United Kingdom

How Saudi cyber chief spent years acquiring hacking tools thought to have been used on Bezos

Saudi Arabia has been accused of using spy software to hack the phone of Jeff Bezos - after years of acquiring such tools, often at the cost of millions of dollars.

The effort was led by Saud al-Qahtani, head of cybersecurity in the kingdom and a confidant of Mohammed bin Salman until was blamed for orchestrating Jamal Khashoggi's murder in 2018 and reportedly placed under house arrest.

Qahtani is thought to have been behind a bailout of Italian firm Hacking Team in 2016, after Saudi spent some $5.5million with the company between 2010 and 2015.

Saud al-Qahtani, Saudi Arabia's former cybersecurity chief who has reportedly been under house arrest since 2018 after he was blamed for ordering the killing of Jamal Khashoggi

Qahtani is thought to have spent at least three years acquiring hacking tools on behalf of the Saudi state, including a $55million purchase from Israel's NSO Group in 2017

He is also thought to have paid some $55million to Israeli cyber firm NSO Group in 2017 to get hold of hacking software it had developed targeting WhatsApp.

That technology was allegedly used to hack Khashoggi's phone before his death.

Now the UN has said there is evidence that another piece of NSO technology was used to target Bezos.

The Amazon founder is thought to have been targeted by the personal account of Bin Salman, using a corrupted video file sent to him on May 1, 2018.

The file is though to have contained a spying program called Pegasus, described by security firm Kaspersky as 'the ultimate spyware'.

Pegasus was first uncovered in 2016 thanks to a human rights activist from the UAE who forwarded it on to tech experts after suspecting he had been targeted.

They found that the software would have allowed the sender to read his messages, activate his camera and microphone, read his messages and mail, log key presses, listen to calls, and extract his browser history and contacts.

The UN now believes that spyware created by NSO might have been used by Mohammed bin Salman (left) to target the phone of Jeff Bezos (right) 

The program is even capable of getting around encrypted messaging services, such as WhatsApp. 

The U.N. experts said Bezos' phone hacking occurred during a period in which the phones of two close associates of Jamal Khashoggi were also hacked, allegedly using the Pegasus malware.

Khashoggi was killed by a Saudi hit squad in October 2018 after writing columns critical of bin Salman in the Washington Post, which Bezos owns. 

Shortly afterwards, Qahtani went missing and has not been seen in public since. 

NSO Group said in a statement it was 'shocked and appalled' by the reports linking its software to the Bezos phone hacking.

'If this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse,' the company said.

'Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance,' the company said.

The first messages between Jeff Bezos, in green, and the Saudi prince were in April after they met at a dinner in Hollywood

This is the message that Mohammed bin Salman sent Jeff Bezos on May 1 which is thought to have been the 'hack' that harvested data from his phone 

In October, WhatsApp, which is owned by Facebook, sued NSO in the U.S. federal court in San Francisco, accusing it of helping government spies break into the phones of about 1,400 users across four continents.

Targets of the alleged hacking spree included diplomats, political dissidents, journalists and senior government officials.

NSO has denied the allegations, saying it solely 'provides technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime'.

Amnesty International will ask an Israeli court on Thursday to order Israel to revoke the export licence of NSO Group, whose software is alleged to have been used by governments to spy on journalists and dissidents.