enforcement and intelligence purposes. They insist that’s true, because—my God—imagine if it weren’t.
The cybersurveillance system the company created and continually updates and upgrades for its sixty-plus clients in more than forty different countries has made the world a much safer place, says NSO. Tens of thousands of lives have been saved, they say, because terrorists, criminals, and pedophiles (pedophiles is a big company talking point the last few years) can be spied on and stopped before they act. The numbers are impossible to verify, but the way NSO describes it, the upsides of Pegasus, used within legal and ethical boundaries, are pretty much inarguable. Who doesn’t want to stop pedophiles? Or terrorists? Who could be against it?
“Mission Control, we have a problem,” was the message Cherie Blair got from the call that warm summer evening in August 2020.
“It had come to the attention of NSO that their software may have been misused to monitor the mobile phone of Baroness Shackleton and her client, Her Royal Highness Princess Haya,” Blair explained in a London court proceeding some months later. “The NSO Senior Manager told me that NSO were very concerned about this.”
NSO’s concern appeared to be twofold, according to the evidence elicited in that London court. The first was a question of profile. Pegasus had been deployed against a woman who was a member of two powerful Middle Eastern royal families, as well as her very well-connected British attorney, Baroness Fiona Shackleton. Shackleton was not only a renowned divorce lawyer to the rich and famous—including Paul McCartney, Madonna, Prince Andrew, and Prince Charles—she was also herself a member of the House of Lords. Even more problematic for NSO, it was an outside cybersecurity researcher who had discovered the attacks on the baroness and the princess. If he’d figured out this one piece of how Pegasus was being used, what else had he figured out? And how much of this was about to become public knowledge?
The caller from NSO asked Cherie Blair “to contact Baroness Shackleton urgently so that she could notify Princess Haya,” she explained in testimony. “The NSO Senior Manager told me that they had taken steps to ensure that the phones could not be accessed again.”
The details of the late-night call to Blair and the spying on the princess and her lawyer didn’t really shake out into public view until more than a year later, and only then because it was part of the child custody proceedings between Princess Haya and her husband, Sheikh Mohammed bin Rashid Al Maktoum, prime minister of the United Arab Emirates and the emir of Dubai. The finding by the president of the High Court of Justice Family Division, released to the public in October 2021, held that the mobile phones of the princess, her lawyer, the baroness, and four other people in their intimate circle were attacked with cybersurveillance software, and that “the software used was NSO’s Pegasus.” The judge determined it was more than probable that the surveillance “was carried out by servants or agents of [the princess’s husband, Sheikh Mohammed bin Rashid Al Maktoum], the Emirate of Dubai, or the UAE.” The surveillance, according to the judge, “occurred with [the Sheikh’s] express or implied authority.”
The story of the princess, the baroness, and Pegasus might have faded into gossip columns and then into oblivion after a few weeks. A rich and powerful man used a pricey bit of software to spy on his wife and her divorce lawyer? Well, if you marry a sheikh and then cross him, you damn well might expect things to get weird. NSO also did a fairly nice job of cleanup on Aisle Spyware. The court finding pretty much accepted the word of NSO that it had terminated the UAE’s ability to use its Pegasus system altogether, at a cost to the company, the judge noted, “measured in tens of millions of dollars.” And maybe they did, but who can say.
A FUNNY THING happened on the way to that divorce court gossip column item, though. Because right around the time Cherie Blair got that call from Israel, a very brave source offered two journalists from Paris and two cybersecurity researchers from Berlin access to a remarkable piece of leaked data. The list included the phone numbers of not one or two or ten Emirati soon-to-be divorcees, or even twenty or fifty suspected pedophiles or drug traffickers. It was fifty thousand mobile phone numbers, all selected for possible Pegasus targeting by clients of that firm in Israel, NSO. Fifty thousand?
What exactly to make of that initial leaked list—that crucial first peek into the abyss—is a question that took nearly a year to answer, with a lot of risk and a lot of serious legwork to get there. The answer to the question matters. Because either this is a scandal we understand and get ahold of and come up with solutions for, or this is the future, for all of us, with no holds barred.
THIS BOOK IS the behind-the-scenes story of the Pegasus Project, the investigation into the meaning of the leaked data, as told by Laurent Richard and Sandrine Rigaud of Forbidden Stories, the two journalists who got access to the list of fifty thousand phones. With the list in hand, they gathered and coordinated an international collaboration of more than eighty investigative journalists from seventeen media organizations across four continents, eleven time zones, and about eight separate languages. “They held this thing together miraculously,” says an editor from the Guardian, one of the partners in the Pegasus Project. “We’ve got, like, maybe six hundred journalists. The Washington Post is maybe twice the size. And to think that a small nonprofit in Paris, with just a handful of people working for it, managed to convene a global alliance of media organizations and take on not just one of the most powerful cybersurveillance companies in the world but some of the most repressive and authoritarian governments in the world, that is impressive.”
In the daily back-and-forth of American news and politics—my wheelhouse—it is rare indeed to come across a news story that is both a thriller and of real catastrophic importance. Regular civilians being targeted with military-grade surveillance weapons—against their will, against their knowledge, and with no recourse—is a dystopian future we really are careening toward if we don’t understand this threat and move to stop it. The Pegasus Project saga not only shows us how to stop it; it’s an edge-of-your-seat procedural about the heroes who found this dragon and then set out to slay it. I have never covered a story quite like this, but Laurent and Sandrine sure have, and it is freaking compelling stuff.
The engine of the narrative you’re about to read is the risky investigation itself, from the minute these guys first got access to that leaked list in the last half of 2020 to publication in July 2021. But herein also is the story of the company NSO, its Israeli government benefactors, and its client states, which takes the reader from Tel Aviv to Mexico City to Milan, Istanbul, Baku, Riyadh, Rabat, and beyond. The company’s ten-year rise—from its unlikely inception, to its early fights with competitors, to its golden era of reach and profitability—reveals the full history of the development, the weaponization, and the mindless spread of a dangerous and insidious technology. “If you’re selling weapons, you better make sure you’re selling those to someone who is accountable for their actions,” one young Israeli cybersecurity expert says. “If you’re giving a police officer a gun and if that police officer starts shooting innocent people, you are not to be blamed. But if you’re giving a chimpanzee a gun and the chimpanzee shoots someone, you can’t blame the chimpanzee. Right? You will be to blame.” Turns out this story has armed chimpanzees up the wazoo. And a lot of innocent people shot at by the proverbial police, too.
Here also is the story of the other individuals besides Laurent and Sandrine who were entrusted with full access to the leaked data, Claudio Guarnieri and Donncha Ó Cearbhaill (pronounced O’Carroll), two young, incorrigible, irrepressible cybersecurity specialists at Amnesty International’s Security Lab. These men—one barely in his thirties, the other still in his twenties—shouldered incredible weight throughout the Pegasus Project. Against the most aggressive and accomplished cyberintrusion specialists in the world, Claudio and Donncha were charged with designing and enforcing the security protocols that kept the investigation under wraps for almost a full year and kept the source that provided the list out of harm’s way for good.
More than that, it was up to Claudio and Donncha to find the evidence of NSO’s spyware on phones that were on the list leaked to them by that brave source. The insidious power of a Pegasus infection was that it was completely invisible to the victim—you’d have no way to know the baddies were reading your texts and emails and listening in on your calls and even your in-person meetings until they used their ability to track your exact location to send the men with guns to meet you. For the Pegasus Project to succeed in exposing the scale of the scandal, the journalists knew they would need to be able to diagnose an infection or an attempted infection on an individual phone. Claudio and Donncha figured out how to do it. Working quite literally alone, these two took on a multibillion-dollar corporation that employed 550 well-paid cyberspecialists, many with the highest levels of military cyberwarfare training. To best that Goliath, these two Davids had to fashion their own slingshot, had to invent the methods and tools of their forensics on the fly. That they succeeded is as improbable as it is important, for all our sakes.
Here also is the story of the victims of Pegasus. Among them are those who hold enough power that you might expect they’d be protected from this kind of totalist intrusion—heads of state, high-ranking royals, senior politicians, law enforcement figures. And then there’s the people whom governments the world over have always liked to put in the crosshairs: opposition figures, dissidents, human rights activists, academics. Laurent and Sandrine rack focus tight on the group most represented in the leaked data, of course: journalists.
For me, the most unforgettable characters in this story are Khadija Ismayilova, from Azerbaijan, and Omar Radi, of Morocco. Their uncommon courage proves both admirable and costly. Their stories lay bare the awful personal consequences of challenging governments in an age of unregulated cybersurveillance, and the need for more people like them.
As antidemocratic and authoritarian winds gather force all over the world, it’s increasingly clear that the rule of law is only so powerful against forces hell-bent on eliminating the rule of law. If we’ve learned anything over the last five years, it’s this: there will be no prosecutor on a white horse, no flawless court proceedings where a St. Peter in black robes opens or closes the pearly gates based on true and perfect knowledge of the sins of those in the dock. Sometimes, sure, the law is able to help. But more often, the threat evades, outmaneuvers, or just runs ahead of the law in a way that leaves us needing a different kind of protection. Again and again, it falls to journalists to lay out the facts of corruption, venality, nepotism, lawlessness, and brutality practiced by the powerful.
The dangers of doing this kind of work are real, and growing. For all the prime ministers and royal soon-to-be-ex-wives and other high-profile targets that NSO clients hit, it is no surprise that Pegasus has been turned full blast on reporters and editors in order to harass, intimidate, and silence. If this antidemocratic, authoritarian nightmare can’t be safely reported upon, it won’t be understood. And if it isn’t understood, there’s no chance that it will be stopped.
WHERE’S YOUR PHONE right now? That little device in your pocket likely operates as your personal calendar, your map and atlas, your post office, your telephone, your scratchpad, your camera—basically as your trusted confidant. Matthew Noah Smith, a professor of moral and political philosophy, wrote in 2016 that a mobile phone “is an extension of the mind.… There is simply no principled distinction between the processes occurring in the meaty glob in your cranium and the processes occurring in the little silicon, metal, and glass block that is your iPhone. The solid-state drive storing photos in the phone are your memories in the same way that certain groups of neurons storing images in your brain are memories. Our minds extend beyond our heads and into our phones.”
Professor Smith was making the case back then for a zone of privacy that extended to our mobile phone. If the state has no right to access the thoughts in our head, why should it have the right to access the pieces of our thoughts that we keep in our mobile phone? We tell our cell phones almost anything these days, even things we aren’t cognizant of telling it, and use it as the conduit to offer the most intimate glimpses of ourselves. (See sexting.) If you believe your privacy is being secured by encryption, please read this book, and consider the fifty thousand people on that horror show list, who unbeknownst to them were targeted to unwillingly share every single thing that passed through their phones with people who only had to pay for the privilege.
That list of fifty thousand was just our first keyhole view of the crime scene. If they could do it for fifty thousand, doesn’t that mean they could do it for five hundred thousand? Five million? Fifty million? Where is the limit, and who is going to draw that line? Who is going to deliver us from this worldwide Orwellian nightmare? Because it turns out you don’t have to be married to the emir of anything to find your every thought, every footstep, every word recorded and tracked from afar. Turns out you just need to have a phone, and a powerful enemy somewhere. Who among us is exempt from those conditions?
Where did you say your phone is right now?
CHAPTER ONE THE LIST
Sandrine and I had been drawn to Berlin by the kind of opportunity you get maybe once in a lifetime in journalism—a shot to break a story that could have serious implications around the world. It felt kind of fitting that our taxi from the airport to the city center skirted within a few kilometers of the Stasi Museum, a complex that once housed the apparatus of the East German secret police, “The Sword and Shield of the State.” This investigation, if we decided to undertake it, would have to contend with swords and shields wielded by a dozen or more very defensive state actors and by a billion-dollar private technology corporation operating under the protection of its own very powerful national government.
The taxi ride was the last leg of a trip that seemed to portend a rise of obstacles. The limitations put in place during the latest wave of Covid-19 had laid waste to familiar routines. The simple two-hour trip from Paris to Berlin had taken triple that, and included a connection through the food desert of an airport in Frankfurt, and the indignity of German soldiers shoving cotton swabs up our nasal cavities before we were allowed to exit the airport in Berlin.
By the time Sandrine and I stumbled into our sleekly modern and well-lighted little rented flat above Danziger Strasse, we were both so knackered that dark-of-the-night questions were already preying on us. Was this really the best time to dive into another difficult and all-consuming investigation? Our nine-person team at Forbidden Stories was deep into its third major project in just three years; the current investigation, the Cartel Project, was already shaping up as the most dangerous we had done to date. And we still had a lot of work to do to be ready for publication. We were developing leads on the most murderous drug gangs in Veracruz and Sinaloa and Guerrero, on the chemicals needed to produce the supercharged opioid fentanyl, which were being trafficked into the country from Asia, and on the lucrative gun trade filling the cartels’ private armories (as well as the bank accounts of gun manufacturers and private gunrunners in Europe, Israel, and the United States).
We were essentially picking up reporting threads left unfinished by a handful of brave Mexican journalists who had been killed, most likely by assassins from the local drug cartels whose violent and criminal activities the reporters had been investigating. Outside of active war zones, Mexico was and remains to this day the most dangerous place in the world to be a journalist committed to telling the truth about bad guys. More than 120 journalists and media staffers had been killed in Mexico in the first two decades of the twenty-first century. Another score or so had simply disappeared without a trace.
This meant the Cartel Project tied seamlessly to the mission of Forbidden Stories: we aim to put bad actors and repugnant governments on notice that killing the messenger will not kill the message. Which means collaboration is an indispensable tool. There is strength and safety in numbers. The more journalists who are working the story, the more certain it is to see print. We had begun inviting into the Cartel Project reporters from our trusted media partners, including Le Monde in Paris, the Guardian in London, and Die Zeit and Süddeutsche Zeitung in Germany. The team would eventually grow to more than sixty reporters from twenty-five different media outlets in eighteen countries. But the beating heart of the project, already, was Jorge Carrasco, who was the director of the most intrepid investigative publication in Mexico, the weekly magazine Proceso. A stubborn and celebrated reporter himself, Jorge was also a colleague, and an exact contemporary of the woman who was emerging as a figure at the center of our investigation, Regina Martínez.