Skip to content

U.N. probe sought of Saudi spyware hack

U.N. investigators urged an inquiry into the Saudi crown prince's alleged role in hacking the phone of Amazon CEO and Washington Post owner Jeff Bezos.

GENEVA (AN) — U.N. human rights investigators urged a special inquiry on Wednesday into Saudi Crown Prince Mohammed bin Salman's alleged role in hacking the phone of Amazon CEO and Washington Post owner Jeff Bezos.

The investigators, Agnès Callamard and David Kaye, said they were "gravely concerned" that Bezos' iPhone X was hacked from a WhatsApp account belonging to the crown prince in 2018 and digital spyware was installed that enabled surveillance of Bezos and his contacts."The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia," said Callamard, the U.N. special rapporteur for extrajudicial, summary or arbitrary executions, and Kaye, the U.N. special rapporteur on freedom of opinion and expression.

"The allegations reinforce other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals," they said in a joint statement.

Callamard has overseen a United Nations-led investigation into Saudi journalist Jamal Khashoggi’s killing inside the Saudi consulate at Istanbul, Turkey on October 2, 2018. In June, she reported that “credible evidence” exists to justify a criminal probe into the crown prince and other officials suspected of involvement in Khashoggi’s premeditated murder.

Khashoggi, a Saudi citizen and outspoken critic of his government, had taken up U.S. residence and was working as a contributing columnist for The Washington Post’s Global Opinions section. Bezos, as owner of the newspaper, helped it become profitable again, but has given its editorial writers largely free rein.

The circumstances of his alleged phone hacking have become "relevant as well to ongoing evaluation of claims about the crown prince's involvement" in Khashoggi's murder, the two U.N. special rapporteurs said.

"The alleged hacking of Mr. Bezos' phone, and those of others, demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the crown prince in efforts to target perceived opponents," they said.

The two U.N. special rapporteurs are among several dozen investigators assigned by the U.N. Human Rights Council to monitor compliance with international human rights laws. Their work is supported by the Office of the U.N. High Commissioner for Human Rights, or OHCHR.The Saudi embassy in Washington denied the claims in a statement on Twitter. "Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos' phone are absurd," it said. "We call for an investigation on these claims so that we can have all the facts out."

The news raised questions about the political consequences of tangling with the world's richest man, whose net worth is now about US$118 billion, according to Bloomberg's Billionaires Index.

"We're about to to find out whether messing with a billionaire's phone is going to be a bigger international problem for Saudi Arabia than killing one of that billionaire's employees," Binyamin Applebaum, a member of The New York Times' editorial board, wrote on Twitter.

'Unconstrained' spyware use

The circumstances of Bezos' case "strengthen support for further investigation by U.S. and other relevant authorities of the allegations that the crown prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission" that targeted Khashoggi for murder, the two special rapporteurs said.

They said they recently became aware of a 2019 forensic analysis of Bezos' iPhone X that assessed with "medium to high confidence" that it was infiltrated on May 1, 2018, five months before Khashoggi's murder, via an MP4 video file sent from the crown prince's WhatsApp account. Bezos met with the crown prince during his U.S. visit in March 2018, and they exchanged numbers at a Los Angeles dinner on April 4, 2018 — one month before the hack — then began communicating via WhatsApp.

"The forensic analysis found that within hours of receipt of the MP4 video file from the crown prince's account, massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began, increasing data egress suddenly by 29,156% to 126 MB," the investigators said.

"Data spiking then continued undetected over some months," they said, "and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos' phone of 430KB."

The forensic analysis was led by Anthony Ferrante, a former FBI investigator and cyber expert at business advisory firm FTI Consulting, who also worked on the Russian hack of the Democratic National Committee in 2016. FTI's 17-page confidential analysis was commissioned by Bezos' private security advisor, Gavin de Becker, whose consulting and services firm advises at-risk public figures.

The analysis said Bezos' phone was "compromised via tools procured by Saud al Qahtani,” a friend and close advisor of the crown prince. The U.N. investigators said the intrusion likely was done using spyware identified in other Saudi surveillance cases such as the NSO Group's Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials.

The crown prince also allegedly sent WhatsApp messages to Bezos in November 2018 and February 2019 that revealed private and confidential information about Bezos' personal life not in the public domain.

"During the same period, Mr. Bezos was widely targeted in Saudi social media as an alleged adversary of the Kingdom," Callamard and Kaye concluded. "This was part of a massive, clandestine online campaign against Mr. Bezos and Amazon, apparently targeting him principally as the owner of The Washington Post."

The alleged phone hacking pertains to the National Enquirer's scoop a year ago about Bezos and his then-extramarital affair with former television host Lauren Sánchez. Federal investigators and a private inquiry by Bezos sought to discover how the tabloid and its parent company American Media Inc. got the story, which included then-married Bezos' private texts and revealing photos to his girlfriend.

New York prosecutors have evidence suggesting Sanchez shared with her brother, Michael Sánchez, private texts and photos about her affair with Bezos, which her brother, a talent manager in Hollywood, then sold to AMI for US$200,000, The Wall Street Journal reported. Michael Sánchez admitted working with AMI on the story but denied being the source of the leaked material, according to news reports.

In February 2019, Bezos published an extraordinary blogpost in which he accused AMI of "extortion and blackmail."  He said his accusations were based on the work of FTI Consulting and de Becker, who had concluded that the Saudis had access to Bezos’ phone and gained his private information.

In a post titled “No thank you, Mr. Pecker,” Bezos claimed that he was being threatened with the publication of revealing photos of him and Lauren Sánchez unless he agreed to publicly state that AMI's investigation into his personal life was not “politically motivated or influenced by political forces.”

A month earlier, Bezos and his wife, MacKenzie, announced they were divorcing. AMI had used similar "catch and kill" publishing tactics before. AMI's CEO David Pecker had reached a deal with prosecutors in September 2018 in which he admitted paying hush money in the 2016 presidential campaign to protect Donald Trump — a fierce critic of Amazon and The Washington Post — from allegations of having an extramarital affair with Playboy model Karen McDougal.Starting in 2015, while on the presidential campaign trail, Trump criticized Bezos for buying The Washington Post as a tactic to reduce Amazon's taxes. Trump has since accused Bezos of taking advantage of the U.S. Postal Service and repeatedly complained about the newspaper's coverage of him. Trump has continued to heap praise on the crown prince and largely ignored the substantial evidence behind Khashoggi's murder, including the CIA's conclusion that the crown prince ordered the killing.

Pecker had a longstanding relationship with Trump, promoting him as a candidate and criticizing his rivals. Pecker was later rewarded with an invitation to a White House dinner so he could meet someone close to the royal family in Saudi Arabia, where he was pursuing business deals. Federal prosecutors have been looking at whether AMI or someone close to Bezos did anything illegal to get the texts and photos.Bezos' Amazon Web Services filed a bid protest in the U.S. Court of Federal Claims to have the Pentagon discontinue work on a massive cloud computing contract awarded to Microsoft, its biggest competitor, based on what Amazon called improper meddling by Trump due to personal antipathy towards Bezos.

AWS, the market leader, was long seen as the front-runner for the US$10 billion contract as the only private company that could handle the top-secret data used in the Joint Enterprise Defense Infrastructure project, or JEDI, for 3.4 million users. AWS won a 2013 contract for a similar CIA computing project.

Callamard and Kaye said the reported surveillance of Bezos, allegedly through a private company's software and transferred to a government without judicial control of its use is, if true, "a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware."

"Surveillance through digital means must be subjected to the most rigorous control, including by judicial authorities and national and international export control regimes, to protect against the ease of its abuse," they said. "It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology."