Hey Alexa, Who Hacked my Phone? Jeff Bezos’ Cellphone Hack’s Implications on National Cybersecurity
By Kimiya Gilani
In 2018, Amazon founder and CEO Jeff Bezos was the victim of a cyberattack that targeted his personal cell phone, an iPhone X. The attack was allegedly perpetrated by Saudi crown prince Mohammed bin Salman and occurred during WhatsApp messages between the two. This information was revealed after Bezos hired security firms to investigate the attack. The attack occurred when a link hidden with spyware was sent to Bezos’ iPhone, prompting a hack of the contents of his phone. Further, the United Nations got involved by calling for an official investigation after having independent investigators and human rights experts review the security report. The report states that information produced from their investigation suggests that the hack was done by the Crown Prince in an effort to surveil Bezos and the Washington Post’s reporting of Saudi Arabia–Bezos had bought the Washington Post back in 2013.
The rise of hacking systems such as hacking malware and commercial spyware are significant threats to security both on a national and global scale. The fact that Jeff Bezos, one of the world’s top tech billionaires, was made so easily the victim of a hack is frightening and has massive implications. Hackers are being paid enormous amounts of money to infiltrate systems as a means of surveillance, as well as a means of influence, on governmental systems. These increases in malicious spyware and cyberattacks make the United States government vulnerable to impending attacks. If a top tech tycoon is vulnerable to an attack by a foreign nation with such ease, there is no doubt that the U.S. government could also be susceptible to foreign attacks. The Fraud and Related Activity in Connection with Computers Act, 18 U.S.C. § 1030, was enacted as a cyber security law aimed at protecting federal computer systems from the threats of attack and/or fraud. Section 1030 states in relevant part that:
“Whoever having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data…or to the advantage of any foreign nation willfully communicates…to any person not entitled to receive it…shall be punished as provided in subsection (c) of this section.”
18 U.S. §1030(a)(1)
Though Section 1030 may seem to be relevant for domestic cyber hacking issues, there are also international implications that affect the United States’ national security. It states in part that the Federal Bureau of Investigation (FBI) has the authority to investigate crimes involving foreign counterintelligence; thus, any hack by a foreign nation is directed to the FBI under this provision. However, it is one thing to solidify an unambiguous codification; it is another to enforce it so that we can adequately protect ourselves against potential cyberattacks. With the involvement of the United Nations on this issue, the importance of protection against cyberattacks from foreign nations against other nations, and specifically upon the U.S. government, has risen astronomically. While the United States now has the means to protect itself, implementing 18 U.S.C. § 1030 in an instance of a malicious hack or attack by a foreign entity could potentially allow investigation by national and international means to protect against any future attacks on governmental systems by hostile foreign entities.