Special Report – Inside the UAE’s secret hacking team of U.S. mercenaries

Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy.

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learnt from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”

The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment.

The Raven story also provides new insight into the role former American cyberspies play in foreign hacking operations. Within the U.S. intelligence community, leaving to work as an operative for another country is seen by some as a betrayal. “There’s a moral obligation if you’re a former intelligence officer from becoming effectively a mercenary for a foreign government,” said Bob Anderson, who served as executive assistant director of the Federal Bureau of Investigation until 2015.

While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.

The rules, however, are clear on hacking U.S. networks or stealing the communications of Americans. “It would be very illegal,” said Rhea Siers, former NSA deputy assistant director for policy.

Read the complete article on Reuters here.

Advertisements

A new cyber surveillance virus found.

Kaspersky Lab’s reports a new cyber surveillance virus dubbed Gauss has been found in the Middle East that can spy on financial transactions, e-mail, social networking activity and may also be capable of attacking critical infrastructure.

The Moscow-based firm said it found Gauss had infected personal computers in Lebanon, Israel and the Palestinian Territories. It declined to speculate on who was behind the virus but said it was related to Stuxnet and two other cyber espionage tools, Flame and Duqu.

“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories,’ ” Kaspersky Lab said in a posting on its website. “All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations.”

According to Kaspersky Lab, Gauss can steal Internet browser passwords and other data, send information about system configurations, steal credentials for accessing banking systems in the Middle East, and hijack login information for social networking sites, e-mail and instant messaging accounts.

What bugs me, pardon the pun, is that such technology can be used against private citizens anywhere, including the country which created the virus.

Read the complete article on the Globe and Mail newspaper web site here.