Saul Loeb | AFP | Getty Images
“The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.”
The UN special rapporteurs, who are appointed by the world body but operate independently, made the statement after reviewing the 2019 forensic analysis carried out by Washington-based business advisory firm FTI Consulting on behalf of the American billionaire. Their statements follow earlier investigations into the killing and dismemberment of Washington Post journalist Jamal Khashoggi.
FTI consulting could not detail the specific spyware used in the attack, but said its experts had “medium to high confidence” that Bezos’ iPhone was hacked by malware coming from a Whatsapp account used by the Saudi crown prince.
“Based upon the results of a full forensic examination of the logical file system of Bezos’s phone, including network analysis, and an in-depth investigation conducted over several months, FTI reports with medium to high confidence that Bezos’s IPhone X was compromised via malware sent from a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman,” the report said, according to an excerpt published by the Financial Times.
Riyadh said the killing was the result of a “rogue operation” that did not involve the crown prince, contradicting the CIA’s reported conclusion from late 2018 that implicated Bin Salman as being involved.
The hack: how experts believe it happened
Bezos and the crown prince had exchanged numbers the month prior. Within hours of the video being sent from the crown prince’s account, “massive and (for Bezos’ phone) unprecedented exfiltration of data from the phone began” — the volume of data being transited to another location suddenly shot up by nearly 30,000% to 126 MB.
“Data spiking then continued undetected over some months and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos’ phone of 430KB,” the statement said.
The analysis pointed to a spyware product previously identified in other cases of Saudi surveillance, saying the intrusion was “likely undertaken” by a product like the Pegasus-3 malware created by Israeli-based NSO Group. Pegasus has been widely reported as having been purchased by Saudi officials, Saud al Qahtani, prince Mohammed’s former advisor who was implicated in the Khashoggi murder but ultimately not charged by the Saudi authorities.
“This would be consistent with other information,” the UN special rapporteurs wrote. “For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.”
NSO responded in a statement posted to its website Wednesday, saying “NSO is shocked and appalled by the story that has been published with respect to alleged hacking of the phone of Mr. Jeff Bezos,” and calling for a “full investigation” if the story is true.
“Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance,” the company said.