Tech

NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia

The controversial Israeli spyware vendor denied any role in the bizarre saga of Jeff Bezos against The National Enquirer.
Jeff Bezos
Image: Steve Jurvetson/ Flickr

A controversial Israeli company that sells spyware to governments around the world denied having anything to do with the alleged hack of Amazon’s founder Jeff Bezos.

In a statement sent to reporters Sunday evening, a spokesperson for NSO Group said that “we can say unequivocally that our technology was not used in this instance.”

The spokesperson said that NSO’s software “cannot be used on US phone numbers.”

Advertisement

“Our technology, which is only licensed to prevent or investigate crime and terror, was not used by any of our customers to target Mr. Bezos’ phone,” the spokesperson said.

NSO Group sells hacking and surveillance technology to around 60 government agencies in around 30 countries around the world, according to recently published financial audits. Over the years, researchers have accused countries like Mexico of using NSO's spyware to target human rights activists and journalists.

On Saturday, Bezos’s security advisor Gavin De Becker wrote in a piece on The Daily Beast that he had concluded that Saudi Arabia had hacked Bezos’s phone. De Becker wrote that “our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.”

De Becker’s piece was the latest shocking twist in an already bizarre story.

In February, Bezos revealed in a Medium post that the chairman of AMI, the company that owns the tabloid The National Enquirer, had attempted to extort him. Pecker’s associates threatened Bezos to publish intimate pictures of him unless Bezos said publicly that The National Enquirer's stories about his affair were not politically motivated, and stopped his investigation into the tabloid’s revelations about Bezos’ private life.

Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv.

Advertisement

In January, after Bezos announced he was divorcing his longtime wife MacKenzie, The National Enquirer revealed that he had an affair with Lauren Sánchez, the former co-host on KTTV Fox 11's Good Day LA. The tabloid even published private text messages Bezos and Sánchez had exchanged.

De Becker did not provide any hard evidence that the text messages and intimate pictures had been obtained through hacking. Instead, he cited interviews with AMI executives, cybersecurity and intelligence experts in the Middle East, Saudi whistleblowers, and Trump administration officials. At no point in his piece did De Becker accuse NSO Group. However, the company told Motherboard it sent out the statement denying its software was used to hack Bezos's phone because of a Business Insider piece that speculated that it did.

The most interesting part of NSO’s short statement is that the company once again said that its spyware cannot be used on US telephone numbers, something NSO had already told Motherboard last year.

Bill Marczak, a researcher at Citizen Lab, a University of Toronto group that’s studied NSO for years, said that “describing target limitations in terms of phone numbers makes sense if you imagine targeting phones by using their number, such as by SMS.”

“But what if you target people using, say, a malicious WiFi hotspot, or network injection, or getting them to visit a compromised website? In that case, [NSO’s spyware] Pegasus might not know the phone number of the person before it infects them.”

Without explaining the technical details of how this limitation works, an NSO spokesperson said in an email that NSO's spyware is specifically "designed to ensure it cannot be used in places other than which it is licensed."

This piece was updated to include a comment from NSO's spokesperson.

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.