Hacker News new | past | comments | ask | show | jobs | submit login
Bezos Investigation Says the Saudis Obtained His Private Data (thedailybeast.com)
612 points by NN88 52 days ago | hide | past | web | favorite | 171 comments

Putting aside the politics / personal matters here, a nerd question (this is HN after all!):

Does anyone have a sense (even broadly) of the specific methods that were used to intercept Bezos' texts? Did he use an iOS or Android device? Were the cell towers attacked? Was he the victim of a good 'ol zero day piece of malware? (I presume Bezos isn't the kind of guy to click on random email attachments on his phone).

Just curious what universe they were playing in.

(Speculation welcome!)

Probably the same spyware that was used to spy on Khashoggi's iPhone -- spyware sold to them by the NSO group of Israel: https://www.nytimes.com/2018/12/02/world/middleeast/saudi-kh...

Does NSO make software other than Pegasus? That software exploited a bug in ios prior to 9.3.5, which was patched in August 2016.

I’m wondering if there are new exploits, or if Bezos or his girlfriend ran really old ios versions. The latter seems unlikely.


They would only need to find a new exploit to install the malware, not rewrite the malware entirely. They have given demos as recently as 2018 where they have demonstrated a 0 interaction remote iphone 0day.


>The entrepreneur, who spoke to Motherboard on condition of anonymity because he was not authorized to talk about the meeting, agreed, but said that NSO would have to target his other iPhone, which he brought with him and had a foreign phone number. He gave NSO that phone number and put the phone on the desk.

>After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said.

>“I see clicking on all kinds of icons: email icon, SMS icon, and other icons,” he told Motherboard. “And suddenly I saw all my messages in there and I saw all the email in there and they were capable to open any information that was on my [iPhone].”

A semi good news from this is for the politicians to know that: "If Bezos' phone can be hacked by Saudis, so can all the politicians' phones and their office workers' phones."

A good story to tell next time when politician want to enact some new law to weaken the security of phone, for Apple/Android to build security holes for the "law enforcement / governments".

> A semi good news from this is for the politicians to know that: "If Bezos' phone can be hacked by Saudis, so can all the politicians' phones and their office workers' phones

Of course, they could have already learned that the hard way, and that could be why they turn a blind eye to Saudi wrongdoing.

amsau 52 days ago [flagged]

Why would anyone assume that politicians phones weren’t hacked? If anything this behavior, of invading privacy and trying to control people by blackmailing them, happened to the richest man in the world.

A lot of things mentioned in this article is similar to what happened with Alabama governer Robert Bentley. Early 2016, a leaked recordering of his conversation with his mistress was leaked to media (unknown source) Then a year later his wife screenshot his iMessage conversations with his mistress Rebekah! And everyone thinks it’s the wife. Between 2016-2017 and before the wife screenshot these photos there was an organized campaign against Alabama governer. Who by the way: - Supoorted Kasich to run for president - took down a confederate flag - was planning a settlement for Syrian refugee..

Just think of this, what if Trump was able to hack every congressman phone?

What gave national acquirer the confidence to black Bezos? Unless of course they’ve done it too many times to too many people. The question who are these victims?

We need to know who is/was used as a tool to implement Trump and kushner agenda.

If they tried to blackmail Bezos, then imagine how many senators and representatives they may have blackmail on. This is a true crisis.

I always wondered how some regines, including the saudis, managed to get so much access to the US's political leadership.

> Just think of this, what if Trump was able to hack every congressman phone?

Something like that already happened: https://www.democracynow.org/2014/8/1/john_brennan_faces_cal...

So what will we do if it happens and we find out. I guess he'll just apologize and we'll pretend it never happened? It worked like that last time:


> According to CIA spokesperson Dean Boyd, agency director John Brennan apologized

amsau 52 days ago [flagged]

That’s not the same. The cia didn’t hack phones and blackmailed businessmen and politicians.

Are you trying to change the topic?

I quoted your line about executive branch spying on the members of the senate so I replied to that part. It wasn't just a theoretical possibility.

> The cia didn’t hack phones and blackmailed businessmen and politicians.

We know they hacked the devices of senators and even apologized for it later. Did the blackmail them? Could be. How do you know they didn't? Bezos was probably the rare case where he exposed their blackmail, in most cases, because of what it is, blackmail is something that is kept secret.

what phone should we continue to use? A burner?

That and have sensitive discussions while both you and the other person are in the shower together. Also try to use language that requires the other party to have prior knowledge for your statements to make sense.

Perfect forward secrecy.

Purely speculation, but from a commercial perspective it would certainly make sense to have the highest-tier version of your product available only to select, high-paying customers; hypothetically this might include zero day exploits of up-to-date software. Pure speculation.

Would payments for this be higher than the potential costs of leaving known exploits active on their devices?

Exploits are only used to access the system. You can delete them from memory afterwards.

Generally these companies use whatever method or exploit is available. Depending on how good their employees and other sources are (incl. the blackmarket, intelligence agency contacts, etc.), it might occasionally take some time after a patch until they get a new 0-day exploit. FinFisher makes or made the same promises, according to their own advertisements.

Most of the time you don't even need a 0-day exploit, simple trojan horses/targeted phishing attacks work fine. Fake celltowers can also be used. The possibilities are nearly endless. Endpoint security is virtually nonexistent.


Yes there is. It’s been reported by many reporters. Citizen labs did an amazing job investigating NSO hacked phones. https://www.haaretz.com/israel-news/report-israel-authorized... Then an ex mossad tried to get citizen labs to say antiemetic statement.

Undercover agents target cybersecurity watchdog https://www.apnews.com/9f31fa2aa72946c694555a5074fc9f42

I had to edit my comment to add these two very important links from CNN and khashoggi twitter. khashoggi funded a Saudi group (they called themselves the Bees) who were working to counterattack Saudi bots and trend manipulation. His conversation and planning with them was all intercepted by the Saudi using NSO software.

The group with khashoggi were able to push their hashtag and had it trending just 12 days before his murder

Khashoggi tweet with the hashtag #what_do_you_know_about_the_bees. https://twitter.com/jkhashoggi/status/1043028035455221760?s=...

CNN: WhatsApp conversation with the bee group intercepted by Saudi using NSO


QUOTING GAVIN DE BECKER “Bezos to sign would have required that I make a public statement, composed by them and then widely disseminated, saying that my investigation had concluded they hadn’t relied upon “any form of electronic eavesdropping or hacking in their news-gathering process.”

Note here that I’d never publicly said anything about electronic eavesdropping or hacking—and they wanted to be sure I couldn’t” ——- Looks like NSO doesn’t want us to know think it’s their software..

I have pointed this out 49 days ago:


Thank you! It’s widely accepted and known in Saudi Arabia and other Arab countries that NSO is used by their dictators. Not sure why israel gov, the only democracy in that part of the world, is helping dictators by approving NSO to be sold to counties like Saudi Arabia, UAE and Mexico!!

It’s just shocking to see some people not only reject that its NSO but go beyond and above their ways to defend NSO, like the commentator we are relying to.. So many comments here are again insisting it’s the brother who leaked it when this article was SPECIFICALLY written by Gavin de Becker to say it’s the Saudis and not the brother...

please when you make a statement or reject an accusation cite a reputable source.

Check out this psygroup proposal to blackmail people name/shame by Psy-group.

It says in the proposal that these methods of blackmailing often work to silence target.


Worth mentioning that the smear campaign against Bezos on twitter is identical to what proposed to trumps son in his meeting at trump tower with George Nader Here is psy group proposal


> Thank you! It’s widely accepted and known in Saudi Arabia and other Arab countries that NSO is used by their dictators. Not sure why israel gov, the only democracy in that part of the world, is helping dictators by approving NSO to be sold to counties like Saudi Arabia, UAE and Mexico!

Dictatorial and royal Arab governments are much friendlier to Israel than any democratic government would be. They’re not willing to officially regularise relations because they know how much their populace hates Israel but they’re perfectly willing to work with Israel. Israel knows this. That’s why they’re willing to work with these governments; they’re the closest to friends and allies they’re ever going to get as neighbours.

Precisely that, although the irony is that while the regimes themselves, anywhere in the Sunni Arab world, are friendly and cooperative towards Israel, their educational textbooks still preach for hatred and rejection of Israel and often times straight antisemitism. It's how they prop a common enemy to blame for their troubles.

Israel is a highly pragmatic country, primarily concerned with the survival of the Jews instead of a set of principles. Allowing NSO to be sold to nearby dictatorships like the Saudis would allow the Saudis to more easily defeat their own enemies rather than go after Israel, a sort of dark diplomacy.

>Not sure why israel gov, the only democracy in that part of the world, is helping dictators by approving NSO to be sold to counties like Saudi Arabia, UAE and Mexico!!!

Not surprising. For example the US has a “special relationship” with Saudi Arabia and sells a lot more than software (jets, arms, etc)

But USA never helped Saudi to treat its people inhumanly. The US didn’t help or remained silent when Saudi violeted human rights. The US never EVER helped Saudi to spy on a journalist then advised its murderers on how to weather the storm, like Kushner did. Even Lindsey Graham couldn’t tolerate this atrocity but it was fine with Kushner and Israeli PM Netanyahu https://www.haaretz.com/israel-news/.premium-netanyahu-on-kh...

>The US never EVER helped Saudi to spy on a journalist...

Israel didn't help them either, it just didn't stop an Israeli company from selling certain products to the Saudis. Do you think the US is stopping all companies from doing business with the Saudis, or even just stopping them from selling tools that can be used by the regime against the public?

because they aren't, they are however supposedly doing that with Iran and to a certain extent, with Russia, so it's not like it's something they can't do, it's just that they choose not to.

I'm by far not an expert, but I believe that This business (spyware for governments) works more similar to international weapons dealing. An Israeli company selling spyware to Saudi Arabia will likely at the same time work together with Mossad or another allied intelligence agency. Selling this software provides an obvious entry point, whether for human assets, piggy-backing on the eavesdropping software, or to map out future attack vectors.

The founders and employees were members of the Israeli military cyber-security apparatus, if not Unit 8200 itself.


I assume most software sold by these companies has backdoors either already shared with Aman/Mossad, or stored to be provided upon request.

They were former members in those organizations, like army vets, and as far as I understand they face a lot of criticism from the Israeli public, if not the government.

I think they are basically like those vets that go and work security for private contractors, and some of them end up working for some really bad people.

About the backdoors, I can't tell, on the one hand, I would assume you're correct, that they do provide access to the Mossad+friends, but on the other hand, if it was discovered, they would lose credibility, and all those basically bad people wouldn't work with them, and any normal entity probably aren't working with them already, so they would lose their entire business.

You might be interested in seeing photos of F-15s above the Saana skies. In fact, the first F-15 lost combat was lost due to a Yeminite SAM.

Reminds me of when the US assisted Iraqi poison gas attacks during the Iran-Iraq War.

Your claims about what the US did and didn't do seem rather implausible to me, and in any case it seems unlikely that you're in a position to know what e.g. the NSA, the CIA, or any of the countless US military intelligence agencies did or did not do for Saudia Arabia. All we know is that the US makes massive weapons and oil deals with Saudi Arabia and has considered the Saudis one of the most important strategic partners in the region. Personally, I find it not hard to believe that the same cynics involved in these deals and cooperation wouldn't care all too much about some Saudi journalists, gay Saudi youtube channel dancers, or human rights activists, but of course I could also be wrong. The point is that we don't know.

> Thank you! It’s widely accepted and known in Saudi Arabia and other Arab countries that NSO is used by their dictators. Not sure why israel gov, the only democracy in that part of the world, is helping dictators by approving NSO to be sold to counties like Saudi Arabia, UAE and Mexico!! >

Let’s see A) they are selling a product

B) they are helping propping the stable status quo

C) do you really help a country by selling oppression tools to its dictatorship, most democratic countries have overtaken dictatorships in all metrics with one exception

D) getting good will from the current rulers and establishing cooperative relationships within multiple levels of those countries

E) good will and relationships can be exploited

At a guess anyway


amsau 52 days ago [flagged]

Can you please discuss the issue? because an Israeli company was involved we have the right to criticize it. And you have no right to accuse us of not liking Israel or inventing stories. If people with your reasoning are the only ones left to defend Israel, I worry about Israel...

I would assume that a malicious CLEC on SS7 could easily intercept SMS or MMS messages like these .

If anyone else is curious about those acronyms, this is what I think they might mean:

CLEC: https://en.wikipedia.org/wiki/Competitive_local_exchange_car...

SS7: https://en.wikipedia.org/wiki/Signalling_System_No._7#Protoc...

Apple, Google, Microsoft, and various other major US tech companies participate in PRISM. [1]

The NSA internally described PRISM as "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details. Quoting Snowden in regards to this, "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."

Note this includes live communications! So this opens a pretty big question. How? One extremely conspicuous point is that when companies initially tried to deny being involved in PRISM, they all claimed something more or less the same. 'We do not allow any government agency to have DIRECT access to our servers.':

- Apple - "We do not provide any government agency with direct access to our servers"

- Facebook - "We do not provide any government organization with direct access to Facebook servers"

- Google - "We have not joined any program that would give the U.S. government —or any other government— direct access to our servers"

And so on. This is conspicuous enough to have it effectively said that access to the NSA is facilitated through some "indirect" means. The exact technical implementation of this totally-not-a-backdoor is not as relevant as the fact that this totally-not-a-backdoor can be exploited by other actors if the means are discovered. And of course there's plain old social engineering and spy games in play. Or even plain old greed. NSA worker #235,123 gets evidence that the world's wealthiest man, arguably the single most relevant economic player in the world, is cheating on his wife with some rather extreme and embarrassing evidence of such? That's going to be worth a whole lot to many people who would like to use that information against him, and an NSA worker would be just the sort of person to know who'd be interested in it.

The US got very very lucky that Snowden seems to have been patriotic and ethical, but nonetheless his actions emphasize that all the scrutiny and profiling in the world can't really predict what people will do. And as we continue to expand our surveillance state, it means the damage a single disgruntled worker can do continues to grow in proportion.

[1] - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

I think the "direct access" refers to that these companies will give access when required by law. But still, there is no plugin model where the government pulls the data whenever they want. Government asks, company supplies. There is little insight however on how much is supplied.

I came across this. May be theres more than one way to skin a cat.


This story is specifically referenced in the article, which then explains why there's more to it.

Would stingrays accomplish this kind of breach?

We don't know for sure what kind of breach compromised the data on Bezos's phone. However, public reports have tied the Saudis to groups such as NSO (Pegasus zero-day malware for iOS) and Hacking Team (numerous Android exploits). So, from what has come out, pattern would suggest that it was some kind of zero-day malware activated via link embedded in an email - this would not be a Stingray use case.

Was it only his phone that was targeted? What about the phone his mistress was using?

More importantly, it doesn't matter. As a fellow nerd, I can sympathize why you ask. To try to prevent for yourself (or close sphere of influence). But you will either not get a true answer, or will be unable to prevent it.

Keeping in mind that we have seen exactly zero evidence that Bezos's texts were ever intercepted at all. Hopefully at this point we're long past taking claims in an op-ed at face value?

No, sorry, I don’t agree at all. I consider Gavin de Becker to be exceptionally credible, and think any idea that “all op-eds are the same” is beyond disingenuous.

I don’t know anything about Gavin. Not that I particularly trust journalists but they are supposed to be neutral third parties reporting facts.

I agree that something that I didn’t say would have been disingenuous, but I’m not sure why you would bring it up.

I’m sure you would agree that it being an op-ed tells us primarily that this article was not written by a neutral third party. We would not be surprised if it makes little to no effort to present opposing views. As an op-ed it is free to make unsupported conjectures and should probably be approached with a higher bar of skepticism and should be expected to provide facts or evidence to back up any of its novel claims.

In short, op-eds are not news, and should not be treated as such. Not that “news” is particularly deserving of the distinction these days.

I said simply that we should not take op-ed claims at face value. You said you don’t agree at all. I mean, you are perfectly free to take the claims at face value if you like, but appeal to authority is hardly compelling and perhaps even a bit disingenuous itself.

Yes, this entire article is bullshit. I'd bet 99% her phone/email/whatever were hacked from password reuse in a prior leak. Convenient this all happened when he divorced his wife (aka someone knew who she was to target her specifically) and figured they'd extort Amazon and likely short the stock. I've read the article, it really doesn't say anything.

I'm so tired with these pseuso-SOC style reports detailing <some group> from the US, north Korea (lol?), Saudis, <whatever> just because someone changed a path of a binary to /home/valdimir and made a post on a Russian underground forum.

Ockham's razor here, she reused passwords, got pwned, he sent her dick pics, as 80% of the people of this world do these days, and they got recovered.

Could also be that her texts were leaked, right?

It sounds like the investigator has no evidence that the Saudis did anything at all.

But yes, most governments that do any intelligence work at all do develop and/or buy Android and IOS 0day and rootkit tools from shady private companies.

Why do you say they have no evidence? They claim to have a lot of evidence but decided not to disclose it here due to officials currently investigating the case. Sure, they could be lying, or the evidence could be not as strong as they suggest, but they seem confident that there is strong evidence that the Saudi government accessed Bezos' phone.

That's not what the article says. De Becker claims to have extensive evidence that the Saudi's did it.

De Becker claims to have evidence and lawnchair_harry claims there is none (we haven't seen any at least). De Becker has all the reasons to bluff while lawnchair_harry has all the reasons to be skeptical. I am not sure why is he downvoted.

What reason does de Becker have to falsely accuse the Saudi Government of hacking Jeff's phone? I don't see any upside for Bezos and de Becker to make themselves enemies of the Saudi Arabian government.

There’s no downside. Bezos and the Saudis are already enemies because of the Washington Post’s coverage. What’s this article going to do? Make MBS feel sad?

"Experts with whom we consulted confirmed New York Times reports on the Saudi capability to “collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace—including phone calls, texts, emails”—and confirmed that hacking was a key part of the Saudi’s “extensive surveillance efforts that ultimately led to the killing of [Washington Post] journalist Jamal Khashoggi.”"

It was probably Pegasus, from NSO Group. 60 Minutes just had a segment last Sunday: https://www.cbsnews.com/video/ceo-of-israeli-spyware-maker-n...

Horseshit, if I've ever seen it. Both sides used Apple Messages, which is encrypted end to end. Not even Apple can "intercept" anything.

End to end encryption isn't super useful if one or both endpoints are compromised.

Exactly my point. If someone else other than Sanchez had access to her phone, E2E encryption won't do shit. But to say that anyone is able to magically "intercept" E2E encrypted communications out of thin air is total bullshit. If I were Bezos, I'd refuse to pay for this "investigation".

> Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information. As of today, it is unclear to what degree, if any, AMI was aware of the details.

Note the words "Had access to Bezos' phone". E2E encryption means bugger all when someone has access to one end. There's other comments in the article that give the impression Bezos' phone was compromised.


You seem really invested in this either not being the Saudi's or being Sanchez (or her brother-in-law as has been speculated). Given the political situation surrounding this whole story is best summarized as "a double shit sandwich, extra runny" I'm wondering if your feelings on the politics are clouding your technical judgement? Of if you are outright trying to spread disinformation.

We have pretty ample evidence that FBI can indeed get into iPhones when needed[0] and I don't think it's a leap to assume that if the FBI can do it, CIA and NSA won't have issues with it either. I suspect Saudi intel services are capable of throwing money at the same vendors that the FBI uses. Apple takes great care to make things as secure as possible but even the most sophisticated encryption schemes are broken when you can arbitrarily, remotely and silently screenshot the data in question. Bezos is the richest man in the world, he's not hiring some fly-by-night security consultancy. He personally employs some of the smartest information security consultants on the planet through Amazon. They also provide cloud services directly to the military and intelligence agencies. He's got plenty of knowledgeable contacts to consult with.

[0] https://thehackernews.com/2017/10/apple-fbi-iphone-unlock.ht...

> not some bullshit a reporter made up on the spot

This article wasn't written by a reporter, which doesn't bode well for your reading comprehension skills.

> You are being fed a narrative. You should recognize this when it happens if you don't want to continue being a sucker.

You're making a really big assumption about what I am, or am not, taking from the article.

Wait. Even if you have access to the device how do you get app-to-app access of the underlying texts unless there is a hack unknown to Apple. I know there are barriers Apple has built in where developers cannot access the text messages because of many obvious reasons for abuse. Perhaps Pegasus knows of a "0 day" or multiple and use this? However, E2E encryption PLUS Apples security model around text messaging in iOS should prevent it.

Or a screenshot

If even half of this is true we clearly need stronger encryption and security, not back-doors and anti-encryption laws.

Democracy depends on freedom of expression, freedom of association, and privacy - all of which are threatened by espionage and blackmail.

I wonder how companies like Twitter (mentioned in the article), Google, Apple, Microsoft and even Amazon protect themeselves from rogue employees. If I, for example, was responsible for an OS's TCP/IP stack, I can imagine ways that I could compromise security with a very low probability of the compromise being detected. I hope that all companies are taking this kind of risk very seriously.

not sure. seems dangerous because you don’t want a red scare with chinese employees for instance but there has been instances already where they’ve been caught

There are lots of methods, but the simplest is not allowing anyone to commit to the repo without having at least one other person review the code.

It was rather obvious even back then (or at least when Bezos first published his piece) that it was the Saudis that hacked his phone, I'm not entirely sure the significant of this message by De Becker.

Furthermore, at least the way I see it, the more important party at fault here is AMI. I mean we can't really be surprised that a dictatorship is using their powers against powerful and influential people (especially those that have publicly opposed and blamed them of crimes). But we should be outraged when an American corporation cooperates with them, and we should do what we can to stop and punish them, both the Saudis (in whatever way we can), and more easily, the entire AMI group, it's executives and everyone involved.

Yes, AMI deserves outrage and prison.

But big as they are, they're a tool. Saudi ordered the hit. As far as I, a lowly democratic individual contributor, can see.

They are only the tool, but they are also almost completely under our (judicial systems) control, as opposed to the foreign power (that is just trying to maintain it's control).

Just like if someone spies for a foreign country, then while that country might be acting in an unfriendly way, and we should be wary of them in the future. Their agent is a traitor, and should be handled as such.

Saudi Arabia ordered the murder of an American journalist six months ago. That journalist was attacked and cut into small pieces by a 20 man kill squad.

Now, clear evidence has come out showing that the Saudis are willing to attack even the world’s wealthiest man, Jeff Bezos. If the founder of Amazon is in their crosshairs, it is clear that no American is safe.

The traitor Trump is a big supporter of Saudi Arabia and is currently planning on selling them advanced nuclear technology. Saudi Arabia is as dangerous as Iran or North Korea or Russia – their financial backing is what made the World Trade Centers attack possible on 9/11.

Saudi Arabia is an evil dictatorship and it must go. No American is safe.

Correction: Jamal Kashoggi was Saudi but had permanent residence in the US ("green card"). It was reported at the time that the US administration took umbrage in his non-citizen status as they were reluctant to take punitive measures

Why are there family run countries still in 2019?

You're welcome to go over there and tell them to stop it. They usually have a lot of power and resources, and they're unwilling to give it up.

As an American, I don't want to see my fellow countrymen dying in another pointless war, so my view is that we should generally mind our own business.

I've spoken with someone who claimed to be a monarchy proponent and they suggested I read: "Democracy – The God That Failed: The Economics and Politics of Monarchy, Democracy and Natural Order (Perspectives on Democratic Practice)", by Hans-Hermann Hoppe. I don't know anything about the author, nor have I read the book, but perhaps that might help provide some insight into why some support a monarchy.

I suggest you do look up the author, because he is rather infamous for saying and writing stuff like this:

"In a covenant concluded among proprietor and community tenants for the purpose of protecting their private property, no such thing as a right to free (unlimited) speech exists, not even to unlimited speech on one's own tenant-property. One may say innumerable things and promote almost any idea under the sun, but naturally no one is permitted to advocate ideas contrary to the very purpose of the covenant of preserving and protecting private property, such as democracy and communism. There can be no tolerance toward democrats and communists in a libertarian social order. They will have to be physically separated and expelled from society. Likewise, in a covenant founded for the purpose of protecting family and kin, there can be no tolerance toward those habitually promoting lifestyles incompatible with this goal. They – the advocates of alternative, non-family and kin-centered lifestyles such as, for instance, individual hedonism, parasitism, nature-environment worship, homosexuality, or communism – will have to be physically removed from society, too, if one is to maintain a libertarian order."

(Yes, the man seriously calls himself a libertarian.)

Because those families control a lot of oil, guns, drugs or money.

Succession in monarchies is a tricky subject, ask the Roman Empire.

Family based succession, more or less provides a clear lineage and plan. Otherwise, military gets involved.

The book “The Dictator’s Handbook: Why Bad Behavior is almost always Good Politics” explains this fairly well. It’s a great read, maybe a bit depressing.

TLDR: it’s cheaper to pay off a small group (family) rather than a big group (populace).

That is by far the best book I’ve read about politics. It starts with a simple premise and is able to explain a lot. This video gives the short version - https://youtu.be/rStL7niR7gs

Presumably nobody saw fit to remind the House of Saud what year it is...

> advising on controversial murder cases. I’ve seen a lot. And yet, I’ve recently seen things that have surprised even me, such as the National Enquirer’s parent company, AMI, being in league with a foreign nation

I honestly don't know how to feel reading something that ranks politics above actual state sponsored murder.

And having to accept that as the uncontested norm.

The title does not match the article at all. He didn’t find anything. He found that Saudis don’t like Bezos and that they hack phones. It’s quite a stretch to go from that to saying they hacked the Bezos phone.

I don't think that's the case. The article makes a very specific claim:

>Further, to respect officials pursuing this case, I won’t disclose details from our investigation. I am, however, comfortable confirming one key fact:

>Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information. As of today, it is unclear to what degree, if any, AMI was aware of the details.

He claims there is direct evidence that they accessed Bezos' phone. It may not be true, but opting to not disclose evidence doesn't mean none exists. I also doubt Bezos and his lawyer would make such a major accusation like that without confidence that it's true.

I thought "claim with high confidence" is intelligence speak for we don't have a fucking clue but it's the narrative we're running with. </s>

This is really no better than citing anonymous sources. There is a story if and when, and not a moment before, actual evidence (with some respectably chain of custody) is actually provided.

EDIT: The word "evidence" only appears once in the editorial, talking about an AP article reporting that the Saudi's were sent an advanced digital copy of the pro-MBS magazine.

Read it carefully, Gavin never equivocally states he has any evidence that the Saudi's had access to Jeff's texts. They interviewed people. They were told by other people that the Saudi's had this capability. SA apparently "unleashed their cyber-army on Bezos". And AMI has done [presumably highly lucrative] work for MBS. And AMI is bad because they caught-and-killed a story for Trump, and have done things for Trump in the past. That is all we get here, aside from the ominous ending of Saudi Arabia controlling our media.

I'm just so tired of the conspiracy theories.

Not knowing why AMI started talking to Michael Sanchez is not the same as knowing that the Saudi's told them to talk to Sanchez.

Ironic, because you claim without any supporting references that you "thought" that the statement ("claim with high confidence") is intelligence speak for no evidence, and then use this assumption to conclude that it's no better than citing anonymous sources.

The first sentence was sarcasm. But if you need a reference, how about Iraq WMDs.

I'm not on the hook to prove anything. TFA provides literally zero evidence of their claim other than to assert it strongly.

In my opinion, the most strongly asserted claims accompanied by "we can't tell you the evidence, but we turned it over to someone else who also can't tell you"... well, haven't we seen how that turns out enough already over the last 2 years?

My point is simply that TFA asserts a lot and backs it up with nothing but hyperbole.

Funny you should mention the Iraq WMDs. WMDs were cited as justification to go to war against Iraq, a war that the Bush administration had a variety of political, ideological, strategic and economic reasons for wanting to engage in.

What incentives do de Becker and Bezos have that would cause them to falsely accuse the government of Saudi Arabia? It seems that such an action would be risky to say the least.

Of course, the potential risk doesn't mean that they don't have such reasons (or even that their inference based on whatever data they have is correct), but I am curious as to what you think are the likely explanations.

Bezos’ initial medium post seemed to me like wild conspiracy theory born of Messiah complex.

But the incentives are massive. The world’s richest man had a huge PR problem with stories coming out about how his wife actually was instrumental in helping build Amazon in the early days.

Half his fortune on the line. Perhaps his controlling stake in Amazon, too? How many Amazon shares will his ex-wife walk away with at the end of this? Aside from the divorce which will be the most damaging event in Jeff’s life, the PR hit is not insignificant.

If Jeff can tie AMI to illegal spying he can possibly take down the entire company. Is revenge not a good enough motive? He is certainly not a disinterested third party.

This is a great albatross to distract from an otherwise big story.

We know there was a conspiracy to murder and dismember a journalist. Your suggestion that it's outlandish to consider a conspiracy to blackmail an owner of a newspaper is intellectually dishonest. Frankly it's insulting.

To propose such a strawman of my position, and then accuse me of being “intellectually dishonest” and “insulting”. Wow.

I never said outlandish. I said people claiming Gavin said he had evidence were incorrect, because TFA literally never claims to have evidence. Let alone direct evidence. Let alone incontrovertible evidence.

I think it’s absolutely incumbent on the accuser to provide at least some general description of the form and substance of evidence that was obtained to support a claim such as this. This is not asking too much from a private citizen who apparently had unlimited funds from his boss (the richest man in the world) to exact revenge on someone who attacked him in one of the most financially damaging ways imaginable.

Since when does HN accept conspiracy theories with absolutely nothing to back them up? I’ve seen the post “extraordinary claims require extraordinary evidence” upvoted to the top of many discussions. Why does that not apply here? Doubly so in a case where the accuser is so personally vested in the outcome.

You propose that because we know conspiracy A (through tremendous amounts of actual evidence) so therefore we must entertain a tenuously related conspiracy theory B without any evidence?

Please don’t accuse me of being insulting and dishonest on the basis of frankly basic skepticism of a conspiracy theory, particularly if that is the extent of your rebuttal.

The political skirmishes of the worlds richest men don’t really concern me. What does concern me is the posited existence of a remotely installable no-touch root access zero day for a presumably up-to-date iPhone, and secondarily, that it’s being weaponized by foreign government against private US citizens — meaning it apparently doesn’t require the carrier’s cooperation to deploy, which is what would shock me the most, because baseband exploit would be the most obvious vector.

You called it a "wild conspiracy theory". You're using "conspiracy theory" as a thought terminating cliche, which is intellectual dishonesty.

> "absolutely nothing to back [..] up [the theory]"

More intellectual dishonesty. The Saudis had the means, the motive, the opportunity and the disposition, as demonstrated by their murderous tendencies. The House of Saud are a family of thugs who are known to conspire to murder journalists. It's entirely rational to consider the strong probability that they've also conspired to blackmail people.

It is incontrovertibly nothing more than a wild conspiracy theory at this point;

- A remote access no-hands zero day iPhone rootkit.

- An international plot to expose an affair

- A plot potentially involving the President of the United States in cahoots with the National Enquirer to expose the richest man in the world

- A blackmail attempt to cover it all up

- Perfectly executed parallel construction to account for the source of the photos

Last week the President was accused of clandestinely exploiting the intelligence apparatus of the United States to steal Bezos' photos. Now that we know (the only actual evidence that we've seen -- in this case statements from the brother himself and AMI) that the photos were provided by the brother, a new theory emerges that this was merely parallel construction after the affair was exposed through spying by the Saudis.

To reach that conclusion, you would have to (1) have evidence that the Saudi's contacted AMI to give them the lead, (2) have evidence of the zero-day on the iPhone, and (3) be able to link some sort of network activity back to Saudi Arabia carrying the exfiltrated data. ('AMI was tipped off', 'by the Saudi's, 'after they spied on Bezos by exploiting his phone' are three separate facts which each need supporting evidence).

Instead... You use the words "means", "motive", "opportunity" in a colloquial which is at odds with their meaning in a court of law. "I think this guy doesn't like that guy" is true of an untold number of people in Bezos' orbit, including his ex-wife.

"I think this guy can remote root international iPhones at the click of a mouse" is not means" - it's utter speculation. Anyone* who knew Bezos was having an affair with Sanchez would be in the exact same position to approach the brother and ask for kompromat.

I don't know what you are claiming is the evidence of "opportunity" in this case?

I certainly don't support Saudi Arabia, and I'm looking forward to the day where there's no one left to buy their oil and they sink back into the desert. It is absolute fact that Saudi Arabia has murdered and blackmailed in pursuit of their political goals.

But you have literally nothing but a cute story and a blog post of a guy who said trust me because I have high confidence that they hacked Bezos' phone to give AMI the lead on his affair other than "Saudi Arabia bad".

You have not come even remotely close to substantiating any sort of claim, other than to basically say that it's not impossible that it was them. I actually agree that it's not impossible that agents of Saudi Arabia remotely accessed Bezos' iPhone using a no-hands zero day to root his iPhone, discover the affair, and then call someone at AMI to tell them to track down the girl's brother to get a copy of the texts. It's not impossible but there's also no evidence that any of us has seen it actually happened. I think that's pretty much the definition of a conspiracy theory right there! The correct response, IMO, is absolute skepticism, and to wait for evidence to be presented.

Or at the very least, a general description of the sort of evidence which allegedly has been found?

And I really think you should cut it out with the ad hominem. There's nothing dishonest about my skepticism, and I am not insulting you, just your utter lack of an cohesive argument.

> What incentives do de Becker and Bezos have that would cause them to falsely accuse the government of Saudi Arabia? It seems that such an action would be risky to say the least.

It seemed the implied incentive for Bezos to accuse the Saudis was to portray himself as the victim and not the victimizer. He also had beef with the Saudis before this happened. Finally, his medium posts and frantic behavior suggested he may have been letting panic and paranoia get the better of him.

BTW, not saying that I think any of this is true (and this article suggests it isn't). Just summarizing what others have suggested.

I’m going to leave this link here for future reference:


So many downvotes to my comments on this story, I am curious to see where it all ends up.

It’s time to put “but what about the WMDs” away as an argument.

Sorry I mentioned it! It has nothing to do with my premise, as we're not even talking about intelligence agency assessments here.

My point was simply that this is a mealy-mouthed statement which does not assert anything about what, if any, evidence may have been obtained or analyzed;

> "Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information."

This is pretty common in intelligence work because admitting what evidence you’ve found can compromise sources.

No, they didn't state in the article the evidence because it has been handed over to the authorities to deal with. It is now an active investigation.

I suggest you re-read the article. Extensive evidence that has been turned over to US authorities.

Please quote the part of the article which says anything about "extensive evidence" or "evidence" of any kind. TFA actually says;

> As has been reported elsewhere, my results have been turned over to federal officials. ... Further, to respect officials pursuing this case, I won’t disclose details from our investigation.

"Results". "Details". Never "evidence".

What would you call "results and details" of an investigation which led to a conclusion?

It's so vague as to defy description.

Gavin said he was confident in his conclusion. He then went on to describe numerous activities; interviewing current and former AMI executives, Middle East experts, cybersecurity experts, current and former advisers to Trump (?), whistleblowers, associates, and others targeted by the Saudis.

That sounds to me, like an awful lot of smoke, and zero definitive evidence. What he didn't say he had? Forensic evidence from the phone. DKIM signed email trail, confession from a co-conspirator, etc.

I have no doubt there is a compelling story here. I have no doubt that this could theoretically fit the Saudi MO. I certainly have absolutely zero doubt that the crown prince is an epicly murderous duplicitous asshole. I might even believe the Saudis have some ways to remotely infiltrate certain iPhones (but I would bet it requires compromising the carrier).

None of that would lead me to conclude the Saudis tipped AMI without just a little bit of non-circumstantial evidence.

It's surprising that someone as wealthy and famous as Jeff Bezos would be storing such photos on his phone.

I already kind of treat my phone as though it's public domain. The amount of software which runs on most devices today is unfathomable. Keeping your devices completely secure seems almost impossible.

What do you suggest CEOs of big companies should use to communicate with other people? They need phones and laptops. If you trust it with company data why wouldn't you trust it with your private data? It's nice to separate the two but that's besides the point.

Billionaires get nlowjobs at shady Florida massage parlors for $100. Why would it surprise you they use their phones for dick pics?

There are 7 billion people in the world. That number is incomprehensible. When a large portion of those know who you are, you cannot possibly assume that you live anything close to a normal life. Everyone around you must be trying to blackmail or manipulate you... Heck, even the people manipulating you probably have other people manipulating them behind the scenes.

You can't trust anyone or anything. I already feel like this now as a regular person. If I was a billionaire, I would probably never leave my mansion and I'd fire all the house staff. You just can't buy real trust; people will only pretend to be trustworthy.

When you're a public figure, you become surrounded by the best actors in the world. These people are in a different league than what you see in Hollywood and they all want a piece of you.

You need technology to conduct business. Just like many people need to drive, even though it is rather dangerous to drive or ride in a car.

There are very few reasons to take and store naked photos of yourself on your phone. So I submit that it's usually a bad idea to do so.

As someone who frequently takes and stores such photos, I would argue that mutual arousal between partners is an extremely strong human drive/need.

"I like things that make me feel good" is generally considered a very, very satisfactory reason by 99.999% of the population.

This is getting close to saying "Sexual intercourse is very dangerous. Outside of reproduction, there are very few reasons to have sexual intercourse, so I submit that it's usually a bad idea to do so."

>mutual arousal

I think there are probably better, safer ways to do that then taking and sending photos. Unless the thing that gets you worked up is the very likely danger that these photos are being collected and stored somewhere for others to see and or use against you.

He sent these photos to his lover. He may not necessarily have kept them after sending.

> Jeff Bezos would be storing such photos on his phone

Its not about being wealthy and famous its about knowing how information can be easily shared and never get deleted on the internet.

Bezos being the founder of Amazon, a company which exists just because of the internet should not have made that mistake.

Ive started doing this.

Treat everything as compromised.

I am always looking for new suggestions on where to hide 'Keys'.

Would a VPN have prevented this?

(removed, see below)

HN has a way of self correcting. Come back in a few hours and most of the bad comments should be killed by down votes.

Sometimes when a thread or story is killed, though, the comments survive and multiply because the broader community can't moderate them.

True, good point. I've seen that before. I'll come back later.

Also, to be clear, disagreement and skepticism about what's written in the article is a healthy and good thing. But the disagreement should take into account the full content of the article, since many counter-arguments here were specifically discussed in it.

And now the US wants to give M. Bone Saw nuclear tech. What could possibly go wrong?

It's worth noting that the Saudi's are well known to have an informal agreement to get access to the Pakistani nuclear devices if Iran develops the bomb.[1][2][3][4]

[1] https://en.wikipedia.org/wiki/Nuclear_program_of_Saudi_Arabi...: Since 1998, Western diplomats and intelligence agencies have long believed that an agreement exists in which Pakistan would sell Saudi Arabia nuclear warheads and its own nuclear technology should security in the Persian Gulf deteriorate.

[2] https://www.globalsecurity.org/org/news/2003/031022-pakistan...

[3] https://www.nytimes.com/2018/11/22/world/middleeast/saudi-ar...

[4] https://carnegie-mec.org/diwan/75723 Saudi Arabia probably already has a nuclear weapons capability, courtesy of Pakistan.

Just saw the author of one of those articles. Sigh.

Depends on the extent of "nuclear tech". If it's just building a nuclear reactor in SA, I don't see a problem at all. Nobody is giving them the tech needed to enrich uranium.

Depending on the reactor tech I can see two problems. First, can it be produce plutonium? Second, it can certainly be used to make some tremendously dirty bombs. Given the issues with rich Saudis funding and aiding terrorists, I’d be concerned. There is also the issue of just how stable the Saudi government is long-term, and what happens (or needs to be done) if it falls.

Probably not much, as I suspect the Israelis will keep a very close eye on the project and intervene if/as needed. They have a more realistic long-term view of the region IMO, and are capable of handling these issues effectively, if not quietly or gracefully.

Wait? What?

Are you seriously suggesting that in lieu of cutting the problem off at the source by NOT giving a dangerous man like MBS nuclear weapons, we should rely on other nations in the region to clean up the mess?

No, that isn’t at all what I’m saying, and you can tell that’s the case because it bears literally no relation to what I did say.

You say "no problem, Israelis deal with it ... probably."

In response to What could possibly go wrong?.

That has nothing to do with whether or not it’s a good idea, just that I believe very little can go wrong I’m the context of Mossad oversight. I’m certainly not endorsing the deal.

That has nothing to do with whether or not it’s a good idea, just that I believe very little can go wrong I’m the context of Mossad oversight

This is the most eye-opening naive piece of rhetoric I've ever read on HN.

Mossad couldn't stop Iran from developing nuclear technology, only delay it. And that was with every country in the world agreeing to sanctions.

There is no chance they can stop the Saudis, especially since the Saudi's probably already have a technology transfer agreement with Pakistan.

> I’m certainly not endorsing the deal.

Why not? If nothing can go wrong, then on what grounds could you possibly object?

Israelis have made friends with MBS. Color me surprised.


You have to wonder if that software has flaws known to the Israelis, I certainly would if I used it.

What is the motivation of Saudis?

Why is it news when a billionaires privacy is invaded, but not ours?

> You know him as Jeff Bezos; I know him as my client of 22 years. ... To understand where this story goes, some background is needed.

Eyeroll. Why is Gavin writing this? In the Daily Beast? The narrative voice sets off immediate alarm bells, reading like a Tom Clancy novel;

> What was unusual, very unusual, was how hard AMI people worked to publicly reveal their source’s identity.

It really isn't all that unusual, when you feed a salacious story to a conspiracy-theory-mad media which is frothing at the mouth to bring down Trump by any means possible, and then claim the President cooked it up as political revenge. When the FBI has a non-prosecution agreement with you that any misdeed could throw you under a microscope... It would have surprised me more if AMI insisted on absolute secrecy of their source. This is classic "makes you look guilty either way" rubbish.

The world's richest man got caught doing something that could literally cost him half his fortune in the ensuing divorce. I certainly wouldn't want to be on the wrong side of that particular counter-strike.

Interesting questions, why is he writing this, and why here? A few guesses:

1) Bezos had made claims in his original post that AMI and the Saudis were in league on the Bezos attack. That got walked back a little in this post when he admitted that (paraphrasing): it is unclear how much AMI knew, but it was still totally the Saudis. Maybe there won't be any evidence coming to back that up other than the AMI lawyers' strange request.

2) Bezos had given some of the credit for these claims to de Becker before, but now the weight of any truth or not is squarely on GdB.

3) Setting the record straight(?) that Michael Sanchez was not vile but rather a semi-victim of a larger plot might be helpful to Jeff the human in love.

Why The Beast? Well as you can now see every news wire picked it up within hours, so maybe they're just conveniently easy to use as the first publishing spot.

There was nothing to "intercept" I think. Sanchez's brother copied them and forwarded them to The Enquirer in exchange for a decent sized bag of cash.

The article says AMI already knew about the affair before Sanchez was contaced by AMI about the affair.

>AMI has repeatedly insisted they had only one source on their Bezos story, but the Journal reports that when the Enquirer began conversations with Michael Sanchez, they had “already been investigating whether Mr. Bezos and Ms. Sanchez were having an affair.” Michael Sanchez has since confirmed to Page Six that when the Enquirer contacted him back in July, they had already “seen text exchanges” between the couple. If accurate, the WSJ and Page Six stories would mean, clearly and obviously, that the initial information came from other channels—another source or method.

The underlying claim by the author is that this narrative is a lie, created in order to hide the Saudi government’s involvement.

Apparently not conspiracy theory enough.

From my reading this is exactly what happened. Reported by AP News, CNN, Fox News, and The Verge.

If you read the linked article, it's clear that somebody told the enquirer to approach the brother-in-law to buy the photos —— somebody already knew that Bezos and his mistress were exchanging inappropriate texts before the brother-in-law. Bezos’s investigators claim to have forwarded evidence to the US government that shows the Saudis were behind it. We’ll see what happens given how close this administration is to MBS.

This is just privatized parallel construction weaponized against a critic of the Saudi government.

Let me start with saying that in no way do I think the Saudis are not nefarious or clear of any guilt in this case.

However, the original post asked how the digital material was obtained. The post, and many others, imply some technical wizardry was used to obtain said info. Who is to say the Saudis did not employ traditional human intelligence to learn that the brother had access to the ‘dirt’?

My point is simply: just because the Saudis knew which stone to turn over does not mean they used some technical prowess to turn over said stone.

[edit] clarify my stone turning over analogy.

De Becker (who is as credible as technical investigators get) said that his investigators along with outside experts developed evidence that showed that the Saudis had access to Bezos's phone. He turned this evidence over to Federal investigators.

Without knowing more, it's hard to say exactly what happened, but there is plenty of evidence of the Saudis, along with other repressive regimes, spending huge sums of money buying and weaponizing zero-days to target critics. So they had the means, the motive, and the opportunity to target him..

I read it...or so I think. No details on how hacking was done, method, time etc. They hate Bezos (obvious,) they have capabilities to spy on phones, and they do retaliate /blackmail, but a phishing message sent or a spyware would have sealed the proof.

He turned over details to gov, more will be coming I would imagine.

Am I the only one that feels this is a bit far fetched? Perhaps because it is light on technical details, or more so, what the point of the article is. If Jeff Bezos paid for the investigation given how publicly he came out with his first statement, why would he not be the one issuing the follow up?

And if he did pay this person what is the point of this coming out here, and on the daily beast.

Just doesn’t quite add up for me.

You are skeptical that Bezos would delegate publicly describing the results of the investigation to the person he publicly hired to investigate?

The article is full of hot air. Poorly written and not sure what the point or conclusion is.

PErhaps its a teaser piece of what's to come.

I don't know what he's so concerned about. He knows as well as the the rest of us that "If you've got nothing to hide, you've got nothing to worry about."

This is great, but I take issue with the phrase "the Saudis".

There are about 33 million Saudis. I doubt most of them had anything to do with this, and I think it's important to maintain a mental distinction between the government of a country and its people.

That's the common way of referring to a government, especially in the security/spying sphere.

e.g. "Did the Americans know about Pearl Harbour?" "Why did the Soviets develop the atom bomb"? "Why do the British maintain a nuclear deterrent?" "How will the Australians react to the detention of one of their nationals by the Chinese?"

Sorry for being pendantic but Al-Saud or 'the Saudis' are literally the ruling family: https://en.wikipedia.org/wiki/House_of_Saud

The 32m+ citizens are called 'Saudi Arabians'... calling them 'Saudis' is, erm, informal at best, lazy at worst?

Well Americans like to call themselves "Americans" even if that technically refers to all of the inhabitants of the American Continent (from North, Central and South America), so...

> Well Americans like to call themselves "Americans" even if that technically refers to all of the inhabitants of the American Continent (from North, Central and South America), so...

Technically, they're overwhelmingly correct, and your definition is in fact the uncommon one. For example, see the primary definition for both adjective and noun usages in the Oxford Dictionary of British & World English (not even US English).


I think people generally understand that it's a dictatorship, referred to as "the Saudis". Much like actions of ISIS are not indicative of what your average Muslim neighbor is up to.

OK, but you'd presumably take issue if a headline said "The Muslims" rather than "ISIS".

I agree that people generally understand that in this case the headline refers to the Saudi government - but OTOH, this kind of "generalisational" language can perhaps be a form of propaganda, or at least subconsciously change some readers' perception with constant exposure.

That's completely different though. That's like referring to the Israeli government is a headline as "The Israelis" vs "The Jews". They're both overbroad when taken literally, but the former is standard shorthand that is clear from context and the latter strongly suggests that writer has an anti-Semitic motivation.

There is no evidence that writer has an anti-Semitic motivation

The other poster never implied that.

Saudi's refer specifically to the House of Saud, which is the ruling family of Saudi Arabia, if another family was ruling it would be {insert family name here} Arabia

Interesting. What's the right word to use when describing the members of the House of Saud?

That being said, it's still pretty normal to speak like this. Americans, Russians, Chinese.

It's also the family name of the vile people dictating the behavior of the government.

It’s pretty common to use:

The Saudis = the Saudi Family

Saudi Arabians = all Saudi citizens

The Saudis are a family. They happen to run a kingdom called Arabia. People who aren’t in the family aren’t saudis, they’re Saudi Arabians.

“House of Saud”

The AP Style Books lists "Saudi" and "Saudis" as the proper way to talk about people from Saudi Arabia.

Well you can start making that distinction yourself by calling them Arabs, since Saudi is just an adjective meaning "pertaining to Saud." Arabia will be there forever, but since 1932 and until the house of Saud goes down the toilet like it deserves to, Arabia is temporarily a Saudi place.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact