UN human rights experts have demanded an immediate investigation into allegations Saudi Arabia’s crown prince hacked Amazon boss Jeff Bezos’s phone.
They said Mohammed bin Salman should also be investigated for “continuous, direct and personal efforts to target perceived opponents”.
A message from a phone number used by the prince has been implicated in a breach of Mr Bezos’s data.
The kingdom’s US embassy has denied the “absurd” story.
But the independent UN experts – Agnes Callamard, special rapporteur on summary executions and extrajudicial killings, and David Kaye, special rapporteur on freedom of expression – said the crown prince’s “possible involvement” had to be investigated.
Relations between Saudi Arabia and Mr Bezos – who also owns the Washington Post – worsened after Jamal Khashoggi, a prominent critic of the Saudi government and one of the newspaper’s staff, was murdered in the Saudi consulate in Istanbul in 2018.
The killing took place months after the alleged cyber-hack took place.
Mr Bezos’s phone was hacked after he received a WhatsApp message in May 2018 that was sent from the crown prince’s personal account, according to the Guardian newspaper, which broke the story.
An investigation into the data breach reportedly found that the billionaire’s phone began secretly sharing huge amounts of data after he received the encrypted video file.
What did the experts say?
In a statement, Ms Callamard and Mr Kaye said: “The information we have received suggests the possible involvement of the crown prince in surveillance of Mr Bezos, in an effort to influence, if not silence, the Washington Post’s reporting on Saudi Arabia.”
It said the allegations reinforced “other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities”.
The experts linked the case heavily to the Khashoggi murder, saying the Post reporter’s phone had been hacked at the same time as Mr Bezos’s.
They said there had been “a massive, clandestine online campaign against Mr Bezos and Amazon, apparently targeting him principally as the owner of the Washington Post”.
The statement also called for “rigorous control” of the “unconstrained marketing, sale and use of spyware”.
How did the alleged hack take place?
The UN experts cited “a 2019 forensic analysis of Mr Bezos’ iPhone that assessed with ‘medium to high confidence’ that his phone was infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilised personally by Mohammed bin Salman”.
The crown prince and Mr Bezos had reportedly exchanged numbers a month earlier and within hours of the MP4’s arrival, there was a “massive and unprecedented exfiltration of data” from Mr Bezos’s phone.
The analysis cited by the experts says the crown prince then “sent WhatsApp messages to Mr Bezos… in which he allegedly revealed private and confidential information about Mr Bezos’ personal life”.
Private information was then leaked to the American tabloid, the National Enquirer. In February 2019 Mr Bezos accused it of “extortion and blackmail” after it published text messages between him and his girlfriend, former Fox television presenter Lauren Sánchez.
A month earlier he and MacKenzie Bezos, his wife of 25 years, had announced that they planned to divorce having been separated for a “long period”.
What have the Saudis and Bezos said?
The Twitter account of the kingdom’s US embassy issued an outright denial of the allegations against the crown prince.
“We call for an investigation on these claims so that we can have all the facts out,” the embassy said.
Mr Bezos has made no response to the UN experts’ statement, but did tweet an image of himself with Khashoggi’s fiancée, along with the tag #Jamal:
Phone hacking ‘all too common’
Analysis by Jane Wakefield, BBC News technology reporter
A hack such as this was “horribly easy to do once the vulnerability involved had been discovered,” says computer expert Prof Alan Woodward. The seemingly innocent video would have contained malware that surreptitiously installed itself on the targeted phone.
From there it would have been possible for the hacker to gain access to all the functions of the phone, from the GPS locator, to the camera, to the banking facilities and messaging apps.
Such access is made possible via bugs in the code and, last year, a security flaw in WhatsApp was revealed that would have allowed hackers to hide malicious code inside video files.
Phone hacking is, says Prof Woodward, all too common in certain countries that are keen to keep an eye on journalists, dissidents and other activists perceived to be a threat to their regimes. So-called stalkerware is available off the shelf to these governments.
But what about the involvement of the Saudi crown prince? Was it really him who installed the malware? It is unlikely that he set the phone up himself. So was his phone also being spied on? Or was he simply a vessel being used by the Saudi authorities?
The plot thickens.
Timeline of Bezos-Saudi dispute
- Jun 2017 – Jamal Khashoggi flees Saudi Arabia and goes into self-imposed exile in the US
- Sept 2017 – Khashoggi starts writing for the Washington Post, criticising the polices of Mohammed bin Salman
- Apr 2018 – Mr Bezos attends a dinner with the crown prince and they exchange numbers
- 1 May 2018 – Mr Bezos receives an encrypted MP4 video file allegedly sent from the crown prince’s personal WhatsApp account. Mr Bezos’s data leaks out
- 2 Oct 2018 – Jamal Khashoggi is murdered inside the Saudi consulate in Istanbul
- Nov 2018-Feb 2019 – Prince Mohammed sends Mr Bezos WhatsApp messages allegedly revealing private and confidential information about Mr Bezos’ personal life
- Jan 2019 – The National Enquirer publishes an exposé of Mr Bezos’ extramarital affair with Lauren Sanchez
- Feb 2019 – Mr Bezos accuses the National Enquirer of “extortion and blackmail”. Its publisher says it acted lawfully
- Jan 2020 – UN experts call for an inquiry into the crown prince’s alleged involvement in the hack