tech2 News StaffJan 23, 2020 08:24:29 IST
UN experts have demanded an immediate investigation by US and other authorities into allegations that Saudi Arabia's crown prince was involved in a plot to hack the phone of Amazon boss Jeff Bezos.
The UN special rapporteurs, Agnes Callamard and David Kaye said on Wednesday that they had information pointing to the "possible involvement" of Crown Prince Mohammed bin Salman in the alleged 2018 cyberattack.
Saudi officials dismissed the allegations as absurd.
Callamard, the special rapporteur for extra-judicial killings, and Kaye, special rapporteur for free expression, said the allegation of Saudi involvement "demands an immediate investigation by the US and other relevant authorities".
They said a forensic analysis of the alleged hacking, which a person familiar with the matter said had been commissioned by Bezos, concluded his phone was probably hijacked by a malicious video file sent from a WhatsApp account purportedly belonging to the crown prince in April or May of 2018.
The rapporteurs said the analysis, which they deemed credible, found that within hours of receiving the video there was "an anomalous and extreme change" in the device's behaviour, with the level of outgoing data from the phone jumping nearly 300-fold.
The allegations could further damage relations between billionaire tech tycoon Bezos and Riyadh, and risk harming the kingdom's reputation with foreign powers and investors.
The alleged cyberattack is said to have taken place months before the October 2018 murder of Saudi journalist Jamal Khashoggi, a columnist for the Bezos-owned Washington Post and a critic of the crown prince.
The CIA believed that Prince Mohammed ordered the killing of Khashoggi, sources told Reuters weeks later. He was murdered in the Saudi consulate in Istanbul by Saudi agents and his body dismembered.
Prince Mohammed, or MbS, said last year that the killing was carried out by rogue operatives and that he did not order it.
Saudi Foreign Minister Prince Faisal bin Farhan Al Saud dismissed the allegations of the prince's involvement in any phone hack of Bezos.
"I think 'absurd' is exactly the right word," he told Reuters in an interview in Davos. "The idea that the crown prince would hack Jeff Bezos’ phone is absolutely silly."
The special rapporteurs, who released their findings in a statement, report to the UN Human Rights Council but they are independent watchdogs and not UN officials.
Their recommendations are not binding on countries, though are widely seen as carrying moral weight.
They stopped short of identifying which specific technology might have been used in the alleged hack, but said software like that made by Israeli company NSO Group or Italian spyware maker Hacking Team could potentially have been deployed.
NSO denied its technology was used in the alleged hack.
"We know this because of how our software works and our technology cannot be used on US phone numbers," it said. "Our products are only used to investigate terror and serious crime."
After a merger last year, Hacking Team is now part of Swiss-Italian cyber intelligence firm Memento Labs. Memento Labs' head, Paolo Lezzi, was not immediately available to comment but has previously said he has no knowledge of Hacking Team's former operations.
tech2 also reached out to the Head of Products Vulnerabilities at Check Point, Oded Vanunu, about social media platforms being used for hacking. He said:
“The use of popular Social apps to infect people with malware is a trend we foresaw and alerted about for more than a year. As we proved ourselves in our WhatsApp research of last December and our research on the app from August 2018 - malicious links could have been sent through some vulnerabilities which existed on the platform (until they were fixed following our cooperation with Facebook) and manipulation of content was optional to a certain extent. We believe that this mean of operation is extremely likely to take place with targeted attacks against individuals which use these apps. The prices bad actors are willing to pay for vulnerabilities In such popular platforms (which hold data of billions of people worldwide) are in the rise, and the exploits of these bugs can serve as a very effective cyber weapon. Comprehensive cyber security requires designated solutions for all current and upcoming digital platforms, and the more common and widespread they become- the more sophisticated and challenging this task is”.
In another previous flashpoint between the Amazon founder and Riyadh, Bezos' security chief said last year that the Saudi government had gained access to his phone and leaked messages to U.S. tabloid the National Enquirer between Bezos and Lauren Sanchez, an ex-TV anchor who the newspaper said he was dating.
A month before, Bezos had accused the newspaper's owner of trying to blackmail him with the threat of publishing "intimate photos" he allegedly sent to Sanchez.
The Saudi government has denied having anything to do with the National Enquirer reporting.
Saudi Arabia's US embassy also dismissed the allegations.
"We call for an investigation on these claims so that we can have all the facts out," it said in a message posted on Twitter.
Amazon declined to comment.
With inputs from Reuters
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.