AWS shuts down NSO Group infrastructure


Sabina Weston

20 Jul, 2021

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli firm NSO Group.

The news comes after an investigation found that the company’s Pegasus spyware was used to target at least 50,000 journalists, government and union officials, human rights activists, business executives, religious figures, academics, NGO employees, and lawyers.

Pegasus was used to extract messages, photos, and emails, as well as to record calls and activate microphones on iOS and Android devices.

NSO Group denied the accusations, stating that its tools are used “for the sole purpose of saving lives through preventing crime and terror acts”.

“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the company announced.

However, AWS has branded NSO Group’s actions as “hacking activity”.

A spokesperson for the cloud computing provider told IT Pro that it had shut down NSO Group’s infrastructure as it “was confirmed to be supporting the reported hacking activity”.

This was “in accordance with [AWS’] terms of use”, they added.

Amnesty International, a partner of the Pegasus Project, a collective of 17 media organisations investigating the spyware, found evidence to suggest that NSO Group had only been an AWS customer for a few months.

One Pegasus-infected phone that was dissected by the organisation sent data «to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months”.

Amazon CloudFront is a content delivery network (CDN) that provides customers with the ability to deliver content, including data, videos, and APIs, securely with low latency and at a high speed.

“Amnesty International suspects the shutting down of the V4 infrastructure coincided with NSO Group’s shift to using cloud services such as Amazon CloudFront to deliver the earlier stages of their attacks,” said the human rights NGO, adding that “the use of cloud services protects NSO Group from some Internet scanning techniques”.

AWS didn’t elaborate on whether the decision to ban NSO Group from its services could be reconsidered in the future.