- Bandar Algaloud/Courtesy of Saudi Royal Court/Handout via REUTERS; Saul Loeb/Getty Images
- The UN on Wednesday said it had received credible information that Amazon CEO Jeff Bezos had his phone hacked by Saudi Arabian Crown Prince Mohammed bin Salman.
- The UN published a summary of an external forensic investigation into the hack, which included details of how the Amazon CEO exchanged numbers with the Crown Prince, and how the alleged hack took place.
- The UN statement drew links with the murder of Saudi Arabian journalist and dissident Jamal Khashoggi in October 2018.
- Visit Business Insider’s homepage for more stories.
UN investigators on Wednesday threw their weight behind Jeff Bezos, saying they had received information suggesting that the Amazon CEO had been hacked by Saudi Arabian Crown Prince Mohammed bin Salman.
Agnes Callamard and David Kaye – both special rapporteurs appointed by the UN – called for an investigation, and said the forensic report indicated that a number belonging to Crown Prince Mohammed had hacked Bezos’ phone through a malicious video file sent via WhatsApp.
The Saudi government has flat-out denied the allegations, calling them “absurd.”
The investigators don’t explicitly state who was behind the forensic investigation, but reporting from The Guardian and The New York Times suggests the information has come from advisory firm FTI Consulting. The company was reportedly hired by Jeff Bezos after his intimate photos and messages found their way into the US tabloid The National Enquirer.
Callamard and Kaye didn’t publish the forensic report in full, but did summarize its findings and publish a timeline of alleged events.
Here are some of the most bizarre details and twists:
1. Jeff Bezos gave his personal phone number to Crown Prince Mohammed bin Salman after attending a small dinner together in Los Angeles in April 2018.
One of the central mysteries of the allegation that the Crown Prince hacked Jeff Bezos is how and why the pair were ever in touch to begin with.
According to a timeline published by the UN investigators, Jeff Bezos was “invited to attend a small dinner with the Crown Prince in Los Angeles” on March 21 2018.
The actual dinner took place the next month. According to the timeline: “Mr. Bezos attends dinner with the Crown Prince, in the course of which they exchange phone numbers that correspond to their WhatsApp accounts.”
2. A month later, Crown Prince Mohammed allegedly sent a weird, infected video file that compromised Bezos’ phone.
The forensic analysis of Jeff Bezos’ phone found that it was hacked on May 1, 2018 via a malicious MP4 video file sent from Mohammed bin Salman’s WhatsApp account. That’s about a month after Bezos and the crown prince met for dinner.
The UN report did not describe the contents of the video, but Vice obtained a copy of FTI’s original analysis which revealed the video “appear[ed] to be an Arabic language promotional film about telecommunications.”
The thumbnail for the video shows the flags of Saudi Arabia and Sweden.
3. The report does not detail the exact flaw exploited to hack Bezos’ phone, and that is an ongoing mystery.
The UN technical summary doesn’t go into detail about the vulnerability or vulnerabilities exploited to hack Bezos’ phone.
Cybersecurity experts have pointed to a known, earlier vulnerability relating to WhatsApp and MP4 video files.
Others say it isn’t clear that there was any WhatsApp vulnerability at all, when Bezos was targeted by a file containing malicious code. It’s also possible the attack exploited a flaw in the underlying mobile operating system.
“This is not indicative of a vulnerability in WhatsApp,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, told Recode. “There is nothing they can do when a trusted contact sends you a carefully crafted malicious link.”
WhatsApp has not commented publicly on the reports.
4. Crown Prince Mohammed continued to message through 2018 and 2019, allegedly sending Bezos hints about his personal life.
Citing FTI Consulting’s forensic analysis, Crown Prince Mohammed continued to message Jeff Bezos and allegedly dropped hints that he knew details of the Amazon CEO’s private life that hadn’t come from public sources.
5. Crown Prince Mohammed allegedly sent Bezos a bizarre sexist meme, which the investigators concluded might be a subtle reference to the fact Bezos was having an extra-marital relationship with Lauren Sanchez.
According to the investigators’ timeline, one of the Crown Prince’s messages contained a photograph accompanied by a “sardonic caption.”
“It is an image of a woman resembling the woman with whom Bezos is having an affair, months before the Bezos affair was known publicly,” according to the summary.
The message was sent on November 8, 2018 and at the time Bezos was still married to his wife McKenzie Bezos, while pursuing an extra-marital relationship with his current girlfriend Lauren Sanchez.
In January 2019 Jeff and McKenzie Bezos announced they were divorcing, and the National Enquirer ran an exposé on Bezos’ relationship with Sanchez.
Vice published the image from the forensic report, which shows a scowling brown-haired woman accompanied by the caption:
“Arguing with a woman is like reading the Software License agreement. In the end you have to ignore everything and click ‘I agree.'”
The second message Salman sent in February 2019 isn’t described in the UN report, but the Financial Times published a picture of it from the original forensic analysis.
“Jeff all what you hear or told to it’s not true and it’s a matter of time tell you know the truth there is nothing against you or amazon from me or Saudi Arabia,” it read. The text came two after Bezos was briefed over the phone about a Saudi online campaign against him.
6. In the meantime, the malware on Bezos’ phone stole so much data that the amount of information leaving the phone skyrocketed more than one million percent.
After Bezos’ phone was infected in May 2018, the malware exported hoards of data off the device. In the immediate aftermath, the amount of data coming off the phone spiked by 29,156% to 126 megabytes.
The hack carried on for months, and at its height the data spiked by 106,032,045%, siphoning off a whopping 4.6 gigabytes.
7. The hack was likely directly connected to the tragic saga and murder of Washington Post journalist and Saudi dissident Jamal Khashoggi.
The UN investigators drew a link between the hack on Bezos’ phone and the murder of Saudi journalist Jamal Khashoggi.
Khashoggi was a dissident, and a columnist for The Washington Post, which is owned by Bezos.
“The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul,” the investigators concluded.
Mohammed bin Salman is widely suspected to have had played an active role in ordering Khashoggi’s murder.
8. The hack may have been perpetrated using Israeli software which has been used to target Saudi dissidents, foreign journalists, and activists.
The investigators referenced NSO Group, a secretive Israeli cybersecurity group known to produce the highly invasive Pegasus software.
Pegasus has reportedly been used by governments to surveil activists and journalists.
“The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials,” the investigators said.
NSO Group has strenuously denied any involvement in the Bezos hack. “We know this because of how our software works and our technology cannot be used on US phone numbers. Our products are only used to investigate terror and serious crime,” an NSO Group spokesman told Business Insider.
In their timeline the UN investigators pointed to numerous Saudi dissidents and human rights activists, some of whom were in contact with Khashoggi and were hacked via malware sent through WhatsApp texts and links.
9. Saudi Arabia allegedly launched a stop-start Twitter campaign against Bezos.
In their report, the investigators accused Saudi Arabia of “clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post.”
Their timeline shows two flurries of anti-Bezos activity on Saudi Twitter.
The first came in October 2018, less than a month after the murder of Jamal Khashoggi. They note that the campaign stopped “abruptly” in April 2019, “strongly indicating inauthentic and coordinated hashtags and tweets.”
The Twitter campaign against Bezos reignited in October 2019 after Bezos attended a memorial for Khashoggi.
10. Now the UN wants an in-depth investigation into Khashoggi’s murder, the hack on Bezos, and the role Saudi Arabia allegedly played in all of this.
The UN investigators concluded that the hacking of Bezos’ and others’ devices “demands immediate investigation by US and other relevant authorities.” That investigation should include Crown Prince Mohammed, they added.
The UN rapporteurs are still pursuing an investigation into the killing of Jamal Khashoggi.