Cyprus connection in Jeff Bezos hacking

A Cyprus connection has emerged in media reports about the two secretive spy-tech firms named by investigators for the UN who say the world’s richest man Jeff Bezos possibly had his phone hacked by Saudi Arabia’s Crown Prince Mohammad bin Salman.

One of the companies named has also been linked to the recent Israeli spy van scandal that led to arrests in Cyprus. Media reports suggest that a Cyprus link to alleged Saudi phone hacking goes back to 2015.

Two experts mandated by the UN on Thursday stopped short of identifying which specific technology might have been used in the alleged hack on Bezos, the Amazon boss and Washington Post owner. But they said software like that made by Israeli company NSO Group or Italian spyware maker Hacking Team could potentially have been deployed.

The hacking of Bezos’ phone is said to have taken place months before the October 2018 murder of Saudi journalist Jamal Khashoggi, a Washington Post columnist and critic of the crown prince.

In November 2015 the head of the Cyprus Intelligence Service (KYP) Andreas Pentaras resigned following leaks that he had overseen the purchase of spy-hacking software – from the very same Hacking Team.

Leaked documents showed that KYP had spent €50,000 on hacking technology, used for surveillance or even to infect devices with malicious software and viruses.

“In light of the revelations that surfaced with regards to use of a specific tracking system by the Cyprus Intelligence Service and in order to protect the integrity of the department, the head of the service Mr Andreas Pentaras has handed in his resignation which in turn was accepted by the President of the Republic,” said then government spokesman Nicos Christodoulides in 2015.

According to emails released by Wikileaks, one of the Saudi prince’s closest aides, Saud al-Qahtani, contacted Hacking Team in 2015. He wrote to the Italian company saying that he “would like to be in productive co-operation with you and develop a long and strategic partnership.”

The hacking company faced serious financial difficulties in 2016 after its own data was leaked but was bailed out by a Saudi front company based in Cyprus.

Financial records obtained by Motherboard show a company based in Cyprus called Tablem Limited took control of 20 per cent of the equity of Hacking Team as of 2016. Tablem Limited is listed as being in Themistokli Dervi, central Nicosia.

A financial statement from Hacking Team in 2016 is accompanied by a copy of the minutes of the shareholders meeting of May 8, 2017. This document, provided to the Italian government and reviewed by Motherboard, a tech news outlet associated with Vice news website, revealed Abdullah Al-Qahtani as the director of Tablem Limited.

Motherboard said it was “unable to establish any link between HE Saud Al-Qahtani and the Abdullah Al-Qahtani who heads Tablem Limited and invested in Hacking Team”.

In November of 2018 the US Treasury Department sanctioned Saud al-Qahtani, describing him as “part of the planning and execution of the operation that led to the killing of Mr Khashoggi”.

The third, and perhaps most bizarre link to Cyprus made in media reports is that of the spy van scandal which broke in 2019. The vehicle is owned by WiSpear, a Cyprus-registered company whose Israeli CEO Tal Dillian is said to be a former Israeli intelligence officer. WiSpear has denied any wrongdoing and says the van was not used to spy on anybody in Cyprus.

According to Forbes, which interviewed Dilian, a “multimillionaire spy-tech dealer” in August 2019, he is “closely associated” with the NSO Group. “The mythically themed malware (Pegasus) was coded by NSO Group. His first surveillance business, Circles, merged with NSO in 2014.”

NSO has since strenuously denied having anything to do with Khashoggi’s death. The company immediately also denied involvement in hacking Bezos’ phone.

According to a May 2019 Financial Times report NSO showcased its wares to Saudis at a conference room at the Four Seasons in Limassol in mid-2017.

After the demonstration “they were still discussing pricing, when the Saudis said they wanted it immediately,” the FT quoted a businessman present at the conference. The businessman claims the Saudi government paid $55m for the ability to track 150 targets simultaneously.

According to a lawsuit in Israel, the technology worked by sending an “enticing” message to the victims which they were likely to click on and their devices would then become infected.

The FT reported the businessman as saying that these messages were created by customers collaborating with NSO and described a help desk based in Cyprus that worked with agencies.