The United Nations has called for a US-led investigation into the alleged hacking of Jeff Bezos’s mobile phone by the crown prince of Saudi Arabia, Mohammed bin Salman.
The bombshell allegations, which broke on Wednesday, suggest that spyware was deployed via an MP4 file sent from a WhatsApp account belonging to the prince. The two had apparently met and exchanged phone numbers a month before the alleged attack on May 1 2018.
According to the analysis by UN special rapporteurs Agnes Callamard and David Kaye, “massive and unprecedented” exfiltration of data followed the initial spyware deployment, with data egress from the device jumping suddenly by 29,156% to 126 MB and then continuing undetected for months after.
“The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group's Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials,” the UN analysis continued.
“This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.”
The NSO Group has “unequivocally” denied the claims.
It’s claimed that the Saudis targeted the world’s richest man Bezos because of his ownership of the Washington Post, whose columnist Jamal Khashoggi wrote in highly critical terms of the crown prince. He is believed to have been assassinated on a visit to the Saudi embassy in Turkey on October 2 2018.
In November 2018 and February 2019, the crown prince’s WhatsApp account is also said to have sent messages revealing details of Bezos’s affair, months before it became public knowledge.
“The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia,” argued the special rapporteurs.
“The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the crown prince in efforts to target perceived opponents.”
The case also highlights the devastating impact of legitimate cross-border spyware sales from private companies to authoritarian governments, the UN argued.
“Surveillance through digital means must be subjected to the most rigorous control, including by judicial authorities and national and international export control regimes, to protect against the ease of its abuse,” it said.
“It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology.”
It will be some cause for concern for Bezos and his personal security team that the attack went undetected for so long.
“For high value targets, the best protection is to compartmentalize how apps are used. For example, they might use WhatsApp or Signal for communicating with external contacts, and Teams for communicating with internals,” argued F-Secure principal researcher, Jarno Niemelä.
“It makes sense to separate use by device, I recommend communicating with external contacts with a different device to the one that you use for handling critical matters such as 2 factor authentication apps. It is also important to review application permissions regularly to deny access to apps that have fallen out of use.”