This is how they hacked the mobile of Jeff Bezos
On March 21, 2018, Saudi Crown Prince Mohamed bin Salmán
invited Jeff Bezos, owner of Amazon and The Washington Post, to a dinner in Los
Angeles. The meeting occurred on April 4 and Bezos and Salmán exchanged phone
numbers. That same night Salmán wrote to Bezos. It is not unusual for two of
the most powerful people in the world to text each other. But the Saudi prince
had an alleged added interest with Bezos: The Washington Post published
articles by the most famous Saudi dissident, Jamal Khashoggi.
Weeks later, on May 1, Bezos received an MP4 video file on
WhatsApp from the prince’s number, according to a report commissioned by the
businessman himself. That does not mean that the message was necessarily sent
from Bin Salmán’s phone, since the accounts of this application are linked to a
number, which can be impersonated, and not to a specific device. It is not
known whether Bezos punctured the video showing a frame with a Saudi and a
Swedish flag and an overlay in Arabic. Yes, within a few hours, his iPhone X
began to behave strangely and send data at a rate thousands of times higher
than usual.
In principle, the founder of Amazon did not perceive
anything strange. The messages and messages sent by the user and other files go
to the cloud from a mobile phone. But among this traffic, unwanted leaks can be
hidden and, linked to that video, there was supposedly some kind of malicious
code that managed those leaks. Hackers had managed to access their files and
applications.
About 430 kilobytes of data came out of Bezos’s mobile daily, a
typical average for mobile users. After receiving the file, the information
output increased to 126 megabytes (300 times more) and established an average
of 101 a day. Espionage continued until February 2019 and there were days when
the data output reached 4.6 gigs (more than 10,000 times more than normal).
All this information comes from the forensic analysis of
Bezos’s phone and published in part this Wednesday by the United Nations, which
investigated the murder of Khashoggi, which occurred in October 2018 at the
Saudi consulate in Istanbul. “The initial results did not identify the presence
of any malicious code, but subsequent analyzes revealed that the suspicious
video had been sent through a download program encrypted on a WhatsApp server,”
says the full report, prepared by a former FBI agent. and leaked to the media.
Due to WhatsApp encryption, the content of that program could not be
established. Therefore, the main suspicion falls on that download software.
The shadow of famous companies
Suspicions about the program that Saudi Arabia allegedly
used to hack Jeff Bezos point to famous companies in this field such as the
Israeli NSO or the Italian Hacking Time, makers of this type of software. The
report points directly to the figure of Saud al Qahtani, a close associate of
Bin Salman and who had dealings with Hacking Team four years ago.
NSO is the creator of Pegasus 3, a famous spy tool capable
of accessing mobile phones without being detected. In Mexico, the government of
the previous president, Enrique Peña Nieto, was implicated in a case of
espionage against activists and journalists with this tool. According to a
timeline also released by the UN, Saudi Arabia acquired the NSO software in
November 2017, on the days when the Saudi government detained 30 regime figures
at the Ritz Hotel in Riyadh.
Bezos could be just one more victim. Several friends and
confidants of Khashoggi also suffered infiltrations through WhatsApp or text
messages. Facebook, the company that owns WhatsApp, has denounced NSO for using
its platform to send this malicious software. As a curious detail, the NSO
group uses the Amazon Web Services servers, owned by Bezos, to interact with
the WhatsApp programmer tool, from where they allegedly coordinate malicious
shipments.
Four weeks after Khashoggi’s murder on November 8, 2018,
Bezos received a photo with a message from the Saudi prince’s account,
according to the UN report. It was an image of a woman who looked like her then
lover, unknown to the public, Lauren Sanchez. The text of the message read:
“Arguing with a woman is like reading a software license agreement. In the end
you have to ignore everything and click ‘agree.’
At that time Bezos was negotiating a divorce agreement with
his now ex-wife. The news of the divorce was only known months later, in
January 2019, advanced by the National Enquirer. Bezos accused the Enquirer of
extortion for threatening to publish photos and sexual messages.
That photo was a possible veiled threat to Jeff Bezos to
pressure him and his newspaper to stop investigating Khashoggi’s death. A year
after the murder, in what now seems an obvious gesture of defiance, Bezos
attended a ceremony in Istanbul in memory of the journalist killed in front of
the Saudi consulate.
These types of attacks are personalized. No one without
valuable information should in principle fear that their mobile will be
attacked with these sophisticated tools. When it happens, however, it is of
little use to use encrypted messaging apps. The malicious code is inside the
phone and sees the same as the user, even if a message self-destructs after 30
seconds. Regular mobiles can do little to prevent this type of intrusion. What
is surprising is that it has affected the richest man in the world, who has
also made his fortune in the technology sector.
Comments
Post a Comment