By Ben Hubbard
March 13, 2020
In 2012, an amateur hacker and poet with an interest in bitcoin, bots and online video games reached out to Hacking Team, an Italian company that sold software that allowed governments to hack Cellphones and other devices.
Could the company send experts with “high technical knowledge” to Saudi Arabia to display its wares? he asked, promising that their costs would be covered “from a-z” as “vip guests for the Royal Court,” according to emails later released by WikiLeaks.
The hacker’s name was Saud al-Qahtani and he was a bit player at the time in the royal court of King Abdullah. But after the king’s death in 2015, Mr. al-Qahtani’s power in Saudi Arabia skyrocketed. His new patron, Crown Prince Mohammed bin Salman, deputized him to build an arsenal of new electronic weapons to propel the young leader’s rise.
During that time, Mr. al-Qahtani deployed armies of bots to manipulate social media and oversaw a hacking campaign that extended to Jeff Bezos, the chief executive of Amazon, and to me, a New York Times correspondent who covers Saudi Arabia.
He would also push his crackdown on dissenting voices from the virtual into the real world, leading to the killing and dismemberment of the dissident Saudi writer Jamal Khashoggi in Istanbul in October 2018 — a crime that shocked the world and transformed Mr. al-Qahtani from Prince Mohammed’s secret weapon into his Achilles heel.
The story of Mr. al-Qahtani’s unlikely rise and precipitous fall serves as a case study in how authoritarian leaders around the globe are turning to the growing international market for commercial spyware to cow their subjects and consolidate power. It also sheds light on Prince Mohammed’s dangerous combination of sweeping ambition and ruthless impunity. Early in his rise, he recognized the potency of using cutting-edge technologies in the service of old-fashioned authoritarianism and chose Mr. al-Qahtani — more for his unflinching loyalty than for his skill — to lead the effort.
Over the last decade, the commercial spyware market has boomed, experts say. As more people carry smartphones and rely on social media for news and communication, companies have sprung up promising to break into those devices, creating a multi-billion-dollar industry.
The industry’s covert nature makes it hard to determine its scope, but information has leaked out over the years about its key players, their products and customers. Protesters in Cairo in 2011 found documents suggesting that the Egyptian government had at least considered paying €287,000 for powerful spyware called FinFisher, although the product’s supplier later denied it had licensed the software in Egypt. Last year, Israel’s NSO Group was acquired by Novalpina Capital in a deal reported to be worth about $850 million. And Hacking Team, the Italian outfit Mr. al-Qahtani reached out to, was itself hacked in 2015, received a cash injection from a mysterious Saudi investor and was later integrated into Memento Labs.
The companies say they market only to governments to fight terrorism and crime and follow strict protocols to ensure the correct use of their products. But critics argue that commercial spyware has been a boon for authoritarian rulers, who use it to spy on citizens, journalists, political rivals and nonviolent dissidents. No longer must the authorities deploy secret police to shadow opposition figures or plant bugs in their phones. Now they dispatch links via text message that can put them inside people’s devices, allowing them to see contacts, read chats and eavesdrop on calls in real time.
The proliferation of hacking technologies has led to a spike in reports of their use across the globe, from Mexico to Ethiopia to Tibet, and they have proven to be especially popular in the Middle East. Bill Marczak, a senior research fellow at Citizen Lab at the University of Toronto’s Munk School of Global Affairs who tracks commercial spyware, said evidence has emerged of such products being used by Egypt, Bahrain, the United Arab Emirates, Saudi Arabia and other countries — most of them not known for their tolerance of critical views. The lack of outside regulation and the huge sums the companies charge leave the door open for abuse by oppressive states, he said.
Mr. al-Qahtani’s trajectory provides an object lesson in the rise of hacking technologies in an authoritarian state that is also a United States ally. Mr. al-Qahtani earned a law degree and a master’s degree in criminal justice before joining the royal court as a media monitor in 2008 under King Abdullah.
The next year, he appeared on Hack Forums, an online space for aspiring hackers and cybercriminals — and he was almost immediately hacked. He bought malware from another user and soon realized it had infected his computer. He was shocked that a hacker had hacked him.
“i think he is a very good man and look trusted!!!” he wrote.
He was tricked at least three more times by the hackers whose services he sought, and three times acknowledged posting while drunk, according to a report on his online footprint by the research group Bellingcat.
“im on party and drunk and now im really happy,” he wrote. “will go to drink tackila and dance lol.”
Over his six years on the forum, he made hundreds of posts and donated more than $10,000 to the site, while often inquiring about surveillance technologies, offering high sums for simple services and requesting help with specific targets.
“IS THERE ANY RAT THAT CAN INFECT MAC PC?” he asked in 2014, referring to a Remote Access Trojan, which can commandeer targeted devices.
In January 2015, King Abdullah died. King Salman ascended the throne and gave his 29-year-old son, Mohammed bin Salman, tremendous power he would use to make himself the kingdom’s de facto ruler.
Mr. al-Qahtani’s own hacking skills were limited, but they were enough to save him from being purged from the royal court when King Salman came in and Prince Mohammed took over. American officials who tracked Mr. al-Qahtani’s rise say he recognized early on that the crown prince feared plots by a range of rivals; he convinced Prince Mohammed that his knowledge of the dark electronic arts could help the crown prince prevail. Mr. al-Qahtani became an adviser to the royal court with the rank of minister, and since Saudi Arabia lacked domestic hacking talent, he got a massive budget to shop for the best technologies available on the open market.
He soon reached out again to Hacking Team, this time from his royal court email address, and asked for “the complete list of services that your esteemed company offers” so that the parties could discuss “a long and strategic partnership.”
How exactly that partnership developed is unclear, but over the next few years, Saudi Arabia evolved into a laboratory of electronic authoritarianism, with Mr. al-Qahtani as its chief scientist.
The kingdom had never been a democracy — more of a soft-gloved autocracy, where citizens kept up appearances in public but could mostly say what they liked in private. But as Prince Mohammed rose, the limited margins for free expression shrank. Mr. al-Qahtani grew into the prince’s media czar and fiercest protector.
Wielding a Twitter account with more than a million followers, Mr. al-Qahtani celebrated his boss’s every move and marshaled attacks on enemies — foreign news organizations, Iran, Qatar and Saudis who were deemed insufficiently supportive of the crown prince.
He spearheaded a frenzied online McCarthyism by announcing an official hashtag, #The_Black_List, and asking his followers to suggest names for it so they could be tracked and punished. He made clear whose authority he acted on.
“I am an employee and faithful implementer of the orders of my lord the king and his highness the faithful crown prince,” he wrote on Twitter.
Over time, Mr. al-Qahtani increasingly went after people in the real world, too. In 2017, the Saudi journalist Turki al-Roqi criticized on Twitter the arrest of a man who had complained about a delayed train. Mr. al-Qahtani forced Mr. al-Roqi’s resignation from the online news site he ran and pressed him to tweet against a detained cleric. Mr. al-Roqi refused.
“Am I talking about an adviser and a minister in the highest establishment in the state, or a teenager specialized in defamation and hacking?” Mr. al-Roqi later wrote about the incident.
But just as Mr. al-Qahtani had failed to cover his tracks in his early days on Hack Forums, so were later exploits by his electronic spying operation exposed.
Technology researchers have identified five phone hacking attempts linked to Saudi Arabia in May and June 2018, most of them successful. They suspect there are many more. Mr. Bezos says his phone was hacked then too, after he received an encrypted video via WhatsApp from Prince Mohammed. But Mr. al-Qahtani’s fall came not from his electronic espionage, but from his connection to the killing of Mr. Khashoggi. In sanctioning him and 16 other Saudis, the United States Treasury Department called him “part of the planning and execution of the operation.” The State Department barred him and his family from entering the United States.
Inside Saudi Arabia, however, he has paid no significant price, other than the loss of his official job titles. When the first ruling in the trial of the suspects in Mr. Khashoggi’s killing was announced in December, the prosecutor’s office said Mr. al-Qahtani had not been tried because of a lack of evidence.
And while he has remained in the shadows since the killing, United States officials and many Saudis believe that from some unknown location, he is still commanding armies of bots and overseeing the kingdom’s electronic spying operations.
Mr. Hubbard is the author of “MBS: The Rise to Power of Mohammed bin Salman,” from which this essay is adapted.
Original Headline: The Rise and Fall of M.B.S.’s Digital Henchman
Source: The New York Times