From goodwill to bad blood: How Mohammed Bin Salman used a U.S. publicity tour to hack Jeff Bezos
In the spring of 2018, Saudi Arabia’s crown prince, Mohammed Bin Salman, arrived in the U.S. for a three-week cross-country tour to pitch a progressive vision for his kingdom, including an economic plan less reliant on oil, and to charm America’s elite.
He visited MIT and Harvard, talked space travel with Richard Branson and hobnobbed with celebrities, including Oprah Winfrey, according to media reports. The crown prince also met with business executives, including Amazon.com Chief Executive Officer Jeff Bezos.
It was an encounter likely weighted with tension. Both Amazon’s e-commerce site as well as its most profitable business, Amazon Web Services, had been pushing to expand in the Middle East, including in Saudi Arabia. At the same time, Jamal Khashoggi, a columnist at the Bezos-owned Washington Post, had written columns sharply critical of the crown prince including one, while Bin Salman was visiting the U.S., saying that “replacing old tactics of intolerance with new ways of repression is not the answer.” They met at a small dinner in Los Angeles on April 4. It’s not clear what the two men talked about, but it apparently went well enough that they exchanged phone numbers.
Nearly four weeks later, on May 1, Bezos received a WhatsApp message from the crown prince’s account, which arrived “unexpectedly and without explanation, meaning it was not discussed by the parties in advance of being sent,” according to a November 2019 report by FTI Consulting Inc., a business advisory firm, which was published by Vice.
The message included a 4.22 MB video. Within hours of receiving it, “a massive and unauthorized exfiltration of data from Bezos’s phone began,” according to the report.
News of the alleged hack was reported by The Guardian on Tuesday and confirmed Wednesday by two United Nations experts, who said in a statement, “The information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia.”
The Saudi Embassy has denied involvement in the hack, calling the allegations “absurd.”
The details from the U.N. statement add a remarkable twist to last year’s already remarkable accusation by Bezos that the National Enquirer tried to blackmail him by threatening to publish embarrassing personal photos and texts from him a month after it published an article saying he was having an extramarital affair.
Bezos’s security team launched an investigation into how the texts leaked, led by security consultant Gavin de Becker. It didn’t take long for De Becker to home in on Saudi Arabia. De Becker said the Saudi government was targeting Bezos as the owner of the Washington Post.
A few months earlier, in October 2018, Khashoggi was murdered by agents of the Saudi government and the Washington Post published “ever-expanding revelations” about the role of the Saudi government and of the crown prince personally, according to the U.N. experts. That was soon followed by an online campaign against Bezos: In November 2018, the top-trending hashtag on Saudi Twitter was “Boycott Amazon.”
On Nov. 8, 2018, Bezos received another message from the crown prince’s WhatsApp account, when Bezos and his wife were exploring a divorce and before his marital problems became public, according to the FTI Consulting report. It showed a picture of a woman who resembled Lauren Sanchez, with whom Bezos was having a then-secret relationship, and read: “Arguing with a woman is like reading the Software License Agreement. In the end you have to ignore everything and click I agree,” according to the report.
De Becker’s inquiry included interviews with current and former executives at the National Enquirer’s parent company, American Media Inc., discussions with Middle East experts and cybersecurity officials who have tracked Saudi spyware. He concluded, in a March 30, 2019 column in the Daily Beast “with high confidence that the Saudis had access to Bezos’ phone and gained private information.”
But the investigation wasn’t over. De Becker hired FTI Consulting on Feb. 24, 2019 to do an analysis of Bezos’ iPhone X, according to the company’s report. The analysis was conducted in a “well-equipped and secure lab environment, including forensic imaging of Bezos’ phone and analysis of phone behavior in a sandboxed network,” the report says.
What the FTI investigators found was that the amount of data being transmitted out of Bezos’s phone changed dramatically after receiving the video file from the crown prince’s account. His phone averaged about 430 KB of egress per day in the six months prior to receiving the WhatsApp video. Hours later, the egress jumped to 126 MB, according to the report.
The FTI Consulting report was completed in November, and was passed along to experts at the U.N. who were already looking into the Khashoggi murder. One of those experts, David Kaye, the U.N. special rapporteur on the promotion and protection of the right to freedom of opinion and expression, said evidence shared with his team was reviewed by four independent experts, who asked some questions of the authors, leaving the U.N. team ultimately satisfied with the results.
Kaye said they sent a letter to the Saudi government warning that their statement was coming.
“The allegations here are very grave, they’re about a foreign government compromising the communications account of a phone of an American citizen,” Kaye said in an interview. “There’s clearly enough for federal authorities to examine this.”
The crown prince hasn’t yet addressed the allegations. But on Feb. 16, 2019, two days after Bezos had received a briefing on the Saudi online campaign against him, his WhatsApp account sent another message to Bezos telling him to be skeptical of what he was hearing.
“Jeff all what you hear or told to it’s not true and it’s matter of time tell you know the truth,” the message says, according to the FTI Consulting report. “There is nothing against you or Amazon from me or Saudi Arabia.”
More must-read stories from Fortune:
—A.I. in China: TikTok is just the beginning
—Inside big tech’s quest for human-level A.I.
—Medicine by machine: Is A.I. the cure for the world’s ailing drug industry?
—A.I. breakthroughs in natural-language processing are big for business
—A.I. is transforming the job interview—and everything after
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.