The media is rolling out the latest phase of the Qatari information operation. This time claiming, bizarrely, that the Saudi crown prince had personally hacked the phone being used by Jeff Bezos, the Amazon boss and owner of the Washington Post.
The rollout began over the last few days and is set to peak with a UN report.
Meanwhile the forensic analysis of Bezos’ boys shows no actual evidence that the big boss was actually hacked. By anyone.
A report investigating the potential hack of Jeff Bezos’ iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone.
The suspicious file offers no actual evidence that it is suspicious.
The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”
That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented “study of the code delivered along with the video.”
Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data.
That’s an implication. It’s not actual evidence of anything.
This is an admission that there’s zero evidence of any hack of Jeff’s phone. There’s nothing actually suspicious about the file. There’s no evidence that there’s anything going on with the downloader.
The forensic investigators encountered at least two obstacles in conducting their exam of Bezos’s phone. The first related to the encrypted downloader. Farrante’s team first examined the attachment alone before deciding they needed to do a full forensic imaging and analysis of the phone’s contents and traffic. They used a tool from Cellebrite (Cellebrite UFED 4PC Ultimate and Physical Analyzer) to grab forensic images from the phone and set up a secure makeshift lab to do the forensics over two days.
They did not find any malicious code embedded in the video file, but discovered that the video was delivered via an encrypted downloader hosted on WhatsApp’s media server.
“Due to end-to-end encryption employed by WhatsApp, it is impossible to decrypt the contents of the downloader to determine if it contained any malicious code in addition to the delivered video,” the investigators found.
In other words, despite everything you’re hearing in the media, there’s no evidence.
Indeed, the only proof of anything is all the data that Jeff’s phone began sending out.
“[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states.
“The amount of data being transmitted out of Bezos’ phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS’ account, egress on the device immediately jumped by approximately 29,000 percent,” it notes. “Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos’ phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data.
That’s certainly suspicious, but in more than one way. If the goal was to access all of Jeff’s info, why would the phone be sending out over 100MB a day? All they really needed was access to his account information. Even if Bezos was regularly recording and storing 100MB of video files on his phone, daily, this would have been backed up to his iCloud account which, it seems, the hackers would have access to.
The second obstacle regarded the password for the iTunes backup.
“During the initial attempt to collect a forensic image of the iPhone, FTI determined that the device had iTunes backup encryption enabled, and that full analysis of the contents of the forensic image would require the encryption password,” the report states.
They apparently never obtained the password, however, because the report states that on May 20, 2019, the investigators “tested options for bypassing the iTunes backup encryption password” and ended up resetting “All Settings” on Bezos’ iPhone X to restore the device’s settings to factory defaults, thereby “removing the encryption password while preserving the file system and any relevant data and artifacts. FTI received authorization to perform this resetting step, did so, and then commenced acquisition of an unencrypted Cellebrite forensic image.”
There’s a suggestion that Bezos forgot his password.
The huge increase in data would suggest untargeted malware, possibly a miner of some kind, rather than one aimed at Bezos personally. It seems more likely that Bezos was browsing where he wasn’t supposed to or sideloading unapproved apps.
Maybe he should have stuck to his AmazonPhone, which he all but designed, only to watch it fail.
The reset of the iPhone also helps bury the evidence, ala Hillary’s bathroom server. Meanwhile the report that the media is relying on utterly fails to prove that his phone was hacked, let alone that it was hacked by the Saudi crown prince. A stupid and implausible claim.
The only evidence relies on the data leak and its proximity to the Whatsapp message. Suspicious, yes. Proof or evidence of anything. Nope.
This would be embarrassing if the media had any regard for the facts and any sense of shame. Fortunately it doesn’t and will keep advancing this false Qatari narrative while continuing to falsely describe Qatari lobbyist Jamal Khashoggi, an old friend of Osama bin Laden, as a journalist. Washington Post people are already trying to advance the Qatari op to the next stage by suggesting that Jared Kushner was also hacked and represents a security risk. This is what happens when the media fact checks everyone except itself.
Leave a Reply