What Bezos’ message breach teaches us about digital security
Low-tech approach to privacy invasion remains the simplest.
Last month, the National Enquirer shared the intimate texts that Jeff Bezos — Amazon founder, Washington Post owner and richest man in the world — had sent to Lauren Sanchez, a former television host, over the course of their monthslong extramarital affair.
“I love you, alive girl,” the tabloid claims Bezos texted. “I will show you with my body, and my lips and my eyes, very soon.”
This week, Bezos published a stunning accusation against the Enquirer’s parent company, American Media Inc., saying it threatened to publish compromising photographs, including a naked bathroom selfie, in order to coerce the billionaire into calling off an investigation into how the tabloid acquired his private communications in the first place. Theories abound.
Gavin de Becker, who is leading Bezos’ investigation into the leaks, has said he is looking into Sanchez’s brother Michael as a possible source of the “politically motivated” leak. Michael Sanchez — who has personal and professional relationships with Roger Stone and Carter Page, associates of President Donald Trump — has fired back with a theory that de Becker himself worked to leak the information in an attempt to end the affair.
De Becker later told the Post that Bezos was not hacked, but that a “government entity might have gotten hold of his text messages.” Bezos’ online post Thursday stopped short of alleging outright government involvement in the leaks, but it frequently mentioned American Media’s links to the Saudi government and the White House.
The Hollywood Reporter and gossip site Page Six, meanwhile, cited anonymous sources to suggest that the communications were simply leaked by friends of Lauren Sanchez.
The debacle has raised a more pressing question even for people who aren’t tech executives with professional security teams at their disposal: If Bezos can’t keep his texts and photos private, what chance do we have?
A determined assailant could take a number of higher-tech routes to extract private information from a phone. But the low-tech approach to invading someone’s privacy remains the simplest.
“I suspect that the most common way this happens is people send nude pictures or embarrassing text messages to other people, and those people save the pictures and send them to yet other people,” said Cooper Quintin, a senior staff technologist at the privacy nonprofit the Electronic Frontier Foundation.
No matter the method, though, there are some easy countermeasures people can take to ensure their personal communications remain personal.
One set of hacking tactics relies on accessing the device itself and installing snooping software that provides a way to remotely track what happens on the phone.
Quintin said the most common threat in this realm comes from “stalkerware” or “spouseware,” which is often marketed to suspicious spouses or concerned parents as a way to monitor a partner’s or child’s activity. These programs can take and send screenshots to snoopers, track and record calls and even turn on the camera and microphone to record what’s happening nearby (and are illegal in most circumstances in the U.S.).
Installing these programs requires physical access, and once they’re downloaded, they’re intentionally difficult to detect. The best defense is keeping phones nearby and password-protected.