Amazon has stopped web hosting for NSO Group, an Israeli spyware company that has been widely accused in the surveillance and monitoring of journalists and dissidents.
This move follows an extensive investigation into widespread use of NSO’s commercial malware “Pegasus”, which has the capability to completely compromise phones and is believed to be used worldwide by many governments. Amnesty International, Washington Post and a group of news and research outlets published stories about “The Pegasus Project” over the weekend. These stories reveal the extent to which spyware has been used in targeting devices in dozens countries, including those belonging to journalists, politicians and human rights activists.
Motherboard reported that CloudFront, one of Amazon’s services was involved in recent attacks using this malware.
CloudFront can be used as a content delivery network (CDN), service that delivers data, videos, applications and APIs to customers worldwide with low latency, high transfers speeds, and all in a developer-friendly setting. Amnesty International published a report Sunday showing that CloudFront played a crucial role in the execution malware at cks on specific targets, including a phone belonging a French human rights lawyer. Citizen Lab, a research unit, peer reviewed and confirmed the report.
“Citizen Lab independently observed NSO Group make extensive use Amazon services including CloudFront by 2021,” writes the research unit. It also notes that CloudFront is directly connected to the “NSO Pegasus Killchain.”
It appears that Amazon has blocked NSO from accessing its web services. Gizmodo received an email from Amazon stating that they acted swiftly to close down the accounts and infrastructure involved in this activity.
Motherboard points out that Amazon has previously “remained silent” about NSO’s use of its infrastructure for malware attacks. The outlet published a report about the topic in May last year. They reached out to Amazon but did not receive a response.
The “The Pegasus project” publication has sparked renewed international outrage at the apparent abuses of NSO’s products. This publication comes on the heels multiple crises facing the spyware company, including a large lawsuit by Google, Microsoft, Google and other large tech companies over the company’s apparent role compromising customers’ private accounts.
Apple also condemned the surveillance vendor, likely because hacking of iOS devices was prominent in many of the reports published over the weekend. The company released a statement Monday saying that it strongly condemns cyberattacks against journalists, human right activists and anyone else who seeks to improve the world.
These attacks are sophisticated and cost millions to create. They are often used to target individuals. They are not considered a threat by the vast majority of our users. However, we continue to fight for all our customers and are constantly improving our protections for their data and devices.
NSO has, however, denied most of the allegations against it in recent reports. It has maintained that its products were only used to “fight terror” and not to violate human rights.