Amazon Web Services bans accounts linked with Pegasus spyware

Amazon Web Services (AWS) has banned NSO Group, the company behind the Pegasus spyware program. Vice reported the ban this morning, the day after a sweeping report alleged Pegasus was used to target the phones of human rights activists and journalists.

An Amnesty International investigation into Pegasus says the tool compromised targets’ phones and routed data through commercial services like AWS and Amazon CloudFront, a move that it said “protects NSO Group from some internet scanning techniques.” (Vice notes that a 2020 report previously described NSO using Amazon services.) Amnesty International wrote that it had contacted Amazon about NSO and Amazon had responded by banning NSO-related accounts. “When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an Amazon Web Services spokesperson confirmed to The Stock Market Pioneer.

AWS wasn’t the only service NSO apparently used. The Amnesty International report links it with several other companies, including DigitalOcean and Linode. NSO allegedly favored servers in Europe and the United States, particularly “the European data centers run by American hosting companies.” As the report describes it, NSO would deploy Pegasus malware through a series of malicious subdomains, exploiting security weaknesses on services like iMessage. Once Pegasus compromised a phone, it could collect data from the phone or activate its camera and microphone for surveillance.

NSO describes Pegasus as a tool for surveilling terrorists and cybercriminals. But yesterday’s reporting — comprising work from Amnesty International, Forbidden Stories, and 17 news outlets — says governments deployed it indiscriminately against political figures, dissidents, and journalists. That included attempting or completing attacks on 37 phones belonging to targets like New York Times and Associated Press journalists, as well as two women close to murdered Saudi journalist Jamal Khashoggi. The NSO has objected to the reporting, calling it “full of wrong assumptions and uncorroborated theories.”

Leave a Comment