This one is big. So big that the United Nations (UN) last week demanded that the US investigate the possibility that Mohammad bin Salman, the crown prince of Saudi Arabia, might have intentionally hacked the phone of the richest person on earth. This person, Jeff Bezos, also happens to be the founder and CEO of Amazon, Inc., as well as the owner of The Washington Post. Six months after the hack of Mr. Bezos’ phone (on 1 May 2018), Mr. Khashoggi was killed by Saudi agents in Istanbul, where he had gone to obtain papers needed to marry his Turkish fiancée. The US CIA (Central Intelligence Agency) has concluded that Prince Mohammed bin Salman most likely ordered the murder. It is no secret that the crown prince likes to have his picture taken with the so-called rich and famous people of the world, especially in Canada, US, and UK. Now these same people are being warned by UN special rapporteurs to be careful because of the “fragility” of Saudi Arabia’s electronic systems.
According to New York Times Ben Hubbard and Michael Schwirtz on 22 January 2020, “The hacking of Mr. Bezos is particularly sensitive because of his ownership of The Post, which had published coverage critical of the kingdom and had retained Jamal Khashoggi, a dissident Saudi writer, as a regular columnist. Mr. Khashoggi had fled Saudi Arabia for the United States and often criticized Prince Mohammed in his columns.”
The UK Guardian’s Stephanie Kirchgaessner (January 22, 2020) reports that “UN experts are demanding an immediate investigation by the US into evidence indicating that Jeff Bezos, the billionaire owner of the Washington Post, was hacked with spyware deployed in a WhatsApp (video) message sent from the personal account of Saudi Arabia’s crown prince, Mohammed bin Salman.” Bezos’s iPhone was believed to have been infected by the malware on 1 May 2018 via an MP4 video file sent from the crown prince. Within hours of receipt of the MP4 video file, a huge “exfiltration” of data began. The amount of data leaving the phone increased enormously and continued undetected for several months.
It is kind of ironic that the phone of the founder of one of the world’s largest Internet-high-technology companies could be so easily hacked. Alex Hern (UK Guardian, January 22, 2020) describes the WhatsApp video message sent from the prince’s phone to Mr. Bezos’: “The video appeared to describe the relationship between Saudi Arabia and Sweden, with closely cropped Arabic captions. It is unclear whether Bezos clicked on the video. He may not have had to. It appears the malware was not actually in the video itself but in the encrypted “envelope” in which it was contained. When the message reached Bezos’ phone, and it decrypted to reveal the video, the malicious code was released.”
Mr. Bezos has enlisted the service of FTI Consulting to investigate the hacking incident. FTI’s findings were reportedly handed over to two UN special rapporteurs: Agnès Callamard and David Kaye. The rapporteurs confirmed that the message that the prince allegedly sent to Mr. Bezos is an encrypted video. Kirchgaessner noted that “In the days and weeks that followed, Bezos – who was married at the time – sent private text messages to his girlfriend, describing his romantic feelings.” She further states that “those texts would later be published in the National Enquirer, although the exact circumstances around their publication have yet to be determined.” (The National Enquirer, owned by American Media, Inc., is a gossip newspaper in the US that seems to specialize in salacious contents.) “What is known is that the crown prince had twice met with the owner of the National Enquirer, David Pecker, who was known in Hollywood and Washington as a man who had ties to Donald Trump, and had a history of solving problems for the US president, including “killing” negative stories about Trump and his extramarital affairs,” Kirchgaessner said. She also points out that “new information published by Callamard and Kaye suggests that the alleged targeting of Bezos was just the beginning of a broader campaign to pick off individuals who were close to Khashoggi and in frequent contact with the journalist.”
According to the allegations, the Saudi prince might have employed the help of one of two cyber-surveillance and security companies that specialize in producing sophisticated malware: NSO Group of Israel and Hacking Team of Italy. NSO’s product is called Pegasus, while Hacking Team’s is Galileo. According to the UN special rapporteurs, the Saudi Royal Guard acquired from NSO Group its Pegasus spyware in November 2017 and it is believed to have been involved in the targeting of Saudi dissidents. Their statement said: “The hacking of Mr Bezos’ phone occurred during a period, May-June 2018, in which the phones of two close associates of Jamal Khashoggi, Yahya Assiri and Omar Abdulaziz, were also hacked, allegedly using the Pegasus malware.” Meanwhile, the Facebook-owned messaging company (WhatsApp) accuses NSO of being behind secret attacks on more than 100 human rights activists, lawyers, journalists, and academics all over the world.
The tech takeaway from this incident is obvious: do not open any files in any messaging app from a person you truly do not know.