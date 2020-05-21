In June 2018, journalist Ben Hubbard received an SMS. Hubbard had been covering Saudi Arabia for the New York Times for five years. The text of the message was an Arabic headline from a local outlet: “Ben Hubbard and the article from the Saudi royal family,” it said, along with a link to the ArabNews365 page.[.]com.

Hubbard did not click. He looked for that headline on the web and could not find it. He asked the director of a medium actually called Arab News if they used an address with the addition of “365”. They said no.

When he consulted with cybersecurity experts, they told him not to click, and Hubbard forgot that message, according to a personal account in his newspaper, where he is now a correspondent in Lebanon.

A few months later, Hubbard learned that the cell phone of a Saudi dissident had also been hacked.

A few months later, in October, Hubbard learned that the cell phone of a Saudi dissident had been hacked with a similar method. The disclosure came from Citizen Lab, a laboratory linked to the University of Toronto, Canada. Hubbard shared the message for them to analyze. Only now, following the news from Bezos, has Hubbard given Citizen Lab permission to tell his case.

Citizen Lab has released a report on the attempted infection. The lab does not know if there was finally any kind of leak, but Hubbard says in his article that experts who analyzed his device later saw nothing suspicious.

Citizen Lab was the first body to publicly reveal the existence of Pegasus, from the Israeli-based NSO company. Pegasus is spyware used to access mobile phones undetected and is the one used to attack Hubbard, according to Citizen Lab. “At the time Hubbard received the sms, the domain arabnews365 was active and belonged to a faction of the NSO Group infrastructure used by a Saudi operation, “says the Citizen Lab report. That domain’s membership in the operation was independently verified by Amnesty International as well.

The operative that managed that domain targeted four other people in addition to Hubbard in those months of 2018, according to reports from the Citizen Lab. The only common point they had was Saudi Arabia.

Hubbard will publish a book in March titled MBS, which stands for Saudi Crown Prince Mohamed Bin Salman. The video that was used to allegedly hack Jeff Bezos’s mobile was sent from Bin Salman’s WhatsApp account. “MBS is the never-before-told story of how a mysterious young prince emerged from Saudi Arabia’s extended royal family to reform the economy and society of the wealthiest country in the Middle East,” the publisher says of the book.

The Hubbard case links the Jeff Bezos hack to Saudi Arabia with more certainty for the time and the alleged interests of the regime. In October 2018, the critical Saudi dissident Jamal Khashoggi, who wrote for the Washington Post, was assassinated at the Saudi consulate in Istanbul, Turkey.

New questions about Bezos

But since the report by the FTI consultancy, hired by Amazon founder and owner of the Washington Post, and the subsequent confirmation by two United Nations rapporteurs, was leaked seven days ago, new questions have emerged about the attack on Bezos.

The problems with the forensic analysis of Bezos’s mobile is the lack of technical confirmation. Without questioning a conclusion that seems reliable, the debate among cybersecurity experts is why it was not attempted to shore up the investigation with all possible certainties.

The first big question is why the malware that contained the MP4 video that Bin Salman apparently sent to Bezos via WhatsApp and that was the origin of a strange behavior of the mobile phone was not analyzed: from the day Bezos received that message, his phone began to send much more daily data than usual.

The report said that they had not been able to analyze the code linked to that video due to WhatsApp encryption. “It’s like going to trial with the crime gun locked in a box that you say you can’t open,” said Alex Stamos, a former Facebook chief of security and now a professor at Stanford University on the Cyberlaw podcast.

A couple of days after the publication of the report, a programmer published the code that is needed to access WhatsApp encryption and analyze the video. It is nothing so sophisticated. “If you publish that MP4 video on Twitter, in 20 minutes they tell you if it includes something malicious,” added Stamos.

The second big problem with the original report is the lack of analysis of those data running away from Bezos’s mobile: where they are coming from and where they are going could have provided better answers to analysts.

The most important revelation allegedly from the hack – that Bezos was getting a divorce and had a mistress – was released by the National Enquirer, a gossip outlet with little concern for the truth and links to Bin Salman. Bezos even accused them of extortion for threatening to publish sexual photos. The Enquirer replied that the information had been given to him by Bezos’ lover’s brother. Since the publication of the report, the Wall Street Journal has published that prosecutors handle information that would confirm the version of the Enquirer: that the photos came from the brother, not from the mobile hack.

If Bezos decides to have another company more effective than FTI inspect his old iPhone X, new details are likely to emerge. Meanwhile, the campaign against the permissiveness of governments with companies that sell spyware grows.

.