For a notoriously private man, Jeff Bezos has one heck of a knack for turning his personal life into global headlines.
The latest development in the ongoing soap opera of the world’s richest man is his allegation that his phone was hacked — and all its data exfiltrated — via a video sent via WhatsApp by the de facto ruler of Saudi Arabia, Crown Prince Mohammed bin Salman, in May 2018, according to an investigation.
Most of the questions that first jump to mind on learning this revelation, assuming the forensic analysts hired by Bezos have found the right culprit, revolve around Bezos himself.
Firstly, doesn’t it seem a bit odd that the Saudi crown prince and the Amazon founder have been sharing memes via WhatsApp?
More urgently, given that Bezos allegedly spent a large part of the last year trying to find out who had passed nude photographs of him to a tabloid, is it really possible the ultraconservative government of Saudi Arabia had a hand in it?
And finally: How weird is geopolitics going to get?
Once we dismiss these top questions, though, this story is far more serious than it appears at first. Saudi Arabia’s efforts to hack the CEO of a major corporation — if confirmed — are deeply unconventional. Traditionally, heads of state are kept at some remove from espionage efforts, largely so that, if the espionage is discovered, it can be blamed on (or at least explained away by) intelligence agencies acting beyond their mandate.
If your government gets caught in some electronic surveillance of a supposed ally, you’re inevitably as outraged as your ally is. Heads will roll! You’d never have dreamed of sanctioning it! Everyone knows your outraged response is a fiction, and everyone engages in that sort of spycraft — a senior U.S. official once handed over the phone numbers of 35 world leaders from a list of personal cellphone contacts to the NSA for surveillance purposes — but pretending that we don’t keeps things polite.
By contrast, it’s hard to disavow intelligence operations as a world leader when your own mobile phone was used to carry them out. It also makes anyone else in your contact book somewhat anxious — and should make us anxious, too. CNN reported last year that Saudi officials confirmed that President Donald Trump’s son-in-law and senior adviser, Jared Kushner, also used WhatsApp to communicate with the Saudi leader, after Kushner’s lawyer admitted as much to the House Oversight Committee. The United Kingdom's media has also reported that Prime Minister Boris Johnson is believed to have exchanged WhatsApp messages with the Saudi crown prince.
Trump, of course, is known for having a penchant for handing out his private cellphone number on a whim to world leaders; there’s even concerns the president himself could have left himself vulnerable to hacking by the Saudis (or others). He’s already been warned that the Russians and the Chinese have listened in on phone calls he makes on the personal cellphone he maintains from before his time in office, and his former chief of staff, John Kelly, had his cellphone hacked in late 2016 or early 2017.
Bezos is just the only victim of the powerful crown prince’s personalized hack that we know about now.
A broader issue is that Saudi Arabia is not in the top tier when it comes to online espionage — in fact, it’s distinctly in the second tier. If they can so easily get hold of almost all the private information of the world’s richest man — a tech billionaire who surely has excellent private security — we need to all ask ourselves what the top-tier state hackers are capable of.
That top tier certainly includes the U.S., U.K. and Israel — but also nations such as China and Russia, neither of whose capabilities should be judged by some of their cruder social media efforts. Amateurish efforts are the ones we find out about; the professional operations almost never get caught.
The reality is likely that, for high-value targets, both privacy and private information are almost certainly already dead. Given that much of the competitive advantage of U.S. companies lies in their intellectual property and research and development spending, the consequences of that could be seismic.
There is more immediate trouble for the rest of us, too. What starts with the elite eventually becomes reality for the masses — and that counts for the bad as well as for the good. And, the democratization of cellphone hacking has already started. (The usual culprits known to be spying on regular people’s phones are rarely good: controlling partners or dangerous exes.)
Cellphone surveillance is already the reality for too many women — it is overwhelmingly, but not exclusively, women who are seemingly subjected to this — and their phones are subject to similar types of targeted malware as that discovered by Bezos.
The deployment of targeted malware will only become more prevalent as it gets better known and easier to do, and as the cat-and-mouse game between phone developers and those seeking to exploit security holes continues, to the benefit of people with the basest of motivations.
Few motivations could be as base as the potential ones of the Saudi crown prince. Bezos might be best known as the founder of Amazon, but he was also the owner of The Washington Post — the newspaper at which Jamal Khashoggi, a prominent critic of the Saudi government, was a respected contributor.
Khashoggi was murdered and dismembered in October 2018, reportedly on the order of the crown prince himself (which he has denied). The Washington Post, which is owned by Bezos, was one of the most prominent voices reporting on and calling — in vain — for that action to have consequences; the use of the information likely gathered from Bezos’ phone after its hacking only began after Khashoggi’s murder, according to the investigation. Like any low-grade thug or bully, it seems the crown prince was looking for some way to silence those who would call him out.
Our lives are in our phones, and they’re not safely held there. It’s the lowest of us that will seek to exploit that — and if Bezos isn’t safe from it, none of us are. We should worry more about that.