Article
Cloud & Cybersecurity

Amazon kicks NSO off cloud after cyber spy reports

By Laura Berrill
July 20, 2021
undefined mins
Pegasus hacking tool used AWS as part of its cyber spyware services to government clients

Amazon has now deactivated the cloud computing accounts that researchers say have been associated with NSO Group, a cyber hacking tools company that reportedly used Amazon Web Services as part of spyware systems. These were in turn used by governments to surveil phones.

The removal came about as a result of research by forensic investigators at Amnesty International, who discovered the Israeli company’s Pegasus software on journalists’ and activists’ phones and at times using AWS systems to operate. The researchers at Citizen Lab, which analyses spyware at the University of Toronto, confirmed Amnesty’s discovery that the hacking tools were operating on AWS’ CloudFront - a content delivery network product.

Amnesty’s report reveals Amazon had told its researchers back in May that it had moved fast to get the hacking activity off its systems. According to a report in the New York Times, the Pegasus spyware can access and record texts, videos, photos and web activity; as well as recording and scraping passwords on a device. It is designed to work both on iPhones and some Android.

Cyber spyware aimed at targeting journalists and activists

An NSO Group spokesperson said that the claims were false then added it referred to the claim that AWS had removed its accounts. NSO added it would investigate the findings that its products had been used to spy on activists and journalists. Some phones which were reviewed showed signs they had been breached with the spyware multiple times.

The spyware worked by redirecting the phones’ owners to websites that would automatically download the spyware, away from the original common website they had initially visited. Some targets’ devices were infected when they received a text message containing a ‘zero-click’ attack, meaning the owner doesn’t have to click on a malicious link for the hack to take place. The reported attacks took place through iMessage, a method previously reported to have been used to hack the phones of Al-Jazeera journalists. The NSO had denied these claims.

Amazon’s decision to end support for the hacking activity comes in the same year that AWS removed accounts belonging to social media service, Parler which it said had contained various slurs.

Cybersecuritycyberattacksmobiletechnology
Share
Share

Featured Articles

Advancing AI in Retail with Pick N Pay's Leon Van Niekerk

Pick N Pay's Head of Testing Leon Van Niekerk tells us at OpenText World Europe 2024 about its partnership with OpenText and how it plans to use AI

How Intel AI is Powering the 2024 Paris Olympic Games

Intel's AI technology is set to transform the Paris 2024 Olympic and Paralympic Games, enhancing experiences for athletes, spectators and global audiences

OpenText’s Muhi Majzoub: Engineering Platform Growth with AI

At OpenText World Europe 2024, we heard from EVP & Chief Product Officer Muhi Majzoub about OpenText’s latest product developments and future outlook

Top 100 Women 2024: Tanja Rueckert, Bosch - No. 6

Digital Transformation

Tech & AI LIVE London: One Month to Go

Digital Transformation

OpenText CEO Roundtable: The Future of Safe Enterprise AI

Digital Transformation