Amazon Web Services Disables Cloud Accounts Linked to NSO Group

By Brian Fung, CNN Business

Amazon Web Services confirmed on Monday that it disabled cloud accounts linked to the NSO group following reports from press organizations and activist groups that the Israeli company’s Pegasus software had been used to monitor journalists and government officials.

In the extensive forensic investigation that led to the reports, Amnesty International said, NSO Group’s software was discovered using Amazon Web Service’s CloudFront platform, a content delivery network, “to broadcast the early stages of their attacks” against targeted mobile devices.

“The use of cloud services protects NSO Group from certain Internet scanning techniques,” Amnesty International said, suggesting that NSO Group was using AWS to hide surveillance activity.

In its report, Amnesty International said it reported to Amazon the use of the AWS infrastructure by the NSO Group as part of the surveillance.

“When we learned of this activity, we moved quickly to shut down the infrastructure and affected accounts,” an AWS spokesperson told CNN Business in a statement.

The spokesperson did not immediately respond to CNN’s follow-up question on whether NSO Group could have more accounts with AWS that were not identified by reports or suspended by AWS, nor on policies. specific platform that AWS invoked when it disconnected the NSO Group accounts.

In 2019, Facebook sued the NSO group amid allegations that the Israeli company’s technology was used to spy on WhatsApp users.

In a report In response to the reports, NSO Group said many of the allegations were false and that it was considering filing a defamation complaint.

“Our technologies are used every day to break down pedophilia, sex and drug trafficking networks, locate missing and kidnapped children, locate survivors trapped under collapsed buildings and protect airspace from the disruptive penetration of dangerous drones. “, says the press release. “Simply put, NSO Group is on a mission to save lives, and the company will faithfully carry out that mission without being discouraged, despite all continued attempts to discredit it on false grounds. “

In a separate report, the Citizen Lab at the University of Toronto said it found Amnesty International’s methodology “to scan devices to determine that they have been infected with NSO group spyware to be valid.”

™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.