Amazon Web Services Inc. is under fire for not publicly sharing information at a congressional hearing this week about the SolarWinds hacking campaign, though it did say it shared details in private briefings with lawmakers and law enforcement.

AWS was one of the cloud providers whose platforms hackers are believed to have used to carry out the operation. The cyberattack, which U.S. authorities say was likely carried out by Russian intelligence agents, compromised at least nine federal agencies and a hundred companies.

During a Senate Intelligence Committee hearing on Tuesday, senators criticized AWS for not sending a company representative to testify. “We had extended an invitation to Amazon to participate. The operation we’ll be discussing today uses their infrastructure, [and], at least in part, required it to be successful,” Senator Marco Rubio said during the hearing. “Apparently they were too busy to discuss that here with us today, and I hope they’ll reconsider that in the future.”

Senator Mark Warner remarked that “when a large enterprise like Amazon is invited, they ought to be participating.” He reportedly stated that AWS had provided the Senate Intelligence Committee with one update on the SolarWinds attack, but added the committee was still expecting a “full update.”

In a statement provided to SiliconANGLE, AWS said it has shared information about the hacking campaign with authorities. “AWS is not affected by the SolarWinds issue, and we do not use their software,” a spokesperson said. “When we learned of this event, we immediately investigated, ensured we weren’t affected, and shared what we learned with law enforcement. We’ve also provided detailed briefings to government officials, including members of Congress.”

Shannon Kellogg, AWS’ vice president of policy, added in a letter to Senators Warner and Rubio, first reported in the Wall Street Journal, that “we look forward to continuing our ongoing engagement with you and your committee on cybersecurity issues.”

According to the Journal, AWS has also come under fire in some quarters for not publicizing the information it had gathered about the SolarWinds hack. Microsoft Corp., whose Azure public cloud was also used to launch the cyberattack, has shared technical details about the operation in blog posts. A cybersecurity expert who spoke to the Journal speculated that AWS might have data on what activities hackers carried out in its public cloud as part of the attack and how they paid for cloud resources they used. 

Photo: Tony Webster/Flickr