ⓘ Hack of Jeff Bezoss phone. The FTI Consulting company concluded in November 2019 with medium to high confidence that the phone of Jeff Bezos was hacked by a fil ..


ⓘ Hack of Jeff Bezoss phone

The FTI Consulting company concluded in November 2019 with "medium to high confidence" that the phone of Jeff Bezos was hacked by a file sent from the WhatsApp account of the crown prince of Saudi Arabia, Mohammed bin Salman. The Saudi Arabian embassy to the United States has denied the allegations. Billionaire Jeff Bezos, the owner of The Washington Post newspaper and the founder of the company Amazon, engaged FTI Consulting in February 2019 after the National Enquirer in January 2019 reported details of Bezoss affair. FTI Consulting did not link the National Enquirer to the hack.


1. Background

Starting in September 2017 the Washington Post, which is owned by Bezos, published a series of columns by Jamal Khashoggi that were critical of Saudi Arabia or bin Salman. In April 2018, Bezos attended a small dinner with bin Salman and exchanged WhatsApp numbers. Bezos and bin Salman proceeded to exchange friendly messages. Khashoggi was murdered in October 2018. Washington Post reporting became increasingly critical of the role of Saudi regime and bin Salman in the murder.


2. Alleged incident

According to a United Nations analysis of evidence of surveillance on Bezoss phone, the following events occurred on 1 May 2018:

A message from the Crown Prince account is sent to Mr. Bezos through WhatsApp. The message is an encrypted video file. It is later established, with reasonable certainty, that the video’s downloader infects Mr. Bezos’ phone with malicious code.


3. Investigations

In January 2019, the National Enquirer released details of Bezos having conducted an affair. Bezos had security specialist Gavin de Becker lead an investigation into how the National Enquirer obtained the information.

In February 2019, Bezos wrote a post on Medium, accusing The National Enquirer and its parent company American Media, Inc. AMI of extortion and blackmail of him with images of his affair. In the post, Bezos referenced that AMI had been investigated for "various actions they’ve taken on behalf of the Saudi Government", and stated that the reporting of The Washington Post on the killing of Jamal Khashoggi "is undoubtedly unpopular in certain circles".

Later in February 2019, Bezos and de Becker hired digital forensic experts from the FTI Consulting company to analyse Bezoss iPhone. The Wall Street Journal later reported that Bezos did not want to give his phone directly to the Federal Bureau of Investigation FBI, thus he had FTI Consulting do the work. Some FTI Consulting workers previously worked for the FBI. The Wall Street Journal also reported that FTI Consulting communicated with law enforcement officials about their work.

In March 2019, de Becker wrote an article for The Daily Beast, stating that Bezoss and his "investigators and several experts concluded with high confidence that the Saudis had access to Bezos phone, and gained private information". de Becker also reported he had presented details of his investigation to law enforcement officials. de Becker said there was a "close relationship" between bin Salman and American Media CEO David Pecker. de Becker highlighted that AMI had attempted to have him publicly declare that the investigation into Bezoss phone found that AMI had not used "eavesdropping or hacking in their newsgathering process", and also demanded his declaration that AMIs story was not "influenced in any manner by external forces". Lastly, de Becker stated that it was "unclear" whether AMI knew of the alleged hack by the Saudis.

On April 2019, Bezos was interviewed by federal investigators when the FBI was researching whether Israeli technology company NSO Group had conducted hacks into people and companies in the United States.

In November 2019, FTI Consulting finished compiling the report for the forensic analysis of Bezoss phone.

The Guardian broke the story on 21 January 2020 of the results of the analysis of Bezoss phone, reporting that the analysis indicated it was highly likely that Bezoss phone had been infiltrated by a malicious video file sent from bin Salmans WhatsApp account. FTI Consultings conclusion was made with "medium to high confidence", the report stated. The full forensic report was published by Motherboard on 23 January 2020.

The report stated that just "hours" after Bezos received the file from bin Salman, his phone began transmitting dramatically higher amounts of data, and that this continued for months. The video in the file was not infected, but the downloader of the file could not be analysed by investigators because it was encrypted by WhatsApp. The report points to two pieces of circumstantial evidence: first, a November 2018 message from bin Salman to Bezos includes an image resembling the woman Bezos was having an affair with, despite the affair not being public knowledge at the time; second, a February 2019 text from bin Salman to Bezos urges Bezos not to believe everything, after Bezos was briefed on the phone regarding a Internet campaign against him conducted by Saudis. The report states that investigators belief that bin Salmans advisor, Saud al-Qahtani, obtained the hacking software. The report does not link The National Enquirer to the hack.

Bezos had approached United Nations special rapporteur on summary executions and extrajudicial killings Agnes Callamard and special rapporteur on freedom of expression David Kaye after receiving the forensic analysis of his phone. On 22 January 2020, Callamard and Kaye reacted to the forensic analysis of Bezos phone by stating that "the allegations are also reinforced by other evidence of Saudi targeting of dissidents and perceived opponents". They publicized information of other phones being hacked from May 2018 to June 2018, belonging to two Khashoggi associates Yahya Assiri and Omar Abdulaziz, an Amnesty International official, and Saudi dissident Ghanem al-Dosari. As a result, Callamard and Kaye called for "immediate investigation" by relevant authorities of the alleged phone hacks, "including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents." Additionally, Callamard and Kaye accused the Saudis of orchestrating a "massive, clandestine online campaign against" Bezos and Amazon, starting from after Khashoggi was killed.


4. Reaction to allegations

In February 2019, Adel al-Jubeir, minister of state for foreign affairs for Saudi Arabia, announced the country had "absolutely nothing to do with the hacking".

In March 2019, AMI released a statement responding to de Beckers column that the only source for their story on Bezos was Michael Sanchez, the brother of Bezos girlfriend, and that there "no involvement by any other third party whatsoever." A year later, Michael Sanchez sued AMI, stating in court documents that when the National Enquirer first contacted him, they already had "raunchy text messages and nude selfies exchanged" by Bezos and Sanchezs sister. Michael Sanchez denied giving AMI explicit photos, and accused AMI of hacking Bezoss phone.

In January 2020, the Twitter account of the kingdoms U.S. embassy explicitly rejected the claim that Saudi Arabia was behind the hack, and called for an investigation into the incident.


5. Analysis

The Guardian speculated in January 2020 that the hacking allegation would weaken bin Salmans ability to attract more Western investors to Saudi Arabia and lead to renewed scrutiny of the murder of Khashoggi and bin Salmans involvement. The outlet also reported that Saudi experts believed that Bezos was hacked because of The Washington Post s coverage of Saudi Arabia. The coverage included Khashoggis criticism of bin Salman. One of those who spoke to The Guardian was Andrew Miller, a Middle East expert who served on the national security council under President Obama, claimed that Bezos targeting by the crown prince reflects the personality-centric situation of Saudi politics.

The Washington Post in January 2020 quoted security researchers as saying that "Bezos probably fell victim to the iPhones Achilles heel: Its defenses are so difficult to penetrate that once sophisticated attackers are in, they can go largely undetected." One of the reasons for this weakness of the iPhone was that Apple, the company producing iPhones, "employs a secretive approach to finding and fixing security", stated the researchers.

United Nations special rapporteurs Agnes Callamard and David Kaye stated that the alleged hacking suggests that there was "in an effort to influence, if not silence, the Washington Posts reporting on Saudi Arabia", with bin Salman possibly part of the operation. They declared that the alleged hacking was relevant to the issue of whether bin Salman was involved in the killing of Jamal Khashoggi, who worked for The Washington Post.

MIT Technology Review offered the opinion that FTI Consultings report "lacks conclusive evidence", noting that it fails to decisively identify the specific spyware used against Bezos.

Motherboard quoted mobile forensic expert Sarah Edwards that FTIs results, as reported in January 2020, are only about 50% complete. Edwards pointed to a lack of analysis of core files, "where that state-sponsored malware is going to be found". Meanwhile, Vladimir Katalov, the leader of an iOS forensics company, opined to Motherboard that it seemed as if "experts were not qualified enough".