The allegation that Saudi Arabia hacked Amazon founder Jeff Bezos's phone needs to be urgently probed by US and international authorities, investigators at the UN said as they repeated calls for a moratorium on the use of military-grade spyware against civilians.
The alleged attack on Mr Bezos's privacy from Saudi crown prince Mohammed bin Salman's WhatsApp account in May 2018 was probably linked to his ownership of the Washington Post and the subsequent murder of the newspaper's columnist Jamal Khashoggi, the UN rapporteurs investigating his death said in a statement on Wednesday.
“The information we have received suggests the possible involvement of the crown prince in surveillance of Mr Bezos, in an effort to influence, if not silence, the Washington Post’s reporting on Saudi Arabia,” said the UN investigators David Kaye, who is probing the abuse of spyware by repressive regimes, and Agnès Callamard, who leads inquiries into extrajudicial killings.
The UN rapporteurs have sent a letter to Saudi Arabia including allegations from the forensic report, commissioned by Mr Bezos, that discovered the hack and is waiting for the kingdom’s response, according to three people briefed on the matter.
The report, reviewed by the Financial Times, found that Mr Bezos’s iPhone X received a video file from the WhatsApp account of the crown prince immediately before the device started surreptitiously uploading vast amounts of data to an unknown location.
Tabloid affair
The cyber attack continued for many months, including a period during which the then married Mr Bezos’s private messages to his girlfriend, Lauren Sanchez, were published in a US tabloid. The tabloid claimed later to have obtained copies of the messages from a relative of Ms Sanchez.
Saudi Arabia has denied the allegations. “Saudi Arabia does not conduct illicit activities of this nature, nor does it condone them,” a Saudi official said. “We request the presentation of any supposed evidence and the disclosure of any company that examined any forensic evidence so that we can show it is demonstrably false.”
The UN rapporteurs said the alleged hack was probably undertaken using a spyware product such as the Pegasus-3 malware of Israeli firm NSO Group. The forensic report also raised the possibility that other spyware, namely the Italian firm Hacking Team’s Galileo, was deployed on Mr Bezos’s phone.
The use of NSO Group’s spyware tools against private citizens around the world, including a critic of the Saudi government who was close to Khashoggi, has been alleged in lawsuits and investigations by human rights advocates.
Vetting
The NSO Group has said in the past that it investigates all allegations of abuse of its tools thoroughly. NSO says that its surveillance system is sold only after careful vetting to countries that are then required to restrict its use to the prevention of terrorism and crime. It has said its software cannot be used on US telephone numbers and denied it had been used by any of its customers to target Mr Bezos’s phone.
Mr Bezos has in the past said his ownership of the Post has made him more of a target and the UN rapporteurs tied the invasion of his privacy directly to his personal investment in one of the US’s most high-profile newspapers.
The hiring of Khashoggi, who was a vocal critic of the crown prince in the Post’s editorial pages, had already provoked an online Saudi campaign against Mr Bezos. Khashoggi’s murder and the Post’s subsequent focus on attempts by the crown prince to silence dissent inside and outside the kingdom, led to increased online attacks from Saudis against Mr Bezos and Amazon.
“At a time when Saudi Arabia was supposedly investigating the killing of Mr Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr Bezos and Amazon targeting him principally as the owner of the Washington Post,” the UN said. – Copyright The Financial Times Limited 2020