Why the Saudi crown prince needs cyber weapons


IT’S hard to underestimate just how much damage Crown Prince Mohammed Salman of Saudi Arabia has done to his country in the last 15 months. Yet, it’s also difficult to see how the US can defend its interests in the region without his cooperation.

The damage became visible on Oct 2, 2018, when a Saudi hit team lured Washington Post columnist Jamal Khashoggi to the Saudi consulate in Istanbul to murder him. The latest revelation is a hacking campaign against Jeff Bezos, the founder and CEO of Amazon.com Inc, who also owns the Washington Post.

As a United Nations (UN) report released on Wednesday notes: “The information we have received suggests the possible involvement of the crown prince in surveillance of Bezos, in an effort to influence, if not silence, the Washington Post’s reporting on Saudi Arabia.”

A security consultant for Bezos made a version of this claim last year. The UN report fills in more details. It says that Bezos and the crown prince, known as MBS, attended a dinner on April 4, 2018, where the two men exchanged their WhatsApp contact information.

On May 1, a video was sent to Bezos from MBS’ account that included malware that allowed the Saudis to keep tabs on his phone.

More than six months later, on Nov 8, MBS trolled Bezos, sending him a photo of a woman that resembled his paramour. This was months before the National Enquirer published a story about Bezos and his extramarital affair.

UN reports are not always reliable, of course. The Wall Street Journal reported last March that the Enquirer got its scoop about the Bezos affair from his lover’s brother, to whom it paid US$200,000 (RM813,980). That said, the specifics of the report support what’s widely known about the Saudis’ extensive cyber espionage operation.

In November, for example, the US Justice Department charged two former employees of Twitter and a Saudi national with spying for Saudi Arabia. In October, Facebook Inc sued an Israeli company, alleging it had compromised the accounts of 1,400 users of WhatsApp, which Facebook owns.

That company has also sold its products to Saudi Arabia. The company, the NSO Group, issued a statement on Wednesday saying its technology “cannot be used on US phone numbers” and “was not used in this instance”. And the UN report, it should be noted, does not explicitly say that it was, noting that the hack “likely was undertaken” by the use of spyware “such as the NSO Group’s Pegasus-3 malware”.

It’s worth paying attention, however, to something else in the NSO Group’s statement. These kinds of hacks “put a strain on the ability to use legitimate tools to fight serious crime and terror”.

This is an understatement. Saudi Arabia has already shown that it cannot be trusted with powerful cybertools such as those developed by the NSO Group. Technology that is vital to combating jihadist groups should never be used to target dissidents — or the owners of US newspapers, for that matter.

A straightforward response to the latest episode of this Saudi scandal would be to ban any exports of advanced cyber weapons to the regime. And it’s a tempting proposition.

Before Western governments take that step, they might recall that it took years after the Sept 11 attacks to get Saudi Arabia to fully commit to fighting the jihadist groups its religious leaders had inspired and some of its wealthiest citizens had financed. MBS represents a departure from this double game. His reforms infuriate not just the liberal activists he jails and disappears, but the reactionaries who prospered under the previous system.

If it were just another dictatorship, it would be easy enough to quarantine Saudi Arabia until it reforms.

Unfortunately, Saudi Arabia remains a vital partner against Iran and the jihadists in the Middle East. Its enemies are also the West’s enemies. For now, as my Bloomberg Opinion colleague Bobby Ghosh notes, the challenge is to press MBS to stop acting like the thugs he’s fighting. — Bloomberg

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.