A 2018 spyware attack on Jeff Bezos’ phone escalated into an international scandal on Wednesday, as United Nations human rights experts issued a stern statement criticizing the government of Saudi Arabia for allegedly conducting the hack.
“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” the statement reads. “The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by US and other relevant authorities.” The Saudi government has denied any role in the hack.
“This reported surveillance of Mr. Bezos, allegedly through software developed and marketed by a private company,” the statement continues, “is, if true, a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware.”
The report also mentions two former Twitter employees who were charged with spying on behalf of the Saudi government, which investigators take as evidence of a broader campaign by the country.
According to the report, the hack was part of a broader campaign to blackmail Bezos into softening The Washington Post’s coverage of Saudi Arabia in the months leading up to the killing of Saudi journalist Jamal Khashoggi. Private messages and photos from Bezos were later leaked to the National Enquirer, something Bezos described in a public Medium post as part of an attempted blackmail scheme.
The technical evidence for Saudi Arabian involvement comes from a report by Bezos’ personal security consultants, which was published in full by Motherboard and reported on further by The New York Times and Financial Times. According to the report, Bezos met Saudi Crown Prince Mohammed bin Salman in Los Angeles in April 2018 and exchanged phone numbers. About a month later, he received an unexpected video from Salman, which the report alleges was infected with targeted spyware.
Immediately after viewing the video, large amounts of data began to export from Bezos’ phone, an activity that could not be explained by cloud backups or other normal activity.
The following November, just over a month after Khashoggi’s killing, Salman sent Bezos another strange WhatsApp message. It was a single picture of a woman resembling Lauren Sánchez, Bezos’ mistress and the subject of the subsequent National Enquirer piece, bearing a cryptic caption: “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.”
A separate message sent in February after Bezos’ Medium post seems to seek to deescalate the situation. “It’s not true,” Salman wrote, “there is nothing against you or Amazon from me or Saudi Arabia.”
The consultants’ report suggests Bezos’s phone may have been hacked using Pegasus spyware, a powerful private malware offered without judicial oversight by the Israeli firm NSO Group. NSO is one of the most notorious current vendors of spyware for hire, and it has been the subject of widespread criticism for its role in undermining cybersecurity on behalf of oppressive regimes.
In a statement provided to The Verge, NSO Group denied any involvement with the hack. “NSO is shocked and appalled by the story that has been published,” the company said. “We can say unequivocally that our technology was not used in this instance. These types of abuses of surveillance systems blacken the eye of the cyber intelligence community and put a strain on the ability to use legitimate tools to fight serious crime and terror.”
In October, WhatsApp brought a lawsuit against NSO for allegedly hacking users through unreported vulnerabilities. “WhatsApp will continue to do everything we can within our code, and within the courts of law, to help protect the privacy and security of our users everywhere,” WhatsApp chief Will Cathcart said at the time.
Update 11:55AM ET: Updated with a link to the full report, obtained by Motherboard.
Update: 1/23 1:37PM ET: Updated with statement from NSO Group.