UN experts: Israeli spyware was likely used in alleged Saudi hack of Bezos phone

Special rapporteurs say NSO Group’s malware implicated in reported infiltration of Amazon owner’s device; firm ‘shocked’ by claims, says its software ‘unequivocally’ not involved

An Israeli woman uses her phone in front of a building in Herzliya that housed the NSO Group intelligence firm, August 28, 2016. (Jack Guez/AFP/File)
An Israeli woman uses her phone in front of a building in Herzliya that housed the NSO Group intelligence firm, August 28, 2016. (Jack Guez/AFP/File)

Independent UN rights experts said Wednesday that the alleged Saudi hacking of Amazon owner Jeff Bezos’s phone was likely carried out using spyware developed by Israel’s NSO Group.

Bezos’s phone is reported to have been infiltrated through a WhatsApp account belonging to Saudi Crown Prince Mohammed bin Salman.

“The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials,” UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement.

Kaye and Callamard said “this would be consistent with other information,” noting the recent lawsuit by the Facebook-owned WhatsApp against NSO Group.

That lawsuit, filed in October, accuses NSO Group of using the messaging service to conduct cyber-espionage on journalists, human rights activists and others.

The Israeli firm said in a statement it was “shocked and appalled” by the reports linking its software to the Bezos phone hacking, and asserted that its software was definitely not involved.

“If this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse,” the company said. “Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance.”

NSO Group’s flagship malware, called Pegasus, allows spies to effectively take control of a phone, surreptitiously controlling its cameras and microphones from remote servers and vacuuming up personal data and geolocations.

UN special rapporteur on extrajudicial, summary or arbitrary executions Agnes Callamard answers questions on a report of the killing of Saudi journalist Jamal Khashoggi on June 19, 2019, in Geneva. (Fabrice Coffrini/AFP)

The spyware has also been implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018. It is also said to be behind a campaign to compromise proponents of a soda tax in Mexico and an effort to hack into the phone of an Arab dissident that prompted an update to Apple’s operating system.

The firm has been adamant that it only licenses its software to governments for “fighting and terror” and that it investigates credible allegations of misuse.

In their statement Wednesday , Kaye and Callamard called for an investigation by the US “and other relevant authorities” into the alleged hacking of Bezos’s phone.

Any investigation into the alleged incident in May 2018 should also look at the “continuous, multi-year, direct and personal involvement of the crown prince in efforts to target perceived opponents,” they added.

Callamard, the UN expert on summary executions and extrajudicial killings, and Kaye, the expert on freedom of expression, said they were “gravely concerned.”

“The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” they wrote.

Bezos owns The Washington Post, which employed Khashoggi as a contributing columnist.

Washington Post owner and Amazon CEO Jeff Bezos talks during a ceremony near the Saudi Arabia consulate in Istanbul, marking the one-year anniversary of Saudi journalist Jamal Khashoggi death, October 2, 2019. (Lefteris Pitarakis/AP)

“Recent media reports that suggest the kingdom is behind a hacking of Mr. Jeff Bezos’s phone are absurd,” the Saudi Arabian embassy said on its Twitter account.

“We call for an investigation on these claims so that we can have all the facts out.”

The UN Special Rapporteurs said the circumstances and timing of the hacking also gave grounds for further investigation into “allegations that the crown prince ordered, incited, or, at a minimum, was aware of planning for” the operation to kill Khashoggi.

Callamard last year led an independent probe that found “credible evidence” linking the prince to Khashoggi’s killing — a charge the kingdom vehemently denies.

‘Unprecedented exfiltration’ of data

The two experts said they had become aware of a 2019 examination of Bezos’s iPhone that found it may have been hacked on May 1, 2018, with an MP4 video file sent from an account used by the Saudi crown prince.

The two had exchanged numbers a month before, they said.

Saudi Arabia’s Crown Prince Mohammed bin Salman, left, in Riyadh, Saudi Arabia, November 5, 2019. (Bandar Aljaloud/Saudi Royal Palace via AP)

The analysis reportedly found that within hours of receiving the video file, there was an “unprecedented exfiltration” of 126 MB of data from Bezos’s phone.

This continued undetected over a period of “some months” with rates of as much as 4.6 GB higher than the baseline.

The forensic analysis cited by the UN experts showed that the crown prince, Saudi Arabia’s de facto ruler, sent WhatsApp messages to Bezos in November 2018 and in February 2019, in which he revealed information about Bezos’s personal life not available from public sources.

Most Popular
read more: