Reader Comments

A Saudi social media influencer, who criticized Crown Prince Mohammed bin Salman over the murder of Jamal Khashoggi, has claimed that Saudi agents attempted to kidnap him on American soil

by Theo Lahr (2020-05-25)


A Saudi social media influencer, who criticized Crown Prince Mohammed bin Salman over the murder of Jamal Khashoggi, has claimed that Saudi agents attempted to kidnap him on American soil. 

Abdulrahman Almutairi, 27, told The Daily Beast that an unidentified Saudi man accompanied Almutairi's father on a flight to San Diego to take Almutairi against his will and bring him back to Saudi Arabia. 

But the FBI intercepted Almutairi's father and the man believed to work for the Saudi royal court. 

After the incident, Almutairi said he was told of the plot by the FBI. 

'I was shown a picture of someone who came with my dad, who I didn't recognize,' he said. 

Almutairi said the FBI sent his father and the man back on a flight to Saudi Arabia. 

According to Almutairi, who has a large social media presence of more than 200,000 followers, the Saudi government 'realized I was a threat' after he publicly criticized Salman over Khashoggi's October 2018 murder. 
















Social media influencer, Abdulrahman Almutairi (left), 27, who criticized Crown Prince Mohammed bin Salman (right) over the murder of Jamal Khashoggi, has claimed that Saudi agents attempted to kidnap him on American soil







But the FBI (file image) intercepted the man believed to work for the Saudi royal court at LAX. After the incident, Almutairi said he was told of the plot by the FBI







According to Almutairi, who has a large social media presence of more than 200,000 followers, the Saudi government 'realized I was a threat' after he publicly criticized Salman over Khashoggi's (pictured) October 2018 murder


He said he started receiving death threats and that's when he knew that 'if I go back to Saudi Arabia, I'll be killed in the airport'.

Almutairi's story comes just days after it was revealed that Jeff Bezos' phone was hacked after he received a WhatsApp video file from the personal account of Salman.

Cybersecurity experts said Thursday there were still many unanswered questions from an investigation commissioned by Bezos that concluded the billionaire's cellphone was hacked, apparently after receiving the video file with malicious spyware.

The experts said the evidence in the privately commissioned report does not show with certainty that Bezos' phone was actually hacked, much less how it was compromised or what kind of malware was used.

The report on the investigation, which was managed by FTI Consulting and overseen by Anthony Ferrante, a former head of the FBI's Cyber Division, was made public Wednesday.


















RELATED ARTICLES


Previous

1

2

Next




Saudi officials 'were aware of Crown Prince Mohammed bin... Bezos's swipe at crown prince over hacking scandal: Amazon...

Who else did the Saudis hack on WhatsApp? UN warns world...




Share this article

Share



In it, investigators said a digital forensic review concluded with 'medium to high confidence' that Bezos' phone was compromised via malware sent from a WhatsApp account used by Salman.

Two UN experts issued their own take on the report's findings, calling on the US to investigate further. 

They said it appeared the Amazon founder may have been targeted because of his ownership of The Washington Post, which was publishing reports critical of the crown prince by columnist Khashoggi.

Khashoggi was killed by Saudi agents inside the kingdom's consulate in Turkey in October 2018, five months after Bezos' phone was apparently hacked. 

The report's conclusions drew heavily from the unusually high volume of data that left Bezos' iPhone X within 24 hours of receiving the video file from Salman's WhatsApp account on May 1, 2018, a month after the two exchanged phone numbers. 


















Almutairi's story comes just days after it was revealed that Jeff Bezos' phone was hacked after he received a WhatsApp video file from the personal account of Salman 







Bezos pictured during a previous meeting with Bin Salman in Riyadh in 2016. The pair initially had a good relationship, which soured over coverage of Saudi Arabia in the Washington Post, which Bezos owns


The size of the file, the investigators suggested, indicated a malware payload may have been included.

Investigators said Bezos' phone began transmitting large volumes of data - an increase of some 29,000 per cent - after receiving the video file.

The report further pointed to messages later sent from the prince's WhatsApp account to Bezos that showed 'apparent awareness' of private information. 

One included a meme with a photo of a woman the report said resembled Lauren Sanchez who Bezos was having an extramarital relationship with before going public with his divorce in January 2019.

Another, sent two days after Bezos was briefed in phone calls last February about a Saudi online campaign against him, advised the technology mogul that what he was hearing was not true. 

'There is nothing against you or amazon from me or Saudi Arabia,' the message said.

The report additionally pointed to Saudi Arabia's documented use of spyware against critics and other adversaries as further potential proof.

Saudi Foreign Minister Prince Faisal bin Farhan Al Saud called the allegations 'purely conjecture' and said if there was real evidence, the kingdom looked forward to seeing it.

Cybersecurity experts said that while it was likely a hack occurred, the investigation did not prove that definitively.

'In some ways, the investigation is very incomplete. ... The conclusions they´ve drawn I don´t think are supported by the evidence. They veered off into conjecture,' said Robert Pritchard, the director of UK-based consultancy Cyber Security Expert.

Similarly, the former chief security officer at Facebook, who now directs a cyber policy center at Stanford, wrote that the report is filled with circumstantial evidence, but no smoking gun.

'The funny thing is that it looks like FTI potentially has the murder weapon sitting right there, they just haven't figured out how to test it,' Alex Stamos wrote on Twitter.

One sticking point centered on WhatsApp's end-to-end encryption, which the report said made it 'virtually impossible to decrypt contents of the downloader to determine if it contained malicious code' - meaning the investigators could not conclude whether the video file sent from Salman's WhatsApp account was infected and used to hack Bezos' phone.

Bill Marczak, a senior research fellow at Citizen Lab, disputed that assertion, saying it is possible to decrypt the contents of a WhatsApp file. 

In a post written for The Medium that presents ways to further the investigation, Marczak shared a link to decryption instructions and code.

The FTI investigators did not reach out to WhatsApp to seek assistance, a Facebook spokesperson said.


















Fears have been raised that Salman could have amassed compromising information on dozens of wealthy, famous and powerful figures after he was accused of hacking Bezos' phone. He's pictured with President Donald Trump and and Jared Kushner 







Salman's first meeting was with Kushner and Ivanka Trump (right) in 2017, and it is thought he swapped WhatsApp messages with Kushner afterwards - just as he did with Bezos


FTI's Ferrante did not respond to emails and text messages seeking comment. The company said in a statement that all FTI's work for clients is confidential and that the company does not 'comment on, confirm or deny client engagements.'

Matt Suiche, a French entrepreneur based in Dubai who founded cybersecurity firm Comae Technologies, said the video file was presumably on the iPhone because the report showed a screenshot of it. 

If the file had been deleted, he said the report should have stated this or explained why it was not possible to retrieve it.

'They're not doing that. It shows poor quality of the investigation,' Suiche said.

Still, security professionals and the report itself said the fact that investigators failed to identify any embedded malicious code does not mean there wasn't a hack because sophisticated spyware can erase itself, leaving no trace.

Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures, a cybersecurity research firm in New York, said the report makes reasonable assumptions and speculations, but does not claim 100 per cent certainty or proof.

'Given their detailed analysis and all of the evidence they reviewed, their conclusions are reasonable,' Morgan said. 

'The tools they used, including forensic software and hardware from Cellebrite, are widely acknowledged to be amongst the best available,' he said.

Theresa Payton, founder and CEO of Fortalice Solutions, said the report is credible in her opinion, but leaves some questions unanswered, including whether the crown prince's WhatsApp account may have been hacked by a third party, meaning he was not the true attacker.

'Unless Mohammed bin Salman has a thorough forensic review of dates, times, phone logs, geocoded locations, and logins, it´ll be hard to know for sure who was behind that WhatsApp message,' she said.



Read more:

website who criticized Crown Prince says regime tried to kidnap him