UN calls for investigation after Saudis linked to Bezos phone hack

United Nations experts are calling for an investigation after a forensic report said Saudi officials “most likely” used a mobile hacking tool, such as one built by the NSO Group, to hack into the phone of Amazon founder Jeff Bezos.

Remarks made by U.N. human rights experts on Wednesday said mobile spyware was likely used to exfiltrate gigabytes of data from Bezos’ phone in May 2018, about six months after the Saudi government first obtained the spyware.

It comes a day after news emerged, citing a forensics report commissioned to examine the Amazon founder’s phone, that the malware was delivered from a number belonging to Saudi Crown Prince Mohammed bin Salman. The forensics report, carried out by FTI Consulting, said it was “highly probable” that the phone hack was triggered by a malicious video sent over WhatsApp to Bezos’ phone. Within hours, large amounts of data on Bezos’ phone had been exfiltrated.

U.N. experts Agnes Callamard and Davie Kaye, who were given a copy of the forensics report, said the breach of Bezos’ phone was part of “a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities.”

But the report left open the possibility that technology developed by another mobile spyware maker may have been used.

The Saudi government has rejected the claims, calling them “absurd.”

NSO Group said in a statement that its technology “was not used in this instance,” saying its technology “cannot be used on U.S. phone numbers.” The company said any suggestion otherwise was “defamatory” and threatened legal action.

Forensics experts are said to have begun looking at Bezos’ phone after he accused the National Enquirer of blackmail last year. In a tell-all Medium post, Bezos described how he was targeted by the tabloid, which obtained and published private text messages and photos from his phone, prompting an investigation into the leak.

The subsequent forensic report, which TechCrunch has not yet seen, claims the initial breach began after Bezos and the Saudi crown prince exchanged phone numbers in April 2018, a month before the hack.

The report said several other prominent figures, including Saudi dissidents and political activists, also had their phones infected with the same mobile malware around the time of the Bezos phone breach. Some whose phones were infected included those close to Jamal Khashoggi, a prominent Saudi critic and columnist for The Washington Post — which Bezos owns — who was murdered five months later.

U.S. intelligence concluded that bin Salman ordered Khashoggi’s death.

“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” the U.N. experts said.

The U.N. experts said the Saudis purchased the Pegasus malware, and used WhatsApp as a way to deliver the malware to Bezos’ phone.

WhatsApp, which is owned by Facebook, filed a lawsuit against the NSO Group for creating and using the Pegasus malware, which exploits a since-fixed vulnerability in the the messaging platform. Once exploited, sometimes silently and without the target knowing, the operators can download data from the user’s device. Facebook said at the time the malware was delivered on more than 1,400 targeted devices.

The U.N. experts said they will continue to investigate the “growing role of the surveillance industry” used for targeting journalists, human rights defenders and owners of media outlets.

Amazon did not immediately comment.