Saudi Arabia Outsources Cyber Arsenal, Buys Spyware, Experts Say

By Alyza Sebenius | January 28, 2020

If it turns out that Saudi Arabia hacked into the phone of Amazon.com Chief Executive Officer Jeff Bezos, as investigators have alleged, the oil rich nation likely utilized its preferred method of cyber espionage: outsourcing.

While countries like Russia, China and North Korea have invested in developing powerful, tailored cyber weapons, Saudi Arabia has instead opted to purchase them, according to experts and former government officials.

The Middle Eastern nation’s cyber arsenal is believed to be primarily composed of outsourced espionage tools, which it has combined with disinformation tactics on social media, they said.

These purchased weapons can be “highly sophisticated, but of limited scope,” according to Jon Bateman, a cybersecurity fellow at the Carnegie Endowment for International Peace. While Saudi Arabia has tools that can be technically complex, countries that have invested in developing indigenous offensive and defensive capabilities — such as Saudi Arabia’s Middle Eastern neighbors Iran and Israel — possess a greater range of cyber weapons and tactics, he said.

Nevertheless, Saudi Arabia’s purchased tools are an effective way for the regime to exert control, allegedly deploying these tools to spy on Saudi dissidents and journalists, according to experts.

The Embassy of Saudi Arabia didn’t immediately respond to a request for comment sent through its website form. Last week the Embassy denied involvement in the Bezos incident.

In recent years, as cyber actors have generally grown more sophisticated, so have the tools for sale, said Andrew Grotto, a fellow at Stanford University who served as the senior director for cybersecurity policy on the National Security Council from late 2015 to mid-2017.

The purchase of cyber weapons — including from marketplaces in the Middle East and Europe, and possibly from criminals — isn’t unique to Saudi Arabia, experts say. Other countries, such as Vietnam and the United Arab Emirates, have also utilized their defense budgets to outsource cyber arsenals.

The embassy of Vietnam didn’t immediately respond to a request for comment, nor did the UAE embassy.

Estimates for the start of Saudi Arabia’s purchasing of cyber tools range anywhere from half a decade to two decades ago, with the country appearing to focus on surveillance activities. While cyber tools can be used to delete or alter data, hold systems hostage and disrupt traffic, Saudi Arabia has primarily focused on using them for spying, the experts said.

As Saudi Arabia has purchased offensive capabilities, the country’s defenses have also been put to the test, experts said. For example, a dramatic cyber-attack — believed to be sponsored by Iran — devastated the computers of the state oil company, Saudi Aramco, in 2012.

These allegedly weak defenses can be problematic for American interests, as attacks on allies can be used as an indirect way to impact the U.S., said James Lewis, senior vice president at the Center for Strategic & International Studies.

“The Saudis are not that sophisticated in their cyber capabilities and that has been a problem for the U.S.,” Lewis said. “What they are sophisticated in is the ability to buy outside capabilities.”

In addition to purchasing cyber capabilities, Saudi Arabia has also become adept at deploying disinformation campaigns to promote national interests, according to experts.

For example, in August, Facebook Inc. removed hundreds of government-linked accounts and pages engaged in a sophisticated and wide-reaching influence campaign that praised the regime and criticized neighboring countries. Two months later, Twitter Inc. removed thousands of state-backed accounts based in Saudi Arabia — suspending tens of thousands of others — which manipulated the platform in order to promote Saudi Arabia’s geopolitical interests and amplify support for its authorities.

The spyware allegedly used to hack Bezos’s phone was “developed and marketed by a private company and transferred to a government without judicial control of its use,” according to two United Nations special rapporteurs, in a statement last week. The alleged purpose was to “influence, if not silence,” coverage of the Saudi regime by the Bezos-owned Washington Post, according to the rapporteurs.

“The intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases,” such as tools purchased from Israel’s NSO Group or Italy’s Hacking Team, according to the statement.

The allegations come following a December 2018 suit, in which Saudi dissident Omar Abdulaziz alleged NSO Group software enabled Saudi Arabia to hack his phone and track his communications with Jamal Khashoggi, a Washington Post journalist, and Saudi insider-turned-critic, who was slain by agents of the Saudi government, according to the U.S..

Memento Labs, which acquired Hacking Team last year, didn’t immediately respond to request for comment; it has previously denied any involvement in the Bezos incident. An NSO Group representative referred to a statement published on its website: “We can say unequivocally that our technology was not used in this instance.” Regarding the lawsuit, a NSO Group spokesman said, “Khashoggi was not targeted by any NSO product or technology.”

In a manner typical of Saudi’s digital operations, the murder of Khashoggi was followed by a “massive online campaign” that targeted Bezos’s business interests on social media, according to the U.N. rapporteurs. The following month, in November 2018, “Boycott Amazon” trended as the top hashtag on Saudi Twitter, they said.

Was this article valuable?

Here are more articles you may enjoy.