A new United Nations report says a mobile hacking tool built by mobile spyware maker, the NSO Group, was “most likely” used to hack into the Amazon founder Jeff Bezos’ phone.
The report, published by U.N. human rights experts on Wednesday, said the Israeli-based spyware maker likely used its Pegasus mobile spyware to exfiltrate gigabytes of data from Bezos’ phone in May 2018, about six months after the Saudi government first obtained the spyware.
It comes a day after reports emerged, citing a forensics report commissioned by the Amazon founder, that the malware was delivered from a number belonging to Saudi crown prince Mohammed bin Salman. The report said it was “highly probable” that the phone hack was triggered by a malicious video sent over WhatsApp to Bezos’ phone.
Within hours, large amounts of data on Bezos’ phone had been exfiltrated.
NSO Group said in a statement that its technology “was not used in this instance,” saying its technology “cannot be used on U.S. phone numbers.” The company said any suggestion otherwise was “defamatory” and threatened legal action.
But the report left open the possibility that technology developed by another mobile spyware maker may have been used.
U.N. experts Agnes Callamard and Davie Kaye, who authored the report, said the breach of Bezos’ phone was part of “a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities.”
The Saudi government has rejected the claims, calling them “absurd.”
Forensics experts are said to have began looking at Bezos’ phone after he accused the National Enquirer of blackmail last year. In a tell-all Medium post, Bezos described how he was targeted by the tabloid, which obtained and published private text messages and photos from his phone, prompting an investigation into the leak.
The subsequent forensic report, which TechCrunch has not yet seen, claims the initial breach began after Bezos and the Saudi crown prince exchanged phone numbers in April 2018, a month before the hack.
The report said several other prominent figures, including Saudi dissidents and political activists, also had their phones infected with the same mobile malware around the time of the Bezos phone breach. Some whose phones were infected including those close to Jamal Khashoggi, a prominent Saudi critic and columnist for the Washington Post — which Bezos owns — who was murdered five months later.
“The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post’s reporting on Saudi Arabia,” the U.N. experts said.
U.S. intelligence concluded that bin Salman ordered Khashoggi’s death.
The U.N. experts said the Saudis purchased the Pegasus malware, and used WhatsApp as a way to deliver the malware to Bezos’ phone.
WhatsApp, which is owned by Facebook, filed a lawsuit against the NSO Group for creating and using the Pegasus malware, which exploits a since-fixed vulnerability in the the messaging platform. Once exploited, sometimes silently and without the target knowing, the operators can download data from the user’s device. Facebook said at the time more than the malware was delivered on more than 1,400 targeted devices.
The U.N. experts said they will continue to investigate the “growing role of the surveillance industry” used for targeting journalists, human rights defenders, and owners of media outlets.
Amazon did not immediately comment.