2020.01.22;三Ja22: Jeff Bezos's phone 'hacked by Saudi crown prince' | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit login
Jeff Bezos's phone 'hacked by Saudi crown prince' (theguardian.com)
774 points by mnem 19 hours ago | hide | past | web | favorite | 258 comments










Pavel Durov argued that WhatsApp's vulnerabilities are intentionally created as part of surveillance programs with government agencies. [1]

If that were true, Bezos's case would be an example of how that approach to security is double-edged. Backdoors can be just as useful to foreign intelligence as they are to whoever pushed for their implementation.

[1] https://t.me/s/durov/109



Pavel Durov also said

> The encryption of Signal (=WhatsApp, FB) was funded by the US Government. I predict a backdoor will be found there within 5 years from now.

He seems to enjoy throwing out loosly supported accusations. He might be right in some of them, but stopped clocks and so forth.

He's also been accused himself of deliberately sabotaging the security of his own encrypted messenger app (Telegram). There's no real evidence, but he did hire a bunch of math PhDs to figure out encryption from first principles

> The team behind Telegram, led by Nikolai Durov, consists of six ACM champions, half of them Ph.Ds in math. It took them about two years to roll out the current version of MTProto. Names and degrees may indeed not mean as much in some fields as they do in others, but this protocol is the result of thougtful and prolonged work of professionals. [1]

Note: Signal, like TOR, is funded in part by the Open Technology Fund of Radio Free Asia, which is controlled and funded by Congress. So far there has been no public evidence that this funding has come with any malicious strings. The stated goal of the fund is to promote democracy in developing countries, and Signal and TOR are obviously in line with that overt goal. Radio Free Asia used to be a CIA front during the Cold War, but there's been no public evidence that the transfer of control away from the CIA to Congress was in any way a sham.

[0]: https://techcrunch.com/2017/09/18/signal-moxie-marlinspike-t...

[1]: https://news.ycombinator.com/item?id=6916860



Trevor Perrin and Moxie Marlinspike won the Levchin Prize at Real World Crypto for Signal's cryptography; the Levchin Prize referees are a who's who of academic cryptography, including Dan Boneh, Kenny Paterson, and Nigel Smart; other Levchin winners have included Hugo Krawczyk, Mihir Bellare, and Joan Daemon.

Any suggestion that Telegram's cryptography is somehow comparable owing to "half of them Ph.D's in math", or that Signal's extensively-reviewed cryptography is backdoored, is pretty clearly risible.

OTF, meanwhile, funded basically the whole of the privacy-preserving cryptography field, for years (they may still, for all I know); for many years, they were simply throwing money at privacy projects to hire 3rd party auditors, none of whom were at all affiliated with OTF (how I know this is that we participated). People who claim OTF is somehow a snakey USG backdooring enterprise are saying more about themselves than they are about any kind of sophisticated understanding of how crypto software is built.



Signal protocol might be airtight but nobody knows if any part of an app that is built on top of it doesn't leak keys somewhere in the pipeline. All crypto protocols work under certain assumptions and no protocol is 100% secure from all possible misuses when Mallory owns certain portions of infrastructure.


Has there been any weakness found in Telegram's encryption?


Had to exit read only mode to address this.

While there's only one vuln that have been discussed publicly at HN. The only issue is they are in russian as well.

At least one more was exposed[0] by the same person shortly after, i mean days after the initial. Over here[1] the same researcher wonders whether any other flaws exist.

And here's[2] how the self-proclaimed `part time-troll` Pavel Durov (the Telegram CEO) reacts to [1]. To me it's obvious he is being haugty towards HN community with `venerable HN cryptographers`.

To add to his general slandering approach towards competition while handling own product flaws without any transparency and publicity mind his company is now under investigation by SEC[3].

[0] https://translate.google.com/translate?sl=auto&tl=en&u=https...

[1] https://translate.google.com/translate?sl=auto&tl=en&u=https...

[2] https://translate.google.com/translate?hl=&sl=ru&tl=en&u=htt...

[3] https://www.natlawreview.com/article/let-slip-dogs-war-sec-v...



Its default settings are nothing to be desired from a messenger app.

And for the paltry $200k they are offering for breaking it I'd bet you could find a magnitude more with little effort on the grey markets.

But no, absolutely no proof the underlying crypto has been broken. It doesn't need to be when government requests for data stored on their servers does more than enough.



Meanwhile, whatsapp still not blocked in Russia and there is no good explanation for that besides:

So far, Roskomnadzor has "no urgent request" to include Viber and WhatsApp messengers in the register of organizers and distributors of information. According to Interfax, this was stated by the head of the Department, Alexander Zharov. He was asked when these companies will be included in the register. "We had a stormy substantive dialogue with the telegram messenger," the official recalled. "We are consulting with all other companies on this topic until there is an urgent request to include them in the register."

Maybe gn. Zharov uses whatsapp for chatting with his family and they didn’t like the appearance of mail.ru’s tamtam.chat.



If you know some basic things about Russian government, this can easily be explained by the fact that policy makers are very inefficient, incompetent in technical matters and more often than not decisions are very poorly researched. Just look at the fact that Telegram still works everywhere or the way that even the supposedly most secret russian organization (the secret military police GRU) have handled the poisoning of Sergei and Yulia Skripal, and subsequent outage of the agent that did it... It seems that russian governemnt or police still have a hard time understanding even the basics of what the internet is and how the information can be shared or found or leaked in our age. So banning of Telegram vs not banning of Whatsapp really does not say a lot.


On the other hand it could also be done on purpose in both cases you mention. Deliberately showing incompetence of your digital capabilities is a very efficient way of counter intelligence. The Skripal case was and is a very effective way for the Kremlin to spread fear. Vladimir Putin was most important person of the year for 5 years at Fortune while controlling a GDP of Italy. Vladimir Putin is maximizing the resources he has in a very good way irrespectively what one thinks about his actions and consequences specifically. As long as most people think incompetence every investment he makes will have a significant better outcome.


AFAIK, Telegram's private conversations are encrypted with private keys stored on device _only_ (not on the server). At least it's what they claim. If true, government requests for data stored on servers are probably not enough.


The secret chats are indeed end to end encrypted, but they have some important exclusions and limitations:

* Group chats can only use the default encryption, not end to end encryption.

* The end to end encrypted chats are tied to a single device, and there's no sync across devices (in contrast, all chats on Wire are end to end encrypted and sync across devices within a limited time period).

The default use cases of almost all users has the chat messages stored in plain text on the Telegram servers. This is one of the reasons search (done on the server side) is quite fast on Telegram.

P.S.: Despite these limitations, I prefer Telegram for its superior UX and for not having metadata shared with Facebook. My wish is that someday Telegram makes E2E the default everywhere.



Don't even need that, intercepting SMS is enough.


True SMS is not a protection against government but telegram supports the second factor which is password in their case.


I don't know of any directly related to it's encryption but multiple protest organizers were identified and arrested by the Hong Kong Police Force through Telegram, I'm not 100% sure but I believe they just added lists of suspected phone numbers onto their phones and looked in Telegram see which one's matched to Group admins.


What happened in Hong Kong was that the authorities created Telegram accounts and added thousands of phone numbers to their contact lists. From that, they got to know which numbers are using Telegram and then were able to do some more tracing. This flaw exists in WhatsApp and Signal too, where anyone who has your number in their contacts list (though you may not have their number in your contacts) will know the moment you join those platforms and will be able to see you on it.

When this design flaw came to be known, Telegram released a newer version where the user has more control on who can know that they're on Telegram. With that change, even if you had someone's number in your contacts list, you wouldn't know if/when they join/are available on Telegram unless they choose to make themselves visible.



That theory is quite possible. If the police join the group, they know the usernames of all of the people in the group, they can then start adding numbers to their contacts and if any of the usernames from the group show up they can then look up who owns the phone number in the government database.


It surprises me that they don't require both of you to have each others phone numbers in your contacts lists before giving away identifiable information.


Telegram released a new version with that exact same requirement to enable visibility. The settings in Telegram have also been expanded for this. On the other hand, this same vulnerability exists (and continues to exist) in WhatsApp and Signal.


There were also claims of android keyboardd being used to log messages on Signal (and maybe Telegram), by Naomi Wu and others. No proof for this though.


What encryption? Last I checked, there was no E2E group encryption (Telegram has a bizarre web page claiming that TLS to their servers addresses the privacy threat), and 1:1 E2E is disabled by default.


> What encryption? Last I checked, there was no E2E group encryption

You of all should know better than to conflate the general concept of encryption with the very nice special case that is end-to-end encryption!

> and 1:1 E2E is disabled by default.

It is not disabled in any way. It just isn't default.

There are really enough real reasons to criticize Telegram, absolutely no reason to 1. redefine words to have narrower definitions 2. Write outright misinformation.

I respect you a whole lot but your somewhat sloppy handling of facts detract a whole lot from the overall image.



I rest my case.


For a very long time there was no TLS to Telegram servers, only their own MTProto. I think they introduced TLS wrapping at some point as an anti-censorship measure, not sure if that’s even deployed in all markets.

E: Well, I took a look at the desktop client with wireshark. It appears to just do MTProto on port 443, not TLS. When I use iptables to drop traffic on port 443, it falls back to MTProto over HTTP(!).

They list some alternate transports on their website, but it looks like you need to host them yourself. https://core.telegram.org/mtproto/transports



Common security wasn't respected at Vkontakte as well. The social network was serving plain http login form and internal communication unencrypted until 2013[0].

I reminisce that when Durov was questioned about the abscence of secure connection to the servers, he told it's a too much of overhead and may impact QoS badly.

Some time they rolled out an `always use https` option and buried it deep in the user preferences. Meaning most of non-tech savvy audience kept using the service unaware they are not secure.

The obvious pattern here is they tend to use plain http as a default transport unerminig established security practices.

[0] https://translate.google.com/translate?sl=auto&tl=en&u=https...



https://web.archive.org/web/20150109203032/https://moxie.org... comes to mind. Ancient history now, but it's a fun read.




> like TOR

From my understanding, TOR was created with the intent of hiding US intelligence communications[0]. From my naive understanding, this only works if 1) no one else can back door it (which is critical since it is presumed you're using it to hide from highly technical state actors) 2) there are a sufficient number of users that are not intelligence actors (so you can hide among them. Otherwise you get "Oh, that person connected to a TOR node, let's go pick them up and grab their computer").

Maybe I'm naive, but it seems like the crypto people and the US government have aligned interests here.

> The stated goal of the fund is to promote democracy in developing countries

With an additional alignment of interests, I think many believe that being able to "talk shit" on your leaders is a key part to democracy. And if you're able to do this without fear of your government coming after you (aka: backdoors), then you will freely acknowledge your dissent, find support, and democracy is the likely outcome. I'm not sure if that's true, but I've definitely heard intelligence people suggest that.

So even if it was controlled by the CIA, would this be an issue? It seems like it is actively in their best interest to use real encryption and no backdoors. You don't want all your potential rebels to get caught. You want them to be able to organize out of the eyes of the government that the CIA is trying to overthrow. Having a backdoor just puts a timebomb on it, and one that isn't going to last very long.

Or I guess there's another answer to this. The CIA is pretty fucking dumb. Which is a reasonable answer that I'll accept too, but I think the people working on this stuff would be well aware (since they're probably experts in hacking similarly encrypted systems)

[0] https://en.wikipedia.org/wiki/Onion_routing



From what I recall, talking to one of the Tor founders about this, Tor was created with overseas US military personnel in mind. E.g. A soldier’s location could be compromised through foreign ISPs if they accessed sites like .mil domains directly. Tor was a way of preventing this problem. There were other use cases but this one stood out for me and it was one of the initial ones considered.


It is spelled "Tor".

https://support.torproject.org/about/why-is-it-called-tor/

    Note: even though it originally came from an acronym,
    Tor is not spelled "TOR". Only the first letter is
    capitalized. In fact, we can usually spot people 
    who haven't read any of our website (and have 
    instead learned everything they know about Tor from 
    news articles) by the fact that they spell it wrong.


Thank you. I didn't know.


I think this is the reason he is sure about backdoors in messengers (US agency supposedly asked about that several of his developers):

https://twitter.com/durov/status/873868773119451136



Well,

> To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.

https://telegram.org/faq#q-do-you-process-data-requests

If we register Telegram, Telegram has our master key. I am not sure they are really that secure. Yes, it makes politically hard to disclose any data, but it does not mean impossible.



Telegram also supports proper E2E in the form of secret chats, though the UX is definitely not as good (for example, last I checked it did not support group chat or multi device.)


EDIT: Was under the impression Telegram served closed source clients. Turns out it does not. I stand corrected.

OLD COMMENT:

E2e using a client that is not opensource (on a system that is not trusted) is not helping much.

E2e where the server is not open source should be okay, because the server-end can only snoop on some meta data (how much, when, what IP, chunk sizes, etc.) but not the content.



The Telegram clients are open source.


oops. i'll fix it. tnx for pointing out.


> WhatsApp's vulnerabilities are intentionally created as part of surveillance programs with government agencies.

This has been obvious in places like the United Arab Emirates (aka Dubai) where services like FaceTime etc. (sometimes even voice chat in games) are blocked by the government but they allow WhatsApp (but not WhatsApp voice calls).



Not really, Dubai blocks VOIP because phone carriers lobbied for that. This has the added benefit of forcing people to make insecure, easy to intercept, regular phone calls.


It's not as if non-WhatsApp zero-days are hard to come by for nation-states. If it wasn't a video shared by WhatsApp, it was going to be an iMessage text PDF appearing to be from one of his assistant's email. I don't think governments need to author vulnerable software: they can outsource that to the private sector for $0 by doing nothing and decompiling/fuzzing/analyzing whatever comes out.


That's one hell of a tinfoil-hat theory. How would you even orchestrate that from within a public company with so many developers involved?


As an engineer that has basic permissions to our build and deployment system (unrelated non communication application) I could pretty easily think of multiple steps in the build where I could inject and link in pretty much arbitrary code.

For instance, anything that can hook directly on a build machine, or artifact upload, or even just simply precompiled into one of the black-box 3rd party dependencies that basically never get recompiled.

All of these mechanism have vectors that would be easy to obfuscate and don't rely on any changes to any repo code. I think there is a good chance that a normal engineer could likely hide something that could make it into a final build product.

Now, combine that with the fact that even the most open of companies have some sort of protected infrastructure (Could be permissions on an S3 bucket, locked data-center or even just a locked away Cat-5 cable in the process. Someone high in the org could easily inject some process that could stay hidden from even the most prying of internal eyes.

Now, while I agree that it's a bit tinfoil-hat-y to believe that this actually -is- happening. I absolutely believe that the technical capability is both there and well within practical effort. And combine this with a few bad incentives it's easy to see how it -could- happen.



Is the "our" you're referring to Whatsapp? If not, then I'm not sure how much we can derive from your experience. There are places that take build and deployment security much more seriously than what you're describing.


We're talking about a company owned by Facebook, right?


My first pass at a way would have some point in the code where various hooks can be triggered for a feature like downloading a file under the guise of creating previews of various types of files and simply have the production build sent to the Google Play store include an additional small plugin that looks for a specific header and then hands over the keys to the kingdom to whatever payload it finds. It's simple and there's generally a very small portion of people looking at the disassembled code from the Play Store. You could even have it produce two versions one for any internal testing on the live version and one with the small backdoor plugin.

Doing it this way you only really have to control a core part of the release team to hide the slight of hand between the published version and the clean 'published' version.

Alternatively just bury the same thing deep in the codebase using techniques like people use for the Obfuscated C competition every year. Any changes could be delayed/deprioritized/handled by a team in the know about the backdoor.



Its probably easier to just bribe/compromise the on-site DBA who has access to the physical hardware. Dump the raw data and decrypt/analyze it offsite.


It's a little unclear what was actually compromised in this if it was just what was available WhatsApp on their end that's definitely an easy way. If it's more that WhatsApp was being used to read more data from the phone than what had already been sent via WhatsApp (or if WhatsApp doesn't have access to things sent because it's E2E encrypted) it'd require something more complex than that.


Boeing's 737 MAX, despite heavy regulations, designed the software to depend on just one sensor. Didn't put any limit on how far down the plane could be pushed.

These are not any individual who would do deliberately. I bet these conversations go differently for ex need to certain kinds of debugging vs the improbability of actually pulling off an attack or prioritising a release dealing and making a design decision to implement a feature in a specific way which is intended to be updated later on opening up windows for attack. They would genuinely be improbable unless someone knows that they are there and committed enough to try.



That seems to support the argument that security vulnerabilities in WhatsApp are most likely unintentional errors / incompetence. Unless you're suggesting the 737 MAX was intentionally sabotaged as well?


It supports the argument that code with major flaws (intentional or not) can make it into production with nobody noticing until consequences of that flaw make its existence clear.


You just need to control the upstream libraries and have some subtle memory overflow. No dodgy commits other than a "update libXYZ to latest patch".


Well, it doesn't have to be that complicated.

Just underfund the security department, don't adopt systems/languages that prevent the worse bugs, and keep the core protocol proprietary.

On the other side let the governments invest in operations to hack the product.



Please read the Snowden files on PRISM and similar.


It's very easy: hire more developers than security engineers.

Vulnerabilities will appear and be discovered by the security analysts in your government.

Whey they suspect other countries have the same 0days they'll notify you of it and you fix it.



What if I hire 20 mediocre security engineers and 1 malicious product engineer? This argument can go both ways...


What argument? What's your point?


Considering how few developers understand the subtleties of security, it would not be all that difficult.

Also, FWIW we know that Google did this with its data center breach and likely many other cases.

At WhatsApp/Google scale the attack is extremely cost effective.



Are you referring to the data center breaches exposed by the Snowden leaks? Because Google claimed that they were unaware of the breach and quickly took action to correct it [1]. Are you suggesting that Google was complicit?

[1] https://www.zdnet.com/article/meet-muscular-nsa-accused-of-t...



I don't think Google has given us any reason to believe that it was not complicit. For instance, why not include warrant canaries on gmail accounts?

There is not really any fundamental difference between abetting the data center breach and opting not to offer warrant canaries. Likely tens of thousands of Google users are searched every day due to easy FISC warrants and wide investigative nets.

The state sponsored attacks on Google would of course allow Google to plausibly deny cooperation, but obviously Google has every incentive to cooperate fully, as is evidenced by the lack of warrant canaries.



Warrant cannaries are of dubious legality and have yet to be seriously tested in court. It makes total sense that a large company would not adopt something potentially illegal.

A person on StackExchange put it well

> The distinction between revealing the existence of the subpoena by action, rather than by inaction, is a false one. It's exactly the kind of cutesy legal formality that non-lawyers love to rely on, but real judges ignore. If you tell someone: "Hey, you know John Smith's three sons, Joe, Ted, and Bill? Joe and Ted are good people; they have never molested any children. As for Bill--well, I don't have anything to say about Bill." If Bill is not a child molester, you have defamed him, and you are not going to convince a judge otherwise. [1]

Here's how the EFF puts it.

> Are there any cases upholding warrant canaries?

> Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from Winston Churchill, no one can guarantee success in litigation, but only deserve it.

I'm also not sure how warrant canaries relate to your parents' point.

[1]: https://law.stackexchange.com/a/333



I would just point out there is a very clear legal distinction between action and inaction. Further, all of this only applies to the issuance and proper service of an order compelling silence. I think the EFF’s common statement that if the canary requires affirmative action to not deploy the court is in a tough spot to compel that action. Also, I can say with a large amount of certainty, that no judge blatantly ignores procedural or semantic formalities out of hand. The judge in question may way the relevant factors and disagree with an argument, although some judges built caseloads of precedent on just such minor quibbles, but it is literally the judges job to at least consider a technical argument on its merits.


Your comment reinforces my point. Google would be extremely reluctant to utilize warrant canaries because of the uncertain legal consequences of doing so.

The same applies to declining to cooperate with government surveillance operations. We don't really know how the government likes it when a big company obstructs its surveillance goals.

On HN today was a headline about Apple reversing course on a business decision voluntarily, simply to please government.

> I'm also not sure how warrant canaries relate to your parents' point.

The points above I believe link the two business decisions.



There were a bunch of Google engineers who worked through Christmas that year who sure we're pretty pissed off about the unexpected work and were furious at the NSA.


Can you elaborate on the google data center breach? Are you saying it was orchestrated by google?


Not orchestrated, but happily tolerated. All Google needs is to be able to plausibly deny complicity, but the other practices of Google (such as not offering warrant canaries on all Google accounts) indicate that Google is eager to cooperate and please governments, so it would have been easy to leave a few doors unlocked, hire a plant (with solid itsec skills), etc.


I was at Google at the time of the Snowden disclosures. People there were furious, and encrypting internal traffic became a top priority immediately afterwards.


Was this reported in the news? Why did I not hear about it?


>Backdoors can be just as useful to foreign intelligence as they are to whoever pushed for their implementation.

Not a big problem if you're the top dog and most foreign countries can't do much in practice even if they have the intelligence...



Vulnerabilities are good for intel. Intrusions aren't their concern. If anything it lets them go to Congress and ask for more funding.


Pavel Durov also shipped what looks very much like a intentional backdoor in Telegram https://m.habr.com/en/post/206900/


one thing that needs to be accounted for is that, IIRC, we just recently had US AG Barr make a stink about encryption based on Facebook tech (either WhatsApp/Messenger i believe) being some anti-law enforcement issue.

does the theory suggest that US DoJ does not know how to exploit these backdoors, but other agencies (CIA/NSA, foreign intel services) do?



There's no incentive to not publicly make a stink about encryption, even if they have backdoors.

If anything there's incentive to do so even if they do, in creating plausible deniability.



There are no whatsapp vulnerabilities in this case, or encryption breakdown. To exfiltrate a lot of data as the article says to need sandbox escape and privilege escalation.


Within days of their launch, Telegram was discovered to have huge vulnerabilities that resulted from them rolling their own crypto: https://news.ycombinator.com/item?id=6948742, so I'm not sure they should be throwing stones about other people's bugs.


I don't even have to open the link to know those are still theoretical vulns at best...because as far as I know, there has been no successful implementation of them.


Full disclosure: I've moved on from Telegram, but I'd use them again in a heartbeat if it was them or a FB owned property.


You’re full of shit. There’s nothing theoretical about that vulnerability (almost certainly a deliberately planted backdoor), it allows the Telegram servers to selectively MITM private chats.

> there has been no successful implementation of them.

What does this even mean? Only Telegram can perform this active attack, obviously you haven’t seen it implemented.



+1, it was not the bugs I thought it was, extracting foot from mouth - sorry.


Apparently I’m the only person on earth who wants to know what kind of phone Bezos was using, which OS version, etc. It seems like this detail is conveniently being left out of every story.

Anyone have any additional details? I understand that it was a WhatsApp vulnerability (Pegasus?) but I’d still like to know more about the device.



So MBS or someone in Saudi intelligence is somehow behind the leak of the photos to the National Enquirer, and the subsequent divorce of the Bezos?


That was what Bezos's camp has been saying from almost the very beginning. The news here isn't the suspected involvement of the Saudis, the news is that MBS is directly implicated.


MBS definitely seems pretty brazen. I could totally buy him doing this - effectively social engineering Bezos - over negative stories about Saudi Arabia in the Washington Post. Who better to persuade Bezos to look at a video?

I'm a little surprised Bezos fell for it. Video-triggered vulnerabilities are pretty rare and not something you'd normally be vigilant about, as are world leaders acting as APTs, but he still should've considered the possibility that a giant, powerful nation his ultra-influential newspaper covered might want to target him and would have the capability to do so.

He could've asked an Amazon security analyst to open the video in a sandboxed system, or could've just done so himself. I guess it just never crossed his mind that the (de facto) ruler of Saudi Arabia would phish him.



Pretty brazen? Don't forget that the WP reported that US intelligence intercepted comms from Saudi officials discussing a plan ordered by MBS to lure Jamal Khashoggi from his home in Virginia and then subsequently had him cut into pieces in an embassy.

Hacking a phone is small potatoes.



Yeah, I was using semi-facetious understatement. He's very brazen for someone in his position.


Thankfully he is loved by the West and is untouchable, goes a long way when you are a maniacally evil despot with a penchant for torture.

Who are the bad guys again? Didn't watch the tele today, they usually tell me.



One of those countries without one of those Banks.


And more specifically the potential exploit / vector used.


Where's the Feds on this? I don't find it comforting that attacks happening on the US's free press go unanswered by law enforcement.

We should be indicting MBS.



Not only has the US president declared the press the "enemy of the people", he also has a personal vendetta against Jeff Bezos for hurting his feelings. And he's got a personal lackey doing his personal bidding at the head of the DOJ.

If anything, it's more plausible to have been directed by the President (though it probably wasn't) than for any consequences of these actions to come from this administration (which certainly won't happen).



When a foreign government does something, the legal system is not the appropriate mechanism to enforce international norms.

It lacks both jurisdiction as well as enforceability.

There is no global legal system. We are not a united planet.



Is that news? It’s well known that MBS is plugging money into tech in order to move away from fossil fuels.

You’re not going to get any investment from Saudi Arabia that doesn’t go through him.



Everyone needs to know that every Softbank round is essentially a Saudi Arabia round.


It’s unlikely any money you take as a founder these days is free from Saudi limited partners


I thought it was common knowledge... Masa is pretty much MBS's agent.




I guess Khashoggi must have really annoyed MBS. This has now cost the Saudis at least ten times as much goodwill as all anti-Saudi editorials in the Post and everywhere else together.

That, or it was a favour to MBS American friends. The other people involved (David Pecker et al) and MBS do share a few friends in the White House, who also seem obsessed with the Washington Post and Bezos himself.



Saudi Arabia has a lot of exiles and so far as I know, it's not murdering everyone who criticizes them.

Khashoggi is was not simply a journalist but a member of an influential family with Saudi Arabia [1]. MBS has dealt quite brutally with a variety of his internal opponents without Saudi Arabia. Murdering Khashoggi was something of a statement that MBS wouldn't let his direct opponents escape to other countries to oppose him.

To be clear, the murder was a horrific act by a brutal theocratic regime, I'm not noting these factor to condone it in any way but merely to give background.

[1] For example, this Khashoggi was a relative of Adnan Khashoggi, once know as the world's largest arms dealer.



"Only a little bit murdery" - op


> I guess Khashoggi must have really annoyed MBS

Or MBS massively miscalculated. I can't imagine being Lord Emperor gives you many opportunities for people to tell you you're wrong about stuff



Well, MBS certainly has his own reasons to not like the owner of the Washington Post.


Khashoggi wrote for the Washington Post, so it wouldn’t be a favor for Trump. It would be consistent with his own motivations for murdering Khashoggi.


Great theory, except for the fact David Pecker was directly involved and more or less admitted it was a favor for Trump which he had been doing for decades.


David Pecker was, IIRC, the guy who also directed the 'catch and kill' with Stormy Daniels just before the 2016 election.

https://www.thedailybeast.com/how-trumps-fixers-silenced-sto...



While David Pecker was involved in the brokering of the hush money deal with Stormy Daniels, which Michael Cohen eventually made (and prosecuted for), the "catch and kill" payment was made to Karen McDougal, which was another Trump affair.


It is insane to me that Trump is a pariah for the religion crowd


> Definition of pariah. 1 : a member of a low caste of southern India. 2 : one that is despised or rejected : outcast.

I'm not sure I understand your comment



What weight does that hold when MBS actually killed the WaPo journalist? The proof is right in front of us.


What are you talking about? Nobody is refuting that MBS killed Kashoggi. What I'm refuting is that the Bezos hack wasn't a favor to Trump. It clearly was.


Isn’t it entirely possible that MBS simply had a phone that was easier to hack than Bezos? That was the first thing I thought of.

Also, how much of an amateur hacker would you have to be to launch an attack from your own personal device?



It was a phishing scheme. It probably didn’t happen from his device, but someone signed into his device after cultivating the bezoar relationship.


Well yeah, that’s what Bezos has been saying all along.


The headline is not that interesting, but the bigger news here is the vector used (WhatsApp, Pegasus), and how the exploit message was sent directly from MBS' number soon after they shared contact information.


Wouldn't be surprising if Bezos rolls out Amazon's own messaging platform soon. In some sense Amazon is already half-way of being a social network on its own now - if they add personal feeds and "follow" they would become full blown FB+Instagram+Pinterest and adding messaging would complete the package. "Your margin is my opportunity", and the Zuck's margin is among the largest out there.


Why do they not like Bezo, what has triggered them?


Or someone/group/agency who was able to compromise MBS phone or WhatsApp account.

There are a lot of possibilities here, what a wild story.



The Bezos's are responsible for their actions, and their decision to divorce, but yes, the leak could have been via saudis...


I'm surprised this take is so controversial. Bezos didn't deserve to get hacked and exposed like this, but the hack exposed infidelity. The hack didn't plant fully fabricated evidence of infidelity.

I don't think "I would have gotten away with it!" is a compelling argument, but I'm not a Scooby Doo villain.

The comments about timing, malice, financial consequences, etc., are all fair for making a case that the hacks and leaks are scummy, but the Bezos's are in charge of their own relationship, or lack thereof.



In the end we're all responsible for our own actions - but there are a lot of outside factors that influence us. The leak appears to have been a significant factor. I'm less interested in the fact that infidelity would likely have eventually lead to the divorce (though if it was privately dealt with it may not have) - I'm more curious if the timing was advantageous for MBS. This is all pure speculation, though.


The texts were leaked by the brother of the mistress.

https://www.thedailybeast.com/mistress-lauren-sanchezs-broth...



No, that's what The Inquirer and others said as cover. There was no proof of that, and this article from the Guardian goes into those details as well.


No proof to the contrary either, other than a privately contracted forensics firm's assessment. WSJ reported both angles. Both theories are plausible.


I pointed this out 11 months ago:

https://news.ycombinator.com/item?id=19122206





Why are these down voted? I'd say these Citizen Lab reports are HIGHLY relevant to this discussion topic.


OK, so I'm just a random anonymous coward. And arguably obsessed with my hobby.

But I'm puzzled that Bezos would be corresponding with MBS on the same device that he uses for potentially embarrassing personal stuff. Isn't that just a totally obvious OPSEC fail?

Edit: But that's what he did, isn't it?

And how could that be considered safe?



I think this a good question.

The problem is that even the head of a ginormous company with a strong connection to computer security generally (through AWS) is going to take actions based on convenience rather than OPSEC discipline.

I think it's natural for any given human to chat with all one's friend on the same level, with the same device and so-forth. A given individual can train themselves to have hard walls in their personal dealings but I'd suspect that individual would be a mid-level specialist, not the owner/manager/CEO who gets their position by their ability to manage and connect with people, not through technical expertise.



I guess. But even before the Khashoggi assassination, MBS was arguably an obvious threat. I can't imagine considering him a "friend".

I mean, I'd be gobsmacked if he mixed personal and business on the same devices. That could be disastrous, not just embarrassing. So a third device category doesn't seem unworkable.

Edit: Also, wouldn't someone like Bezos have security advisers? And how could they have failed to warn him?

One could make a similar argument about MBS, of course.



This reminds me of the way that Barrack Obama tried to keep his personal cellphone once he became president. Having a personal relationship with the wealthy and powerful is a unique thing since these are the ultimate decision makers. I would guess that Bezos or anyone like him chats frequently with very powerful people and that this is factor in him maintaining his own power and influence. And mobile devices would seem to magnify that ability of the very topmost people to connect directly with each other - ie, this was all done by secretaries and through protocol but that's slower and can let one big boss instantly sway another.

Of MBS doing his own spying and hacking is another way topmost people are becoming "do it yourself-ers".



I shudder to think what would have happened if Obama had ultimately refused to give up his personal phone, and every half-talented hacking group on the planet had pwned it six ways from Sunday—what a national security disaster that would have been! Oh wait


The Clinton server wasn't really interesting because she broke the rules...it was because the Chinese/whomever could grab stuff and the owners had plausible deniability.


I'm pretty sure GP was actually referring to President Trump's refusal to give up his personal tweet gun^W^Wsmartphone.


I'm just talking tech, not partisan politics.


Sure. Maybe he wasn’t super worried about getting caught cheating on his wife. A few billion dollars pays for a lot of alimony and lawyers.


More like $38 billion, I doubt he's happy about it.


Last time I stayed at an AirBnb in Prague, the owners preferred method of communication was WhatsApp. When I went to install it I was confronted with no other choice than allowing it to import all my contacts, even though there was only one person I wanted to communicate with.

I was aware of these vulnerabilities and generally am protective of handing out PII, especially information others have entrusted to me. So I didn't give it access to hundreds of business and personal contacts spanning decades of work and life.

How do others deal with this who perhaps don't have the choice to just say "I'm going to text you instead for the 4 days we are going to have a need to communicate"? Do you keep a full set of contact data outside your phone's contacts for information you don't want shared? Private and public contacts?



I wonder how often less high profile folks get hit with stuff like this?

On one hand, zero days are rare and expensive.

OTOH someone who isn't the CEO of a major company might not notice the malware, or if they do, not know they should forward it to an organization like Citizen Lab.



If you aren't a high profile target, you may not be worthy of being targeted specifically. Of course, as in the Ashley Madison and Equifax cases, you might be compromised along with thousands of others.

Zero days are expensive for individuals and small companies, but what happens when state actors are involved?



>If you aren't a high profile target, you may not be worthy of being targeted specifically.

That's what I am questioning.

There are many sysadmins, key executives in tech companies, or open source contributors who may not be "high profile" in the traditional sense but be juicy targets. Arguably there are more useful targets to hack than a CEO who's assuming their every move is being studied and always keeps truly sensitive conversations verbal.



> zero days are rare

really?



Zero days are plentiful. But there are only a handful that you could buy today which could potentially give you access to a CEO's phone. The only other option is to build your own team to find a zero day for you, which is not cheap or quick.


The wider question here is how to handle Saudi Arabian trades in Western markets. Every and any deal undertaken by a state actor (MBS, any of the 1000s of princes the place is littered with, the sovereign wealth fund or the state or semi state companies) could well be the result of insider trading...

And thats just the public markets. Imagine the advantage you would have in startup investing if you could covertly read all the internal discussions, the founders texts and emails, remotely access their meetings with lawyers, accountants and other VCs.

No wonder SA is suddenly interested in Silicon Valley



Is there any detail on the nature of the exploit? It seems to have been triggered by receipt of a video in WhatsApp. Was the flaw in WhatsApp itself? Or would the exploit have occurred regardless of which messaging/transfer mechanism was used to deliver the video? Has this been fixed? Is it even a documented exploit or is it simply known that it had something to do with the WhatsApp video, but not the actual methodology?


Pegasus as expected according to another person claiming to have been hacked, also a report expected out in the coming months https://twitter.com/iyad_elbaghdadi/status/12197417733014528...




At the time, FB said it didn't believe the bug had been exploited: In this instance there is no reason to believe users were impacted. [0] The alleged hack of Bezos happened in May 2018, about 18 months after the Nov 2019 bug fix. I wonder if FB's statement was just boilerplate PR or if they really did substantial forensics to have "no reason to believe users were impacted".

[0] https://nakedsecurity.sophos.com/2019/11/20/update-whatsapp-...



Anecdotal, but a lot of times phrases similar to that are used because the real answer is "We don't have any way of knowing if users were actually impacted" and it's obviously far better for PR to phrase it that way.


It does sound better but here's the thing: this is Jeff Bezos. He's one of the most high-profile people on the planet. If his phone was hacked through WhatsApp, he clearly filed a complaint and told them what had happened. They just didn't manage to patch it for over a year and then stated they 'had no way of knowing' even though this clearly proves it happened.


s/after/before/


As I mentioned in my other comment, I see no reason to think that CVE-2019-11931 was exploited by NSO Group.


do you mean 18 months before?


Why do you think it was CVE-2019-11931? The Facebook vs. NSO lawsuit[1] mentions CVE-2019-3568[2]. CVE-2019-3568 was widely reported in May to have been exploited by NSO group[3].

[1] https://context-cdn.washingtonpost.com/notes/prod/default/do...

[2] https://www.facebook.com/security/advisories/cve-2019-3568

[3] https://arstechnica.com/information-technology/2019/05/whats...



This sort of thing blows my mind.

Any rough theories on how this sort of thing can happen? How can an app go from parsing metadata to executing foreign code?



It's called C. It's incredibly hard to write secure code in it.


I thought whatsapp was erlang?


I don’t imagine there being much Erlang in the iOS and Android clients.


Is there any C in WhatsApp?


Yes - all the media decoders are in C


Cool, that actually does sound like a rather large attack surface for an innocent-looking attachment to wind up executing code


Explanation 1:

Lauren Sanchez(bezos' new girfiend) along with her brother Michael(who is also her agent), leaked the story to force Bezos to divorce his wife and get along with her.

Explanation 2:

The crown prince of Saudi Arabia personally sent a trojan file, downloaded all the data, distributed it through a gossip rag he happens to be friends with, for some kind of revenge/message

I get why Bezos has to go with explanation 2 because explanation 1 would indicate the girl he wants to have sex with or her brother is manipulative. I dont see why the rest of us have to go along with this. Even this anonymous source says he has "high confidence" not anywhere near certainty.



Is explanation 2 supposed to be outlandish?

A country like Saudia Arabia is going to use every tactic possible to combat their asymmetry with the West. It's not the crown prince personally having someone cook up a trojan for him -- it's their national apparatus deciding that free potential leverage over influential Americans is a worthwhile pursuit.



If you take into account that MBS murdered an employee of Bezos, explanation #2 sounds plausible.


The motives for explanation 2 are currently not known. MBS might have had numerous reasons, ranging from WaPo or AWS. But regardless, there could have been many reasons to target Bezos. The part that doesn't sit right with me is the leaks, since it would have burned the 0day and connected Saudis to hacking phones which I doubt they would have wanted.


This gives me tremendous respect for Jeff.

Most likely his marriage fell apart because of this costing him personally ~25B. But that means that he didn't give in to whatever Mr Prince wanted.



Yes, it seems he was pretty hardcore about it. "Go ahead, publish it."

Since J. Edgar Hoover, it is has been an open secret that blackmail drives the upper echelon of politics and media. The Bill Clinton thing is another example, pretty sure he put his foot down and said fuck it, hence Lewinsky turning up with a tainted dress from 8 months ago, and down goes the U.S. president. How many just acquiesce and play along quietly?

More people should have guts like Bezos (probably did). Though at some point, I'm sure the shadow people will just fall back on good old violence, like the Epstein case.



One thing which this article doesn't address at all, is what is the beef between MBS and Bezos? Why would the Saudi prince leak this data? How did Amazon upset him?


I think MBS has a beef with the Washington Post (also owned by Bezos), not Amazon. It also fits with the murder of Khashoggi, a WaPo journalist.


Bezos owns the Washington Post. Jamal Khashoggi was a journalist for WaPo.


Join the dots...

Who had a beef with Bezos and was friendly with MBS?



Tim Cook, for one.


Ricky Gervais better watch his back then.


Perhaps as a favor to Trump who constantly whines about WaPo and Bezos?


I think at the very least they would have bet on the WH looking the other way while they conducted an attack on a prominent US citizen. At worst it could be another "favour" attached to military procurement.


Very curious about the downvotes on this one. Trump has clearly demonstrated time and again that he is not above egregiously and obviously breaking the law to further his personal interests. He has been willing to overlook cold-blooded murder by MBS specifically. So this speculation is very comfortably (or uncomfortably, as it were) within the realm of reasonable speculation, is it not?


"I would like you to do US a favor though..."


What brand was the phone and OS?


It doesn't matter. The Whatsapp exploit affected both IOS and Android: https://appleinsider.com/articles/19/05/13/whatsapp-vulnerab...


That's interesting. How would that work? Under Android, all apps effectively run inside a Java sandbox, right? So how would the attackers be able to install spyware through Whatsapp?


I may well be proven wrong by further revelations, but:

> Large amounts of data were exfiltrated from Bezos’s phone within hours

I could see a cross-platform WhatsApp message that leaked WhatsApp data?



Since WhatsApp whines incessantly unless you give it various permissions it might have already had the ability to access photos etc.

As well as sending whatever is in its directory or using a local priv escalation.



They only had to spy on whatsapp, so they could do it all in the same sandbox.


There are more exploit chains for Android and iOS that can be used once RCE is achieved.


Through a sandbox exploit of course.


It is very odd. Every article I've read recently or when it occurred seem to leave this detail out.


Shouldn't Bezos be using an Amazon Fire Phone?


This is why for the past 7 years I have rejected any files sent to me, and insist on receiving cloud links such as google, dropbox etc.


Is it that easy to be hacked with WhatsApp?


Well, here's a list of known WhatsApp hacks that were revealed in 2019:

Call hack [0]: https://www.wired.com/story/whatsapp-hack-phone-call-voip-bu...

Video hack [1]: https://thehackernews.com/2019/11/whatsapp-hacking-vulnerabi...

GIF hack [2]: https://thehackernews.com/2019/10/whatsapp-rce-vulnerability...

That call hack was famously used by NSO, hitting thousands of people [3]: https://thehackernews.com/2019/10/whatsapp-nso-group-malware...

Hack that let anyone crash the apps for all members of a group chat [4]: https://thehackernews.com/2019/12/whatsapp-group-crash.html

I think I'm actually missing one more. These are just the widely known ones, mind you, and just for 2019.



"The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered."

Geez that seems pretty incompetent.



These are not hacks, it's called "Backdoor". There are probably tons more hidden backdoors left, we can only speculate. WhatsApp is a private non-open source project.


So, anyone want to hazard a guess on why the prince would want the optics of being seen to have been responsible for the hack (as opposed to trying to cover that up by, say, not using his very own account)?


Firstly, he's an idiot. His staff obviously don't brief him on the likely consequences of actions, they just go do it. Because he's a brutal dictator who has disloyal people executed.

Secondly, Saudi's don't have their own advanced cyber capabilities (unlike Iran, UAE, Israel, etc), they rely on buying help. And single use, no interaction, 0day RCEs for recent phones (and we can assume latest iOS or Pixel) are not that available. So they used what they could get their hands on.

It beats me that they couldn't steal the phone of someone else in Bezos's WhatsApp contacts and impersonate them. Maybe Bezos wouldn't have opened the attachment. But overall, I think they are just dumb.

There remains a small possibility that someone hacked the phone of MbS (I mean, everyone has thoughts about doing that) and then pivoted to attacking people in his contacts. But the whole NSO group involvement makes me think it wasn't that.



Simple. To flex and show that he is untouchable and that nobody ever holds him accountable.


I am not buying this story. With all the other possible options, why would someone like MBS do it from his very own phone which this article claims? It sounds more like someone is trying to frame MBS.


Don't deal with the Saudis. History will look back on you the same way it looks back on people shaking hands with Hitler. I'm not kidding.


Whatsapp allows desktop clients. I use it too. It is technically possible for someone to hijack this desktop client and do this without MBS's involvement, as long as MBS authorized that desktop. I think you need proximity, but you can have a computer near the prince, and that computer being remotely controlled by someone sitting far away.

Not saying this happened ... but there are many ways to blame it on prince and many ways to defend him (and blame a subordinate).



I thought the Whatsapp desktop client was just a glorified remote control for the phone, and could not actually function as a standalone client by itself?


It is a remote control, but a case could be made that even though the prince had the phone with him, someone did it from his computer [ Of course assuming he was not looking at his phone at that time. ]

I am not on prince's side, just saying ...



If you're thinking of a private actor, I think that once you have access to MBS phone, you run to Doha before attacking Bezos. Qatar would pay a ton of money for that access.

If you're thinking of a state actor except Saudi Arabia, I think there would be much easier and more discreet vectors to Jeff Bezos Whatsapp than MBS phone (literally almost any of Bezos other contacts would be less risky).



Going through a remote control or to your phone directly makes no difference. So the remote control is an additional point of failure.


> This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

Any more information on how this type of attack works? Is it a vulnerability in Whatsapp, or was whatsapp just the delivery platform?



first paragraph: The Amazon billionaire Jeff Bezos had his mobile phone "hacked" in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.

So, not snapchat, but whatsapp. And it's quite surprising for me. So, Saudis have 0 days which work on whatsapp on iphone (I suppose Bezos uses iphone)? I mean, FB and AAPL, which both can afford tens of billions in security research, were pwned by saudi 0day? hmmm...



Wouldn't be that surprising. Zero days are available to the highest bidder and Saudi princes have deep pockets.


Honest question. Given that RCE's are extremely rare, can't FB and AAPL announce 100M USD bounty to get them first and patch them, avoiding bad PR and brand impact? Damn, make it 200M?! Or bad actors can easily pay 5x more to exploit said 0 day on a few targets, so hackers will sell to them instead?


I don't think FB or Apple can win a bidding war with state actors, and especially not a wealthy monarch. I think the problem is these 0 days are worth more to bad actors than the bad press costs companies.


>I don't think FB or Apple can win a bidding war with state actors, and especially not a wealthy monarch.

Depends on your personal risk profile, I guess. If I was a highly professional security researcher (one can dream!), the one can find 0 day RCE in whatsapp, well, I would happily accept 10-20M bounty from FB and retire for life, instead of bargaining with wealthy monarch and accepting non-trivial risk of being dismembered with some blunt tools in embassy of Turkey or somewhere else.



Indeed, any money after the "never work again and have a decent middle class lifestyle" point is worth significantly less to me than money before that point.


It's not worth anything like $100m to facebook.

They pay barely enough to say they're willing to pay, but they don't really care.



Exactly. Facebook lost no customers and their stock took no hit as a result of this news. 99.999999% of their users will never know.


I think the problem is that FB or Apple don't really get directly hurt from these exploits being used. Some politician gets hacked and important personal data gets leaked - oh well, there was a bug, we've patched it, one less user out of a few billion. And the vast majority of people probably don't rank this kind of thing very high on their threat model, they're either not going to know or aren't going to care.


I would like to see bounties offered no questioned asked too.

That way someone on the payroll of nefarious inc. my decide to share it with Google or Apple the same time as their boss.



Actually, this is my second question. How much money FB/AAPL are ready to pay for a security researcher who can find 0 day in their software to work full-time for them? Is Nefarius Inc. really competitive with them, salary-wise? I just can't grasp the economics here. Back in 90's, being a bad guy was probably more lucrative, but now, when established IT companies have market cap in trillion zone... what makes people work for nefarius inc?


> what makes people work for nefarius inc?

Very good pay; the ability to work remotely; pride/prestige; community; political reasons.

Being a good digital thief is still very lucrative, especially for people living in low income areas with relatively lax law enforcement. These people can run encrypted computer extortions, steal bitcoin wallets, run/sell botnets, fence digital goods, run underground ad networks, and consult.



> what makes people work for nefarius inc?

No idea about nefarius, but when I talked with someone in a similar role the answer was work conditions. It was apparently easier to get a remote role with a flexible schedule at a more "sketchy" company.



Brokers ("grey market") usually pay out over time, for this reason. If a seller double-dipped by also selling the vuln to the vendor via a bounty program, it could get fixed before they actually got most of their grey-market money.


The actual prices are in the $100k-$200k range. $1m if you are extremely generous.


I wonder what size the supply is. How many could you buy immediately or over time?


Same reason that putting a bounty on dead rats isn't a good way to get rid of your city's rat infestation.


Anyone can get pwned by a 0day. Most nation states probably have funds to buy a probably exclusive 0day and use it against a target.


My guess is this gave them the ability to access anything WhatsApp could access with a code bug in the application and so maybe a Facebook issue more than an Apple issue.


If WhatsApp was given photo library access (which isn't unlikely considering you need it to send previously taken photos) then the exploit could access all his photos without a vulnerability on Apple's part.


> which isn't unlikely considering you need it to send previously taken photos

To be clear for anyone else reading, photo library access is required to browse the photo library from within WhatsApp, it's not required to share arbitrary photos to WhatsApp from the photo app via the OS's built-in share feature.



Thanks, I did make an error and I quickly edited Snapchat to Whatsapp, but didn't note it initially since no one had replied at that point.




Talk about lousy deniability.

I wonder how many Alexas there are in Saudi.



as per usual there will be zero consequences


This sounded plausible until I read the first sentence. Why would MBS be the one executing the attack, and using his personal account to do it?


The Saudi Royal Family simply do not care and walk around with impunity. They thumb their nose at the law and the world order and think they deserve to do whatever they want. This is exactly the same as the Khagoshi execution where overwhelming evidence and implication, but, play naive and put on a big sham investigation. Just how when Russian agents poisoned the Skripals and said they were their to view a church steeple.


Of course, the nation that the Saudi's rely on for aid and military hardware could pressure them. But that would require some minimal commitment to human rights and a free press. And no personal desire to silence criticism from the WaPo by it's president.


This does seem the most likely, as hard as it is to believe. I guess when you have hierarchies based on blood rather than competency, this is what you end up with.


That and no outside government has every held them accountable for anything. Or him accountable for anything.


It seems unlikely it would be MBS himself pressing the button, but a reason why Saudi intelligence might use his personal account is because Bezos would be far more likely to open a video sent from MBS than from some random account.


But the obvious thing to do would be to pick anybody else that Jeff would also talk to and send it from their account instead. Only the most incompetent intelligence agency imaginable would do an op and intentionally attribute it to their own head of state.


Bingo. They really are the most inept.


Is there reason to believe Bezos regularly corresponds on WhatsApp with other Saudis?


Why would it have to come from another Saudi?


It has to come from an account a) Bezos trusts enough to read and open attachments from, b) an account Saudi intel has access to, and c) an account that's not gonna go "hey ignore that, I got hacked".

That’s likely to be a small set.



TFA rather implies that MBS is totally full of himself:

> One observer said the alleged targeting of Bezos reflected the ‘personality-based’ environment in which the crown prince operates.

So it seems plausible that he and his advisers just assumed that they were technical enough to avoid attribution.

It does seem that there's more known than suspicious timing:

> The Guardian understands a forensic analysis of Bezos’s phone, and the indications that the "hack" began within an infected file from the crown prince’s account, has been reviewed by Agnès Callamard, the UN special rapporteur who investigates extrajudicial killings. It is understood that it is considered credible enough for investigators to be considering a formal approach to Saudi Arabia to ask for an explanation.

But then, even if they have conclusive evidence that said file is malware, some third party might have compromised MBS' account.



The article states that Bezos and MBS had been having a casual conversation previously.


Presumably because the attacker(s) assumption was that Bezos would open a message coming directly from someone he trusted and had direct communication with, in this case being MBS?

That brings a lot more questions though; who actually sent the message? Was it a man-in-the-middle situation? Was MBS's WhatsApp account compromised? Did someone else use MBS physical phone to do this? Was it a third party?

Interesting and strange story all around.





Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact



Search: