What we know about the alleged Jeff Bezos phone hack so far
Jeff Bezos’ phone hacking story began from a dinner he had with the Saudi crown prince Mohammed Bin Salman in the Spring of 2018.Updated: Jan 23, 2020 18:43 IST
Jeff Bezos’ phone hacking story began from a dinner he had with the Saudi crown prince Mohammed Bin Salman in the Spring of 2018. Bin Salman was visiting the US for a three-week cross country tour to “pitch a progressive vision for his kingdom, including an economic plan less reliant on oil”.
Bin Salman, according to media reports, visited MIT, Harvard, met Richard Branson and Oprah Winfrey as well amidst all the business pitches. The meeting with Bezos was, in all probabilities, rather “weighted with tension” since both Amazon and Amazon Web Services was pushing to expand in the Middle East while Bezos-owned Washington Post had just published Jamal Khashoggi’s sharply critical columns against the crown prince.
The dinner happened on April 4 and while there are no reports about what might have been discussed, it is known that Bezos and Bin Salman exchanged phone numbers.
Four weeks later, on May 1, Bezos received a WhatsApp message from the crown prince that included a 4.22MB video. Within hours of receiving it, “a massive and unauthorized exfiltration of data from Bezos’s phone began,” according to the report by FTI Consulting Inc which was published by Vice.
News of the alleged hack was reported by The Guardian on Tuesday and confirmed on Wednesday by two United Nations experts, who said in a statement, “The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”
According to Bloomberg, the Saudi Embassy has denied involvement in the hack, calling the allegations “absurd”.
UN human rights experts are asking Washington to investigate the ‘suspected’ Saudi hack that may have siphoned data from Bezos’ personal smartphone. But the forensic evidence they cite comes from an incomplete study of the phone, raising multiple questions, reports AP.
Here’s a quick guide to what’s known, and what remains unknown, about their findings.
What happened to the phone?
According to a cybersecurity firm run by a former Obama administration official, “evidence on the phone suggests it was infected by spyware in May 2018 via a WhatsApp message from the account of Saudi Crown Prince Mohammed Bin Salman”. The message included a video file that the firm’s investigators say “likely contained malware”.
Bezos’ personal security adviser, Gavin De Becker, had been advised in February 2019 to have the phone examined by an intelligence official who has not been named. Bezos went public with the suspected hack shortly thereafter and also added that the National Enquirer tabloid had threatened to publish his private messages and photos.
Are the forensic findings conclusive?
According to the AP report, not at all. Outside security researchers highlighted several issues with the forensics report by FTI Consulting. FTI consulting is run by former Obama administration National Security Council cybersecurity official Anthony Ferrante.
For instance, the FTI report, dated November and obtained Wednesday by the Vice News site Motherboard, said “researchers didn’t find any malware on the phone, nor any evidence that Bezos’ phone had surreptitiously communicated with known spyware command servers”.
Further, an examination of the crucial root file system, where top-flight hackers often hide their malware, was still pending when the report was written. iPhone security expert Will Strafach, CEO of Guardian Firewall, said that “if the FTI investigators didn’t look at the root file system, they didn’t do a thorough forensic exam”.
“I think the UN intentions are good but the details really matter here and the public reporting falls short of any real firm smoking gun,” said Strafach.
Other security experts questioned the FTI team’s forensic chops, wondering on Twitter and in blog posts why it was unable to decrypt the software that would have delivered the malware payload along with the video file. Alex Stamos of Stanford University tweeted: “The funny thing is that it looks like FTI potentially has the murder weapon sitting right there, they just haven’t figured out how to test it.”
FTI’s Ferrante did not respond to emails and text messages seeking comment.
Could hackers have erased all proof of intrusion?
Strafach thinks they could have, absolutely. Elite hackers plant malware that erases itself after surreptitiously sending sensitive data to command servers.
“It scoops up everything they want and removes itself so there’s no trace, no evidence. Anyone who knows what they are doing are going to cover up their tracks,” Strafach said.
Sophisticated mobile spyware, such as a package called Pegasus, made by the Israeli hacker-for-hire company NSO Group, is designed to bypass detection and mask its activity. Saudi Arabia i s reported to have used Pegasus against dissidents and human rights activists within weeks of the suspected Bezos hack.
On Wednesday, NSO Group “unequivocally” denied that its technology was used in the Bezos hack.
Why is the UN involved?
One of the two UN officials involved in the case, Agnes Callamard, who focuses on extrajudicial killings and has already investigated the Saudi government’s role in the October 2018 murder in Turkey of Saudi critic and Washington Post columnist Jamal Khashoggi. Callamard’s interest in this case is natural.
The other, David Kaye, is the UN point person on free expression. Kaye focuses on the growing and lawless use of malicious spyware to monitor and intimidate human-rights defenders and journalists.
Both Kaye and Callamard are independent experts in the UN’s human rights arm and are not employees of the organisation.
Are other public figures at risk?
According to the AP report, it’s difficult to say at the moment. “Bin Mohammed has attended gatherings with numerous US entertainers, technology executives and sports-team owners. A senior administration official, speaking on condition of anonymity to discuss internal matters, said Jared Kushner, a White House aide and son-in-law to President Donald Trump, has communicated with the crown prince via WhatsApp,” AP reported.
Why isn’t the US government getting more involved?
For rather obvious reasons it seems. A top US Justice Department official, Adam S Hickey, “would not say whether federal investigators were looking into the allegations”. Trump has been reluctant to condemn the Saudi prince over the Khashoggi killing and has often expresses satisfaction with his government’s purchases of US weapons.
(With agency inputs)