UN experts are demanding an immediate investigation by the US into evidence indicating that Jeff Bezos, the billionaire owner of the Washington Post, was hacked with spyware deployed in a WhatsApp message sent from the personal account of Saudi Arabia’s crown prince, Mohammed bin Salman.
The special rapporteurs – Agnès Callamard and David Kaye – said in a joint statement they were “gravely concerned” by evidence they had reviewed about the apparent surveillance of Bezos in what they described as a possible “effort to influence, if not silence, the Washington Post’s reporting on Saudi Arabia”.
The statement was released after the Guardian revealed on Tuesday that Bezos, who is chief executive of Amazon and the world’s richest man, appeared to have had his mobile phone “hacked” in 2018 after receiving a message apparently sent from the personal WhatsApp account of Prince Mohammed.
In one of the most extraordinary disclosures, the UN rapporteurs said that, according to forensic analysis, the “crown prince sent WhatsApp messages” to Bezos, in November 2018 and February 2019, “in which he allegedly revealed private and confidential information about Mr Bezos’ personal life that was not available from public sources”.
An annexe to their report provided further details of an alleged incident in November 2018 when a single photograph was texted to Bezos from the crown prince’s WhatsApp account “along with a sardonic caption”. The image, according to the UN rapporteurs, was of “a woman resembling the woman with whom Bezos is having an affair, months before the Bezos affair was known publicly”.
Two months later, in January 2019, the National Enquirer published a special edition that exposed the affair. AMI, which owns the US supermarket tabloid, has denied any “third party” was involved in influencing its reporting.
In a day of dramatic developments that threatened to deepen the crisis for Saudi Arabia, the UN rapporteurs:
• Released details of advanced technical analysis that established “grounds for a reasonable belief” that Bezos was the victim of “intrusive surveillance via hacking of his phone as a result of actions attributable to the WhatsApp account used by Crown Prince Mohammed bin Salman”.
• Said Bezos’s iPhone was believed to have been infected by malware on 1 May 2018 via an MP4 video file sent from the crown prince. Within hours of receipt of the MP4 video file, a huge “exfiltration” of data began. The amount of data leaving the phone increased enormously and continued undetected for several months.
• Alleged that the “most likely explanation” for the huge amount of data exiting the phone was that it had been infiltrated by spyware such as that developed by NSO Group, a private Israeli surveillance company. The assessment was attributed to “expert analysis of likelihood of cyberweapons”. NSO immediately denied involvement, saying: “We can say unequivocally that our technology was not used in this instance.”
• Issued a stark warning to prominent attendees of the World Economic Forum at Davos, several of whom are known to have recently met with the crown prince. Callamard said she wanted to “raise the alarm” for people around the world who have had dealings with Saudi Arabia about the “fragility of their electronic systems”.
Speaking to the Guardian about the Davos agenda, Callamard said: “I am disappointed the organisers did not put any emphasis on the question of surveillance on their agenda.” She added: “They are all extremely vulnerable.”
She said the revelation that the future king of Saudi Arabia might have had a personal involvement in the targeting of the billionaire owner of the Washington Post should put a renewed spotlight on the murder of Jamal Khashoggi.
Khashoggi, a Washington Post journalist, was killed in October 2018, five months after the alleged “hack” of Bezos’s iPhone.
Callamard is UN special rapporteur on summary executions and extrajudicial killings, and the author of a previous report that detailed credible evidence for Saudi Arabia’s involvement in the premeditated murder of Khashoggi in its consulate in Istanbul. The crown prince denies any involvement in the killing.
Callamard said she had previously stopped short of making determinations about the precise nature of Prince Mohammed’s involvement in the Khashoggi murder.
But the latest information, if correct, placed “the crown prince at the heart of a campaign of surveillance and hacking”, she said.
Prior to the release of the UN statement on the suspected hacking, Saudi Arabia had dismissed the Guardian’s reports about the apparent involvement of the kingdom’s heir as “absurd”.
The kingdom’s embassy in Washington said: “We call for an investigation on these claims so that we can have all the facts out.”
Callamard and Kaye, who is the UN special rapporteur on freedom of expression, also provided more information about the apparent nature of the surveillance of Bezos’s iPhone, saying technical experts had assessed with “medium to high confidence” that it was infiltrated via an MP4 video file sent from a WhatsApp account used by the crown prince.
According to a detailed timeline provided by the UN rapporteurs, Bezos met with Prince Mohammed at a “small dinner” in Los Angeles on 4 April 2018. The pair exchanged phone numbers “that correspond to their WhatsApp accounts”, the UN experts said.
Weeks later, on 1 May, a message was sent from the crown prince’s WhatsApp account to Bezos, the UN explained.
“The message is an encrypted video file,” the UN timeline states. “It is later established, with reasonable certainty, that the video’s downloader infects Mr Bezos’ phone with malicious code.”
Within hours of receipt of the malicious file, the technical analysis indicated a “massive” and “unprecedented” exfiltration of data from the billionaire’s phone which continued for several more months.
In their statement, the UN rapporteurs said: “The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by US and other relevant authorities of the allegations that the crown prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr Khashoggi in Istanbul.
“At a time when Saudi Arabia was supposedly investigating the killing of Mr Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr Bezos and Amazon targeting him principally as the owner of the Washington Post.”
WhatsApp is currently suing NSO. The Facebook-owned messaging company accuses NSO of being behind secret attacks on more than 100 human rights activists, lawyers, journalists and academics.
NSO has in the past vigorously defended itself against the WhatApp lawsuit, and has said repeatedly that its signature surveillance software, which is known as Pegasus, is used solely as a law enforcement tool that could help prevent crime and terrorist attacks.
In a statement released on Wednesday the company said it was “shocked and appalled” by the report of the hacking of Bezos’s phone but insisted “our technology was not used”.
It said: “If this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse. Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance.”
According to the UN special rapporteurs, the Saudi Royal Guard “acquired from NSO Group” its Pegasus spyware in November 2017 and it is believed to have been involved in the targeting of Saudi dissidents. Their statement said: “The hacking of Mr Bezos’ phone occurred during a period, May-June 2018, in which the phones of two close associates of Jamal Khashoggi, Yahya Assiri and Omar Abdulaziz, were also hacked, allegedly using the Pegasus malware.”
The UN rapporteurs added: “Surveillance through digital means must be subjected to the most rigorous control, including by judicial authorities and national and international export control regimes, to protect against the ease of its abuse. It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology.”
Have you got new information about this story? You can message Guardian investigations using Signal or WhatsApp: +447584640566. For the most secure communications, use SecureDrop. You can also email: email@example.com.