WhatsApp Reveals Details of Pegasus and Amazon AWS Spyware Collaboration

Carding Forum

Professional
Messages
2,788
Reaction score
1,170
Points
113
AWS has unwittingly become a haven for digital mercenaries.

NSO Group, the developer of Pegasus spyware, leased space on Amazon Web Services (AWS) servers from December 2018 to October 2020, which is a longer period of use for AWS servers than previously estimated.

In July 2021, Amnesty International pointed to a collaboration between the two companies that began "in recent months". However, WhatsApp discovered that the lease of space on AWS servers began in 2018, when AWS issued a subpoena.

In court documents, NSO Group confirmed that until January 2021, AWS servers were used by the Department of Research and Development to host the code of the Pegasus system. The confirmation is partly in line with WhatsApp's claims of an earlier server lease.

The collaboration between AWS and NSO Group lasted until December 2021. After January 2021, AWS servers remained leased, but were unused and contained no data. From December 2021 to October 2023, NSO Group leased space on AWS to support its internal computer network maintenance IT department.

After Amnesty researchers reported to Amazon in May 2021 that their services were being used to spy on human rights defenders using the Pegasus spyware, the company took steps to disable the relevant infrastructure and accounts.

WhatsApp filed a lawsuit against NSO Group in 2019, alleging that the company used Pegasus to spy on 1,400 users over a two-week period. The victims include journalists, human rights defenders, political dissidents, diplomats and high-ranking officials. WhatsApp and NSO representatives declined to comment.

The US government is increasingly focused on combating spyware, and in 2021 it added NSO Group to the Entity List, which obliges companies to comply with strict licensing requirements and other regulations.

For most of the time that AWS supposedly stored Pegasus source code, spyware did not pose a significant threat to politicians as it does today. This may partly explain why the US government did not seek to force the cloud company to hand over the code in July 2021, when Amnesty first disclosed the AWS-NSO relationship.

Experts believe it is unlikely that AWS knew about storing the Pegasus source code on its platform. A representative of the Atlantic Council noted that cloud services can scan for malware, but do not search for source code. NSO Group may not have used its real name to register cloud services. This underscores the arguments of proponents of the frozen Know Your Customer (KYC) executive order, which requires cloud providers to thoroughly verify the identity of customers.

In the next few weeks, the NSO Group will provide documents showing the full functionality of what the court determined to be "appropriate spyware." The judge previously ruled that "relevant spyware" covers any spyware from the NSO Group that targets WhatsApp servers or uses WhatsApp to access targeted devices.

NSO Group has repeatedly denied that Pegasus spyware was used to hack into the phones of many politicians. However, in 2021, WhatsApp noted that governments allegedly used Pegasus to attack high-ranking officials around the world in 2019, including politicians responsible for national security agencies that were allies of the United States.

Source
 
Top