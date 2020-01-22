The world’s richest person, Jeff Bezos, worth some US$116.7 billion (£89 billion), founder of Amazon and owner of the Washington Post, is alleged to have had his phone hacked in 2018 after receiving a video file sent to him from the WhatsApp account of Saudi Arabia’s crown prince, Mohammed bin Salman, who controls the Saudi royal family’s estimated US $1.4 trillion (£1 trillion) fortune.

Digital forensic analysis found large amounts of data were exfiltrated from Bezos’s phone within hours of him receiving the video file according to a report in The Guardian newspaper. Bezos’ Washington Post employed the journalist Jamal Khashoggi, who was murdered in the Saudi consulate in Istanbul in October 2018.

The BBC has reported the kingdom's US embassy saying the stories are "absurd" and called for an investigation into them.

The Guardian also reported Ron Wyden, a Democratic senator from Oregon in the US describing the move as "part of a growing trend", citing reports that Saudi Arabia had acquired cyber-hacking capabilities from Hacking Team, based in Italy, and Israel’s NSO Group. A lawsuit ws filed against NSO by What’sApp alleging that 1,400 users - including 100 journalists, human rights activists and academics - were hacked over a two-week period between April-May 2019 using NSO malware, a claim NSO disputes saying its technology is intended to be used only to fight crime and terrorism. NSO's Pegasus spyware is used by at least 45 countries, and there have been previous reports by SC of its use against human rights organisations.

Jake Moore, cybersecurity specialist at ESET emailed SC to observe: "This has all the hallmarks of the Pegasus spyware, which is a very sophisticated malware. When run on a device you will likely have no idea of what has just happened. Engineering a file to look like a photo or video that has come from a contact is the perfect way of executing the malware, so no doubt Bezos was unaware what had just occurred.

"This particular spyware is used on highly targeted individuals and so people of high value or wealth need to be extremely cautious of such tactics used. Bezos may well have innocently clicked on the file in the message, but extreme caution should always be adhered to whenever something is received. Although difficult to reduce the risk, anyone who is a possible target, including people in the media and politicians, should always be aware of the risks.

"Groups such as the NSO are very capable of carrying out vulnerability checks on operating systems and are always out to exploit and weaknesses found before they are patched."

In an email to SC, Girish Bhat, VP of product marketing, at MobileIron, adds, "It is easy to conjure conspiracy theories when confidential data from a high profile individual is exposed.

"This is a classic phishing attack that used secure messaging as the attack vector and was designed to siphon user data from a high net worth individual, viz. Jeff Bezos. Phishing is the number one cyber-attack vector; the 2019 Data Breach Investigations Report revealed that phishing was involved in 32 percent of confirmed breaches, as well as 78 percent of cyber-espionage incidents.

"Mobile users are more susceptible to phishing attacks, as they are more likely to click on a malicious URL, which can give hackers access to all the user’s corporate and personal apps and data on the device. After a mobile device is compromised, it is relatively easy to use compromised credentials to initiate account take over (ATO) and then siphon sensitive information. Based on our understanding of this attack, a mobile-centric, zero trust platform with native mobile threat defence capabilities would protect users from these types of attacks."