- The U.N. statement concerns forensic investigations into the claim by Amazon CEO Jeff Bezos that the Saudi government carried out a cyberattack against him to extract large amounts of data from his phone.
- Riyadh has consistently rejected the accusations, and the Saudi Embassy in Washington on Wednesday called the allegations "absurd."
- Bezos owns The Washington Post, where Jamal Khashoggi wrote critical commentaries of Saudi Arabia before he was slain and mutilated in the Saudi consulate in Istanbul.
DUBAI, United Arab Emirates — U.N. experts on Wednesday called for an immediate investigation into the "possible involvement" of Saudi Crown Prince Mohammed bin Salman in the hacking of Amazon CEO and Washington Post owner Jeff Bezos' iPhone in 2018.
"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by U.S. and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents," U.N. experts said in a statement.
"The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia."
The statement from the U.N.'s human rights body centers on forensic investigations into the claim by Bezos — one of the world's wealthiest men — that the Saudi government orchestrated a cyberattack against him to extract large amounts of data from his phone, including nude photos sent to his mistress, Lauren Sanchez.
The full analysis report, carried out by Washington-based business advisory firm FTI Consulting on behalf of the American billionaire, was published exclusively later on Wednesday by Vice's Motherboard and can be viewed here.
Riyadh has consistently rejected the accusations, and the Saudi Embassy in Washington on Wednesday called the allegations "absurd."
The U.N. special rapporteurs, who are appointed by the world body but operate independently, made the statement after reviewing the 2019 forensic analysis. Their statements follow earlier investigations into the killing and dismemberment of Washington Post journalist Jamal Khashoggi, who wrote critical commentaries of Saudi Arabia in Bezos' newspaper and was slain in the Saudi consulate in Istanbul in October 2018.
FTI consulting could not detail the specific spyware used in the attack but said its experts had "medium to high confidence" that Bezos' iPhone was hacked by malware coming from a WhatsApp account used by the Saudi crown prince.
"Based upon the results of a full forensic examination of the logical file system of Bezos's phone, including network analysis, and an in-depth investigation conducted over several months, FTI reports with medium to high confidence that Bezos's IPhone X was compromised via malware sent from a WhatsApp account used by Saudi Crown Prince Mohammed bin Salman," the U.N. statement said.
Saudi Arabia's foreign minister, Prince Faisal bin Farhan Al Saud, called the hacking allegations "absolutely illegitimate" and based on "no evidence."
"It was purely conjecture, and if there is real evidence, we look forward to seeing it," he told reporters at the World Economic Forum in Davos, Switzerland.
Bezos, through his security consultant Gavin de Becker, has flatly accused the Saudi government of wanting to do him harm. De Becker alleged last March that the Saudis had "access to Bezos's phone, and gained private information" and that the government was "intent on harming Jeff Bezos since . . . the Post began its relentless coverage" of the brutal murder in October 2018 of Khashoggi.
Riyadh said the killing was the result of a "rogue operation" that did not involve the crown prince, contradicting the CIA's reported conclusion from late 2018 that implicated the crown prince.
According to the 2019 forensic analysis by FTI Consulting, Bezos' phone was likely "infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman."
Bezos and the crown prince had reportedly exchanged numbers the previous month. Within hours of the video being sent from the crown prince's account, "massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began" — the volume of data being transited to another location suddenly shot up by nearly 30,000% to 126 MB.
"Data spiking then continued undetected over some months and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos' phone of 430KB," the report said.
The analysis suggested a spyware product previously identified in other cases of Saudi surveillance, saying the intrusion was "likely undertaken" by a product like the Pegasus-3 malware created by Israeli-based NSO Group. Pegasus has been widely reported as having been purchased by Saudi officials including Saud al-Qahtani, Prince Mohammed's former advisor who was implicated in the Khashoggi murder but ultimately not charged by the Saudi authorities.
"This would be consistent with other information," the U.N. special rapporteurs wrote. "For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group."
Still, FTI maintained that they could not decisively conclude what kind of malware was used. "Due to end-to-end encryption employed by Whatsapp," the analysts wrote, "it is virtually impossible to decrypt the contents of the downloader to determine if it contained any malicious code in addition to the delivered video."
NSO responded in a statement posted to its website Wednesday, saying "NSO is shocked and appalled by the story that has been published with respect to alleged hacking of the phone of Mr. Jeff Bezos," and calling for a "full investigation" if the story is true.
"Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance," the company said.
The U.N. statement noted that the alleged hacking of Bezos' phone was "consistent with the widely reported role of the crown prince in leading a campaign against dissidents and political opponents."
The accusations also carry echoes of a 2019 U.S. criminal case against two Twitter employees and a Saudi national who accessed private accounts of certain users critical of the Saudi royal family that they then shared with the kingdom's authorities.
While Prince Mohammed has spearheaded a sweeping social and economic reform agenda for the oil-rich kingdom, human rights groups criticize his simultaneous crackdown on activists and dissidents inside and outside Saudi Arabia, as evidenced by increased arrests and the reported overseas hacking campaigns.
The FTI report in its first page names al-Qahtani, the former advisor, as a potential culprit, noting his role as president and chairman of the Saudi Federation for Cybersecurity, Programming and Drones during the time of the Bezos hack. Al-Qahtani is sanctioned by the U.S. for his suspected role in the murder of Khashoggi, and led a large-scale online campaign against Bezos and the Post via Twitter bot attacks and boycotts of Bezos companies.
"The hacking of Mr. Bezos' phone occurred during a period, May-June 2018, in which the phones of two close associates of Jamal Khashoggi, Yahya Assiri and Omar Abdulaziz, were also hacked, allegedly using the Pegasus malware," the UN statement said.