The Saudi crown prince’s alleged hacking and blackmail of the world’s richest man over a secret lover is truly a Bond movie-style plot. But, if you can get past the initial “WTF!” reactions, this recent news story demonstrates how close the dark side of the internet lies to its surface, and how easily it can be utilised by malevolent state actors.
The Saudi government says the Jeff Bezos hacking story is “absurd”. And it’s right: there’s an unbelievably comic farce in the idea of the Saudi crown prince personally planting malware in the phone of the head of one of the world’s leading tech companies using encrypted WhatsApp. For critics of the big platforms, that’s more than enough schadenfreude to last for weeks.
But more, it demonstrates how absurdly confident authoritarian regimes are to reach across the world to intimidate and silence critics. The UN report into the hacking, released this week, documents multiple cases of phones belonging to Saudi dissidents and human rights activists being compromised in a similar manner.
This is not absurdist comedy. It’s tragedy. And, at the core of the dramatic arc is the murder and dismemberment of Washington Post columnist (and Saudi dissident) Jamal Khashoggi in the Saudi Istanbul consulate by 15 state agents in October 2018.
The killing was “a premeditated extrajudicial execution, for which the state of Saudi Arabia is responsible”; this is what UN special rapporteur on extra-judicial executions Agnès Callamard concluded last June.
In a subsequent statement this week, Callamard joined with UN special rapporteur on freedom of expression Davie Kaye to confirm that it was “established with reasonable certainty” that the Saudis hacked the phone of Khashoggi’s ultimate employer — Amazon boss (and Washington Post owner) Jeff Bezos — five months earlier.
The UN reports that this was followed up with attempts to pressure Bezos the month after the murder using information about his extramarital affair most probably obtained from the hack.
Each killing of a journalist (there were 94 in the year Khashoggi was killed) is both an individual tragedy and its own particular metaphor for the global assault on human rights. These UN reports by Callamard on the Khashoggi murder reveal two particularly dangerous trends: the first — which is not new — is the willingness of states to use their ‘monopoly of violence’ to murder dissidents and critics outside their borders.
This is about more than removing one irritant. It’s about sending a message to all dissidents: you will never be safe, wherever you are. It’s the threat of criminal gangs to police informers, not of states to citizens exercising democratic rights.
What’s new is that hacking and spyware have been weaponised by states both to snoop on targets and to use the information gained through that spying against their enemies.
It appears the Saudis hacked Bezos’ phone by embedding malware in a video messaged from Mohammed bin Salman via WhatsApp after the two exchanged numbers a month earlier at a dinner. This dinner was held the night after The Washington Post published a further Khashoggi column. (Facebook says it patched the flaw in WhatsApp that made the hack possible in early 2019 after similar cases affected human rights lawyers.)
Following a month-long Saudi-led campaign to #boycottAmazon, bin Salman messaged Bezos in November 2018 with a photo of a woman similar to his lover captioned “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.” (Last month Twitter removed 90,000 accounts used to spread Saudi spam.)
A couple of months later, private photos and texts revealing Bezos’ affair were leaked to the National Enquirer. The masthead denies Saudi involvement.
Bezos went public, with a Medium post on February 8 last year, pointing the finger at the Saudis. He engaged Gavin de Becker, author of bestseller The Gift of Fear (in which he wrote on managing extortion) to lead the investigation “with whatever budget he needed to pursue the facts in this matter”. They commissioned business advisory firm FTI Consulting who identified the bin Salman message as the source with “medium to high confidence”.
“We are facing a technology that is very difficult to track, extremely powerful and effective, and that is completely unregulated,” Callamard told the The New York Times this week.
“It basically means that we are all extremely vulnerable.”