from Hacker News

Amazon Shuts Down NSO Group Infrastructure

by fieryscribe on 7/19/21, 1:48 PM with 242 comments

  • by sloshnmosh on 7/19/21, 2:40 PM

    I contacted Amazon to report an advertiser out of Tel Aviv that was using JavaScript hosted on CloudFront to fingerprint user's devices and if an Android device was detected a fake media player or fake CAPTCHA would trick user's into accepting push notifications for fake virus warnings to install questionable apps from the Play Store.

    This script also pushed ads for a fake AdBlock app that was a dropper for banking trojan apps.

    Amazon refused to do anything about it.

    More info:

    https://forum.xda-developers.com/t/massive-mobile-advertisin...

  • by zzleeper on 7/19/21, 2:30 PM

    Perhaps NSO Group should be considered a terrorism-aiding organization. Freeze its assets, track all their employees, backers, etc.

    Wonder if they are even helping to hack US government employees through China, etc. (besides just helping to torture dissidents).

  • by esens on 7/19/21, 2:51 PM

    Anyone notice that this statement from NSO in the article doesn't make sense:

    "NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers."

    If this is true, how do we have a singular list of all phone numbers penetrated? If there was this type of "segmentation" or firewall between NSO and its clients, why was there this huge central data leak?

    NSO is tracking what its clients are doing. It may not be telling its clients it is also tracking them. I wouldn't be surprised if NSO could also access every one of those penetrated devices as well independently of its clients.

  • by justinclift on 7/19/21, 2:20 PM

    Ouch.

    > The Amnesty report said NSO is also using services from other companies such as Digital Ocean, OVH, and Linode ...

    We've been using Digital Ocean for a few years now (sqlitebrowser.org), and they've been really good. Hopefully they look into this and take some useful action. :)

  • by coldcode on 7/19/21, 3:05 PM

    If someone were to use NSO paid hacking to attack Apple executives's devices and then release everything they found, I bet Apple might take this more seriously instead of having some PR flack write marketing copy. Same is true of any tech company: until it hurts them specifically they can just ignore it or make it sound innocuous. Maybe Amazon has been targeted and they found out.

    If someone were to use it against US government entities, maybe the NSA/CIA/etc might decide enough is enough, no matter what country they are in. So far at least publicly it seems like a non-event. But once the phone numbers are identified from that leaked list, things might become more serious for NSO.

    People used to fight real wars against adversaries who targeted their country in some way, why should commercial entities supporting such attacks not be treated the same, except via non military action? Spying has always been done, but it can lead to serious consequences.

  • by CTDOCodebases on 7/19/21, 2:38 PM

    WTF? Wasn’t it the NSO that hacked Bezos’s and Khashoggi’s phone?

    I guess the customer is always right up until the point the widow of your murdered employee goes to the press.

  • by salimmadjd on 7/19/21, 3:47 PM

    Frontline (PBS)in partnership with Forbidden Stories are doing a report [1] on NSO hacking the phone of Khashoggi’s fiancé and other journalist and activists around the world. Looks like her phone was compromised by NSO based on the reporting on this video.

    [1] https://www.pbs.org/wgbh/frontline/article/how-nso-group-peg...

  • by bluetwo on 7/19/21, 2:26 PM

    Wonder if NSO was involved in that leak of Bezo's phone data awhile back.

  • by sneak on 7/19/21, 2:54 PM

    I am willing to bet money that NSO Group has multiple AWS accounts, many under several layers of cover.

    You can't really spin them up with any significant quota on short notice (ask me how I know, AWS service team) so having established ones with workable limits in advance across multiple cloud providers would be table stakes for any competent spying organization.

  • by confiq on 7/19/21, 3:44 PM

    https://www.digitalviolence.org/

    It kinda describes how NGO operated and it's great infographic!

  • by ed25519FUUU on 7/19/21, 3:29 PM

    Everybody is coming down on NSO but why aren’t we asking more about the clients?

    Who is spying on “CEOs, politicians, religious leaders, union bosses”? And once these people are compromised, what are they being asked to do?

  • by m3kw9 on 7/19/21, 3:14 PM

    I wonder if Amazon kept a copy of all their images?

  • by javajosh on 7/19/21, 2:50 PM

    Isn't NSO just a poor-man's NSA, since the NSA can force Google/Apple/Microsoft/Amazon/[Any Carrier] to do anything to any number of devices or data, and in secret?

  • by ashtonkem on 7/19/21, 8:33 PM

    Good. Every single person employed by them should also find themselves shut out of the industry for life.

  • by giantg2 on 7/19/21, 7:22 PM

    And cue a slew of CEOs in non-ESG friendly companies rethinking their AWS contracts...

  • by Spooky23 on 7/19/21, 2:25 PM

    Shouldn’t there be an outcry against the suppression of free speech?

    When Facebook or Google blocks extremist propaganda, it’s a big thing. What jurisdiction’s laws were broken by this company?