Three former US agents of the National Security Agency (NSA) have just been convicted of hacking in the service of the United Arab Emirates.
One of the targets of the “Raven” network: Tawakkol Karman, celebrating his Nobel Peace Prize here in Yemen in 2011 (Reuters, Ahmed Jadallah)
After the revelations of the “World” on the Israeli spyware Pegasus, widely used by the United Arab Emirates, a recent condemnation by the American justice unveils a new side of the activism of Abu Dhabi in terms of hacking. This time it was three former American agents of the National Security Agency (NSA), the agency responsible, among other things, for interceptions around the world, who were convicted of having developed a hacking program, or computer hacking, in benefit of the United Arab Emirates. These three mercenaries had set up a ” project “ sinisterly named ” Crow “ to attack targets designated to them by their Emirati recruiters. The deal they made to escape a heavier sentence is instructive on Abu Dhabi’s offensive posture on digital espionage.
THE “VILLA” OF PIRATES IN ABU DHABI
Marc Baier, Ryan Adams and David Gericke, all recently convicted in a Virginia federal court, were far from the only former NSA agents to subsequently be recruited by the United Arab Emirates. It is at least a dozen of these former American spies who operated from a luxurious residence in Abu Dhabi, designated among them by the innocuous term of ” The villa “. Their ” Raven project ”, launched in 2014, basically consisted of making the interception techniques learned at the NSA available to their Emirati contractors. Besides, the agents were quickly informed that this ” project “ corresponded to the operational branch and “Offensive” an Emirati equivalent of the NSA. Abu Dhabi’s justifications for the supposed function “Defensive” such a program, put forward during recruitment, were therefore quickly forgotten.
Salaries, in the order of $ 200,000 for an analyst and 400,000 for a manager, were very attractive, against a backdrop of the Emirati tax system, to say the least, accommodating. In 2016, the “ Project Raven Was transferred to an Emirati cybersecurity company called DarkMatter (sic), for the purpose of developing even more sophisticated mechanisms for computer hacking. It was then that certain American specialists understood that they were crossing the ” Red line By contributing not only to the espionage activities of a foreign country, but also to hacks involving American nationals and interests. Lori Stroud, who had rubbed shoulders with the now famous Edward Snowden at the NSA, agreed to be named in a Reuters investigation, while eight other American mercenaries only consented to testify by remaining anonymous.
It was in 2016 that the ” Raven project »Acquires its most formidable weapon with an iPhones hacking device, undoubtedly taking advantage of a vulnerability in the messaging system developed by Apple. This hacking instrument, called “Karma”, is soon perfected into a ” Karma 2 Even more intrusive, even if it fails to break through the defense of Android systems, or intercept communications from targeted devices. It is indeed an infiltration software to ” zero-click “, capable of remotely infecting the targeted phone without any effective manipulation. Cyber spies interviewed by Reuters admitted to having hacked the devices hundreds of Middle Eastern figures, including the Emir of Qatar, Turkey’s Deputy Foreign Minister and Tawakkol Karman, whose activism for freedoms in Yemen won him the Nobel Peace Prize in 2011. It seems that targets have also been targeted in the United States, hence the unprecedented judgment of three American hackers, at the heart of this United Arab Emirates spy operation.
Baier, Adams and Gericke were fined $ 750,000, $ 600,000 and $ 335,000, respectively. This amount corresponds to the emoluments they each received from the United Arab Emirates during their engagement as computer mercenaries. The cybersecurity division of the FBI said the ruling was ” a clear message to anyone, including former US government agents, would be tempted to enter cyberspace in the service of a foreign government or foreign company ”. The Ministry of Justice added that “ computer mercenaries “(” hackers to hire ”) should expect to be severely sanctioned for their ” criminal conduct “. But this strict application of American law leaves open the question of the involvement of such American pirates in the spying by a foreign state of Arab human rights activists, already very vulnerable to the repression of Middle Eastern dictatorships.
As Tawakkol Karman reminds us, United States ” are supposed to support the protection of human rights defenders ” and no ” become a tool in the hands of tyrannies to spy on their militants and allow them to oppress their peoples ”. The recent judgment in Virginia clearly leaves this dimension of ” Raven project ”.