The International Cybersecurity Forum in Lille, France (FIC2020) runs for 3 days next week. It has fast become a major European reference event, but now also has an enormous U.S. cyber security contingent. This year we’ll have over 10,000 visitors, 650+ vendors and partners, and over 120 countries represented.
There really is no better place than FIC2020 to have the opportunity to meet the major players in cyber security and take stock of the tendencies and trends regarding cyber attacks, and especially of the solutions … and lack of solutions … given the problem is critical and we all seem to encounter it every day.
I will have a preview of the event in a special post tomorrow (à mon FIC2020 et à mon listserv de cybersécurité : il sera en français et en anglais). The event will include special comment sessions on the Jeff Bezos/Mohammed bin Salman caper so I thought a summary was in order.
23 January 2020 (Paris, France) – It has been just under a year since Amazon CEO Jeff Bezos shocked the world with a Medium post disclosing that he had been the subject of an extortion attempt, hired the best person in the world to investigate it, and promised to get to the bottom of it. The story’s elements included an extramarital affair, family betrayal, stolen nudes, and the crusading reporting of the Washington Post, which Bezos owns. Within days, a hefty amount of circumstantial evidence hinted that the government of Saudi Arabia and its crown prince, Mohammed bin Salman, were likely involved in the scheme.
Then, on Tuesday afternoon, the Guardian published a bombshell: a forensic examination conducted at Bezos’ request by the FTI Consulting found that his phone had most likely been hacked in 2018 after he received a WhatsApp message from a personal phone number belonging to MBS himself. Stephanie Kirchgaessner reports:
The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.
This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.
The report was subsequently confirmed by the Financial Times and New York Times, and Vice published the full report from FTI. Among other things, the report suggests that MBS was attempting to intimidate Bezos, months before a Post columnist — MBS critic Jamal Khashoggi — was brutally murdered on the crown prince’s orders, according to the CIA.
The United Nations has called for further investigation related to the Khashoggi murder, in which MBS continues to deny his involvement. Here’s Jared Malsin, Dustin Volz and Justin Scheck in the Wall Street Journal :
The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by U.S. and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul based on a review of the forensic analysis.
At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post.
Some threads.
Is the case against MBS being behind the hack open and shut? On one hand, there’s no smoking gun. The evidence points to “an account of” the prince but not “a phone of” the prince. On the other, no one has proposed a credible-sounding alternate culprit. The gist is that after MBS’ WhatsApp account sent Bezos a video file, Bezos’ phone went crazy and started transmitting an enormous amount of data. From the FTI report:
That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented study of the code delivered along with the video.
Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. Within hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter.
Still, information security types aren’t satisfied with the FTI report, arguing that someone with access to the phone and the malicious file should be able to find direct evidence that it was the culprit. Please see Alex Stamos on this point here.
What malware was used in the attack? What vulnerabilities were exploited? Could my phone be hacked in the same way? We don’t know, we don’t know, and we don’t know, respectively.
OK, but who made the malware used in the attack? Probably one of those shadowy hacker-for-hire outfits. The FTI report “suggested that the Tel Aviv-based NSO Group and Milan-based Hacking Team had the capabilities for such an attack,” Sheera Frenkel reports in a Times piece about the hack. NSO Group denied it; Hacking Team didn’t respond.
SOME THOUGHTS
Such brazen targeting of a private citizen – the richest man in the world, no less – is alarming to say the least. It really underscores the impunity of the unchecked private market for digital surveillance, one that can now never be controlled despite the wailing of “regulators” and data privacy and cyber security advocates. And one can only imagine what the Crown Prince has acquired on other prominent U.S. figures who have known relationships with the crown prince (Jared Kushner and Donald Trump himself spring to mind, two chumps who continue to use unsecured mobile phones).
As my regular readers know, I am an opsimath at heart. And I think everything in technology is related in multiple ways so every year my team and I attend an esoteric collection of events and conferences that provide us perspective and a holistic tech education. For that list click here.
To be an informed citizen is a daunting task. To try and understand the digital technologies associated with Silicon Valley and the intelligence communities (artificial intelligence, big and small data, cyber intrusion, mobile technology, social media platforms, etc., etc.) that increasingly dominate our economic, political and social lives requires a concentrated effort to track and understand the evolving thinking and development of these technologies.
Which is why we put the International Cybersecurity Forum in Lille, France (FIC2020) at the top of our list. For a flavor of the event, here are the 22 videos we shot last year. For more information on the event click here. I hope we see you there.