Bezos Phone Hack May Have Been About Economic Espionage, Not Jamal Khashoggi

On January 22, United Nations human rights experts Agnes Callamard, UN Special Rapporteur on summary executions and extrajudicial killings, and David Kaye, UN Special Rapporteur on freedom of expression, issued a statement linking the May 2018 hacking of Jeff Bezos’s mobile phone to Saudi Crown Prince Mohammad bin Salman, known in shorthand as MBS. The statement explained that, “The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia.”

The UN statement goes on to declare, “At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post."

Economic Espionage Targeted At A Corporate Executive

A close review of the timeline of events, however, suggests that the hacking probably had nothing to do with Jamal Khashoggi; it was more likely economic espionage by a nation state against one of America’s top executives. It is quite possible that the hack of Amazon’s chairman, CEO, and president’s phone was conducted to get information about whether he was planning on establishing a major Amazon Web Services (AWS) center in Saudi Arabia.

AWS’s plans for centers in Bahrain and the UAE had already been reported, and press reports surfaced in December 2017 and January 2018 that AWS was considering Saudi Arabia for its third location. Establishing Saudi Arabia as a tech nation in the Middle East was an important goal for MBS and his Vision 2030 to diversify the country’s economy and reduce its dependency on oil.

Two notable events preceded the hack. MBS visited Mr. Bezos in Seattle on March 30, 2018 and discussed opportunities for Amazon to invest in Saudi Arabia, and on April 4, 2018, Bezos and MBS had dinner in Los Angeles and exchanged cell phone numbers and brief messages. On May 1, 2018, Mr. Bezos received a WhatsApp message from MBS’s account that contained a video file. FTI Consulting subsequently performed an analysis of Mr. Bezos’s phone and concluded that the message from MBS contained an unidentified capability that enabled data to be exfiltrated from the phone. The FTI report noted that “within hours of the encrypted downloader being received, a massive unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter.”

Timeline of Events Between MBS and Bezos

The timeline of events below clearly shows that the attack and exfiltration began shortly after the two meetings between MBS and Bezos. At this point in time, Jamal Khashoggi was not an issue between the two men. Khashoggi had only written his first article for The Washington Post six months earlier, on September 18, 2017. It is doubtful that Jeff Bezos’s phone contained important information about Jamal Khashoggi or his writings for the Post, but it probably did contain communications between Mr. Bezos and his senior team regarding his recent meetings with MBS, his thoughts about investing in Saudi Arabia, and his direction to his team. MBS most certainly was interested in how he had fared in his meetings with Bezos and whether he had successfully lured AWS to Saudi Arabia.  Thus, within weeks of the meeting and dinner, MBS’s account was used to send the WhatsApp message and video to Mr. Bezos to enable data from the phone to be exfiltrated.

When reviewing the timeline, it is important to note that there was a large exfiltration of data from Mr. Bezos’s phone on September 27, 2018, just days before Jamal Khashoggi was killed, but there were no exfiltrations after his murder until mid-February 2019, four and half months later. During this gap period, The Washington Post was aggressively reporting on Khashoggi’s murder, related investigations, and intelligence findings.  If MBS was blaming Mr. Bezos for the bad press he was receiving, he surely would have been interested in the contents of Mr. Bezos’s phone during this time period. 

On February 7, 2019, Bezos stated in an online letter that The Washington Post was a “complexifier” for him, noting that, “It’s unavoidable that certain powerful people who experience Washington Post news coverage will wrongly conclude I am their enemy.” On February 16, the FTI report notes that Bezos received another message from MBS’s WhatsApp account stating that “…there is nothing against you or amazon from me or Saudi Arabia.” 

The exfiltrations resumed just two days after that message and continued until a few months prior to the AWS launch of its Middle Eastern region.  The Amazon press release about its new Middle East region contains considerable detail about the governments and organizations involved in the new AWS region. The deals that were being finalized leading up to this launch were surely of interest to MBS, since these entities would be spending money with AWS in Bahrain and the UAE instead of Saudi Arabia.

The Washington Post ran an article on October 27, 2019 about Bezos and MBS and the stalled Saudi AWS deal valued at $1 billion. The article discussed the accusation made by Bezos’s security consultant, Gavin De Becker, that the “Saudi government has been intent on harming Jeff Bezos since…The Post began its relentless coverage of Khashoggi’s murder.”  In contrast, the Post states, “In the months since, no evidence has emerged to bolster the theory that the Saudis used information hacked from Bezo’s phone in a campaign against the billionaire, possibly including the photos that the Enquirer threatened to publish.”

It is more likely that the Saudi’s were engaged in economic espionage instead of revenge tactics. 

Cyberattacks By Nation States: First the Company And Now The Executives?

Cyberattacks by nation states against companies have increased significantly over the past several years. A 2019-2020 report released by Radware this month indicates that out of 561 respondents, 27% said they believed they had been hit by a cyberattack from a nation state.  In July 2019, Microsoft reported they had notified nearly 10,000 users that they had been targeted or compromised by nation state sponsored hacking groups, primarily from Iran, Russia, and North Korea.  The 2019 Verizon Data Breach Study indicates that nation states or actors acting at their behest are responsible for 23% of data breaches, up from 12% in 2017.

These attacks represent a huge threat to the United States’ national and economic security. Up until now, however, these attacks have primarily targeted corporate servers and networks.  Attacks against the personal devices of executive’s are less common. 

The Bezos incident should cause industry chiefs around the globe to stop in their tracks and get serious about ensuring their cybersecurity programs are robust, well-funded, well governed, and have mobile device management technologies deployed to manage personal devices.  The use of text messaging and WhatsApp also should not be used for business purposes. As convenient as these apps may be, they increase the risk of economic espionage. Executives also should take note of the tips for protecting mobile phones that Matthew Green, a Johns Hopkins computer science professor and cybersecurity expert, shared with NPR.     

Companies also should examine whether they should stop doing business with countries that engage in economic espionage — whether it is against them or other organizations. Losing intellectual property (IP) and confidential and proprietary data can have far greater financial consequences than quarterly revenues received. It is one thing for governments to engage in intelligence gathering activities, but it moves to another level when governments target corporate captains. We have to be a team.

Economic espionage is one of the most important issues of our time. Evan Anderson, CEO of INVNT/IP, whose analysis of IP theft in China served as the foundation for the most-watched investigative 60 Minutes program, has little doubt about the deep implications of this emerging dynamic. “If companies and countries in the free world do not stand up to this behavior as a group, we will enter a new reality that will definitely impact America’s competitiveness,” he notes. Pointing out that interactions with China over the past couple of decades has produced some positive results, but it has been hard work to acheive a few gains, he adds, “This is an economic problem that demands an economic solution; diplomatic solutions are not enough.” It is worth considering. This approach could set a valuable example for the rest of the world.