The United Arab Emirates (UAE) has been touted by some as a modern and tolerant Middle Eastern country. However, what initially lured many to believe that assessment are now facing a major rebuke, following revelations of human rights violations using cyberattacks.
In one of its recent moves, Mozilla, the Firefox browser maker, barred the UAE government from handling its Internet security gatekeepers. The browser maker cited problems with the cybersecurity firm, DarkMatter, which has links to Project Raven, a state-run hacking program.
Not only Mozilla but a Google representative announced that the company was looking forward to banning root certificates held by DarkMatter. As per reports, the prohibition will be applicable for both Chrome and Android. Further, as the decision comes into effect, HTTP connections and TLS certificates issued by the company won’t run for both, the browser in question and Android apps.
Consequently, project Raven was exposed by Reuters, which brought to surface the story of how a group of former U.S.’ government hackers, employed state-of-the-art cyber-espionage tools, and spied on political rivals for the UAE.
The UAE wants to control almost everything in the cyber world today. From maintaining global influence, to overpowering regional policies and targeting probable threats; the regime wants to change the world upside down. The case is especially notable, when its regional rival, Iran, has grown its cyber capabilities over the years and has become capable of countering cyber threats on its own.
In one of the acts carried under the same project, Rori Donaghy, a British journalist and activist, who wrote a critical article on the UAE human rights record in 2012, was spied upon by the UAE.
Donaghy received an email from one of the Raven operatives, who portrayed himself as a human rights activist and asked for help in order to “bring hope to those who are long suffering.”
The email persuaded the journalist to download the software, which claimed to make his messages difficult to be backtracked. However, the malware actually allowed the UAE to continuously track his emails. He was nicknamed ‘Gyro’ on Project Raven’s list of targets.
The UAE has strived to maintain more than just a foothold in the Middle East, and the pace has ramped up since the Arab Spring protests in 2011. The Gulf witnessed not only the greatest regional instability but also saw monarchies tumble. The UAE, during that era, viewed human rights advocates as a major threat to its national security.
The UAE’s solution to the problem was to suppress free speech, detain dissidents, and carry out human rights abuses. Such apprehensions not only multiplied with time but are continually developing into an everlasting phobia among citizens and expats.
While these exploitations raised moral obligations, the UAE government didn’t pay much heed to the issue. As a matter of fact, the UAE went ahead and increased the number of foreign intelligence officials for Project Raven, considering it a great benefit.
When the project commenced back in 2009, the Gulf monarchy had a vague idea about cyber expertise. The initial plan for the UAE was to run the project for 10 years and develop skills similar to their American counterparts. From 2014 to late 2015, Cyperpoint, a small U.S.-based cybersecurity firm, supplied American contractors for the project.
However, Cyberpoint was sidelined, after a trail of leaked emails exposed that the firm was working with an Italian monitoring peddler called Hacking Team and that its representatives provided surveillance equipment to the UAE government. Reportedly, during this phase, the UAE also grew uncomfortable with a foreign contingent controlling their national security program.
Consequently, the firm moved from Cyberpoint to DarkMatter, an Abu-Dhabi based ‘cybersecurity’ company. The move implied that at least eight American operatives left their jobs, following vague explanations provided by their new firm. And by the early months of 2016, the Emirati firm was already underway with its hiring process.
Employing a highly specialized team to carry out the job, the Middle East firm employed ex-officials of the U.S. government and cryptographers. Apart from that, the company also appointed top-level executives from Google, Samsung, and even a co-founder of the encrypted messaging service, Wickr.
For a cybersecurity firm, it is a moral obligation to ensure that codes in software and hardware are free from errors. However, DarkMatter actually exploited these loopholes for cross purposes. Such operations helped them to take control over any and all nearby surveillance cameras or cellphones giving them the ability to monitor, interfere with the electronic messages, or even completely block the signals on a particular device.
In 2016, the Abu-Dhabi based firm also bought another hacking tool known as Karma. The software allowed Raven agents to exploit iPhones. Whereas, officials could remotely access the target’s device to retrieve emails, location, text messages and photographs without requiring them to click on any links, necessary during a standard espionage operation.
Under Raven, another Emirati activist, Ahmed Mansoor, codenamed Erget, was also targeted. His mistake was to publicly criticize the UAE’s involvement in the Yemen war, condemning its ill-treatment of migrant workers and detention of political rivals.
As per one of the Raven personnel, their group gained access to Mansoor’s computer and collected evidence credible enough to hold him liable for the breach of the nation’s cyber laws. In the proofs obtained, the officials had screenshots of his emails, showcasing his discussion of an upcoming demonstration in front of UAE’s Federal Supreme Court, with family members of detained dissidents.
Besides Raven, the UAE government also employed NSO Group, an Israeli technology firm focused on cyber intelligence, to surveil Mansoor. The activist noticed some unusual activity on his iPhone after clicking on a link received via text, which tried hacking his iOS device. However, after reports surfaced, it was revealed that software known as Pegasus was used for obtaining personal information on Mansoor.
In 2017, Mansoor was jailed in the UAE for 10 years and fined 1,000,000 Emirati Dirham for the posts he shared on social media criticizing the government. He was convicted on claims of spreading and publishing false information.
Ironically, this false information is not factually incorrect, but only a threat because it was potent enough to expose the nation’s violation of human rights. The monarchy reserves absolutely no space for freedom of expression. Despite protests, the nation has remained adamant about its policies and has pursued activities regardless of the fallout.
UAE’s dependency on foreign nationals to build its intelligence service is not new. In fact, one of the key figures that helped UAE establish an intelligence training operation was Larry Sanchez, a veteran of the CIA. Sanchez has been working for Crown Prince Mohammed bin Zayed since 2011.
UAE’s fascination with intelligence can also be traced from other reports, which highlight the ongoing cyber arms race in the Middle East and the Emirates’ attempt to get their hands on all the latest hacking technology before their regional rivals can do so. Such moves have not only put the lives of hundreds in peril but also instilled in the country.
The post UAE Attempts to Become Internet Watchdog over Political Insecurities appeared first on International Policy Digest.