Amazon Cuts Off Service to NSO Spyware Firm Behind iPhone Hacks

Amazon Cuts Off Service to NSO Spyware Firm Behind iPhone Hacks
Photo: David Ryder, Getty Images

Amazon has cut off web hosting services for the NSO Group, an Israeli spyware firm that has been widely accused of aiding in the surveillance of journalists and political dissidents.

The move comes shortly after an extensive investigation into the widespread use of NSO’s commercial malware “Pegasus” — a product that has the ability to totally compromise phones and is thought to be used by dozens of governments throughout the world. Over the weekend, Amnesty International, the Washington Post, and a consortium of other news and research outlets began publishing “The Pegasus Project,” which reveals the extent to which the spyware has been used to target devices in dozens of countries — including those belonging to journalists, politicians, and human rights activists.

One of Amazon’s services, CloudFront, has apparently been instrumental in some of the most recent attacks that used this malware, Motherboard first reported.

CloudFront is a “content delivery network (CDN) service” that can be used to deliver “data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment,” the company states. A report published Sunday by Amnesty International shows that CloudFront has served a critical role in the execution of malware attacks on particular targets — including a phone belonging to a French human rights attorney. The report was peer-reviewed and affirmed by the research unit Citizen Lab.

“Citizen Lab independently observed NSO Group begin to make extensive use of Amazon services including CloudFront in 2021,” the research unit writes, also noting that CloudFront has been directly linked to the “NSO Pegasus killchain.”

Now it would appear that Amazon has cut NSO off from access to its web services. “When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an Amazon spokesperson told Gizmodo via email.

However, Motherboard notes that Amazon had previously “remained silent” on NSO’s apparent use of its infrastructure to conduct malware attacks. In May of last year, the outlet published a report on the subject and reached out to Amazon about it but said they did not hear back from the company.

The publication of “The Pegasus Project” has led to renewed international outrage over the degree to which NSO has apparently contributed to the surveilling of journalists and activists. The publication follows on the heels of multiple crises for the spyware firm — including a large lawsuit filed by the likes of Facebook, Microsoft, Google, and other large tech firms over the company’s apparent role in compromising their customers’ private accounts.

Relatedly, Apple has come out to publicly condemn the surveillance vendor — likely because the hacking of iOS products figures heavily in many of the reports that emerged over the weekend. In a statement published Monday, the company said that it “unequivocally” condemns “cyberattacks against journalists, human rights activists, and others seeking to make the world a better place”:

Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

NSO, meanwhile, has denied a majority of the charges leveled against it in recent reports and has consistently maintained that its products are only ever used to “fight terrorism” and not to commit human rights abuses.