back to article AWS gave Parler a chance, won't say if it talked to NSO before axing spyware biz's backend systems

Amnesty International's allegations this week that NSO Group's spyware products have been widely abused have rightly sparked a debate about the ethics of digital surveillance. Amazon Web Services' contribution to that debate, to date, is the following brief statement: "When we learned of this activity, we acted quickly to shut …

  1. Pascal Monett Silver badge

    So they're all working with NSO

    All cloud providers are working with them, knowing full well what NSO is up to and what it does.

    That paints a rather bleak picture of the contrast between morals and money.

    Not that that is surprising, or new.

    1. Gordon 10
      FAIL

      Re: So they're all working with NSO

      Errr except AWS now. Did you even read the article? Azure or GCP werent mentioned either.

      And how do you expect them to assess their clients morals proactively?

      Do you really want AWS pro-actively blocking usage ala Apples App Store if it doesn't comply to their self selected prudery?

      So apart from everything you say being wrong I agree with you.

  2. Fazal Majid

    The two are not equivalent

    NSO was distributing malware from AWS’ servers, creating criminal liability for AWS if they did not shut it down as soon as they became aware of it. Parker’s questionable content is not illegal, at least not in the US.

    1. MatthewSt Silver badge

      Re: The two are not equivalent

      Additionally, I'm not quite sure what a conversation could have produced for this. With Parler it was a chance to get them to change what they're doing so that they were no longer breaking the TOS. Something they could have done but didn't want to.

      With NSO, there's not much left if they remove the malware!

      1. SUDO-SU

        Re: The two are not equivalent

        It seems like AWS was saying that their content moderation team was not up to the task to handle violent content review and removal. Parler was using the legal definition of incitement for enforcement. What's really interesting about this was that Facebook and Twitter were actually much more largely used to coordinate the riot on Jan 6.

        What the move from AWS actually did was make it close to impossible for new platforms to compete, as content moderation is a beast that still has not been tamed by Facebook and Twitter after billions of dollars as well as years of market dominance.

        What's also interesting is that AWS is holding their customers to a higher standard than they themselves are held to under Section 230. AWS would not be the juggernaut it is if they were held responsible for the amount of copyrighted material being illegally hosted on their platform.

        1. Paul Crawford Silver badge

          Re: The two are not equivalent

          content moderation is a beast that still has not been tamed by Facebook and Twitter after billions of dollars as well as years of market dominance.

          Who said they spend their billions on actually doing something about those problems?

        2. P. Lee

          Re: The two are not equivalent

          Gab is doing just fine.

          The reason its doing fine is that it doesn't rely on Big Tech. Parler tried go up against the cartel, while using the cartel's services.

          AWS provided an excuse for its actions, not a reason. I'm not even sure Section 230 would apply to databases and content moderation as practised by the big tech cartel has practically nothing to do with illegal content.

    2. big_D

      Re: The two are not equivalent

      Also, Parler could have enacted safeguards to ensure that they stayed within the bounds of the T&Cs, so they were given a chance to clean up their act, before being dumped.

      NSO's raison d'être is to push malware out to unsuspecting Internet users. That is illegal is most jurisdictions (misuse of computer acts around the world), at least without a warrant, and I very much suspect the French justice system didn't give the Moroccans, for example, a warrant to tap Macron's phone.

      So, yes, criminal liability.

      1. Anonymous Coward
        Anonymous Coward

        Re: The two are not equivalent

        If my computer connects to an AWS hosted website and downloads a file, can you tell whether I downloaded that file, or if an application automatically downloaded that file? If so, how can you tell?

        1. Gordon 10
          WTF?

          Re: The two are not equivalent

          You're actual point being? Malware is malware regardless of the download method.

        2. Anonymous Coward
          Anonymous Coward

          Re: The two are not equivalent

          Once AWS knew about it - then for them to continue permitting it *might* have led to civil suits, criminal charges, and even congressional hearings. Not to mention the bad publicity.

    3. P. Lee

      Re: The two are not equivalent

      Parler's content didn't even break AWS' ToS. The allegation was that they may not be able to comply in the future.

      Parler failed to learn the lessons of Gab and died because of it.

      Those lessons are generally applicable:

      - Don't rely on the services of those who hate you.

      - If you don't own the infrastructure of your business, it can be taken from you.

      - "Cloud" is not a commodity, it is proprietary, and it isn't yours.

  3. Forget It
    Pint

    Wow Amnesty International

    doing some good stuff.

    1. MiguelC Silver badge
      Meh

      Re: Wow Amnesty International

      Don't know if I should give you an upvote for congratulating Amnesty International on their good work, or a downvote for the suggestion they usually don't do good stuff

      1. SundogUK Silver badge

        Re: Wow Amnesty International

        Amnesty International used to campaign on behalf of ALL prisoners of conscience. Now, not so much if you're even slightly to the right of Stalin.

      2. Anonymous Coward
        Anonymous Coward

        Re: Wow Amnesty International

        Amnesty do do good work, but it is sadly quite rare for many/most campaigning organisations to have a good understanding of tech and privacy issues (look how many of them fail to consider the impact on their own members' privacy, especially where sensitive issues are involved, merrily using the likes of MailChimp, Google and numerous other third parties). So it is quite refreshing to see Amnesty (or techies employed by them) doing some pretty in-depth research on this issue.

  4. mark l 2 Silver badge

    Maybe it time for an international law to say if you discover a software vulnerability you a legally obliged to report it to the software developers, and this includes those discovered by government agencies such as NSA, GCHQ who are just as guilty as NSO of using them for their own devices and not reporting them.

    1. DS999 Silver badge

      And how do you enforce it?

      Pretty sure that it is a violation of international law to poison one of your citizens in another country, causing collateral damage and a big panic as a side effect. Also illegal to enter another country for a drive by shooting of one of their nuclear scientists. Also illegal to engage in "drone strikes" in another country.

      Who is enforcing those laws against Russia, Israel and the US? If you can't enforce laws against acts like that, what hope do you have to enforce laws against discovering an exploit and keeping it to yourself?

    2. Missing Semicolon Silver badge
      Facepalm

      "International Law"

      Yeah. One of those. Inform the World Police when it's broken

      1. Michael Wojcik Silver badge

        Re: "International Law"

        Look, you can be cynical if you like, but I've already twittered an instergram to my Member of International Parliament about this.

  5. Howard Sway Silver badge

    Is that good enough for mission-critical operations?

    I've never thought that relying on AWS was good enough for things that are truly mission critical.

    What's interesting is why a company peddling stuff like this actually chose to use AWS, rather than hosting their own servers. Surely they'd prioritise their own security over ease of use?

    1. Down not across

      Re: Is that good enough for mission-critical operations?

      What's interesting is why a company peddling stuff like this actually chose to use AWS, rather than hosting their own servers. Surely they'd prioritise their own security over ease of use?

      Possibly scale. Ease of deployment. No incriminating (assuming illegal in their jurisdiction) hardware/data on premises. Hiding in plain sight among all other stuff that lives in AWS.

      1. J. Cook Silver badge
        Boffin

        Re: Is that good enough for mission-critical operations?

        Add "being difficult to blacklist on an IP basis" to that list. If NSO hosted their own content, it's be a simple matter of looking up their public IP allocation(s) and blacklisting it at a border firewall. Doing that with AWS will break lots and lots and LOTS of stuff, some of it even useful.

        I see the same thing with spammers frequently- they'll hijack or compromise someone using O328 and send out phishing or spam mail, and I can't block the entirety of Azure and the hosted MS ip blocks because that would block legitimate traffic as well.

    2. Gordon 10

      Re: Is that good enough for mission-critical operations?

      Define mission critical in this case. If you mean grey/black hat stuff needs to spread between clouds I agree with you. OR if you mean borderline illegal content I agree with you.

      If you mean run of the mill corporate business I don't in this context - which is Vendor takedowns. If you mean for true-cost-no-object resiliencey I agree but that's besides the point of this article.

    3. oiseau
      Big Brother

      Re: Is that good enough for mission-critical operations?

      ... why a company peddling stuff like this actually chose to use AWS ...

      Indeed, the first thing that crossed my mind.

      Makes me wonder ...

      Could it possibly be that AWS has been caught red handed?

      ie: in cahoots with NSO

      O.

      1. SundogUK Silver badge

        Re: Is that good enough for mission-critical operations?

        Why the fuck would they bother?

    4. teknopaul

      Re: Is that good enough for mission-critical operations?

      too easy to spot and firewall off the IPs if you use your own kit

    5. big_D

      Re: Is that good enough for mission-critical operations?

      Possibly because of the anonymity. If they are pushing from their own, Israeli based IP address, it might look a bit fishy and is easy to trace.

      Just another anonymous AWS/Google Cloud/Azure IP address going through your firewall? Easy to overlook and harder to block.

  6. BOFH in Training

    A thought when I was reading thru the details from Amnesty

    I think if I was ever paranoid enough to think that I am bugged, I will do the following :

    1) Primary phone will have mobile data disabled.

    2) All data transfers from primary phone will go thru a mobile wifi hotspot

    3) Hotspot will record all connections made by phone

    4) Either hotspot will flag suspicious links / data transfers or someone(me?) has to check often to see where my phone is connecting to.

    5) Check phone bills to make sure no mobile data is transfered at any time.

    This assumes the telco is not involved in spying on me.

    This also assumes my hotspot device is not hacked.

    At the very least it makes it easy to change different hotspot devices transparently, so will make it harder for someone to hack the mobile hotspot and I will have full logs of all connections made by my phone. Even if my phone is hacked, it will not be possible to manipulate / erase logs since it will be in another device.

    /Posted it wrongly in the neutron star article, my bad. :(

    1. Anonymous Coward
      Anonymous Coward

      Re: A thought when I was reading thru the details from Amnesty

      1. My bugging software will silently re-enable mobile data

      2. It will especially log all transfers to wifi hotspots

      3. Hotspot hardware is already hacked not to report it's connection to my control data centre

      4. See 3. What suspicious link?

      5. You get itemised data usage bills? And if you did, fairly easy to loose a few MB in the JPEG of a funny GIF you forwarded....

    2. Evil Scot Bronze badge
      Coat

      Re: A thought when I was reading thru the details from Amnesty

      I would avoid phones which have apps. As such avoiding popular phone platforms.

      If I need social media on the move I would use their websites in my phones browser.

      Icon, mine is the on with a phone in the pocket with Linux installed on it (The phone not the jacket).

      1. oiseau
        Facepalm

        Re: A thought when I was reading thru the details from Amnesty

        ... avoid phones which have apps.

        ... avoiding popular phone platforms.

        Quite so.

        Been doing that for ages.

        But been branded from backwards to idiot, etc. by many.

        Because, you know, all those social media apps and assorted things are so convenient.

        And yes, they're also free.

        O.

        1. Michael Wojcik Silver badge

          Re: A thought when I was reading thru the details from Amnesty

          Honestly, if I could find a featurephone with a physical QWERTY keyboard...

          I miss my Symbian slider. I mean, I still have it, but the battery dies in a matter of hours and it has some dead pixels on the screen, so I'm concerned that even if I replaced the battery it wouldn't live much longer. And of course no updates for S60 and exploits only get better over time.

          But I did use it for a couple of months a couple years back when Yet Another Fucking Smartphone died, and, man, just that keyboard alone made it so much nicer than all these button-less smartphones.

      2. big_D

        Re: A thought when I was reading thru the details from Amnesty

        The processor and firmware for the underlying radios and SIM have several known defects that can't/won't be patched...

        If you really are that paranoid, carry a scrambler and use public call boxes.

        1. Anonymous Coward
          Anonymous Coward

          Re: A thought when I was reading thru the details from Amnesty

          The last TARDIS departed several years ago.

    3. Trigun

      Re: A thought when I was reading thru the details from Amnesty

      Everyone knows you should be turning your wifi & bluetooth off and using USB tethering! ;)

    4. Anonymous Coward
      Anonymous Coward

      Re: A thought when I was reading thru the details from Amnesty

      The telco doesn't need to actively participate in spying on you. It was known 20 years ago that Mossad tracked and traced Palestinians of interest and had them assassinated on foreign soil. They infiltrated telcos via legitimate Israeli software to do it. I do not doubt other secret services are doing the same, their advantage is that unlike Israel it's often less obvious who is behind something as their goals are less polarised.

    5. elsergiovolador Silver badge

      Re: A thought when I was reading thru the details from Amnesty

      You may also find that someone installed an independently operating modem periodically sending snapshots (replacing battery with a smaller model is a convenient way to make space inside a modern phone), so your steps may not be sufficient.

    6. Claptrap314 Silver badge

      Re: A thought when I was reading thru the details from Amnesty

      Do some reading about spycraft. Your ideas are those of a babe in the woods.

    7. Anonymous Coward
      Anonymous Coward

      Re: A thought when I was reading thru the details from Amnesty

      Use your primary phone for ordinary non-secure messaging, browsing, non-secure phone calls.

      Get another phone, install nothing on it except that one messaging app. Never browse or use anything on it but that one app. Use wifi only, or if absolutely necessary a data only SIM (~$10 a month)

      Get yet another phone, install nothing on it except that one internet phone app. Never browse or use anything on it but that one app. Use wifi only, or if absolutely necessary possibly a data only SIM (~$10 a month)

      Shut all the phones down when you don't want your location data tracked.

      The above is possible and affordable for a non-techie. It's far from perfect - e.g., the messaging app itself might be hacked.

    8. BOFH in Training
      Happy

      Re: A thought when I was reading thru the details from Amnesty

      I think people forgot the part where I said IF I was paranoid.

      I am currently a nobody and probably of no unusual interest for any government organisations.

      Figure it's unlikely I am being targetted for specific spyware.

      */adjusts the tin foil hat to seat more snaggly*/

  7. Anonymous Coward
    Anonymous Coward

    ethics of digital surveillance

    wtf...

  8. Teejay

    Whataboutism

    It's kind of funny, because usually the accusation of 'whataboutism' comes from those plebs who surprisingly exactly share the elite establishment view.

    But, really, I don't quite understand the allegations here. Spyware in general is pretty uncool. Free speech in general is pretty cool. Sure, the details may count, and one can either think that Parler support 'the wrong people' or 'free speech', and that spyware can fight against terrorism and criminality.

    But in the end, it's apples and pears.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whataboutism

      The specific acts that got Parler banned were acts aimed at overturning the election result and ending US democracy. Don't see how that counts as free speech.

      1. SundogUK Silver badge

        Re: Whataboutism

        Rubbish. Parler did nothing to overturn the election result. They just operated a free speech social network where people said stuff that AWS disagreed with.

  9. Anonymous Coward
    Anonymous Coward

    AWS is complicit...

    Just last month I contact AWS abuse department about a malicious script being hosted on CloudFront that fingerprints user's devices and if an Android device is detected the script shows a fake media player or fake CAPTCHA to trick users into accepting push notifications.

    The push notifications popup fake virus warnings to trick users into installing questionable apps on Google's Play store.

    The script also uses the fake player and fake CAPTCHA to trick users into downloading a malicious Android app disquised as an ad block app that installs apps from third party app stores on the victims device.

    MD5 sum of AdBlock.apk 6f1fd359a382348b3307ed9d64eeebaa

    Here is a link to URL scan of one of the malicious scripts still hosted on CloudFront:

    https://urlscan.io/responses/4977ca31d4113ba7bf0249fa9868f3739345f50811cc6fd9816ef2c2bebd2088/

    If you search further into URL scan you can see screenshots of the script hosting the fake AdBlock.apk:

    https://urlscan.io/screenshots/d6816f60-70ba-43b1-b7f6-ecd4ce66d1cb.png

    Here was AWS abuse team final email on the malicious script(s) hosted on CloudFront:

    "Hello,

    We understand your concern regarding the continued availability of the content you have reported. As noted previously, AWS customers are responsible for their activity on AWS.

    As a courtesy we notified our customer of your request to have the content removed or access disabled, however, at this time we are not able to take additional action. We strongly encourage you to continue to work with our customer directly to address the concerns that you may have."

    AWS reps told me to "continue to work with our customer directly" even after I told them several times that their "customer" doesn't respond to my repeated attempts to contact them.

    (I guess it takes huge media attention before AWS takes any action and I understand now why NSO chose AWS to host their malware.)

    Disgusted.

  10. elsergiovolador Silver badge

    A test

    A test for CMA. What would happen to a small hosting business if they were found doing what AWS is doing?

    If not the same thing, then maybe it's time to stop sitting on your hands?

  11. Anonymous Coward
    Anonymous Coward

    Stupid article

    There is a world of difference between a customer who is doing something that is unethical and may be illegal and a customer who itself has customers who may be doing something unethical (but mostly not illegal).

  12. Claptrap314 Silver badge

    Confused

    Does the Register think that AWS was too slow to take down Parler or to quick to take down NSO?

    Claims that whataboutism are exclusive to conservatives are wearing quite thin.

  13. Henry Wertz 1 Gold badge

    So one was running spyware one wasn't

    So, there's an easy reason for different treatment here.

    NSO was running spyware and running the spyware backend in AWS. There's no question that's against TOS, it's not a grey area, and there's nothing to discuss. It doesn't matter if they're running it as a business or service, they can do that with their own systems if they want.

    Parler is (or was) a disgusting hive of villainy and infamy. BUT, the US has the 1st ammendment, freedom of speech does apply (at least AWS would get bad PR for immeidately terminating accounts due to speech even though they are allowed to). So AWS gave them a chance to straighten up, then closed their services when they didn't.

  14. Claptrap314 Silver badge

    NSO is a weapons manufacturer

    They need to be treated the same way as a foreign Raytheon or any other such company. From what anecdotal evidence I have, I'm betting that AWS doesn't have processes in place for handling such things. Oh well.

    Of course, technology is moving a lot faster than the law, and it's pretty clear that they are turning a rather blind eye to just what their customers are doing with the arms they are receiving. Given who they are and what they are doing, I would be disappointed if this "Shocked, shocked!" moment by Amazon had a noticeable effect on their operations for fifteen minutes. It's entirely possible that it had none at all.

    Honestly, it's a bit disappointing that Amazon was even able to identify which accounts they are using. Oh well. Lessons learned, and all that. I expect that there will be a Swiss LLC (or equivalent) created before the end of this week that just happens to handle traffic that has rather... similar characteristics to what was previously attributed to the NSO.

  15. Anonymous Coward
    Anonymous Coward

    Avoid NSO......easy, but somewhat "old school"....(see "burner phone")

    1. Buy a mobile which is not a smart phone (say a 3G feature phone).

    2. Go to a convenience store and buy a pay-as-you-go SIM for cash (say Lebara)

    3. Go to a different convenience store and buy lots of minutes for cash.

    4. Register the SIM and the minutes in a public place, a place not usually associated with the rest of your life.

    5. Have the phone switched off most of the time.

    6. Only switch the phone on in a public place, and only for long enough to make calls or respond to text or voicemail.

    7. Persuade people close to you to follow steps #1 through #7.

    *

    This process (pretty much) guarantees that ANYONE snooping on your phone traffic has NO IDEA about your identity.

    *

    Of course, if your social network includes individuals who are not very careful, then your mileage will vary. But of course, you can always start again at item #1.....!!!!!

    1. Clunking Fist

      Re: Avoid NSO......easy, but somewhat "old school"....(see "burner phone")

      Sheesh: or just don't bother with a mobile at all?

      1. Anonymous Coward
        Anonymous Coward

        A Longish Read Suggestion for Clunking_Fist......and others

        Link: https://www.theguardian.com/commentisfree/2021/jul/22/burner-phones-fake-sources-evil-twin-attacks-journalism-surveillance

  16. TheMeerkat Silver badge

    The way Amazon treated Parler shows that Big Tech has too much power over politics.

    It is like sliding down into a totalitarian state when definitions are made behind closed doors to ban everything that does not fit the governing ideology.

  17. Anonymous South African Coward Silver badge

    ...and South Africa’s Cyril Ramaphosa

    Caused a bit of a buzz... El Presidente is not happy about that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like