Amazon Web Services has shut down accounts linked to Pegasus spyware

Following investigations by Amnesty International and The Pegasus Project in mid-July, Amazon Web Services has banned all accounts and infrastructure linked to NSO Group, an Israeli surveillance vendor. These investigations laid bare some damning revelations and human rights implications concerning NSO’s Pegasus software, a type of surveillance spyware that has been sold to governments around the world. 

What happened?

In its report, Amnesty observed that the infected phone of a French human rights lawyer sent information to a server hosted by Amazon CloudFront. In a separate report, Citizen Lab independently found that NSO had been using Amazon services extensively in 2021.

Following these revelations, an Amazon spokesperson told Vice that it moved quickly to shut down all NSO infrastructure and accounts. This isn’t the first time that Amazon services have been linked to NSO

What’s the big deal about Pegasus?

Considered one of the most powerful types of spyware ever developed, Pegasus can infiltrate smartphones with Android, iOS, Blackberry, and Symbian operating systems and essentially turn them into 24/7 surveillance devices. Once a phone is infected, it can harvest any data from the device, from photos, text messages, and calls, as well as even filming and recording victims without them noticing. 

NSO claims that this software is only used for law enforcement and counterterrorism, not mass surveillance. However, there has been criticism of the vagueness of these terms. Indeed, Pegasus spyware has potentially targeted a wide variety of people, from politicians and celebrities to activists, lawyers, government workers, and journalists. With “terrorism” being an elusive term at the best of times, it seems especially broad in this instance. 

In a statement regarding the revelations, Agnes Callamard, Amnesty International’s Secretary General, said, “NSO Group can no longer hide behind the claim that its spyware is only used to fight crime – it appears that Pegasus is also the spyware of choice for those wanting to snoop on foreign governments.” The secretary went on to call for an international ban on selling this kind of surveillance equipment and software until a more robust human rights-compliant regulatory framework has been created to protect those at risk from unlawful cyber-surveillance.

Can I check if my phone has been infected?

If you’re worried that your phone or device may have been compromised, Amnesty has released a tool that you can use to check for any traces of Pegasus spyware. It’s a little bit technical as it is command-line based, but not too complicated. The downside is that it’s far more effective on Apple devices than Android. If you do have an Android device, you can still use the tool to check if your phone has any malicious SMS messages or APKs. 

Wrap up

While it’s promising that Amazon has suspended NSO accounts, this problem is far more significant than individual private companies keeping an eye out for potential abuse. As Amnesty has pointed out, NSO is just one company in an industry that operates on the edges of international legality. To prevent similar or worse privacy violations from occurring in the future, there needs to be greater regulation over the cyber-surveillance industry as a whole.

Share on Twitter, Facebook, Google+