Amazon chief Jeff Bezos’s phone was likely infected by spyware hidden in a message from Saudi Crown Prince Mohammad bin Salman, according to an analysis released Wednesday, prompting calls for an official investigation.
A forensic analysis by technical experts retained by Bezos after a leak of his personal information in early 2019 suggested that the Bezos iPhone was compromised by “tools” procured by a close associate of the Saudi de facto ruler.
The suggestion of the Saudi prince’s role in the hacking prompted calls for further investigation by UN human rights officials looking into the October 2018 killing of Jamal Khashoggi, a Saudi journalist and contributor to The Washington Post, which is owned by Bezos.
“The alleged hacking of Mr Bezos’s phone, and those of others, demand an immediate investigation by US and other relevant authorities,” UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement in Geneva.
Any investigation should also look at the “continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents,” they added.
Callamard, the UN expert on summary executions and extrajudicial killings, and Kaye, the expert on freedom of expression, said the latest revelation “suggests the possible involvement of the Crown Prince in surveillance of Mr Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”
The technical experts hired by Bezos concluded “with medium to high confidence that Bezos’ iPhone was compromised via malware sent from a WhatsApp account used by Saudi Crown Prince Mohamed bin Salman,” said the report by FTI Consulting, first reported by the online news site Vice.
– Saudis call allegation ‘absurd’ –
Saudi authorities rejected the latest allegations.
“Recent media reports that suggest the Kingdom is behind the hacking of Mr Jeff Bezos’ phone are absurd,” the Saudi Arabian embassy said on its Twitter account.
But FTI, which was retained by the security consultant hired by Bezos, Gavin de Becker, said its forensic analysis pointed to former Saudi court media adviser Saud al-Qahtani, part of Prince Mohammed’s inner circle.
Qahtani, who was sacked as a result of the internal Saudi investigation into the Khashoggi case, is widely believed to have played a role in the killing of the journalist and to have directed “a massive online campaign” against Bezos and his newspaper.
The FTI report said Bezos and the Saudi royal exchanged phone numbers and communicated via WhatsApp after meeting at a Los Angeles dinner in April 2018.
It said that a message to Bezos on May 1, 2018, contained a video attachment which the two men had not discussed, but which delivered the malware that allowed “unauthorized exfiltration” of data from the Amazon CEO’s iPhone X.
The outflow of data increased by 29,000 per cent after that incident, according to the report.
– A failed blackmail effort –
Bezos, the world’s richest man, announced in early 2019 he was the target of a blackmail campaign by the National Enquirer tabloid which threatened to publish lurid pictures of him and his girlfriend Lauren Sanchez as he was moving toward divorcing his wife.
In March last year, de Becker said he concluded that the hack and leak of the Bezos pictures were led by Saudi Arabia but did not specify which part of the Saudi government he was blaming for the hack.
According to a message to Bezos in February 2019 cited in the FTI report, the Crown Prince denied any involvement in the hack.
“Jeff all of what you hear or told it’s not true,” the message said. “You know the truth, there is nothing against you or amazon from me or Saudi Arabia.”
The analysis also suggested that the hackers may have used a type of spyware used in other Saudi surveillance cases, such as Pegasus-3 malware developed by the Israeli security firm NSO Group.
The Israeli firm said in a statement it was “shocked and appalled” by the reports linking its software to the Bezos phone hacking.
“If this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse,” the company said.
“Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance.”