Dubai |

Pub­lished: Jan­u­ary 24, 2020 4:58:55 pm

Jeff Bezos, Jeff Bezos phone hacking, WhatsApp Jeff Bezos, Jeff Bezos Mohammad Bin Salman, Bezos hacked

Cyber­se­cu­ri­ty experts said there were still many unan­swered ques­tions around Jeff Bezos’ phone hack­ing inves­ti­ga­tion. File pho­to of Jeff Bezos from 2019. (Image source: Reuters)

Cyber­se­cu­ri­ty experts said Thurs­day there were still many unan­swered ques­tions from an inves­ti­ga­tion com­mis­sioned by Jeff Bezos that con­clud­ed the billionaire’s cell­phone was hacked, appar­ent­ly after receiv­ing a video file with mali­cious spy­ware from the What­sApp account of Sau­di Arabia’s crown prince.

The experts said the evi­dence in the pri­vate­ly com­mis­sioned report does not show with cer­tain­ty that Bezos’ phone was actu­al­ly hacked, much less how it was com­pro­mised or what kind of mal­ware was used. The report on the inves­ti­ga­tion, which was man­aged by FTI Con­sult­ing and over­seen by Antho­ny Fer­rante, a for­mer head of the FBI’s Cyber Divi­sion, was made pub­lic Wednes­day.

In it, inves­ti­ga­tors said a dig­i­tal foren­sic review con­clud­ed with “medi­um to high con­fi­dence” that Bezos’ phone was com­pro­mised via mal­ware sent from a What­sApp account used by Sau­di Prince Mohammed bin Salman.

Two UN experts issued their own take on the report’s find­ings, call­ing on the US to inves­ti­gate fur­ther. They said it appeared the Ama­zon founder may have been tar­get­ed because of his own­er­ship of The Wash­ing­ton Post, which was pub­lish­ing reports crit­i­cal of the crown prince by colum­nist Jamal Khashog­gi.

Khashog­gi was killed by Sau­di agents inside the kingdom’s con­sulate in Turkey in Octo­ber 2018, five months after Bezos’ phone was appar­ent­ly hacked.

The inves­ti­ga­tors said Bezos’ phone began trans­mit­ting large vol­umes of data — an increase of some 29,000% — after receiv­ing the video file. (Image source: AP)

The report’s con­clu­sions drew heav­i­ly from the unusu­al­ly high vol­ume of data that left Bezos’ iPhone X with­in 24 hours of receiv­ing the video file from Prince Mohammed’s What­sApp account on May 1, 2018, a month after the two exchanged phone num­bers. The size of the file, the inves­ti­ga­tors sug­gest­ed, indi­cat­ed a mal­ware pay­load may have been includ­ed.

The inves­ti­ga­tors said Bezos’ phone began trans­mit­ting large vol­umes of data — an increase of some 29,000% — after receiv­ing the video file.

Ama­zon CEO Jeff Bezos’ phone hack: Was this What­sApp video files flaw used? 

The report fur­ther point­ed to mes­sages lat­er sent from the prince’s What­sApp account to Bezos that showed “appar­ent aware­ness” of pri­vate infor­ma­tion. One includ­ed a meme with a pho­to of a woman the report said resem­bled the woman Bezos was hav­ing an extra­mar­i­tal rela­tion­ship with before going pub­lic with his divorce.

Anoth­er, sent two days after Bezos was briefed in phone calls last Feb­ru­ary about a Sau­di online cam­paign against him, advised the tech­nol­o­gy mogul that what he was hear­ing was not true. “There is noth­ing against you or ama­zon from me or Sau­di Ara­bia,” the mes­sage said.

The report addi­tion­al­ly point­ed to Sau­di Arabia’s doc­u­ment­ed use of spy­ware against crit­ics and oth­er adver­saries as fur­ther poten­tial proof.

Sau­di For­eign Min­is­ter Prince Faisal bin Farhan Al Saud called the alle­ga­tions “pure­ly con­jec­ture” and said if there was real evi­dence, the king­dom looked for­ward to see­ing it.

Cyber­se­cu­ri­ty experts said that while it was like­ly a hack occurred, the inves­ti­ga­tion did not prove that defin­i­tive­ly. “In some ways, the inves­ti­ga­tion is very incom­plete. … The con­clu­sions they’ve drawn I don’t think are sup­port­ed by the evi­dence. They veered off into con­jec­ture,” said Robert Pritchard, the direc­tor of UK-based con­sul­tan­cy Cyber Secu­ri­ty Expert.

: Hat­ice Cen­giz, fiancee of the mur­dered Sau­di jour­nal­ist Jamal Khashog­gi, and Jeff Bezos, founder of Ama­zon and Blue Ori­gin, talk as they attend a cer­e­mo­ny mark­ing the first anniver­sary of Khashoggi’s killing at the Sau­di Con­sulate, in Istan­bul, Turkey, Octo­ber 2, 2019.(Image source: Reuters)

Sim­i­lar­ly, the for­mer chief secu­ri­ty offi­cer at Face­book, who now directs a cyber pol­i­cy cen­ter at Stan­ford, wrote that the report is filled with cir­cum­stan­tial evi­dence, but no smok­ing gun.

“The fun­ny thing is that it looks like FTI poten­tial­ly has the mur­der weapon sit­ting right there, they just haven’t fig­ured out how to test it,” Alex Sta­mos wrote on Twit­ter.

One stick­ing point cen­tered on WhatsApp’s end-to-end encryp­tion, which the report said made it “vir­tu­al­ly impos­si­ble to decrypt con­tents of the down­loader to deter­mine if it con­tained mali­cious code” — mean­ing the inves­ti­ga­tors could not con­clude whether the video file sent from Prince Mohammed’s What­sApp account was infect­ed and used to hack Bezos’ phone.

Bill Mar­czak, a senior research fel­low at Cit­i­zen Lab, dis­put­ed that asser­tion, say­ing it is pos­si­ble to decrypt the con­tents of a What­sApp file. In a post writ­ten for The Medi­um that presents ways to fur­ther the inves­ti­ga­tion, Mar­czak shared a link to decryp­tion instruc­tions and code.

The FTI inves­ti­ga­tors did not reach out to What­sApp to seek assis­tance, a Face­book spokesper­son said.

FTI’s Fer­rante did not respond to emails and text mes­sages seek­ing com­ment. The com­pa­ny said in a state­ment that all FTI’s work for clients is con­fi­den­tial and that the com­pa­ny does not “com­ment on, con­firm or deny client engage­ments.”

Read more:  Jeff Bezos phone hack­ing: UN wants inves­ti­ga­tion, NSO Group says we didn’t do it 

Matt Suiche, a French entre­pre­neur based in Dubai who found­ed cyber­se­cu­ri­ty firm Comae Tech­nolo­gies, said the video file was pre­sum­ably on the iPhone because the report showed a screen­shot of it. If the file had been delet­ed, he said the report should have stat­ed this or explained why it was not pos­si­ble to retrieve it.

“They’re not doing that. It shows poor qual­i­ty of the inves­ti­ga­tion,” Suiche said.

Still, secu­ri­ty pro­fes­sion­als and the report itself said the fact that inves­ti­ga­tors failed to iden­ti­fy any embed­ded mali­cious code does not mean there wasn’t a hack because sophis­ti­cat­ed spy­ware can erase itself, leav­ing no trace.

Steve Mor­gan, founder and edi­tor-in-chief at Cyber­se­cu­ri­ty Ven­tures, a cyber­se­cu­ri­ty research firm in New York, said the report makes rea­son­able assump­tions and spec­u­la­tions, but does not claim 100 per cent cer­tain­ty or proof.

“Giv­en their detailed analy­sis and all of the evi­dence they reviewed, their con­clu­sions are rea­son­able,” Mor­gan said. “The tools they used, includ­ing foren­sic soft­ware and hard­ware from Cellebrite, are wide­ly acknowl­edged to be amongst the best avail­able,” he said.

There­sa Pay­ton, founder and CEO of For­t­al­ice Solu­tions, said the report is cred­i­ble in her opin­ion, but leaves some ques­tions unan­swered, includ­ing whether the crown prince’s What­sApp account may have been hacked by a third par­ty, mean­ing he was not the true attack­er.

“Unless Mohammed bin Salman has a thor­ough foren­sic review of dates, times, phone logs, geocod­ed loca­tions, and logins, it’ll be hard to know for sure who was behind that What­sApp mes­sage,” she said.

For all the lat­est Tech­nol­o­gy News, down­load Indi­an Express App

Source link