Last Wednesday, The Guardian shockingly reported that Saudi Arabia’s crown prince, Mohammed bin Salman (MBS), had organized the hacking of billionaire Jeff Bezos’s cell phone. In the months-long attack, MBS allegedly stole gigabytes of confidential data from Bezos’s phone.
Cybersecurity firm FTI Consulting investigated the issue, linking the likely cause of the data breach to a WhatsApp exchange between the Amazon boss and Saudi’s crown prince. In their report, members from FTI outline what they believe to be the root of the attack, what effect it had on Bezos’s phone, and how they came to those conclusions.
There’s a lot we can learn from this situation and the associated report. The following are five essential things to note.
1. No one is immune to cybercrime.
You’re not safe, and neither is the world’s richest man. No matter how many precautions you have in place, there are always going to be vulnerabilities in your security measures.
As a titan in the technology industry, it’s more than likely that Bezos had every security precaution in place. And it still wasn’t enough.
MBS, with a nearly endless supply of cash, has access to the most advanced hacking teams and resources in the world. His previous chief of hacking, Saud al-Qahtani, owned 20 percent of the world-renown Hacking Team at the time of the attack. Hacking Team, a Milan-based IT company, possesses numerous exploits related to WhatsApp attack vectors.
Never get comfortable. If a man with the world at his disposal isn’t safe from exploitation, you aren’t either. Keep your software up-to-date, and always take the most stringent security measures you can.
2. Dangerous things come in inconspicuous packages.
MBS’s point of entry into Bezos’s cell phone was a simple video he sent via WhatsApp. FTI researchers discovered that hours before data began leaving Bezos’s device, MBS had sent him a random, and seemingly harmless, video.
MBS sent Bezos a seemingly innocent video to gain access to his device. | Source: Project Cato
Previous to their video exchange, the two had minimal contact with each other.
Keep your suspicions. Don’t click on questionable links and be wary of any messages you receive out of the blue. Malware, phishing, and other types of attacks often disguise themselves as innocuous links or forms of communication.
3. Signs of hacking do exist but are often overlooked.
Although many forms of malware excel at hiding themselves from victims, there’s almost always a way in which they make their presence known. In Bezos’s case, the data egress on his device spiked numerous times after receiving MBS’s WhatsApp video.
Before the attack, Bezos’s phone averaged 430KB of egress data per day. Within hours of receiving the video, however, the data outflow spiked to 126MB – an increase of around 29,000 percent. For the months that followed, it remained at elevated daily levels around 101MB with additional sporadic spikes.
Even more suspicious, though, MBS sent messages to Bezos regarding private aspects of his life. He referenced information to which no one, other than Bezos, should have had access.
Bezos received this text message shortly after two phone call briefings regarding Saudi Arabia’s online campaign against The Washington Post. | Source: Project Cato
Remain vigilant. We’re speaking from a point of hindsight, but if Bezos had noticed the clear-cut signs, he might have been able to stop the hack before the long-lasting damage occurred. You should regularly check the status of different aspects of your machine, and take note of any unusual activity.
4. Advanced malware can stump even the most knowledgeable of experts.
It took the FTI team quite some time to uncover the probable source of Bezos’s data breach. Their initial analysis of Bezos’s phone utilizing Cellebrite’s Physical Analyzer didn’t reveal any malware. And a scan of 1,290 unique URLs, as well as 378 unique domain names, failed to show anything fishy, as well.
Even cursory analysis of the guilty video file didn’t expose any malicious code. The FTI team was only able to attribute the attack to it due to ample circumstantial evidence.
Implement fail-safes. While still not perfect, mechanisms like two-factor authentication, cloud back-ups, and multi-signature protections mitigate the damage of a breach. Cybercriminals and security experts are in a continuous game of cat-and-mouse, innovating past the other’s mechanisms at each opportunity they get. You can’t protect yourself from every breach, but you can minimize the effect they have on your organization.
5. No device is entirely secure.
We admit it; this point is almost identical to number one. But it’s worth repeating to drive the lesson home.
There is no such thing as 100 percent security. Keeping your organization safe requires a continuous effort. And even then, you need to have fail-safes and contingency plans in place to minimize the negative impact in the inevitable scenario that a breach does occur.
Learn from the mistakes of the world’s richest man and improve your security measures today. Following the advice in this article will give you a solid start.