30/09/2020

Reports that Amazon CEO Jeff Bezos’ phone was infected by malware because of a link he was sent by the Saudi crown prince should give all of us pause.

For a notoriously private man, Jeff Bezos has one heck of a knack for turning his personal life into global headlines.
The latest development in the ongoing soap opera of the worlds richest man is his allegation that his phone was hacked and all its data exfiltrated via a video sent via WhatsApp by the de facto ruler of Saudi Arabia, Crown Prince Mohammed bin Salman, in May 2018, according to an investigation.
Most of the questions that first jump to mind on learning this revelation, assuming the forensic analysts hired by Bezos have found the right culprit, revolve around Bezos himself.
Firstly, doesnt it seem a bit odd that the Saudi crown prince and the Amazon founder have been sharing memes via WhatsApp?
More urgently, given that Bezos allegedly spent a large part of the last year trying to find out who had passed nude photographs of him to a tabloid, is it really possible the ultraconservative government of Saudi Arabia had a hand in it?
And finally: How weird is geopolitics going to get?
Once we dismiss these top questions, though, this story is far more serious than it appears at first. Saudi Arabias efforts to hack the CEO of a major corporation if confirmed are deeply unconventional. Traditionally, heads of state are kept at some remove from espionage efforts, largely so that, if the espionage is discovered, it can be blamed on (or at least explained away by) intelligence agencies acting beyond their mandate.
If your government gets caught in some electronic surveillance of a supposed ally, youre inevitably as outraged as your ally is. Heads will roll! Youd never have dreamed of sanctioning it! Everyone knows your outraged response is a fiction, and everyone engages in that sort of spycraft a senior U.S. official once handed over the phone numbers of 35 world leaders from a list of personal cellphone contacts to the NSA for surveillance purposes but pretending that we dont keeps things polite.
By contrast, its hard to disavow intelligence operations as a world leader when your own mobile phone was used to carry them out. It also makes anyone else in your contact book somewhat anxious and should make us anxious, too. CNN reported last year that Saudi officials confirmed that President Donald Trumps son-in-law and senior adviser, Jared Kushner, also used WhatsApp to communicate with the Saudi leader, after Kushners lawyer admitted as much to the House Oversight Committee. The United Kingdom’s media has also reported that Prime Minister Boris Johnson is believed to have exchanged WhatsApp messages with the Saudi crown prince.
Trump, of course, is known for having a penchant for handing out his private cellphone number on a whim to world leaders; theres even concerns the president himself could have left himself vulnerable to hacking by the Saudis (or others). Hes already been warned that the Russians and the Chinese have listened in on phone calls he makes on the personal cellphone he maintains from before his time in office, and his former chief of staff, John Kelly, had his cellphone hacked in late 2016 or early 2017.
Bezos is just the only victim of the powerful crown princes personalized hack that we know about now.
A broader issue is that Saudi Arabia is not in the top tier when it comes to online espionage in fact, its distinctly in the second tier. If they can so easily get hold of almost all the private information of the worlds richest man a tech billionaire who surely has excellent private security we need to all ask ourselves what the top-tier state hackers are capable of.
That top tier certainly includes the U.S., U.K. and Israel but also nations such as China and Russia, neither of whose capabilities should be judged by some of their cruder social media efforts. Amateurish efforts are the ones we find out about; the professional operations almost never get caught.
The reality is likely that, for high-value targets, both privacy and private information are almost certainly already dead. Given that much of the competitive advantage of U.S. companies lies in their intellectual property and research and development spending, the consequences of that could be seismic.
There is more immediate trouble for the rest of us, too. What starts with the elite eventually becomes reality for the masses and that counts for the bad as well as for the good. And, the democratization of cellphone hacking has already started. (The usual culprits known to be spying on regular peoples phones are rarely good: controlling partners or dangerous exes.)
Cellphone surveillance is already the reality for too many women it is overwhelmingly, but not exclusively, women who are seemingly subjected to this and their phones are subject to similar types of targeted malware as that discovered by Bezos.
The deployment of targeted malware will only become more prevalent as it gets better known and easier to do, and as the cat-and-mouse game between phone developers and those seeking to exploit security holes continues, to the benefit of people with the basest of motivations.
Few motivations could be as base as the potential ones of the Saudi crown prince. Bezos might be best known as the founder of Amazon, but he was also the owner of The Washington Post the newspaper at which Jamal Khashoggi, a prominent critic of the Saudi government, was a respected contributor.
Khashoggi was murdered and dismembered in October 2018, reportedly on the order of the crown prince himself (which he has denied). The Washington Post, which is owned by Bezos, was one of the most prominent voices reporting on and calling in vain for that action to have consequences; the use of the information likely gathered from Bezos phone after its hacking only began after Khashoggis murder, according to the investigation. Like any low-grade thug or bully, it seems the crown prince was looking for some way to silence those who would call him out.
Our lives are in our phones, and theyre not safely held there. Its the lowest of us that will seek to exploit that and if Bezos isnt safe from it, none of us are. We should worry more about that.