Skip to Content
MIT Technology Review

UN calls for investigation of Saudis allegedly hacking Jeff Bezos

A tangled web of espionage may point to an intimidation campaign by the powerful Saudi Crown Prince.

Jeff Bezos on a cell phoneJeff Bezos on a cell phone
Jeff Bezos on a cell phone
Getty

United Nations human rights experts say the United States should investigate reports that Jeff Bezos’s phone was hacked shortly after receiving a video from the WhatsApp account belonging to Crown Prince Mohammed bin Salman of Saudi Arabia.

Bezos, who is the founder and chief executive of Amazon, also owns the Washington Post. The newspaper's columnist Jamal Khashoggi, a frequent critic of the Saudi regime, was assassinated in 2018 by Saudi agents. At the time the alleged hack took place in 2019, Prince Mohammed was said to be investigating that murder.

Referring to forensic analysis that claimed “medium to high confidence” that Bezos was hacked as a result of bin Salman’s WhatsApp message, the UN experts pointed to a long track record of targeted surveillance conducted by the Saudi royal family and bin Salman in particular. The news was first reported by the Guardian.

“The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, the Washington Post's reporting on Saudi Arabia,” said Agnes Callamard, UN special rapporteur on summary executions and extrajudicial killings, and David Kaye, UN special rapporteur on freedom of expression. 

"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents,” Callamard and Kaye said in a statement released on Wednesday morning.

On April 4, 2018, Bezos attended a dinner with the crown prince where the two exchanged numbers, according to the time line of events laid out by the UN experts. On May 1, the prince’s WhatsApp account sent Bezos a video file. 

“It is later established, with reasonable certainty, that the video’s downloader infects Mr. Bezos’s phone with malicious code,” the UN experts said. Within a month of that event, numerous other Saudi dissidents, human rights workers, and individuals connected with Khashoggi had their phones hacked. The UN linked several of these hacks with NSO Group, a prominent Israeli spyware developer. 

An NSO Group spokesperson said “unequivocally” that “our technology was not used in this instance,” adding: “We know this because of how our software works, and our technology cannot be used on US phone numbers.”

On October 2, 2018, Khashoggi was killed in the Saudi embassy in Istanbul after writing columns in the Washington Post critical of the Saudi royal family. What followed was a sizable and public online campaign on Saudi Twitter calling for a boycott of Amazon. Privately, the UN experts say, the crown prince’s WhatsApp account sent a photo to Bezos resembling the woman the Amazon founder was having an affair with. This was months before the public knew about Bezos’s affair.

“During the same period, Mr. Bezos was widely targeted in Saudi social media as an alleged adversary of the Kingdom,” the UN statement said. “This was part of a massive, clandestine online campaign against Mr. Bezos and Amazon, apparently targeting him principally as the owner of The Washington Post.”

Two months later, the National Enquirer reported that Bezos was having an affair. Bezos responded by stating that he would investigate how the Enquirer obtained his personal text messages that they published as part of the report.

“Certain powerful people who experience Washington Post news coverage will wrongly conclude I am their enemy,” Bezos wrote.

The exact nature of the video file sent from the crown prince to Bezos remains unclear, but immediately afterward, it was reported, “massive and (for Bezos’s phone) unprecedented exfiltration of data from the phone began.” The forensic analysis, however, found no malicious code.

Some of the most crucial details of the alleged hack remain maddeningly unclear, including the specific malware used. The report, conducted by FTI Consulting at Bezos’s request, lacks conclusive evidence; nor does it say with certainty what kind of spyware was used. However, the investigation was reportedly handled by Anthony Ferrante, who was previously chief of staff for the FBI’s Cyber Division and a member of the National Security Council.

The analysis did say that the “most likely explanation” was the use of malware by NSO Group or the Italian spyware firm Hacking Team, now known as Memento Labs.

Israeli news reports said that the Saudi government had previously acquired NSO Group malware, known as Pegasus, for $55 million.

Denying involvement, an NSO Group spokesperson said, “Any suggestion that NSO is involved is defamatory, and the company will take legal counsel to address this.”

The Saudi embassy publicly denied the reports on Twitter, characterizing the accusations as “absurd” and echoing the call for an investigation. Last year, Bezos’s security consultant publicly accused the Saudi government of hacking the billionaire’s phone.

After receiving FTI Consulting’s forensics report last year, Bezos went to the UN’s experts. The result is this very public call for an investigation.

“The allegations are also reinforced by other evidence of Saudi targeting of dissidents and perceived opponents,” the UN experts said in a statement. They pointed to recent criminal charges in the United States against a Saudi national accused of spying on the Twitter accounts of critics of the Saudi government.