UN report: Saudi crown prince involved in hacking of Bezos phone

On April 4, 2018, the richest man in the world and the leader of the world's biggest oil-exporting nation met at a dinner party at a Hollywood producer's house in Los Angeles and exchanged phone numbers.

"Hello MBS," Jeff Bezos wrote in a text that evening.

Jamal Khashoggi speaks during a press conference in Manama, Bahrain, in 2014.Credit:AP

The alleged hack of Bezos' phone took place five months before Khashoggi's death in 2018, which the CIA linked to the Saudi government in a briefing with senators in December of that year.

The US Treasury Department sanctioned Qahtani for his role as "part of the planning and execution" of Khashoggi's death, but a Saudi public prosecutor last month found a "lack of evidence" against him. The Saudi government said five other Saudis were sentenced to death in connection with the Khashoggi killing but did not identify them.

Ferrante's report said Qahtani bought a 20 per cent stake in a company called Hacking Team that had been working to develop a way to infect phones by sending videos through the WhatsApp messaging platform.

Saudi Arabia's Foreign Minister, Prince Faisal bin Farhan al-Saud, called the UN report "absurd". At a meeting of world leaders in Davos, Prince Faisal said: "The idea that the crown prince would hack Jeff Bezos' phone is absolutely silly."

A person close to Prince Mohammed called it inconceivable that the crown prince would try to hack Bezos' phone but said one of his aides might have. Khashoggi’s columns in the Post "hit Riyadh like a bombshell", the person said on condition of anonymity. "There is also this thrill when you buy some software and you don't know your limits."

A spokesman for Bezos declined to comment. Bezos on Wednesday tweeted a photo of himself at a memorial ceremony in October, honouring Khashoggi a year after his death. Bezos accompanied the picture with just one word, the hashtag #Jamal.

Ferrante's report says that "within hours of receipt of the MP4 video file from the Crown Prince's account, massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began". The flow of data out of Bezos' phone jumped suddenly by 29,156 per cent, and the "spiking then continued undetected over some months". Material extracted from Bezos' phone included personal photos, text messages, instant messages, emails and possibly "eavesdropped recordings done via the phone's microphone", Ferrante found.

Twice in the months after the initial breach, Bezos received texts from the crown prince's account that seemed to demonstrate that the sender had access to Bezos' private information.

On November 8, 2018 – two months before the National Enquirer published an expose revealing that Bezos had been conducting an extramarital affair with former TV host Lauren Sanchez – Bezos received a photo of a woman who looked something like Sanchez.

The photo was accompanied by a cryptic caption saying that "Arguing with a woman is like reading the Software License agreement. In the end you have to ignore everything and click 'I agree'."

Ferrante's report said the message arrived "precisely during the period Bezos and his wife were exploring divorce". At that point, there had been no public reporting on the collapse of Bezos' marriage.

Jeff Bezos with Lauren Sanchez at Wimbledon in July last year.Credit:AP

Then, in February of last year, Bezos received a second text from Prince Mohammed's account – one that the consultant said showed that the Saudi leader had information "that could have been gained via surveillance of Bezos' phone".

On February 14, Bezos had been sent a detailed briefing – delivered to his iPhone – about the Saudis' online propaganda campaign against him. Two days later, a text arrived from Prince Mohammed's account saying: "Jeff all what you hear or told to it's not true … there is nothing against you or amazon from me or Saudi Arabia."

The technology that investigators believe infected Bezos' phone did not require him to click on the video but rather instantly created a channel for remote extraction of data from the phone, FTI concluded.

FTI was unable to find malware on Bezos' phone. It concluded, however, that the extraordinary outflow of data right after the mysterious file arrived strongly indicated a hack.

"It's not the smoking gun, but it's very suspicious," said Matthew Green, a computer scientist at Johns Hopkins University. "If you're looking for concrete, undeniable evidence of an actual hack, then it's not here. But sometimes you're not lucky enough to get that evidence. In fact, one of the goals of this kind of malware is to disguise the fact that it was present."

The UN experts cited reports that Saudi officials have previously used malware such as the NSO Group's Pegasus-3 product to surveil dissidents' computer activity. NSO Group, an Israeli company, issued a statement on Wednesday denying "unequivocally" that its product was used in the alleged Bezos hack.

WhatsApp, which is owned by Facebook, discovered last northern spring that it had a vulnerability that allowed attackers to install surveillance software on Apple and Android phones. The UN statement said "the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group".

"We are aware of the media reports and are concerned about the allegations," said a Trump administration official.

The Office of the Director of National Intelligence, the Justice Department and the FBI declined to comment on the UN experts' conclusions. People with knowledge of the case have said that federal prosecutors in New York have been investigating Bezos' allegation, made in an online essay last year, that executives at the National Enquirer tabloid newspaper used "extortion and blackmail" against him. The Enquirer's 11-page story last January, touted as "the biggest investigation in Enquirer history", included surveillance photos of Bezos with Sanchez.

National Enquirer publisher David Pecker is a close friend of Donald Trump.Credit:AP

Bezos said that American Media Inc, the Enquirer's parent company, threatened to publish photos of his genitals unless he publicly stated that the expose of his extramarital affair was not motivated by the newspaper's ties to US President Donald Trump. Trump and David Pecker, AMI's chief executive, were friends for many years, and AMI admitted to paying two women who said they had affairs with Trump.

The Enquirer said last year that its "single source" who provided information about Bezos' affair was not the Saudis, but rather Sanchez's brother, Michael Sanchez, who denied the allegation.

Any US investigation of the latest hacking allegations would probably be conducted by the FBI. But such a probe would be extremely difficult for both legal and diplomatic reasons.

The bureau probably could not confront hacking suspects in the Saudi government, let alone the crown prince himself. Even if law enforcement officials could use intelligence sources or technical methods to find evidence against someone in the Saudi government, they would face a difficult decision: Do they publicly charge suspects mainly to shame them, knowing they would probably never face trial in the United States and potentially strain diplomatic relations? Or would the FBI remain silent rather than reveal how US authorities gather intelligence on their Saudi allies?

In recent years, officials have at times charged foreign actors. For example, the Justice Department indicted Russian government hackers for interfering in the 2016 election and similarly charged government-backed Iranian hackers with a wide array of computer mischief. A person familiar with the federal investigation into the hacking of Bezos' phone said the FBI approved the selection of Ferrante to do the forensics work on the device.

The UN report marks the first time a public entity has backed up Bezos' allegations about Saudi involvement in the hacking. Last year, Bezos alleged through his security consultant, Gavin de Becker, that the Saudi government had "access to Bezos' phone, and gained private information". De Becker wrote in the Daily Beast that the Saudis were "intent on harming Jeff Bezos since … the Post began its relentless coverage" of the killing of Khashoggi.

Within days of Khashoggi's death, as the Post published numerous news accounts about the killing and the Saudi government's involvement, a massive internet campaign against Bezos began, focused on his role as owner of the Post.

By the next month, the top-trending hashtag on Saudi Twitter was "Boycott Amazon".

Relations between Bezos and the Saudi government have deteriorated over the past two years. After Trump picked Saudi Arabia for his first foreign trip as President, and Prince Mohammed visited the US in early 2018, Bezos' company continued its efforts to make a $US2.2 billion ($3.2 billion) deal to build three data centres for Amazon Web Services in the desert kingdom – a project that seemed to dovetail with the prince's desire to expand his country's participation in the global economy.

AWS, which dominates the cloud-computing industry, is the most profitable part of Bezos' colossal business empire. The discussions between AWS and the Saudis ended after the Khashoggi killing.

The Washington Post

Source: Read Full Article