Associated Press Archives | Email alerts

Jan. 23, 2020, 5:07 p.m. EST

What is now known and what remains unknown about the hacking of Jeff Bezos’s phone

Watchlist Relevance

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

  • X
    Facebook Inc. Cl A (FB)
  • X
    Twitter Inc. (TWTR)

or Cancel Already have a watchlist? Log In

By Associated Press

AFP/Getty Images
Jeff Bezos tours Amazon Spheres — an office space that resembles a rainforest — at the then-new facility’s January 2018 grand opening.

BOSTON (AP) — U.N. human-rights experts are asking Washington to investigate a suspected Saudi hack that may have siphoned data from the personal smartphone of Jeff Bezos, founder and owner of the Washington Post. But the forensic evidence they cite comes from an incomplete study of Bezos’s phone, raising multiple questions.

Here’s a quick guide to what’s known, and what remains unknown, about their findings.

What happened to Bezos’s phone? According to a report overseen by a former longtime FBI agent and top cybersecurity official in the Obama administration, evidence on the phone suggests it was infected by spyware in May 2018 via a WhatsApp /zigman2/quotes/205064656/composite FB +0.04% message from the account of Saudi Crown Prince Mohammed bin Salman. That message included a video file that the firm’s investigators say likely contained malware.

Bezos’s personal security adviser had been advised in February 2019 to have the phone examined by an intelligence official who has not been named. Bezos went public with the suspected hack shortly thereafter, saying the National Enquirer tabloid had threatened to publish his private messages and photos.

Are the forensic findings conclusive? Not at all. Outside security researchers highlighted several issues with the forensics report, which was overseen by Anthony Ferrante, who is senior managing director of FTI Consulting’s cybersecurity operations and had worked on the National Security Council under President Barack Obama.

For instance, the FTI report, dated November and obtained Wednesday by the Vice News site Motherboard, said researchers didn’t find malware on the phone, nor evidence that Bezos’s phone had surreptitiously communicated with known spyware command servers.

Further, an examination of the crucial root file system — where top-flight hackers often hide their malware — was still pending when the report was written. IPhone security expert Will Strafach, CEO of Guardian Firewall, said that if the FTI investigators didn’t look at the root file system, they didn’t do a thorough forensic exam.

“I think the U.N. intentions are good, but the details really matter here, and the public reporting falls short of any real firm smoking gun,” said Strafach.

Associated Press
Saudi Crown Prince Mohammed bin Salman at a September meeting with U.S. Secretary of State Mike Pompeo in Jeddah, Saudi Arabia.

Other security experts questioned the FTI team’s forensic chops, wondering on Twitter /zigman2/quotes/203180645/composite TWTR -0.54% and in blog posts why it was unable to decrypt the software that would have delivered the malware payload along with the video file.

Alex Stamos of Stanford University tweeted: “The funny thing is that it looks like FTI potentially has the murder weapon sitting right there, they just haven’t figured out how to test it.”

FTI’s Ferrante did not response to emails and text messages seeking comment. The company said in a statement that all FTI’s work for clients is confidential and that FTI does not “comment on, confirm or deny client engagements.” Facebook said the outfit did not reach out to WhatsApp, acquired in 2014 by Facebook, to request assistance with its probe.

Read: Saudi social-media accounts threaten to boycott Amazon over allegations that crown prince ‘MBS’ hacked Jeff Bezos’s phone

Could hackers have erased all evidence of an intrusion? Absolutely, said Strafach. Elite hackers plant malware that erases itself after surreptitiously sending sensitive data to command servers.

“It scoops up everything they want and removes itself so there’s no trace, no evidence,” he said. “Anyone who knows what they are doing are going to cover up their tracks.”

Sophisticated mobile spyware — such as a package called Pegasus, made by the Israeli hacker-for-hire company NSO Group — is designed to bypass detection and mask its activity. Saudi Arabia is reported to have used Pegasus against dissidents and human rights activists within weeks of the suspected Bezos hack.

On Wednesday, NSO Group “unequivocally” denied that its technology was used in the Bezos hack.

Why is the United Nations involved? One of the two U.N. officials seeking answers in the case, Agnes Callamard, focuses on extrajudicial killings and has already investigated the Saudi government’s role in the October 2018 murder in Turkey of Saudi critic and Washington Post columnist Jamal Khashoggi.

The other, David Kaye, is the U.N. point person on free expression. He focuses on the growing and lawless use of malicious spyware to monitor and intimidate human-rights defenders and journalists.

Both are independent experts in the U.N.’s human-rights arm, not employees of the international organization.

Kaye said via text message that he received the FTI report in November.

Are other public figures at risk? It’s difficult to say at the moment. “MBS,” as the prince is widely known, has attended gatherings with numerous U.S. entertainers, technology executives and sports-team owners. A senior administration official, speaking on condition of anonymity to discuss internal matters, said Jared Kushner, a White House aide and son-in-law to President Donald Trump, has communicated with the crown prince via WhatsApp.

See: The Jeff Bezos privacy intrusion could happen to anyone — here’s how to prevent it

Why isn’t the U.S. government involved? A top U.S. Justice Department official, Adam S. Hickey, would not say whether federal investigators were looking into the allegations. Trump has been reluctant to condemn the Saudi prince over the Khashoggi killing and often expresses satisfaction with the Saudi government’s purchases of U.S. weapons.

Read on: Senate fails to override Trump’s veto on Saudi arms sale

US : U.S.: Nasdaq
$ 261.90
+0.11 +0.04%
Volume: 20.14M
Sept. 30, 2020 4:00p
P/E Ratio
Dividend Yield
Market Cap
$746.10 billion
Rev. per Employee
$ 44.50
-0.24 -0.54%
Volume: 12.92M
Sept. 30, 2020 4:03p
P/E Ratio
Dividend Yield
Market Cap
$35.20 billion
Rev. per Employee

This Story has 0 Comments
Be the first to comment
More News In

Story Conversation

Commenting FAQs »
Link to MarketWatch's Slice.