By Jared Malsin, Dustin Volz and Justin Scheck
Two United Nations officials said Washington Post owner Jeff Bezos was likely hacked using a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman in an attempt to influence news coverage of the kingdom.
The Wednesday release by the U.N. of details from a forensic analysis -- commissioned by Mr. Bezos, the founder of Amazon.com -- of the alleged hack of his phone threatened to renew tensions between the U.S. and Saudi Arabia over the brutal killing of Washington Post columnist Jamal Khashoggi by Saudi officials in October 2018.
"The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by U.S. and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul," the officials said in a statement based on their review of the forensic analysis.
A separate investigation by federal prosecutors in New York is examining whether the brother of Mr. Bezos' girlfriend, Lauren Sanchez, was the source for a National Enquirer story last year about his affair, and whether Ms. Sanchez provided him with that information, according to people familiar with the matter. Ms. Sanchez didn't respond to repeated attempts to reach her for comment.
At issue is a scandal that exploded into public view last February, when Mr. Bezos wrote a stunning blog on an online-publishing platform. In it, Mr. Bezos accused the publisher of the National Enquirer of trying to blackmail him by threatening to release racy photos after the tabloid alleged he had engaged in an extramarital affair.
Mr. Bezos suggested in the post that the photos of him may have been obtained through illicit means that involved connections between the National Enquirer's publisher, American Media Inc., and the Saudi government.
The accusations from the U.N. pointed to a wide effort by the Saudis against Mr. Bezos.
Agnes Callamard, the U.N.'s special rapporteur on extrajudicial killings, and David Kaye, its special rapporteur on freedom of expression, said the hacking took place in May 2018 and continued for months, citing the forensic analysis they reviewed.
"At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post," Ms. Callamard and Mr. Kaye said.
Saudi officials rejected the allegation. "The idea that the crown prince would hack Jeff Bezos' phone is absolutely silly," said Saudi foreign minister Faisal bin Farhan in a video posted on Twitter by his ministry on Wednesday.
Saudi government spokesmen didn't respond to a request for comment. Saudi officials close to the crown prince said they were aware of a plan to hack Mr. Bezos' phone, but not of any attempt to blackmail him.
These officials said the crown prince's media adviser, Saud al-Qahtani, was involved in the hacking effort as part of a broader intimidation campaign against Mr. Khashoggi, who was publishing opinion pieces in the Washington Post. It wasn't immediately clear how they were aware of plans to hack the phone of the Amazon founder.
Mr. Qahtani didn't respond to a message seeking comment on the matter.
Asked about the U.N.'s call to investigate, a Trump administration official said it was aware of the reports and concerned about the allegations.
A lawyer for Mr. Bezos, William Isaacson, declined to comment except to say Mr. Bezos was cooperating with investigations. On Twitter, Mr. Bezos shared a photo of himself at a memorial for Mr. Khashoggi with a one-word caption: #Jamal.
Mr. Khashoggi, a Post columnist, was killed in the Saudi Consulate in Istanbul, an act the Central Intelligence Agency found was likely ordered by Prince Mohammed. The Saudis have contested the findings. Last month, they sentenced five people to death for the Khashoggi killing while releasing two people close to Prince Mohammed.
A month after Mr. Bezos' blog post last year, Gavin de Becker, a security consultant he hired, publicly alleged in the Daily Beast that investigators had determined "with high confidence that the Saudis had access to Bezos' phone, and gained private information." But Mr. de Becker didn't provide forensic evidence and didn't directly implicate Prince Mohammed.
In March, The Wall Street Journal reported that Michael Sanchez, the brother of Mr. Bezos' girlfriend, sold the billionaire's secrets for $200,000 to American Media.
An October 2018 contract between Mr. Sanchez and American Media, publisher of the National Enquirer, gave the company exclusive rights to "certain information, photographs, and text messages documenting an affair between Jeff Bezos and Lauren Sanchez."
Mr. Sanchez "warrants and represents that he has acquired Confidential Information lawfully," stated the contract, which was reviewed by the Journal.
Mr. Sanchez on Wednesday declined to comment on the investigation and said the Journal's previous reporting on him was wrong, without providing any specifics. A representative of the Manhattan U.S. attorney's office declined to comment.
A spokeswoman for Mr. Bezos and Lauren Sanchez didn't have a comment Wednesday.
For nearly a year, federal prosecutors have been investigating the National Enquirer's handling of a story it published about Mr. Bezos' affair with Ms. Sanchez that included steamy texts, people familiar with the matter said.
As part of their investigation, prosecutors have interviewed a number of people, including Mr. Sanchez and more than a dozen Enquirer employees over the past year, the people familiar with the matter said.
The findings from the U.N. are based on the forensic audit Mr. Bezos commissioned from FTI Consulting, a Washington-based business advisory firm, according to people familiar with the matter. The company's cybersecurity unit concluded with "medium to high confidence" that Prince Mohammed's WhatsApp account was used to compromise the Washington Post owner's phone.
In an interview, Ms. Callamard said the FTI investigation came to her attention several months ago. She had been investigating the relationship between phone hacking by Saudi Arabia and Mr. Khashoggi's murder when a person she met in the course of her work told her there was an "in-depth forensic study" in progress of Mr. Bezos' phone. Later someone brought her the FTI report.
The FTI audit, a copy of which was published Wednesday by the website Vice, drew skepticism from some independent cybersecurity experts who said it lacked detail and didn't find evidence of malware on Mr. Bezos' phone.
Bill Marczak, a researcher with Toronto-based Citizen Lab, which has tracked Saudi uses of mobile malware, urged FTI investigators to release more information.
WhatsApp wasn't contacted by FTI Consulting during its investigation, according to a person familiar with the matter. A spokesman for FTI Consulting declined to comment, saying all client work is confidential.
Ms. Callamard and another U.N. official had tech experts review the report; their conclusions "reinforced our confidence in the findings from FTI, and it reinforced the urgency we saw in bringing those allegations to the attention of Saudi Arabia and to the international community," she said.
She said the saga began after Mr. Bezos and Prince Mohammed exchanged friendly WhatsApp messages after meeting in Los Angeles in April 2018 and sharing their numbers. About a month later, the prince sent Mr. Bezos "a touristic video, like just some publicity for Saudi Arabia," she said. That video file, FTI concluded, was likely used to install spyware.
The FBI is continuing to investigate the phone hack, according to a person familiar with the matter. Mr. Bezos didn't want to provide his phone directly to the FBI, so FTI Consulting, where several former FBI officials work, conducted the investigation but stayed in close communication with law enforcement, the person said.
The audit found that a massive exfiltration of data from Mr. Bezos' device began hours after receiving the encrypted video file from Prince Mohammed, with the amount of outflowing data surging by nearly 30,000% and continuing for months.
The findings prompted renewed concern about Saudi Arabia's use of commercially available surveillance tools from Democratic senators in Washington, including Sen. Ron Wyden (D., Ore.), who wrote to Mr. Bezos requesting a copy of the FTI report and additional information about the purported hack.
Companies that specialize in creating custom software for clients to hack phones have proliferated in recent years, as messaging services and computers have become harder to infiltrate due to strong encryption.
While many of the firms said they cater to law-enforcement and intelligence agencies that respect privacy and judicial process, security researchers have documented several cases in which such software has been used by governments in the Middle East and elsewhere to track human-rights advocates, journalists and political dissidents.
FTI's analysis of Mr. Bezos' phone said the apparent hack appeared similar to other known cases that leveraged malware built by companies such as Israel-based NSO Group. In the past, WhatsApp has said NSO used a vulnerability in its video-calling service to infect phones, but it didn't connect the company to hacks via MP4 video files.
U.N. investigators said such MP4 files appeared to be the conduit through which Mr. Bezos' phone was compromised, noting reports of Saudi Arabia using similar means to target others, including associates of the slain Mr. Khashoggi.
(MORE TO FOLLOW) Dow Jones Newswires
January 22, 2020 23:12 ET (04:12 GMT)Copyright (c) 2020 Dow Jones & Company, Inc.