Amazon CEO Jeff Bezos announces Blue Moon, a lunar landing vehicle for the Moon, during a Blue Origin event in Washington, DC, May 9, 2019.
Saul Loeb | AFP | Getty Images
DUBAI, United Arab Emirates — UN experts have called for an immediate investigation into the “possible involvement” of Saudi Crown Prince Mohammed bin Salman in the hacking of Amazon CEO Jeff Bezos’ iPhone in 2018.
“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” UN special rapporteurs said in a statement Wednesday.
“The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.”
The statement from UN’s human rights body centers on forensic investigations into the claim by Bezos — one of the world’s wealthiest men and owner of the Washington Post — that the Saudi government orchestrated a cyberattack against him to extract large amounts of data from his phone, including nude photos sent to his mistress.
The UN special rapporteurs, who are appointed by the world body but operate independently, made the statement after reviewing the 2019 forensic analysis carried out by Washington-based business advisory firm FTI Consulting on behalf of the American billionaire. Their statements follow earlier investigations into the killing and dismemberment of Washington Post journalist Jamal Khashoggi.
FTI consulting could not detail the specific spyware used in the attack, but said its experts had “medium to high confidence” that Bezos’ iPhone was hacked by malware coming from a Whatsapp account used by the Saudi crown prince.
“Based upon the results of a full forensic examination of the logical file system of Bezos’s phone, including network analysis, and an in-depth investigation conducted over several months, FTI reports with medium to high confidence that Bezos’s IPhone X was compromised via malware sent from a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman,” the report said, according to an excerpt published by the Financial Times.
Riyadh has consistently rejected the accusations, and the Saudi embassy in Washington on Wednesday called the allegations “absurd.”
Bezos, through his security consultant Gavin de Becker, has flatly accused the Saudi government of wanting to do him harm. De Becker in March of 2019 alleged that the Saudis had “access to Bezos’s phone, and gained private information” and that the government was “intent on harming Jeff Bezos since . . . the Post began its relentless coverage” of the brutal murder in October 2018 of Khashoggi, a Saudi journalist critical of the kingdom’s monarchy. Khashoggi was a contributing writer for the Post with U.S. residency.
Riyadh said the killing was the result of a “rogue operation” that did not involve the crown prince, contradicting the CIA’s reported conclusion from late 2018 that implicated Bin Salman as being involved.
The hack: how experts believe it happened
According to the 2019 forensic analysis by FTI Consulting, Bezos’ phone was likely “infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman,” the UN statement read.
Bezos and the crown prince had exchanged numbers the month prior. Within hours of the video being sent from the crown prince’s account, “massive and (for Bezos’ phone) unprecedented exfiltration of data from the phone began” — the volume of data being transited to another location suddenly shot up by nearly 30,000% to 126 MB.
“Data spiking then continued undetected over some months and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos’ phone of 430KB,” the statement said.