The story of Amazon head honcho and founder Jeff Bezos being allegedly hacked by the Crown Prince of Saudi Arabia has attracted a vast amount of media attention. But what is the real story here?
Bezos first suspected that his mobile phone had been hacked when stories appeared in the world media on his private life that seemed suspicious. The Amazon CEO moved to have his mobile phone examined by security experts, who found that it had being infected by malware that can intercept personal messages via the chat app WhatsApp.
NSO Group’s infamous Pegasus mobile spyware software has been linked with the hack in question, and it has been suggested that this emanated from Saudi Arabia’s Crown Prince Mohammed bin Salman’s personal WhatsApp account.
This may seem like a strong and fanciful allegation, but the United Nations has already released detailed evidence which suggests that it does have considerable foundation. All of the details from the forensic examination of Bezos’s phone have been made available to special rapporteurs at the UN.
United Nations statement
Agnes Callamard, a UN expert on extrajudicial killings, had drafted a report for the United Nations, with Bezos’s ownership of The Washington Post thought to be a major motivation for the hacking attempts.
The United Nations report also alleges that the crown prince’s WhatsApp account sent Bezos a taunting message, regarding an affair he was having that has since come to light, which is indicative of the falling out between the two powerful men.
Previously, Bezos had enjoyed a favorable relationship with the crown prince, but it seems that this soured at some point in 2018. And it seems that a vast trove of data has been extracted from the phone of Bezos, although the Saudi authorities continue to completely deny the allegations.
A statement from the UN confirmed the suspicion that major malware programs have been utilized. The UN commented:
“Experts advised that the most likely explanation for the anomalous data egress was use of mobile spyware such as NSO Group’s Pegasus or, less likely, Hacking Team’s Galileo, that can hook into legitimate applications to bypass detection and obfuscate activity”
Before being patched in May 2019, a zero-day vulnerability in the WhatsApp software meant that hackers could plant spyware within the software, and potentially steal vast amounts of data. This loophole has now been closed, but many accounts fell foul of this prior to the issue being addressed.
Once the Pegasus malware is installed in a device, it turns the mobile phone into what has been described as a silent, digital spy. All data contained within the WhatsApp program, including contacts, photos, call history, and previous text messages, then become available to the hacker, regardless of any encryption or other protections.
Based on the balance of evidence, it does seem that these incredible allegations are actually correct. However, Saudi Arabia has dismissed the allegations against bin Salman as being “absurd”, and continues to deny all claims made by investigators.