UN special rapporteurs say they are “gravely concerned” about the alleged hacking of Jeff Bezos' phone by Saudi's MbS, calling for further investigations
‘Grave concern’ expressed at evidence of possible ‘effort to silence Washington Post’ — UN experts are demanding …
The Guardian Stephanie Kirchgaessner
Related Coverage
- U.N. Suggests Bezos' Phone Was Hacked Using Saudi Crown Prince's Account Wall Street Journal
- À la carte phone hacking is scary, but it's better than a government backdoor Digital Trends · Maya Shwayder
- Everything We Know About the Jeff Bezos Phone Hack Wired
- Mandate of the Special Rapporteur on extrajudicial, summary or arbitrary executions and mandate … OHCHR
- Saudi Prince Taunted Jeff Bezos Over Secret Affair Before Enquirer Exposé The Daily Beast · Nico Hines
- ‘#BoycottAmazonProducts’: How Saudi bots, Twitter, and newspapers are reacting to accusations … Business Insider · Bill Bostock
- Start Up No.1228: UN looks at Saudi hack of Bezos iPhone, Sonos amps up obsolescence … The Overspill · Charlesarthur
- UN Wants US Probe into Bezos-Saudi Phone Hack infosecurity-magazine.com · Phil Muncaster
- Bezos Phone Hack Tied to Saudi Crown Prince Puts New Pressure on Kingdom New York Times
- How Jeff Bezos' iPhone X Was Hacked New York Times · Sheera Frenkel
- MBS' alleged Bezos phone hack touches the highest levels of American power Axios · Dan Primack
- The big questions from FTI's report on the Jeff Bezos hack CyberScoop · Shannon Vavra
- NSO is shocked and appalled by the story that has been published with respect to alleged hacking … NSO Group
- A WhatsApp video may have opened up iPhone X owned by Jeff Bezos iMore · Oliver Haslam
- Bezos Hack Began With Saudi Goodwill Tour, Intimate Dinner Bloomberg
- Jeff Bezos iPhone X hack gave full access to his photos and messages 9to5Mac · Ben Lovejoy
- Facebook's WhatsApp blamed for Jeff Bezos' iPhone hack MacDailyNews
- Project Cato — In February of 2019, intelligence information warning … FTI Consulting
- Facebook Says Bezos Hack Highlights Smartphone Vulnerabilities Bloomberg · Amy Thomson
- Irony, Outrage, Speculation: Amazon Rings the PR Gong Beyond Search · Stephen E. Arnold
- 5 of the Best Security Tweets About Jeff Bezos and MBS, as Questions Swirl Over Hack Computer Business Review · Ed Targett
- You can read the forensics report that suggests Prince Mohammad Bin Salman Al Saud hacked Jeff Bezos's phone Boing Boing · Cory Doctorow
- Jeff Bezos's phone hacking explained: What you need to know for your own security CNN · Brian Fung
- From Bezos to Bush: Saudi crown prince met array of VIPs on US tour The Guardian
- What the Hell Is Going On With Jeff Bezos' Phone and the Saudi Crown Prince? Slate · Josephine Wolff
- Some Directions for Further Investigation in the Bezos Hack Case Bill Marczak
- Here are the 10 most important details you need to know from the bombshell UN analysis of Jeff Bezos' phone hack Business Insider · Isobel Asher Hamilton
- Amazon boss Jeff Bezos' phone hacked by Saudi crown prince: reports Fox News · David Aaro
- Boris Johnson communicated with Saudi crown prince on WhatsApp, ex-UK officials say Telegraph · Ben Riley-Smith
- PSA: Never open a WhatsApp message from the crown prince of Saudi Arabia The Verge · Casey Newton
- The Sizzle - Issue 1045 The Sizzle · Anthony Agius
- UN report alleges that Saudi crown prince hacked Jeff Bezos's phone Naked Security · Lisa Vaas
- Jeff Bezos, The World's Richest Man's iPhone Was Reportedly Hacked Via WhatsApp iPhone Hacks · Rajesh Pandey
- U.N. experts call for investigation into Saudi crown prince's possible involvement in hacking of Jeff Bezos' phone NBC News
- Saudi hacking allegations deserve a serious answer Financial Times
- UN experts demand probe into Amazon CEO Jeff Bezos' alleged hack by Saudi crown prince Firstpost Tech
- Who Made the Spyware Used to Hack Jeff Bezos' Phone? VICE · Kevin Collier
- Jeff Bezos' phone hack might've let the Saudi's eavesdrop for months TweakTown News · Jak Connor
- UN demands probe into alleged Saudi hack of Amazon boss Bezos Nikkei Asian Review
- Boris Johnson allegedly had WhatsApp chats with Saudi prince who hacked Bezos New York Post · Lee Brown
- All These Extremely Powerful People May Want to Double Check They Weren't Hacked by a Saudi Prince Gizmodo · Tom McKay
- Digital Trends Live: Bezos hacked, Mars 2020 rover naming finalists, and more Digital Trends · Todd Werkhoven
- U.N. ties alleged Bezos phone hacking to Post's coverage of Saudi Arabia Washington Post · Marc Fisher
- UN experts say Saudis likely used mobile spyware, such as NSO Group's Pegasus, to hack Jeff Bezos' phone in May 2018; NSO Group denies involvement Yahoo Finance · Zack Whittaker
- Prince ‘leaked’ billionaire's explicit pics news.com.au · Natalie Brown
Discussion
-
@jeffbezos
Jeff Bezos
on x
Jamal https://twitter.com/...
-
@csdickey
@csdickey
on x
@thedailybeast @NicoHines The timeline annexed to the UN report is damning. First page: https://twitter.com/...
-
@noahshachtman
Noah Shachtman
on x
BREAKING: MBS didn't just hack Bezos' phone, an explosive report says. The Crown Prince taunted Bezos about his affair — long before it became public. https://www.thedailybeast.com/ ...
-
@davidakaye
David Kaye
on x
neither agnes nor i are infosec experts. so we consulted independent experts. based on their responses, which included questions about strength of forensics, we decided to raise concerns as we are today.
-
@asadabukhalil
@asadabukhalil
on x
Why is this buried deep into the article? “Alleged that the “most likely explanation” for the huge amount of data exiting the phone was that it had been infiltrated by spyware such as that developed by NSO Group, a private Israeli surveillance company.” https://www.theguardian.co…
-
@samueloakford
Samuel Oakford
on x
UN report suggests Bezos was monitored by Saudis for “months”: “Data spiking then continued undetected over some months and at rates as much as 106,032,045 per cent (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos' phone of 430KB.” https://www.ohchr.org/...
-
@ivohdaalder
Ivo Daalder
on x
A senior British foreign office official once told me about the influence of a “WhatsApp Quartet,” consisting of MBS, MBZ, Bibi, and Kushner, on politics in the Middle East. Just wondering how 3 of 4 quartet members are reacting to the news of MBS using the app to hack phones...
-
@miekeeoyang
Mieke Eoyang
on x
Note to self: Never give your mobile phone number to a Saudi government official. https://twitter.com/...
-
@nxthompson
Nicholas Thompson
on x
If the Saudis hacked Bezos's phone by sending malware through MBS's account, just think what they've done to Trump. https://www.wired.com/...
-
@hxhassan
Hassan Hassan
on x
Wow — this guy, he kidnapped the Lebanese prime minister, jailed his royal cousins in Ritz, killed a journalist, and blackmailed the world's richest man. And he still has defenders in the West, because he let women drive, and mix with men. https://twitter.com/...
-
@davidakaye
David Kaye
on x
here we received a forensic analysis concluding with ‘medium to high confidence’ that the iphone of Jeff Bezos was compromised via malware sent in 2018 from WhatsApp acct of the Crown Prince of the Kingdom of Saudi Arabia.
-
@simonwdc
Simon Rosenberg
on x
This story should also serves as a warning to every single person working against Trump this year to take cybersecurity super seriously, and demand your org/campaign/office do the same. While they do go after high value targets, weak links in the chain are also really important. …
-
@davmicrot
David Rothschild
on x
Likelihood that Jared's phone was hacked by Saudi Arabia and he is being blackmailed by them right now is terrifying for US. https://twitter.com/...
-
@nedprice
Ned Price
on x
Not only was the Saudi Crown Prince personally involved in the hacking of Bezos' phone, but this sure makes it sound like MbS himself tried to use the information gleaned from that operation to blackmail Bezos. https://www.nytimes.com/... https://twitter.com/...
-
@davidakaye
David Kaye
on x
there are obviously still many questions, and that's why we believe and call for further investigation is necessary, given the nature of the allegations and the threats posed, if true. /end
-
@davidakaye
David Kaye
on x
a key first point: @AgnesCallamard & i regularly receive information from sources about serious human rights violations, from all over the world. we are mandated by the @UNHumanRights Council to address credible allegations of violation.
-
@brianbeutler
Brian Beutler
on x
There's also the likely related matter of the Saudis' and Trump's joint interest in sabotaging Bezos, raising the important question of what Kushner and Trump knew, and when they knew it. https://twitter.com/...
-
@blakehounshell
@blakehounshell
on x
This U.N. report on the Bezos hack draws a line from Jamal Khashoggi criticizing Trump at a D.C. think tank event to his silencing by the Saudi state https://www.ohchr.org/...
-
@davidakaye
David Kaye
on x
a few comments of background in relation to release of our public statement just now - a statement which is *not a report*, as some have characterized it, but a call for investigation in light of serious human rights allegations. report is here: https://www.ohchr.org/... https://…
-
@mikko
@mikko
on x
The scandal is based on a forensic analysis concluding with ‘medium to high confidence’ that the iPhone of Jeff Bezos was compromised via the WhatsApp account of the Crown Prince of Saudi Arabia. https://twitter.com/...
-
@alexstamos
Alex Stamos
on x
This FTI forensics report is not very strong. Lots of odd circumstantial evidence, for sure, but no smoking gun. The funny thing is that it looks like FTI potentially has the murder weapon sitting right there, they just haven't figured out how to test it. https://twitter.com/...
-
@erratarob
@erratarob
on x
Okay. I read the report. I see nothing here that suggests Bezo's phone was hacked. It contains much that says “anomalies we don't understand”, but lack of explanations point to incomplete forensics, not malicious APT actors. https://assets.documentcloud.org/ ...
-
@alexemmons
Alex Emmons
on x
Wow. Two days after Bezos got a secret briefing on the PR campaign against him in Saudi Arabia, he got a text from MBS saying “it's not true.” First-rate job on covering your tracks there (From the FTI forensic report published by Motherboard: https://www.vice.com/...) https://tw…
-
@erratarob
@erratarob
on x
To repeat my conclusion from another thread: I see nothing in that FTI Bezos “forensics” report that suggests Bezos's phone was hacked. https://www.vice.com/...
-
@againsthimself
Alex Gantman
on x
Ok, this report is pretty bad and only serves to lower (if not wholly erode) my confidence in claimed conclusions. https://twitter.com/...
-
@chrislhayes
Chris Hayes
on x
Lots of security folks raising big questions on the forensic analysis of Bezos' phone. https://twitter.com/...
-
@chuckrossdc
Chuck Ross
on x
Didn't take a security expert to spot the report's problems, specifically regarding the consultant who did it, how it was rolled out to multiple news outlets all at once, and how it drew mostly on circumstantial evidence. https://twitter.com/...
-
@erratarob
@erratarob
on x
@thegrugq @chrislhayes @citizenlab @againsthimself Chris, it's this thread where I perform the same sort of forensics on one of my old phones and find the same traffic anomalies the forensics report used to “prove” the hack. https://twitter.com/... https://twitter.com/...
-
@mmcintire
Mike McIntire
on x
And they thought they'd actually get away with spying on the guy who gave us Alexa? https://www.nytimes.com/...
-
@alexstamos
Alex Stamos
on x
If the video is the initial point of exploitation, then there MUST be some evidence of that in the video file itself. It's true that this will just be a first stage exploit that pulls down the rest of the malware, but the actual exploit and a bit of ARM shell must be there.
-
@dnvolz
Dustin Volz
on x
NEW: Saudi officials close to MBS tell WSJ they were aware of a plan to hack Bezos' phone, but not of any attempt to blackmail him. Qahtani was involved in the hacking effort as part of a broader intimidation campaign against Khashoggi, officials said. https://www.wsj.com/...
-
@kashhill
Kashmir Hill
on x
I'm just here to find out who sent the first “let's be friends” text and looks like it was totally Bezos. MBS left him hanging for a full night before responding. https://twitter.com/... https://twitter.com/...
-
@maxwellstrachan
Maxwell
on x
motherboard got the technical report investigating the potential hack of jeff bezos' iPhone, and it includes some very good whatsapp texts between bezos and MBS https://www.vice.com/... https://twitter.com/...
-
@alexstamos
Alex Stamos
on x
So how did FTI see enough of the video to characterize it and perform a “cursory analysis” but not an in-depth analysis? If they have the locally cached messages, then they should also have the ephemeral encryption key to decrypt the entire video.
-
@alexstamos
Alex Stamos
on x
Here is an update now that I have seen the report. In short, the evidence is circumstantial but there is the possibility to investigate more. https://twitter.com/...
-
@pasternack
Alex Pasternack
on x
The report, commissioned by Bezos and obtained by @kimzetter and @josephcox, shows what digital forensic experts told them was an incomplete examination. They didn't have Bezos' iCloud password, they didn't jailbreak the device https://www.vice.com/...
-
@kevincollier
Kevin Collier
on x
This is in my story, but after its comms emailed out this aggressive statement, NSO published on its site a significantly more conciliatory one: https://www.nsogroup.com/... https://twitter.com/...
-
@thegrugq
Thaddeus E. Grugq
on x
The Bezos forensic report is not very good. The forensic analysis should be done by @citizenlab who at least have the relevant experience. The MP4 file should contain the exploit (if it is CVE-2019-11931). The exploit trigger should be visible with ffmpeg https://processors.wiki.…
-
@dinodaizovi
Dino A. Dai Zovi
on x
Agree with Alex here that it sounds like they have the potential proof, but not the experience to extract it. Correct extraction and decryption of the MP4 would do that. The device is vulnerable to checkra1n and they have passcode so pretty much all things should be possible. htt…
-
@thegrugq
Thaddeus E. Grugq
on x
This doesn't make me confident. The purchasing of dedicated mobile forensics hardware specifically for this job isn't great either. It suggests they don't have existing experience with Cellebrite mobile forensics work. https://twitter.com/...
-
@kimzetter
Kim Zetter
on x
Indeed. As we pointed out in story, FTI should have done a jailbreak on phone to examine full file system, but didn't. As a result, they would have seen less than 50% of what they needed to look at, and they didn't look in places where nation-state malware would normally hide. ht…
-
@alexstamos
Alex Stamos
on x
Anyway, the idea that this report is the furthest you can go with access to the phone is wrong. The circumstantial evidence is reasonably compelling, but since this is a major national security issue now more eyes need to be on the evidence. FIN
-
@alexstamos
Alex Stamos
on x
When sending an attachment, instead of squeezing a big blob into an E2E format and noise pipe optimized for text messages, the sending client creates a symmetric key and encrypts the attachment. This is uploaded via a separate web service and hosted on a CDN. https://twitter.com/…
-
@alexstamos
Alex Stamos
on x
If FTI doesn't have the capability to do this analysis themselves, then they should ask for WhatsApp's help in decrypting the file and then should allow FB and Apple to investigate (there is at least one WA and one iOS vuln involved here).
-
@alexstamos
Alex Stamos
on x
This is the behavior you would expect from WhatsApp. WA is targeted for slow/lossy networks, so the main control channel between the app and WA's servers is extremely optimized (Noise instead of TLS, 25519 instead of RSA). This is all documented here: https://www.whatsapp.com/...
-
@alexstamos
Alex Stamos
on x
This is the normal behavior of WhatsApp. It allows the app to keep working while the client tries to download the huge 8min 4k video your Mom sent of your nephew playing with a dog to the entire family group (um, to pick a totally random example). Nothing mysterious.
-
@alexstamos
Alex Stamos
on x
The initial reporting about an “encrypted downloader” for the WhatsApp video were rather confusing. Now that we can see the report, it looks like this is just a normal attachment as delivered by WhatsApp. Here are the relevant parts of the report. https://twitter.com/...
-
@sam_l_shead
Sam Shead
on x
NSO says that Pegasus isn't behind the Bezos hack. “We can say unequivocally that our technology was not used in this instance.” https://www.nsogroup.com/...
-
@josephfcox
Joseph Cox
on x
This is a thumbnail of the video that Saudi Arabia's Mohammad Bin Salman's WhatsApp account sent to Jeff Bezos, which investigators believe is connected to a hack of his phone https://www.vice.com/... https://twitter.com/...
-
@josephfcox
Joseph Cox
on x
MBS texted Bezos photos looking like his girlfriend Lauren Sanchez, and made a remark about arguing with spouses. As report notes, this was after someone with access to the phone could have figured out the affair, but ~before~ it was public knowledge https://www.vice.com/... http…
-
@alexhern
Hern
on x
Anyway the interesting thing is that I can't actually find the image macro on the internet. The closest I can find is one using the same picture, but with the caption in Polish rather than English: https://twitter.com/...
-
@kimzetter
Kim Zetter
on x
I obtained full forensic report into alleged hacking of Bezos' phone and published a report here with @josephfcox who also received report. Note that the investigators couldn't get into Bezos's iTunes backup because they didn't have password; had to reset https://www.vice.com/...
-
@bmakuch
Ben Makuch
on x
Not only has extensive reporting suggested MBS is a brutal autocrat who had a dissident journalist beheaded in an embassy, but if this UN report is right, his opsec can only be characterized as: “sloppy af.” https://www.vice.com/... Latest from @josephfcox + @KimZetter for @vice
-
@josephfcox
Joseph Cox
on x
New: we've published the underlying technical report from FTI Consulting that alleges Saudi Arabia's Crown Prince hacked the phone of Jeff Bezos https://www.vice.com/...
-
@kantrowitz
Alex Kantrowitz
on x
The Saudis grabbed a TON of data out of Bezos's phone, per report. 29,000% more than usual after MBS video message. Wow. https://www.vice.com/... https://twitter.com/...
-
@jamesliamcook
James Cook
on x
“Hello MBS” https://www.vice.com/... https://twitter.com/...
-
Vox
Sara Morrison
on x
The Jeff Bezos hack could happen to anyone
-
@saudiembassyusa
Saudi Embassy
on x
Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos' phone are absurd. We call for an investigation on these claims so that we can have all the facts out.
-
@bing_chris
Chris Bing
on x
Per this report: Bezos was in a WhatsApp chat with Saudi's MBS when unprompted the crown prince sent him a random file. The file it appears contained malware, which allowed Bezos' phone to be hacked ... leading to leaks of photos designed to embarass him https://www.theguardian.c…
-
@matthew_d_green
Matthew Green
on x
Everyone know you take MBS's WhatsApp messages on your burner phone.
-
@nytimes
@nytimes
on x
A United Nations expert said Jeff Bezos' experience should sound alarms because even with his wealth and resources, it took months of investigation by specialists to figure out what had happened. “It basically means that we are all extremely vulnerable.” https://www.nytimes.com/.…
-
@tomgara
Tom Gara
on x
Saudi magical realism is Mohamed bin Salman looking at Jeff Bezos' hacked emails, discovered Bezos had been privately warned via email about Saudi hacking, and sending Bezos a message telling him to ignore that warning he got https://www.ft.com/... https://twitter.com/...
-
@akiperitz
Aki Peritz
on x
Jeff Bezos' obvious move is to sue the firms that provided this tech to the Saudis into the ground. In every jurisdiction. Show there are serious financial consequences to hacking private citizens. Burn these companies to the ground with your infinite wealth. https://twitter.com/…
-
@beckpeterson
Becky Peterson
on x
Among the most important details: NSO Group sells its Pegasus tools based on the number of people the customer wants to target. It's not a free-for-all SaaS product. @haaretzcom previously reported that Saudi Arabia paid $55 million to use Pegasus in 2017.
-
@nickconfessore
Nick Confessore
on x
Pulling back a bit: the Saudis likely used Israeli tech (as WaPo reported) to hack Bezos, the enemy in common of MBS and Trump. https://twitter.com/...
-
@rmac18
@rmac18
on x
Not a cell phone in sight, just people living in the moment https://twitter.com/...
-
@dnvolz
Dustin Volz
on x
NEW: U.N. calls for immediate investigation by the U.S. into purported hack of Jeff Bezos by the Saudi crown prince, says the operation appears to have been “an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia.” https://www.ohchr.org/...
-
@rafsanchez
Raf Sanchez
on x
NEW: UN investigators echo the allegation that MBS was directly involved in hacking Bezos' phone. They say it was part of an effort to intimidate Washington Post into halting its critical coverage of Khashoggi's killing. https://www.ohchr.org/... https://twitter.com/...
-
@jason_kint
Jason Kint
on x
First, Guardian. Then FT with more detail. Then Washington Post. Now NYT with additional new details. The guy is alleged to have ordered the brutal killing of a journalist -and- hacked the mobile device of one of the leading global CEOs? Where is the US govt on this? https://twit…