The UN statement concerns forensic investigations into the claim by Amazon CEO Jeff Bezos that
the Saudi government carried out a cyberattack against him to extract large amounts of data from his phone.
Riyadh has consistently rejected the accusations, and the Saudi Embassy in Washington on Wednesday
called the allegations “absurd.”
Bezos owns The Washington Post, where Jamal Khashoggi wrote critical commentaries of Saudi Arabia
before he was slain and mutilated in the Saudi consulate in Istanbul.
DUBAI, United Arab Emirates — UN experts on Wednesday called for an immediate investigation into the “possible involvement” of Saudi Crown Prince Mohammed bin Salman in the hacking of Amazon CEO and Washington Post owner Jeff Bezos’ iPhone in 2018.
“The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents,” UN experts said in a statement.
“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”
The statement from the UN’s human rights body centers on forensic investigations into the claim by Bezos — one of the world’s wealthiest men — that the Saudi government orchestrated a cyberattack against him to extract large amounts of data from his phone, including nude photos sent to his mistress, Lauren Sanchez.
The UN special rapporteurs, who are appointed by the world body but operate independently, made the statement after reviewing the 2019 forensic analysis carried out by Washington-based business advisory firm FTI Consulting on behalf of the American billionaire. Their statements follow earlier investigations into the killing and dismemberment of Washington Post journalist Jamal Khashoggi, who wrote critical commentaries of Saudi Arabia in Bezos’ newspaper and was slain in the Saudi consulate in Istanbul in October 2018.
FTI consulting could not detail the specific spyware used in the attack but said its experts had “medium to high confidence” that Bezos’ iPhone was hacked by malware coming from a Whatsapp account used by the Saudi crown prince.
“Based upon the results of a full forensic examination of the logical file system of Bezos’s phone, including network analysis, and an in-depth investigation conducted over several months, FTI reports with medium to high confidence that Bezos’s IPhone X was compromised via malware sent from a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman,” the report said, according to an excerpt published by the Financial Times.
Riyadh has consistently rejected the accusations, and the Saudi Embassy in Washington on Wednesday called the allegations “absurd.”
Bezos, through his security consultant Gavin de Becker, has flatly accused the Saudi government of wanting to do him harm. De Becker alleged last March that the Saudis had “access to Bezos’s phone, and gained private information” and that the government was “intent on harming Jeff Bezos since . . . the Post began its relentless coverage” of the brutal murder in October 2018 of Khashoggi.
Riyadh said the killing was the result of a “rogue operation” that did not involve the crown prince, contradicting the CIA’s reported conclusion from late 2018 that implicated the crown prince.
The hack: how experts believe it happened
According to the 2019 forensic analysis by FTI Consulting, Bezos’ phone was likely “infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman,” the UN statement said.
Bezos and the crown prince had exchanged numbers the previous month. Within hours of the video being sent from the crown prince’s account, “massive and (for Bezos’ phone) unprecedented exfiltration of data from the phone began” — the volume of data being transited to another location suddenly shot up by nearly 30,000% to 126 MB.
“Data spiking then continued undetected over some months and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos’ phone of 430KB,” the statement said.
The analysis pointed to a spyware product previously identified in other cases of Saudi surveillance, saying the intrusion was “likely undertaken” by a product like the Pegasus-3 malware created by Israeli-based NSO Group. Pegasus has been widely reported as having been purchased by Saudi officials, Saud al Qahtani, Crown Prince Mohammed’s former advisor who was implicated in the Khashoggi murder but ultimately not charged by the Saudi authorities.
“This would be consistent with other information,” the UN special rapporteurs wrote. “For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.”
NSO responded in a statement posted to its website Wednesday, saying “NSO is shocked and appalled by the story that has been published with respect to alleged hacking of the phone of Mr. Jeff Bezos,” and calling for a “full investigation” if the story is true.
“Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance,” the company said.