Report Says Saudi Prince MBS's Whatsapp Account Personally Sent Jeff Bezos Malware Used To Access His Phone

from the 21st-century-espionage dept

Things sure are getting even more bizarre in the world of the rich, famous, and powerful. Saudi Crown Prince Mohammed bin Salman (usually called "MBS") is now being accused of personally being involved in the hacking of Jeff Bezos' phone to get data that was eventually used against him by the National Enquirer. This is a soap opera-level story that involves a bit of background.

You may recall that, approximately a year ago, Jeff Bezos put out quite a Medium post, entitled: No thank you, Mr. Pecker, in which he exposed an attempt by David Pecker's National Enquirer to engage in what sure looks like a blackmail effort to silence Washington Post (which Bezos owns) reporting efforts. The post came about a month after the National Enquirer had released evidence of an affair that Bezos was having, including releasing personal text messages (the National Enqurier release came hours after Bezos himself announced he was getting a divorce from his wife). According to Bezos' blog post, the Enquirer had also threatened to release personal photos of Bezos if he did not call off an investigation he had launched into how the National Enquirer had obtained those text messages.

A little over a month and a half later, the investigator that Bezos had hired, Gavin de Becker, announced that he believed Saudi Arabia was involved in obtaining Bezos's personal data, adding a bit of international intrigue to the whole thing. de Becker argued that the evidence pointed to the Saudis much more than Michael Sanchez, the brother of the woman with whom Bezos was having the affair, who had claimed that he had given the data to the National Enquirer. As de Becker noted, Sanchez seemed to be a fall guy to distract from the possible Saudi connection:

My office quickly identified the person whom the Enquirer had paid as a source: a man named Michael Sanchez, the now-estranged brother of Lauren Sanchez, whom Bezos was dating. What was unusual, very unusual, was how hard AMI people worked to publicly reveal their source’s identity. First through strong hints they gave to me, and later through direct statements, AMI practically pinned a “kick me” sign on Michael Sanchez.

de Becker's investigation pointed out that the National Enquirer had contacted Sanchez first about the affair, suggesting that the attempt to work with him may have been a case of parallel construction, rather than an original source.

Saudi Arabia's potential involved was fascinating -- as the Saudi government, and MBS, have apparently been upset about the Washington Post publishing columns critical of the Saudi government by Jamal Khashoggi -- the journalist who was then killed by Saudi operatives in late 2018, in an operation that many blamed on MBS, and which MBS has eventually taken responsibility for. That murder has brought a lot more critical attention to MBS and his efforts to stomp out criticism.

So now we finally get to the latest news, in which the Guardian first reported that the real way that Bezos' text messages and photos were accessed was because MBS sent Bezos a Whatsapp message that contained the malware payload.

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.

This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

A related story noted that Bezos and MBS had met a few weeks earlier at a Hollywood dinner organized by filmmaker Brian Grazer and agent Ari Emanuel (what a dinner that must have been) at a time when MBS was trying to ingratiate himself with both the American tech and entertainment industries (efforts that began to run into some issues after the murder of Khashoggi). Bezos and MBS apparently began communicating by Whatsapp after that dinner, and in the midst of the conversation, MBS passed along the link.

The Guardian understands a forensic analysis of Bezos’s phone, and the indications that the “hack” began within an infected file from the crown prince’s account, has been reviewed by Agnès Callamard, the UN special rapporteur who investigates extrajudicial killings. It is understood that it is considered credible enough for investigators to be considering a formal approach to Saudi Arabia to ask for an explanation.

While the Guardian does not share the full report (or even say who wrote it), Vice Motherboard has since obtained the report, and provides even more details:

The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented “study of the code delivered along with the video.”

Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. “[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states.

The report highlights that this new massive amount of data flow "never returned to baseline" suggesting that the link certainly did something to his phone that started sending all Bezos' data elsewhere. The report includes some fairly fascinating screenshots, including first how Bezos and MBS connected on Whatsapp:

And then there's a screenshot of the random video link that supposedly lead to the infection of Bezos' phone:

The story then gets even crazier, as it alleges that a few months later, MBS sent two more odd texts to Bezos:

The first such text was sent to Bezos from MBS' account on November 8, 2018, and contained a single photograph of a woman resembling Lauren Sanchez, with whom Bezos was having a then-secret personal relationship. For context, this was after the relationship would have been obvious to persons with access to private texts, calls, and images on Bezos' phone, but months before the relationship was known or reported publicly. The photo and the cryptic caption were sent precisely during the period Bezos and his wife were exploring divorce. "Arguing with a woman is like reading the Software License agreement. In the end you have to ignore everything and click I agree." (Memes such as this were available on the Internet, however the content of the text was not typical of any past communication from MBS, making it likely it was sent with reference to Bezos' personal life events at the time.

The second text was also somewhat creepy -- and also somewhat counterproductive. The two hadn't communicated for a while, and yet just a couple days after Bezos was given a briefing about how the Saudis were mounting a big online campaign against him, MBS randomly texted Bezos not to believe everything he's heard:

The second text demonstrates awareness of non-public information that could have been gained via surveillance of Bezos' phone was sent to Bezos from MBS's WhatsApp account, after more than three (3) months of no communication between the parties. On February 14, 2019, Bezos was provided a detailed briefing about the extent of the Saudi online campaign against him. The briefing was provided in two (2) calls on the Bezos' phone. This text evinces an awareness of what Bezos had just been told:

It seems a bit galaxy brain to suddenly pop up with a message like, telling Bezos not to believe all he'd heard about Saudi attempts to hack him, in a manner that basically would confirm that the Saudi's had access to his private conversations. Though, to be fair, it is possible that MBS's message was not in reference to private briefings, but rather in reference to Bezos' own Medium blog post (referenced at the top of this story) which had come out a week earlier, and had mentioned the possibility of Saudi involvement with the National Enquirer. So there is a potentially non-nefarious explanation for this particular text.

However, it does seem that it was this latter text that caused Bezos and de Becker to begin seriously investigating whether or not the Saudis had hacked Bezos' phone, because it was the very next day that de Becker agreed to get Bezos' phone analyzed.

In response to all of this, two UN Special Rapporteurs, Agnes Callamard, UN Special Rapporteur on summary executions and extrajudicial killings, and David Kaye, UN Special Rapporteur on freedom of expression, have put out a call for an investigation into MBS's role in all of this:

"The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia. The allegations reinforce other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals. These allegations are relevant as well to ongoing evaluation of claims about the Crown Prince's involvement in the 2018 murder of Saudi and Washington Post journalist, Jamal Khashoggi.

"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents.

"This reported surveillance of Mr. Bezos, allegedly through software developed and marketed by a private company and transferred to a government without judicial control of its use, is, if true, a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware. Surveillance through digital means must be subjected to the most rigorous control, including by judicial authorities and national and international export control regimes, to protect against the ease of its abuse. It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology.

"The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul.

At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post."

The whole story is completely crazy -- and feels like a made up Hollywood movie of the kind Grazer might produce -- rather than a true story involving two of the world's richest and most powerful men. Anyway, in the meantime, never click on random videos sent to you by rich autocrats with a history of oppression.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ari emmanuel, brian grazer, david pecker, gavin de becker, hacking, jeff bezos, malware, mbs, mohammad bin salman, phones
Companies: whatsapp

Reader Comments

Subscribe: RSS

View by: Thread

  1. identicon
    Anonymous Coward, 22 Jan 2020 @ 11:46am


    because thats what they want you to think /s

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ on line 8
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.