Amazon CEO Bezos Spyware Hack Tied to Saudi Crown Prince

United Nations investigators have accused Saudi Arabia of hacking a mobile phone belonging to Jeff Bezos, Amazon’s chief executive and the world’s richest person, in a spyware assault beginning in May, 2018 and continuing through February, 2019, multiple reports said.

The malware hit on Bezos apparently arrived as an unusual text attachment -- a picture of his paramour Lauren Sanchez, a relationship that he’d kept quiet to that point. In opening the video, Bezos unknowingly launched the malicious surveillance software. The message, which came via WhatsApp from an account reportedly linked to Mohammed bin Salman, the Crown Prince of Saudi Arabia, arrived a month after unknown attackers killed Washington Post reporter Jamal Khashoggi. Perhaps Bezos had become a Saudi target because the Washington Post, which he owns, had run a number of pieces critical of the Saudi regime.

If someone of Bezos’ stature and wealth can be targeted by spyware then anyone of prominence is vulnerable, making the incident is a case in point of how surveillance malware can skirt security defenders. For example, President Trump has insisted on sending his tweets from a personal phone any consumer can buy. That Trump has a relationship with bin Salman makes him all the more a potential target for a similar hack as victimized Bezos.

Here’s a bit more on what happened (via Wired):

  • The malware that infected Bezos’ phone likely came from a private vendor, perhaps Israel’s NSO Group or the Italian Hacking Team. The tie to bin Salman was first reported by The Guardian.
  • UN investigators suspect Pegasus malware, developed by NSO, could be the culprit. Saudi Arabia first bought Pegasus from NSO in November 2017, according to the UN investigators, who have also posited that Galileo from the Hacking Team may have been the weapon.
  • According to the UN, the Saudi regime had access to Bezos’ phone while simultaneously targeting pro-human rights dissidents using mobile malware developed by NSO. However, when Israeli security firm Cellebrite examined Bezos’ device no evidence of malware was found.
  • The Saudi embassy denied it was behind the malware attack on Bezos’ phone: “Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos' phone are absurd. We call for an investigation on these claims so that we can have all the facts out.”
  • NSO Group denied that its tools were used in the attack. “Our technology cannot be used on US phone numbers. Our products are only used to investigate terror and serious crime. Any suggestion that NSO is involved is defamatory.”
  • FTI Consulting, a group hired by Bezos, found that six months before the video download, roughly 430 kilobytes of data came from Bezos’ phone per day. Within hours of receiving the malware-laden video, Bezos’ phone started averaging 101 megabytes for months afterward.
  • The UN said it will continue its investigations into both the Khashoggi murder and the rampant use of spyware.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.