Saudi prince’s WhatsApp account ‘directly involved’ in Bezos hack

Amazon founder’s phone began sharing vast amounts of data after he received video file from Mohammed bin Salman’s account

CEO of Amazon Jeff Bezos. Photograph:  Sajjad Hussain/AFP via Getty Images
CEO of Amazon Jeff Bezos. Photograph: Sajjad Hussain/AFP via Getty Images

Forensic experts hired by Jeff Bezos have concluded with "medium to high confidence" that a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman was directly involved in a 2018 hack of the Amazon founder's phone.

A report on the hack, which has been seen by the Financial Times, says Mr Bezos’ phone started surreptitiously sharing vast amounts of data immediately after receiving an apparently innocuous, but encrypted video file from the prince’s WhatsApp account in May 2018.

The file was sent via WhatsApp weeks after the pair exchanged numbers at a dinner in Los Angeles during a trip to the US by the crown prince. While on the trip Prince Mohammed had met a string of top US executives and sought to attract investment to the kingdom.

However, the relationship between Mr Bezos and the prince soured after the gruesome murder of Jamal Khashoggi, a veteran Saudi journalist who used a regular column in the Bezos-owned Washington Post to criticise Prince Mohammed's autocratic leadership. After the newspaper reported on how a Saudi hit squad had killed Khashoggi in the kingdom's consulate in Istanbul in October 2018 and dismembered his body, Mr Bezos and the Post were targeted by a Saudi Twitter campaign.

READ SOME MORE

Extramarital affair

Mr Bezos's associates last year said they had high confidence that Saudi Arabia had access to his phone and had gained private information after details of an extramarital affair appeared in a US tabloid. But the recent forensic analysis is the first to directly implicate a WhatsApp account used by Prince Mohammed and is likely to deepen the acrimony between one of the world's most powerful leaders and its richest man.

The allegations will heighten scrutiny of Prince Mohammed's leadership and methods. The young royal has courted the heads of global tech companies; Riyadh also has ventures with groups such as Japan's SoftBank as the crown prince seeks international backing for his ambitious plans to overhaul the oil-dependent economy. But his reputation has been tarnished by the Khashoggi murder and sweeping crackdowns against dissent.

The forensic analysis, led by Anthony J Ferrante, a cyber expert at the business advisory firm FTI Consulting, said that within hours of the video file being sent by WhatsApp to Mr Bezos "a massive and unauthorised exfiltration of data from Bezos's phone began, continuing and escalating for months".

The amount of data hacked from the phone was in the dozens of gigabytes, compared to the few hundred kilobytes daily average in the months before the video file was sent, the analysis found.

The report does not claim to have conclusive evidence and its findings could not be independently confirmed by the FT.

A spokesman for Mr Bezos declined to comment but said he was “co-operating with the authorities”.

Saudi Arabia denied the allegations. “Saudi Arabia does not conduct illicit activities of this nature, nor does it condone them,” a Saudi official said. “We request the presentation of any supposed evidence and the disclosure of any company that examined any forensic evidence so that we can show it is demonstrably false.”

‘Absurd’ allegations

After the FT published its findings, the Saudi embassy in Washington wrote on Twitter that the allegations were “absurd”, adding: “We call for an investigation on these claims so that we can have all the facts out.”

A spokesman for FTI Consulting said all “client work is confidential. We do not comment on, confirm or deny client engagements or potential engagements.”

Saudi authorities have previously been accused of hacking the phones of critics and activists, while also using an army of social media trolls to intimidate and harass dissenting voices. Around the same time as Mr Bezos's phone allegedly received the video file from Prince Mohammed's WhatsApp account, privacy advocates also tracked attempts to hack the phone of Omar Abdulaziz, a friend of Khashoggi and a prominent Saudi dissident living in Canada; and two other overseas critics of the Saudi leadership, according to lawsuits filed in Israel and Cyprus, and research by Citizen Lab, at the University of Toronto.

The forensic report commissioned by Mr Bezos said Prince Mohammed contacted the Amazon founder unexpectedly via WhatsApp on two occasions after the video file had been sent in a way that suggested that the crown prince had prior knowledge of the businessman’s private discussions.

Mr Bezos had already ceased all communications with Prince Mohammed in the wake of the Khashoggi murder. But in February 2019, two days after the billionaire was briefed - via his phone - about the extent of the Saudi online campaign against him, he received another message from the WhatsApp account used by the prince. It said: “All what you hear or told to it’s not true and it’s matter of time will tell [ sic ] you know the truth, there is nothing against you or Amazon from me or Saudi Arabia”.

The forensic analysis of Mr Bezos’s phone could not ascertain what alleged spyware was used. However, the report said: “It is believed that the compromise was likely facilitated by malicious tools procured by [ Saud ] al-Qahtani”.

Campaigns

Human rights activists have accused Mr Qahtani, a former adviser to Prince Mohammed and the crown prince’s enforcer, of directing aggressive social media campaigns against critics.

Mr Qahtani was dismissed from the royal court after being implicated by the Saudi state prosecutor in Khashoggi’s murder and sanctioned by the US. Last month Saudi authorities said he had not been charged due to a lack of evidence.

Mr Qahtani was also in charge of a more covert operation - the procurement of hacking software from European and Israeli companies, according to four people who spoke to the FT on condition of anonymity. Leaked emails from an Italian firm, Hacking Team, which sells covert surveillance software designed to penetrate phones remotely, show him using his Saudi government credentials to purchase their services as early as 2015. Mr Qahtani did not immediately respond to a request for comment.

In March, Gavin de Becker, Mr Bezos's security consultant, alleged that "our investigators" had concluded "with high confidence that the Saudis had access to Bezos's phone, and gained private information". His claims came after the National Inquirer US tabloid published details about Mr Bezos's affair with Lauren Sanchez.

Mr Bezos later revealed that the tabloid had sought to intimidate him by threatening to release more intimate photographs, unless he agreed to publicly exonerate them of any political motivations in violating his privacy.

American Media Inc, the tabloid’s owner, denied the reports and said its source was Ms Sanchez’s brother, Michael. Saudi officials also denied the kingdom was involved. – Copyright The Financial Times Limited 2020