The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.
The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.
This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.
The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.
Large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.
The extraordinary revelation that the future king of Saudi Arabia may have had a personal involvement in the targeting of the American founder of Amazon will send shockwaves from Wall Street to Silicon Valley.
It could also undermine efforts by “MBS” – as the crown prince is known – to lure more western investors to Saudi Arabia, where he has vowed to economically transform the kingdom even as he has overseen a crackdown on his critics and rivals.
The disclosure is likely to raise difficult questions for the kingdom about the circumstances around how US tabloid the National Enquirer came to publish intimate details about Bezos’s private life – including text messages – nine months later.
It may also lead to renewed scrutiny about what the crown prince and his inner circle were doing in the months prior to the murder of Jamal Khashoggi, the Washington Post journalist who was killed in October 2018 – five months after the alleged “hack” of the newspaper’s owner.
Saudi Arabia has previously denied it targeted Bezos’s phone, and has insisted the murder of Khashoggi was the result of a “rogue operation”. In December, a Saudi court convicted eight people of involvement in the murder after a secret trial that was criticised as a sham by human rights experts.
Digital forensic experts started examining Bezos’s phone following the publication last January by the National Enquirer of intimate details about his private life.
The story, which included his involvement in an extramarital relationship, set off a race by his security team to uncover how the CEO’s private texts were obtained by the supermarket tabloid, which was owned by American Media Inc (AMI).
While AMI insisted it was tipped off about the affair by the estranged brother of Bezos’s girlfriend, the investigation by the billionaire’s own team found with “high confidence” that the Saudis had managed to “access” Bezos’s phone and had “gained private information” about him.
Bezos’s head of security, Gavin de Becker, wrote in the Daily Beast last March he had provided details of his investigation to law enforcement officials, but did not publicly reveal any information on how the Saudis accessed the phone.
He also described “the close relationship” the Saudi crown prince had developed with David Pecker, the chief executive of the company that owned the Enquirer, in the months before the Bezos story was published. De Becker did not respond to calls and messages from the Guardian.
The Guardian understands a forensic analysis of Bezos’s phone, and the indications that the “hack” began within an infected file from the crown prince’s account, has been reviewed by Agnès Callamard, the UN special rapporteur who investigates extrajudicial killings. It is understood that it is considered credible enough for investigators to be considering a formal approach to Saudi Arabia to ask for an explanation.
Callamard, whose own investigation into the murder of Khashoggi found “credible evidence” the crown prince and other senior Saudi officials were responsible for the killing, confirmed to the Guardian she was still pursuing “several leads” into the murder, but declined to comment on the alleged Bezos link.
When asked by the Guardian whether she would challenge Saudi Arabia about the new “hacking” allegation, Callamard said she followed all UN protocols that require investigators to alert governments about forthcoming public allegations.
Saudi experts – dissidents and analysts – told the Guardian they believed Bezos was probably targeted because of his ownership of the Post and its coverage of Saudi Arabia. Khashoggi’s critical columns about Mohammed bin Salman and his campaign of repression against activists and intellectuals rankled the crown prince and his inner circle.
Andrew Miller, a Middle East expert who served on the national security council under President Obama, said if Bezos had been targeted by the crown prince, it reflected the “personality-based” environment in which the crown prince operates.
“He probably believed that if he got something on Bezos it could shape coverage of Saudi Arabia in the Post. It is clear that the Saudis have no real boundaries or limits in terms of what they are prepared to do in order to protect and advance MBS, whether it is going after the head of one of the largest companies in the world or a dissident who is on their own.”
The possibility that the head of one of America’s leading companies was targeted by Saudi Arabia could pose a dilemma for the White House.
Trump and his son-in-law Jared Kushner have maintained close ties with the crown prince despite a US intelligence finding – reportedly with a medium–to–high degree of certainty – that Mohammed bin Salman ordered Khashoggi’s murder.
Both Saudi Arabia and AMI have denied that the kingdom was involved in the publication of the Bezos story.
A lawyer for Bezos who was contacted by the Guardian said: “I have no comment on this except to say that Mr Bezos is cooperating with investigations.”
The Guardian asked the Saudi embassy in Washington about the claims. It did not immediately return a request for comment.