Acting director of CISA discusses ransomware attacks
AWS management console mobile app welcome page is seen on a smartphone.
By Brian Fung, CNN Business
Amazon Web Services confirmed on Monday that it disabled cloud accounts linked to NSO Group following reports by news organizations and activist groups that the Israeli firm’s Pegasus software had been used to surveil journalists and government officials.
In the sweeping forensic investigation that led to the reports, Amnesty International said, NSO Group’s software was detected using Amazon Web Service’s CloudFront platform, a content-delivery network, “to deliver the earlier stages of their attacks” against targeted mobile devices.
“The use of cloud services protects NSO Group from some Internet scanning techniques,” said Amnesty International, implying that NSO Group used AWS to help mask surveillance activity.
In its report, Amnesty International said it reported NSO Group’s use of AWS infrastructure in connection with the surveillance to Amazon.
“When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an AWS spokesperson told CNN Business in a statement.
The spokesperson did not immediately respond to CNN’s follow-up question about whether NSO Group may have more accounts with AWS that were not identified by the reports or suspended by AWS, nor about what specific platform policies AWS invoked as it disconnected NSO Group’s accounts.
In 2019, Facebook sued NSO Group amid allegations that the Israeli firm’s technology was used to spy on WhatsApp users.
In a statement responding to the reports, NSO Group said many of the claims were false and that it is considering filing a defamation suit.
“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the statement said. “Simply put, NSO Group is on a life-saving mission, and the company will faithfully execute this mission undeterred, despite any and all continued attempts to discredit it on false grounds.”
In a separate report, the Citizen Lab at the University of Toronto said it found Amnesty International’s methodology “for analyzing devices to determine that they have been infected with NSO Group spyware are sound.”
The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
