Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince
Phone allegedly began leaking data shortly after being sent a video file from WhatsApp account linked to Prince Mohammed. Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince
Two United Nations officials called for further investigation into the alleged hacking of Amazon.com Inc. founder Jeff Bezos’ phone in 2018 by a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman, which the experts said suggested an attempt to influence news coverage of the kingdom by the Washington Post, which Mr. Bezos owns.
“The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by U.S. and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul.
The U.N. statement on Wednesday was based on a forensic analysis of Mr. Bezos’ phone reviewed by the two officials. It comes a day after a person familiar with the matter told The Wall Street Journal that cybersecurity experts hired by Mr. Bezos have alleged that his phone was probably hacked in 2018 by a WhatsApp account associated with Prince Mohammed.
Agnes Callamard, the U.N.’s special rapporteur on extrajudicial killings, and David Kaye, the special rapporteur on freedom of expression, said the hacking took place in May 2018 and continued for months, around the time of the murder of Washington Post columnist Jamal Khashoggi in October 2018.
“At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post,” said the U.N. experts in a news release.
Ms. Callamard is the U.N. official who carried out an extensive investigation into Mr. Khashoggi’s killing. Her report on the murder found what she termed “credible evidence” that warranted further investigation into the crown prince’s possible role in the killing.
She and Mr. Kaye urged U.S. and other authorities to investigate both the alleged hacking of Mr. Bezos’ phone along with Mr. Khashoggi’s killing and Prince Mohammed’s involvement in a broader Saudi effort to intimidate critics of the government. As U.N. officials they have no legal ability to trigger an investigation by American law enforcement.
The Saudi embassy in Washington has called reports of the alleged hacking “absurd” and called for an investigation.
Bezos Hack Report Puzzles Cyberexperts
Investigation by FTI appears to be inconclusive, several specialists in cybersecurity say.
A report concluding that Saudi Arabia likely hacked into Jeff Bezos ’ smartphone has spurred questions and confusion among cybersecurity experts, even as it has prompted renewed scrutiny of the kingdom and its crown prince.
Cyberforensics specialists said the report, which is dated November 2019 but didn’t surface publicly until this week, relied heavily on circumstantial evidence to make the case that a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman was probably used to hack into the iPhone of Mr. Bezos, the founder of Amazon.com Inc. and owner of the Washington Post. They say the audit left several major technical questions about the incident unexplained and in need of more examination.
“It is not a conclusive report,” said Bill Marczak, a researcher with Citizen Lab, a Toronto-based technology watchdog that has tracked Saudi Arabia’s use of surveillance tools. “It raises some interesting questions, some of which I think require further explanation.”
The report was produced by business-advisory firm FTI Consulting following an investigation commissioned by Mr. Bezos. Gavin de Becker, a security consultant hired separately by Mr. Bezos, publicly alleged last March that the investigators had determined “with high confidence” that the Saudis had accessed private information on Mr. Bezos’ phone.
The FTI report has already caused ripples, with two United Nations officials on Wednesday publicizing its analysis and calling on the U.S. to conduct further investigations, including into Saudi Arabia’s alleged use of commercial spyware to target political opponents with intrusive digital surveillance.
FTI, which is based in Washington and has a presence in more than two dozen countries, has repeatedly declined to comment publicly about its study, citing client confidentiality. The report said it had concluded—with “medium to high confidence”—that the WhatsApp account associated with Prince Mohammed was used to compromise Mr. Bezos’ phone, likely by sending a video file in May 2018 that contained an image of the Saudi Arabian and Swedish flags and an encrypted file.
Investigators said that video file appeared to contain malicious code, citing as evidence that the phone began transmitting large amounts of data hours after it was received.
Saudi Arabia has denied the allegations, calling them absurd. Saudi officials close to the crown prince said they were aware of a plan to hack Mr. Bezos’ phone, but not of any attempt to blackmail him, The Wall Street Journal reported on Wednesday.
A spokesman for Mr. Bezos declined to comment.
On Thursday, a White House spokesman said Saudi Arabia was an “important ally” and declined to say whether the Trump administration planned to investigate the matter.
The FTI investigation appeared to forgo important investigatory steps that could have yielded a fuller picture of what occurred on Mr. Bezos’ iPhone X, forensics specialists said.
Perhaps the most important piece of evidence absent from the report, experts say, is the malicious software allegedly used to hack into Mr. Bezos’ phone. The FTI report suggests this so-called malware may lie in an encrypted file sent to Mr. Bezos’ phone, but FTI said it wasn’t able to decrypt this file.
That is something it should be able to do, according to both Mr. Marczak and Alex Stamos, director of the Stanford Internet Observatory at Stanford University, who until August 2018 was chief security officer at Facebook Inc., which owns WhatsApp.
According to Mr. Stamos, the report suggests that FTI investigators had access to the data necessary to decrypt the file in question and examine it for malicious software. “They don’t seem to understand how to properly decrypt WhatsApp attachments,” Mr. Stamos said.
In its report, FTI said it received Mr. Bezos’ iPhone X in May 2019 and began efforts to try to collect evidence, keeping the device in a lab secured and staffed 24 hours a day, with no other electronic devices allowed in or out. The report didn’t say whether the phone was prohibited from connecting to the network.
The FTI report indicates that the firm didn’t perform a “jailbreak” of the phone—a way of circumventing the security restrictions that hamper the viewing of files on the phone. A jailbreak is an important step in many forensics investigations, particularly those searching for sophisticated hacking software, Mr. Stamos said. “If your goal is to determine if there is nation-state-level malware on a device, you can’t do that without a jailbreak,” he said.
A person familiar with the investigation acknowledged that a jailbreak of the iPhone would likely be necessary to obtain more definitive results, and that FTI investigators still wanted to do that, as the report’s final page states. But there were circumstances that have delayed that effort, this person said, while declining to provide specifics.
The report indicates that the investigation may have been hampered by a common security issue: password problems. Investigators wrote that they lacked the password for the iTunes backup for Mr. Bezos’ phone—the report didn’t explain why Mr. Bezos couldn’t provide it—and that in May they bypassed the phone’s backup encryption password to create a copy of the phone’s files.
That is a common investigative technique when the backup password is missing, but it reduces the amount of phone data available to investigators, said Sherri Davidoff, the chief executive of LMG Security, a Missoula, Mont.-based cybersecurity company that conducts forensic investigations.
The FTI review also didn’t explain whether Mr. Bezos was duped into clicking on a malicious file, or if malware had been automatically installed on his device—a rare but powerful hacking technique.
Experts said the massive surge in outgoing data that began hours after Mr. Bezos received the file could signal malicious activity. While the timing of the surge was suspicious, experts said it was circumstantial evidence that alone isn’t sufficient to conclude that a hack took place.
FTI isn’t among the firms best known for cyberforensics investigations. Founded 38 years ago, it advises companies across the globe on a range of sensitive matters, including corporate litigation and forensic accounting. It has been involved in several other prominent cases, including the Enron and WorldCom bankruptcies and the investigation into the use of steroids in Major League Baseball.
The company has sought to expand its cybersecurity portfolio rapidly in recent years, and in 2017 hired Anthony Ferrante as its global head of cybersecurity. Mr. Ferrante, a veteran of the Federal Bureau of Investigation who was chief of staff of the agency’s cyber division, served as director for cyber incident response at the National Security Council during the Obama administration. Mr. Ferrante was the author of the report on Mr. Bezos’ phone.
FTI maintains close ties to law enforcement, recruiting heavily from the FBI and U.S. intelligence agencies, and Mr. Ferrante has been involved in other high-profile investigations.
Several former U.S. cybersecurity officials who have worked with Mr. Ferrante described him as a straightforward investigator with real technical skills. “Anthony is a professional,” said one former colleague. “He is not the kind of person who puts something out without real confidence.”
Mr. Ferrante declined to comment.
Prosecutors Have Evidence Bezos’ Girlfriend Gave Texts To Brother Who Leaked To National Enquirer
Text messages are among materials under review in probe examining whether publisher tried to extort Amazon chief.
Federal prosecutors in Manhattan have evidence indicating Jeff Bezos ’ girlfriend provided text messages to her brother that he then sold to the National Enquirer for its article about the Amazon.com Inc. founder’s affair, according to people familiar with the matter.
The text messages, which were reviewed by The Wall Street Journal, were among the materials turned over to federal prosecutors as part of their investigation into whether American Media Inc., publisher of the National Enquirer, attempted to extort Mr. Bezos, the people said. The U.S. attorney’s office has also been investigating whether Mr. Bezos’ phone was hacked, according to the people.
The evidence gathered by federal prosecutors includes a May 10, 2018, text message sent from the phone of Lauren Sanchez, Mr. Bezos’ girlfriend, to her brother Michael Sanchez containing a flirtatious message from the Amazon chief, the people said.
The Enquirer quoted the text in its January 2019 article about Mr. Bezos’ extramarital affair with Ms. Sanchez. A July 3, 2018, text message sent from Ms. Sanchez’s phone to her brother’s includes a photo of a shirtless Mr. Bezos.
Mr. Bezos’ security consultant, Gavin de Becker, suggested in an opinion article last year for the Daily Beast that Saudi Arabia might have had a hand in the Enquirer’s reporting on Mr. Bezos. The claim resurfaced this week after a forensic audit commissioned by Mr. Bezos alleged that his phone was hacked using a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman.
The text messages reviewed by the Journal, as well as a $200,000 payment Mr. Sanchez received from the Enquirer under an October 2018 contract the Journal also reviewed, supports American Media’s earlier statements that he was the source for the National Enquirer’s article.
The Saudi government said the allegation that the crown prince hacked Mr. Bezos’ phone was absurd and called for an investigation.
“In September of 2018, Michael Sanchez began providing all materials and information to our reporters,” a spokesman for American Media said Friday. He added that any suggestion that a third party, such as Saudi Arabia, “was involved in or in any way influenced our reporting is false.”
Mr. Sanchez declined to comment on the texts or his contract with American Media. “With spoon-fed lies and half-truths, Wall Street Journal keeps getting it wrong,” Mr. Sanchez said in an emailed statement.
Ms. Sanchez didn’t respond to requests for comment. An attorney for Mr. Bezos declined to comment.
Federal prosecutors haven’t charged Michael Sanchez, Lauren Sanchez or anyone else with a crime in the probe.
Mr. Bezos’ affair with Ms. Sanchez, a former television reporter who started an aerial film-production company, was publicized the same month he and his now ex-wife, MacKenzie Bezos, said their 25-year marriage was ending. They agreed to a divorce settlement in April.
Mr. Bezos, the richest man in the world, made a public appearance with Ms. Sanchez at an event in Mumbai on Jan. 16.
The Amazon chief is the owner of the Washington Post, where the late columnist Jamal Khashoggi wrote critically of the kingdom’s leadership before he was slain last October by a Saudi security team. The CIA, in a secret assessment reviewed by the Journal, said that Prince Mohammed likely ordered Mr. Khashoggi’s death, although it acknowledged it didn’t have direct evidence of a kill order by the Saudi crown prince.
On Wednesday, United Nations officials probing Mr. Khashoggi’s death called on U.S. authorities to investigate the findings of the audit commissioned by Mr. Bezos.
The October 2018 contract between Mr. Sanchez and American Media gave the company exclusive rights to “certain information, photographs, and text messages documenting an affair between Jeff Bezos and Lauren Sanchez.”
Mr. Sanchez, a talent agent who has managed television pundits and reality-show judges, declared in his contract with American Media that he acquired the texts and photographs lawfully, according to the agreement.
The New York Times earlier reported that American Media provided evidence to federal prosecutors that Ms. Sanchez sent texts to her brother involving Mr. Bezos.
Saudi Prince Courted Amazon’s Bezos Before Bitter Split
Pair worked cordially to try to establish an Amazon presence in kingdom before rift over alleged phone hacking.
Through much of 2018, Amazon.com Inc. AMZN -1.59% founder Jeff Bezos and tech-savvy Saudi Crown Prince Mohammed bin Salman seemed to be hitting it off.
Texting over WhatsApp about a plan for Amazon to build a huge data center in Saudi Arabia, the men forged a cordial and mutually beneficial relationship. “It is very important for me, my friend, that you come to Saudi during the future investment Forum and we announce this $2.8B Vision 2030 partnership,” the prince messaged Mr. Bezos on Sept. 9, 2018, according to a review of texts by The Wall Street Journal and people familiar with the situation.
Amazon stood to gain broader access to the Middle Eastern market. Prince Mohammed could be aided in his efforts to reform the Saudi economy as well as burnish his personal brand.
Now, one of the world’s richest men and one of the most powerful princes are archenemies, each accusing the other of betrayal.
Over the course of 2018, Prince Mohammed grew frustrated as the Bezos-owned Washington Post published critical columns by Saudi dissident Jamal Khashoggi, according to people familiar with the matter. Mr. Bezos was deeply disturbed after men working for the prince murdered Mr. Khashoggi that October, said people familiar with the situation.
But the feud didn’t erupt into a public spectacle until last week, with the surfacing of a report commissioned by Mr. Bezos that said—with “medium-to-high confidence”—that Prince Mohammed had installed spyware on Mr. Bezos’ phone via a WhatsApp message in May 2018.
The Saudi government denies that the prince hacked Mr. Bezos’ phone. The Journal has reported that Saudi officials close to the crown prince said they were aware of a plan to compromise Mr. Bezos’ phone, though not that an attack actually happened.
William Isaacson, a lawyer for Mr. Bezos, declined to comment for this article, as did representatives for the Saudi government in Riyadh and Washington. An Amazon spokesman declined to comment on details of the data-center plan.
Later in 2018, the National Enquirer received embarrassing texts and photos of the then-married Mr. Bezos and his girlfriend, Lauren Sanchez, and published some of them in January 2019. Mr. Bezos has said there was Saudi involvement in the matter, an assertion the Enquirer and the Saudi government disputed.
The Journal has reported that the Enquirer paid $200,000 to buy the racy texts and photos from Ms. Sanchez’s brother Michael Sanchez, according to people familiar with the matter, and that federal prosecutors have evidence indicating Ms. Sanchez had given him the material.
Ms. Sanchez hasn’t responded to requests for comment. Mr. Sanchez said in an emailed statement: “With spoon-fed lies and half-truths, Wall Street Journal keeps getting it wrong.”
It is a remarkable show of public animosity between two men who seemed to have aligned interests when they met in 2016.
Prince Mohammed had taken over efforts to remake the Saudi economy, a position he gained after his father, Salman, became king in 2015. The prince told friends and acquaintances that he sees himself in the mold of tech-company founders like Steve Jobs and Mr. Bezos— men who built business empires through visionary leadership and supreme self confidence.
For several years, Prince Mohammed has met with investors, money managers and chief executives to explain his vision. Among his big initiatives was a $500 billion tech-focused city called NEOM that he planned to build along the Red Sea.
In confidential planning documents the Journal reviewed, consultants for the Saudi government outlined “tailor-made incentives” to woo Amazon as a major part of the project, including government funding and 99 years of free rent.
Many Western business leaders wanted the prince to invest Saudi money in their operations, people familiar with the meetings said. Amazon was one of the few willing to invest a large amount of money in Saudi Arabia. The data center would serve Amazon customers across the region, according to people in the Gulf and the U.S. familiar with the talks.
The two men had an April 2018 dinner in Los Angeles during a U.S. tour the prince made. For Prince Mohammed, it would be among the first major investments in the kingdom by a Western tech company, and one of the first times a big foreign company would choose Saudi Arabia, rather than traditionally business-friendly locations like Dubai or Abu Dhabi, as a Mideast hub.
The details were negotiated by lower-level teams. But the prince and Mr. Bezos kept in touch about the project on a high level over WhatsApp, people familiar with the project said.
WhatsApp was a key tool of the young prince’s global charm campaign. In his first few years as crown prince, he handed out his WhatsApp contact information to visiting dignitaries, businessmen, academics and some journalists so often that his phone streamed messages day and night, people who interacted with the prince said.
Prince Mohammed would go through the messages every day, those people said. Receiving a response was a surprise for Americans accustomed to doing business in the Gulf, where senior princes were typically aloof.
Talks about a data-center project that could cost $2 billion or more were under way when Prince Mohammed and Mr. Bezos began communicating over WhatsApp in spring 2018, the people familiar with the matter said. Saudi officials believed Amazon was willing to commit up to $4 billion to the project, said people involved in the talks.
Yet the prince at points griped to Mr. Bezos about Amazon’s earlier business decisions in the region—it had bought an e-commerce company in 2017 that competed with a business co-owned by the Saudi sovereign-wealth fund, and announced a deal to build a data center in neighboring Bahrain.
“I was very disappointed” to hear about the Bahrain deal, the prince texted Mr. Bezos, according to the people familiar with the exchanges. He wrote that Amazon’s decision not to partner with Saudi Arabia from the get-go “has pushed” Saudi Arabia to compete in e-commerce with Amazon.
Still, the prince continued to send enthusiastic messages through the summer of 2018 about Amazon’s eventual arrival in the kingdom, these people said.
It turns out the prince’s messages to Mr. Bezos were somewhat misleading.
Prince Mohammed’s security adviser, Musaid al Aiban, had already frozen the data-center deal because Amazon.com wouldn’t allow Saudi intelligence and law enforcement access to the data as part of the discussions, people familiar with the matter said.
On April 17, 2018, less than two weeks after the prince and the CEO had dinner in Los Angeles, Mr. Aiban told officials working on the deal not to complete it—and also not to tell Amazon it was being held up. Prince Mohammed was apprised of this strategy, according to these officials.
“Never say no publicly. We just keep stalling and cite bureaucratic delays,” said an adviser for the government who worked on the project.
Multiple efforts to reach Mr. Aiban through media representatives of the Saudi government were unsuccessful.
It was important not to alienate Mr. Bezos because Prince Mohammed wanted him to attend the Riyadh financial conference later in the year. Nicknamed “Davos in the Desert,” it was the prince’s opportunity to trumpet, domestically and abroad, his alliances with the world’s business and technology leaders.
Through the summer of 2018, the prince encouraged Mr. Bezos to come to the October conference, text messages show. It isn’t clear whether Mr. Bezos ever formally committed to attending.
Then, on Oct. 2, 2018, Mr. Khashoggi, the Washington Post columnist, entered the Saudi embassy in Istanbul and never emerged. The Post wrote a number of investigative articles and editorials about the murder, many blaming Prince Mohammed.
For days, Saudi Arabia issued statements denying involvement only to be contradicted by information gathered by Turkey, partially through recordings inside the Saudi embassy, that indicated Mr. Khashoggi was killed by Saudi operatives.
Later that month, Saudi Arabia said officials of its government killed Mr. Khashoggi in a rogue operation, and tried to dampen international outrage by announcing its own investigation. The Central Intelligence Agency concluded that the killing was carried out under the prince’s orders, U.S. officials said. Saudi Arabia has denied the prince had any prior knowledge.
In the aftermath of the Khashoggi killing, government officials and executives from around the world pulled out of the Riyadh conference, including Mr. Bezos.
Around that time, National Enquirer employees got a tip about Mr. Bezos’ affair and began tailing him, the Journal has reported. In January 2019, Mr. Bezos revealed he was getting divorced, knowing that the Enquirer was ready to publish an article about his affair. The Enquirer subsequently threatened to publish more racy texts and photos unless Mr. Bezos publicly said he had no evidence the tabloid had targeted him for political reasons.
Mr. Bezos refused the Enquirer’s demand.
It wasn’t until last Wednesday that details of the alleged Saudi hack of Mr. Bezos’ iPhone became public, after United Nations officials called for an investigation of the incident and summarized the report by Mr. Bezos’ consultants.
The consultant’s report has spurred questions among cybersecurity experts, who said it relied heavily on circumstantial evidence to make the case that a WhatsApp account associated with Prince Mohammed was probably used to hack into Mr. Bezos’ phone.
The consultants weren’t able to figure out if information from Mr. Bezos’s phone was linked to the photos and texts that ended up with the Enquirer.
Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,Bezos’ Phone Allegedly Hacked,