No wonder Bezos is fuming.
6GB of exfiltrated data? That'll cost him hundreds of dollars, even if he's on AT&T's cheapest plan.
I'm setting up a GoFundMe, anyone care to chip in?
The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos’s iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos’s smartphone had been compromised by a malware-poisoned video sent directly by bin Salman …
cell-phone more when one is in command of everything
It's entirely possible that he has more than one phone.. (yes, yes, I know - stretching the bounds of possibility I know. But even the Orange One has more than one phone and he's only the POTUS and a pauper compared to Bezos. In fact, the only think I thing OO exceeds Bezos in is the number of wives/mistresses he's cheated on..)
I agree. Almost all my phone usage happens when I'm on wifi, so I use very little data most of the time.
As far as noticing it, most carriers in the US offer "unlimited" plans that throttle after a couple dozen GB. If 6 GB was spit out it wouldn't even change his bill - not that he's looking at his bills or whoever does would ask him about excess usage costing an extra $20 or whatever.
Not much of a surprise when you consider a couple of years back MBS arrested a good portion of his family, dozens of ministers and ex ministers and the the premier of Lebanon, he also purloined the funds belonging to most of the arrestees having accused all of them of being corrupt. All of this mostly to consolidate his position.
I suppose after this post I should avoid countries with very large beaches.
Saudi politics still doesn't beat Iran's for oddness. When Mahmoud Ahmadinejad was President (I'm not going to lie - I had to look up the spelling) he had a bit of a falling out with the Supreme Leader. Not too major as both are from the most authoritarian wings of the state, meaning things had to be kept in bounds - so the move made was to charge one of his ministerial allies with Sourcery. Not something you see on a charge sheet every day.
I don’t think the series really hits its stride with Wyrd Sisters. After which it’s consistently excellent right up until the not really finished final book. My favourite early one is probably Pyramids. Others disagree though and suggest people start with Mort.
I seem to remember one of the charges against King Charles I was "mischiefs", the little scamp. Still not a patch on sourcery though.
It should be noted that the Saudi government invested in the Hacking Team via the shell company Tablem after the Hacking Team data breach to keep the company from going bankrupt (and that they had attempted, unsuccessfully, to buy the company outright prior to that - kudos to El Reg - https://www.theregister.co.uk/2015/09/28/saudi_arabia_hacking_team/ ).
As Khashoggi showed, the Saudis will stop at nothing to exact revenge on whomever they feel like.
"Facebook recently sued NGO Group over its Pegasus software"
I'm assuming this was the spell checker? It's NSO group. Incidentally, as they aren't exactly hiding that they have this malware, I'm surprised and displeased their company hasn't been raided by law enforcement with a raft of computer abuse charges.
We don't think anyone would be stupid enough to use their own kit to transmit malicious content.
So the prince was obviously framed.
But nobody would be stupid enough to try to frame somebody by using somebody's equipment to transmit malicious content, so it is obviously not that either.
They think we aren't smart enough to realize that it must have been the prince in the first place.
Seriously though: Bezo is heading back to the mobile phone business. Pointing out a security flaw in the iPhone is his opening salvo. Expect new Saudi-safe Kindle phones in your favorite amazon store within the month. The product logo will be a keffiyeh with a red line running diagonally from bottom left to upper right inside a red circle. Possibly a cruise missile will figure somewhere inside the logo as well, but I'm told (by thelittle voice inside my head) Bezo's team hasn't fully committed to it yet.
I doubt anybody who would be in a position to know the Crown Princes mobile number and who possessed more than 2 brain cells, would dare hack the Crown Princes phone. That's how you end up in a shallow grave in a Wadi somewhere....
It would be like hacking Putin's phone or Xi's. An invitation to a large shortening of your life expectancy.
So assuming that it came from the Crown Prince or that he at least approved of the sending, it shows an amazing level of arrogance. He had to understand that eventually it would be found out, but he obviously doesnt care about any possible repercussions.
he obviously doesnt care about any possible repercussions
Well - he knows full well that Trump isn't exactly Bezos' friend (especially as Bezos isn't a dictator known to have killed off lots of people - that seems to be the sure-fire way to get Trump fawning on you).
 Except, of course, via workplace injuries in Amazon warehouses. But, since that's due to neglect and indifference rather than deliberate action it doesn't count.
It's also a mistake to assume the powerful know or care much about OPSEC. It's pretty common for people in power to trip themselves up by using personal devices. Even when they try to do it properly, they often achieve decent security in one area but screw it up in another (as with El Chapo, for example), or use a mechanism that fails under a different mode of investigation (as with Petraeus).
An annex [PDF] accompanying the UN assessment suggests the spyware was supplied to Saudi Arabia by the NSO Group in the form of surveillanceware called Pegasus*. ... NSO, at least, has denied any involvement.
Well, they would, wouldn't they.
* Pegasus ...... "invasive software from NSO Group, a secretive Israeli security firm that is being sued by WhatsApp's owner, Facebook, over allegations that it compromised users' accounts." ....... Tales of Sticky Shenanigans and Dastardly Deeds?:-)
Constant yearnings for exponential learnings is IT not?
Nothing would shock or surprise anymore about what seems to be accepted prima facie follies when the masses simply meander into mass mind controlled clickbait, simply more mass media manipulation malware merchandise monitoring for market manipulation advantage undoubtedly.
Well there are some interesting coincidences in that it was the National Enquirer who had the videos and weren't publishing them but trying to get some sort of agreement out of Bezos. And of course it was also the National Enquirer who were allies of Trump buying up the stories of women that had alleged they'd slept with him, then not publishing them. Which may turn out to be a breach of campaign finance law.
So there are some interesting coincidences at least - if nothing more sinister.
And neither the Crown Prince or Trump like the Washington Post, for different reasons.
However I'd not get involved in a conspiracy with Trump - given that he's not exactly either competent or discrete. But on t'other hand, Bin Salman and his cronies aren't exactly what I'd call exemplars of competence either...
Yes, there's no need for a conspiracy here. Everyone acting according to their inclinations explains the involvement of MBS and the National Enquirer just fine. I'm sure Trump would have approved, and they may tipped him off that something along these lines was happening, but there was no reason to let him know the details.
I don't even think there was much of a plan here. MBS has a collection of hacking toys from NSO Group and Hacking Team, and decided to play with them by seeing if he could steal info from Bezos. He or a toady skimmed over it, found the embarrassing material, and forwarded it to someone (possibly David Pecker at AMI, possibly Dylan Howard at the Enquirer), who decided to try to pressure Bezos. But it turned out Bezos was running short of fucks to give that day.
Bezos not only cheated on his wife, he cheated her out of a fair divorce settlement - she only got $35b while his net worth is still $115b.
We are all super-rich in IT, so it's understandable that a poor Arab kid working at his dad's petrol station would try to hack us to expose our moral failings.
$35B is not cheating. Plus $115B may be hard to monetize or transfer. Also, it may not have been in her best interest. Let me explain: If you transfer 50% ownership of a company it leads to a transfer of power, board seats issues etc. leaving you a company with a different management.
It is better to get the $35B and have Bezos grow it as the company's valuation grows.
And cheating on your wife or husband? Do you know how many people cheat in the US? Women cheat as much as men. It is not a crime, misdemeanor, or even a minor violation.
I read all the report and I found it very interesting.
I don't understand however how it was possible through whatsapp, sending the video via "an encrypted downloader hosted on WhatsApp’s media server".
I mean, what's the difference to just directly send an mp4 file or via this encrypted downloader ?
This is what VICE writes (and report too):
"They did not find any malicious code embedded in the video file, but discovered that the video was delivered via an encrypted downloader hosted on WhatsApp’s media server."
Thanks for an explanation
This is what VICE writes (and report too):
Hiya. First, this is El Reg and so we can't quote Vice (or the Daily Mail) as a source.
Ta for your thanks for an explanation. The "encrypted downloader" is a red herring. Any good hacking tool can remove traces of itself from the version it leaves behind. Blame Ken Thompson.
Biting the hand that feeds IT © 1998–2020