Amazon Shuts Down NSO Group Linked Accounts Following Leak

Notorious malware vendor, NSO Group, has had accounts linked to them terminated on Amazon. This follows a major leak about its malware.

Notorious malware vendor, NSO Group, has been dealt a series of blows recently. The organization has long faced accusations that it sells malware to the governments of third world countries. In turn, those governments then use that malware to crack down on dissidents, activists, and journalists. NSO Group, for its part, has said that it is not responsible for the use of their malware. They only provide it with the intent of tracking down terrorists and other bad actors.

In April, the organization was dealt a blow when it was unable to block the Whatsapp lawsuit. Whatsapp is suing the organization for their Pegasus malware. The malware targets a number of apps including Whatsapp.

More recently, a leak effectively confirmed what critics have long argued: their malware is being used to target dissidents and journalists. That news broke over the weekend. From The Guardian:

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The list also contains the numbers of close family members of one country’s ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives.

The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.

Now, a report today says that Amazon is shutting down accounts linked to the organization. From Times of Israel:

Amazon has shut down accounts and infrastructure linked to Israeli spyware firm NSO Group, amid the international scandal over its Pegasus software, Vice reports.

“When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” Amazon says.

Amazon, of course, provides a number of services that helps build critical infrastructure for an organizations online presence. If Amazon is no longer dealing with the organization, then this adds a certain limitation to how well the organization can build up their company and maintain operations. Of course, this also adds an interesting wrinkle in that if Amazon is refusing to deal with the organization, are other organizations going to take that into consideration when dealing with the NSO Group? That domino effect has certainly happened before.

When Trump supporters launched a terrorist attack on the US Capitol buildings trying to impede the proceedings of the government, Twitter finally blocked Trump from their platform. Others quickly followed suit including Shopify and Facebook. YouTube, for their part, suspended Trump for 7 days.

So, all this raises two interesting questions. The first being whether Amazon’s terminations will have a detrimental effect on the operations of NSO Group. The second being whether other platforms will take notice and proceed with similar actions if they haven’t already. No matter how you slice it, though, this developments certainly represents a blow to the organization.

Drew Wilson on Twitter: @icecube85 and Facebook.

3 Trackbacks and Pingbacks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: