Jeff Bezos phone hacking scandal: Spyware so smart even billionaires aren’t safe
Researchers still aren’t sure exactly what infected the Amazon CEO’s iPhone X
Researchers still aren't sure exactly what infected the billionaire's handheld. Tasked with diagnosing a suspected cyberattack on an iPhone owned by Amazon Chief Executive Officer Jeff Bezos, forensics experts detected a massive spike in data being siphoned from the device hours after he received a WhatsApp message from a Saudi royal. Yet the malware behind the hack remains a mystery.
What's clear, though, is that Bezos was hit by a potent combination: advanced code, capable of grabbing gobs of information quickly, along with an encrypted delivery system that helped it evade detection. Over the last decade, spyware has gained wider acceptance, become more lucrative and, when transmitted via encryption, increasingly effective. It has evolved from a surveillance tool available for download on the dark web, often by consumers seeking to pry into a partner's private life, into a pricey product passed off as a way for law enforcement to root out illegal behaviour. The market for mobile surveillance technology is valued at about $12 billion and remains less than 10% penetrated, according to Moody's.
The alleged attack on Bezos would be one of the most high-profile examples of spyware being used by government officials against an individual, and it has elicited calls for greater regulation of the industry. The two United Nations experts -- Agnes Callamard, UN special rapporteur on summary executions and extrajudicial killings, and David Kaye, UN special rapporteur on freedom of expression -- said they want a moratorium on the sale and transfer of surveillance technology from private companies. They also called the allegations involving Bezos's phone "a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware."
"Surveillance through digital means must be subjected to the most rigorous control, including by judicial authorities and national and international export control regimes, to protect against the ease of its abuse," they wrote in a report released Wednesday.
The UN experts and the forensic analysis of Bezos's mobile phone, which was published by Vice, identified two electronic surveillance companies that could have developed the technology used to execute the hack. Israel's NSO Group and Italy's Hacking Team both sold products to Saudi officials before the 2018 attack, according to FTI Consulting Inc., which did the analysis. Saudi Arabia spent $55 million in 2017 for NSO's Pegasus software, the Israeli newspaper Haaretz reported in November.
Hacking Team didn't respond to requests for comment, and NSO denied involvement in the attack.
"Our technology was not used in this instance; we know this because of how our software works and our technology cannot be used on U.S. phone numbers," the company said in a statement, while declining to say whether it has done business with Saudi Arabia. "Our products are only used to investigate terror and serious crime."
As the industry has grown in profitability, so has its reputation as a clean and credible business, said Jack Cable, an independent security researcher and a student at Stanford University. Even so, software makers can't guarantee that their products won't be used for ill intent, he said.
"We need look no further than the advertising of companies like NSO Group to see that they sell themselves as protecting human rights for their exploit services," Cable said. At the same time their products have been employed by authoritarian governments accused of human rights abuses.
Spyware is essentially a type of malware that is unwittingly loaded on the device and then takes over.
Once it's installed, spyware like NSO's Pegasus can begin sending back the phone user's private data, including passwords, contact lists, calendar events, text messages and live voice calls from mobile messaging apps, according to the Pegasus manual. In some cases, the operator of the spyware can use the phone's camera or microphone to take photographs or record audio without the target's knowledge.
On its website, NSO Group notes that terrorists, drug traffickers, pedophiles and other criminals have access to advanced technology that makes them harder to monitor and track. "NSO Group develops best-in-class technology to help government agencies detect and prevent a wide-range of local and global threats."
Milan-based Hacking Team, founded in 2003, has sold surveillance technology to law enforcement and intelligence agencies in dozens of countries, according to company documents. Hacking Team promotional materials describe how the company's technology -- its flagship system is called "Galileo" -- was designed to gain access to people's Skype calls, social media messages, mobile phone locations, text messages and other data. The company said in a video posted online that the technology could be "deployed all over your country" and could hack devices belonging to "hundreds of thousands of targets."
There is a constant cat-and-mouse game played between spyware developers and the companies responsible for mobile operating systems and applications. When a new spyware tool is discovered, developers from companies like Apple Inc. and Facebook Inc. work to release a software patch that blocks the tool from working. Then the surveillance manufacturers will work to upgrade their tools to bypass the latest security updates.
In recent years, however, there have been a number of cases in which spyware has been used to hack the phones or computers of journalists, activists, politicians and ordinary civilians.
Activists and researchers say they have identified over 100 cases where NSO Group's technology has been abused to target dissidents, lawyers and enemies of oppressive regimes. WhatsApp and its parent company, Facebook, sued NSO Group in October alleging that the Israeli company used malware to hack into the mobile phones of 1,400 people and conduct surveillance. NSO group disputed the allegations and vowed to fight them vigorously.
Amnesty International is supporting a lawsuit in Tel Aviv court against the Israeli Ministry of Defense seeking revocation of NSO's export license. The lawsuit was filed in May 2019 by a group of non-profit groups claiming NSO's technology prioritizes profit over human rights.
From 2017 to 2019, NSO Group's technology was linked to hacks on a British lawyer, a Canada-based Saudi dissident, and multiple U.S. citizens.
In 2012, Ahmed Mansoor, a prominent human rights advocate in the United Arab Emirates was targeted with spyware produced by Italy's Hacking Team. Since then, similar cases have been reported in countries including Morocco, Egypt and Bahrain.
Meanwhile, in Italy, prosecutors are currently probing a company named eSurv, whose employees developed spyware for law enforcement agencies, but then allegedly used the technology to hack the phones of hundreds of innocent Italians.
And the work on Bezos's phone aimed at getting to the bottom of the hack, FTI says, is still under way.