On Jan. 22, two United Nations human rights experts announced that a forensic analysis had concluded with “medium to high confidence” that an iPhone belonging to Amazon CEO and Washington Post owner Jeff Bezos was hacked via a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman.
The Saudi government, which had already dismissed at news reports about the hack, doubled down on the denial, with Saudi Foreign Minister Prince Faisal bin Farhan Al Saud telling the Reuters news agency the claim was “absurd” and that the “idea that the crown prince would hack Jeff Bezos’ phone is absolutely silly.”
The experts, Agnes Callamard, U.N. special rapporteur on summary executions and extrajudicial killings, and David Kaye, U.N. special rapporteur on freedom of expression, said the hacking of phones belonging to Bezos and others “demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.”
Callamard led the preparation of a 101-page U.N. report released last June detailing the murder of Saudi journalist Jamal Khashoggi inside the Saudi embassy in Istanbul on October 2, 2018. The report found that Khashoggi, a critic of the Saudi government and Washington Post columnist, was the target of “a premeditated extrajudicial execution, for which the State of Saudi Arabia is responsible.”
Khashoggi’s killing followed columns in the Post that reportedly angered the Saudi regime and came six months after a meeting in which Bezos and the crown prince traded phone numbers and began connecting on WhatsApp.
“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia,” Callamard and Kay said in a joint statement. “The allegations reinforce other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals.”
According to the statement, Mohammed bin Salman invited Bezos to a private dinner in Washington, D.C., on Apr. 4, 2018, at which the exchange of numbers occurred.
Less than a month later, the U.N. experts said, a message consisting of “an encrypted video file” was sent from the crown prince’s WhatsApp account to Bezos’ phone. That triggered an “anomalous and extreme change in phone behavior, with cellular data originating from the phone increasing by 29,156 percent,” they said, citing an in-depth forensic study of the phone.
“Data spiking then continued over the following months at rates as much as 106,031,045 per cent higher” than was normal, the statement said.
That forensic analysis was overseen by Anthony Ferrante of the business advisory company FTI Consulting, who was hired by Bezos’ security adviser, Gavin de Becker. FTI Consulting’s full report of that analysis also is public.
Reacting to early news reports, the Saudi embassy called the hacking allegation “absurd.” Faisal bin Farhan Al Saud, the foreign minister, stuck to that characterization after the statement was released: “I think ‘absurd’ is exactly the right word,” he told Reuters at the 2020 World Economic Forum in Davos, Switzerland.
But the U.N. experts said FTI Consulting’s forensic analysis established “grounds for a reasonable belief (medium to high confidence) that Mr. Bezos was subjected to intrusive surveillance via hacking of his phone as a result of actions attributable to the WhatsApp account used by Crown Prince Mohammed bin Salman.”
Furthermore, the statement said, the Saudi Royal Guard had “acquired” Pegasus-3 spyware in November 2017 from the Israeli cyber security firm NSO Group. That spyware was a likely suspect in the Bezos hack, the statement said, and the ability to install it via WhatsApp had been “well-documented.”
In October 2019, WhatsApp owner Facebook sued the NSO Group for compromising users’ private data.
According to the U.N., the same malicious code was used by the Saudis to hack the phones of three Khashoggi associates earlier in 2018. The hacking was “consistent with the widely reported role of the Crown Prince in leading a campaign against dissidents and political opponents,” the statement said.
“Following the hacking of Mr. Bezos' phone, the Crown Prince sent WhatsApp messages to Mr. Bezos, in November 2018 and February 2019, in which he allegedly revealed private and confidential information about Mr. Bezos' personal life that was not available from public sources,” the statement said.
“During this period, Mr. Bezos was widely targeted in Saudi social media as an alleged adversary of the (Saudi) Kingdom,” the statement continued. “This was part of a massive, clandestine online campaign against Mr. Bezos and Amazon, apparently targeting him principally as the owner of The Washington Post.”