Hacking of a personal smartphone of Amazon CEO Jeff Bezos after talk with the Crown Prince of Saudi Arabia, Mohammed bin Salman, was allegedly carried out using NSO Group’s Pegasus spyware.
In May 2018, smartphone of the head of Amazon and the owner of The Washington Post, one of the richest people on the planet, Jeff Bezos, was hacked. Story ended with a scandal, during which Bezos tried to blackmail the National Enquirer tabloid, which threatened to publish personal messages and intimate photos received from his phone.At that time, head of Amazon was not divorced his wife Mackenzie; they were married for 25 years, and has not reported about his relationships with former television presenter 49-year-old Lauren Sanchez. Overall, the situation was unpleasant”, – say The Guardian reporters.
By the way, blackmail, named the Sextortion threat, designed not only for billionaires, but it became new tactics of cybercriminals. Sextortion ransomware writes letters in foreign languages to bypass filters.
As the The Guardian and The Financial Times have now reported, the hack was directly related to the message that Bezos received on May 1, 2018 on WhatsApp from the Crown Prince of Saudi Arabia, Mohammed Ibn Salman, whom he had recently personally met and exchanged contacts.
The media cited a report compiled by forensic scientists at FTI Consulting (a document has already been published by Vice Motherboard). They came to the conclusion that the video message (it seems to be an Arab telecommunications advertising film) received by the head of Amazon from the Crown Prince exploited the vulnerability in the WhatsApp messenger using a bug to download and install the malware on Bezos’s personal iPhone. This malware stole a huge amount of data from the device of the head of Amazon.
The amount of data transmitted from the Bezos phone has changed dramatically after receiving the video file in WhatsApp and has not returned to its original level. After executing the encrypted bootloader sent from the account of Mohammad ibn Salman, outgoing traffic from the device jumped by about 29,000%. Forensic artifacts show that six months before receiving video via WhatsApp, an average Bezos phone generated 430 Kb of outgoing traffic per day, which is quite typical for the iPhone. A few hours after receiving the video on WhatsApp, outgoing traffic increased to 126 Mb. For many months, the phone has maintained an unusually high level of traffic (an average of 101 MB), demonstrating multiple and extremely atypical bursts of outgoing data”, — the FTI Consulting report reads.
The authors of the report believe that the malware used for hacking was purchased from third-party developers by a close friend and adviser to the Crown Prince of Saudi Arabia, Mohammed Ibn Salman, Saud Al-Kakhtani. Earlier, according to media reports, he repeatedly bought hackering tools from companies such as the notorious Hacking Team.
في 5 ثواني ماذا يحصل بالأنترنت حول العالم؟
*ڤيديو مهم يشرح الإستهلاك العالمي للأنترنت والسعودية تتصدرها بجانب السويد ! #ترجمات_عبدالله_الخريّف pic.twitter.com/4fENSWJ58j— عـبدالله الخريّف (@AbdullahK5) November 20, 2017
Information security experts criticized the results of the FTI Consulting investigation, first published by The Guardian, as journalists suggested that the tool used could be created by the Israeli company NSO Group, a well-known developer of offensive hacker tools.
However, the forensic report does not exactly say that the NSO Group tool was used for hacking; experts only note that the Israeli company’s tools can also steal data, as happened on Bezos’s device. So, researchers cite as examples the Pegasus malware from the NSO Group and Galileo from the Hacking Team.
As we unequivocally argued in April 2019 about the same false statement, our technology is not relevant to this case. We know how our software works – our technology cannot be used for US phone numbers. Our products are used only to investigate terrorist and other serious crimes”, – NSO Group representatives refute the allegations.
However, the FTI Consulting report still raises a lot of questions and skepticism among specialists. For example, the head of Elcomsoft, Vladimir Katalov, told Vice Motherboard reporters that the experts, which studied the attack, seemed to be “not qualified enough.”
Why did the Crown Prince of Saudi Arabia needed to hack Jeff Bezos’s phone? Probably, the attack may be due to the fact that Bezos has owned the Washington Post since 2013.
The fact is that Washington Post published works of a well-known journalist, columnist and writer from Saudi Arabia Jamal Khashoggi, a famous and ardent critic of the US authorities, Saudi Arabia and Muhammad ibn Salman in particular. Haggoshi was killed in the fall of 2018 at the Saudi consulate in Istanbul”, – say in The Guardian.
After the assassination, the Crown Prince of Saudi Arabia admitted his responsibility for the incident with the murder of a journalist, but said that he was not aware of what was happening.
Now many media and experts believe that Saudi Arabia has intentionally launched a campaign to tarnish the reputation of Jeff Bezos. For example, ZDNet journalists prepared a detailed chronology of recent events related to the actions of Saudi Arabia, Jeff Bezos and the killing of Khashoggi.
Note that the Saudi embassy in Washington has officially rejected the assumption that the kingdom had anything to do with hacking the phone owner Jeff Bezos. Diplomats called the allegations absurd.
In turn, members of the UN human rights working group have already asked the United States immediately and thoroughly investigate the attack on Jeff Bezos’s smartphone. UN experts also believe that the hacking was part of a coordinated campaign by Saudi Arabia against Bezos, caused by critical coverage of events in the country.