الرئيسية » مختارات »

Inside the UAE’s secret hacking team of American mercenaries

Ex-NSA operatives reveal how they helped spy on targets for

the Arab monarchy — dissidents, rival leaders and journalists.

(راجع النسخة العربية انقر هنا)

Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy”

The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals

Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens

CONTRACT SPYAfter leaving her job at the NSA in 2014, Lori Stroud worked as a contract intelligence operative for the UAE. Stroud, now living in an undisclosed location in America, said the mission crossed a line when she learned her unit was spying on Americans.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today

An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment

The UAE has said it faces a real threat from violent extremist groups and that it is cooperating with the United States on counterterrorism efforts. Former Raven operatives say the project helped the UAE’s National Electronic Security Authority, or NESA, break up an ISIS network within the Emirates. When an ISIS-inspired militant stabbed to death a teacher in Abu Dhabi in 2014, the operatives say, Raven spearheaded the UAE effort to assess if other attacks were imminent

Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials

The Raven story also provides new insight into the role former American cyberspies play in foreign hacking operations. Within the U.S. intelligence community, leaving to work as an operative for another country is seen by some as a betrayal. “There’s a moral obligation if you’re a former intelligence officer from becoming effectively a mercenary for a foreign government,” said Bob Anderson, who served as executive assistant director of the Federal Bureau of Investigation until 2015

While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email

The rules, however, are clear on hacking U.S. networks or stealing the communications of Americans. “It would be very illegal,” said Rhea Siers, former NSA deputy assistant director for policy

The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters

The FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents. Stroud said she is cooperating with that investigation. No charges have been filed and it is possible none will emerge from the inquiry. An FBI spokeswoman declined to comment

Stroud is the only former Raven operative willing to be named in this story; eight others who described their experiences would do so only on condition of anonymity. She spent a decade at the NSA, first as a military service member from 2003 to 2009 and later as a contractor in the agency for the giant technology consultant Booz Allen Hamilton from 2009 to 2014. Her specialty was hunting for vulnerabilities in the computer systems of foreign governments, such as China, and analyzing what data should be stolen

In 2013, her world changed. While stationed at NSA Hawaii, Stroud says, she made the fateful recommendation to bring a Dell technician already working in the building onto her team. That contractor was Edward Snowden

“He’s former CIA, he’s local, he’s already cleared,” Stroud, 37, recalled. “He’s perfect!” Booz and the NSA would later approve Snowden’s transfer, providing him with even greater access to classified material

Two months after joining Stroud’s group, Snowden fled the United States and passed on thousands of pages of top secret program files to journalists, detailing the agency’s massive data collection programs. In the maelstrom that followed, Stroud said her Booz team was vilified for unwittingly enabling the largest security breach in agency history

“Our brand was ruined,” she said of her team

A BAD HIREStroud’s team at the NSA came under fire after they made a fateful hiring choice in 2013: Edward Snowden. Just months after Stroud recommended him for a job, Snowden leaked U.S. national security secrets.

In the wake of the scandal, Marc Baier, a former colleague at NSA Hawaii, offered her the chance to work for a contractor in Abu Dhabi called CyberPoint. In May 2014, Stroud jumped at the opportunity and left Booz Allen.

CyberPoint, a small cybersecurity contractor headquartered in Baltimore, was founded by an entrepreneur named Karl Gumtow in 2009. Its clients have included the U.S. Department of Defense, and its UAE business has gained media attention.

In an interview, Gumtow said his company was not involved in any improper actions.

Stroud had already made the switch from government employee to Booz Allen contractor, essentially performing the same NSA job at higher pay. Taking a job with CyberPoint would fulfill a lifelong dream of deploying to the Middle East and doing so at a lucrative salary. Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.

She understood her new job would involve a counterterrorism mission in cooperation with the Emiratis, a close U.S. ally in the fight against ISIS, but little else. Baier and other Raven managers assured her the project was approved by the NSA, she said. With Baier’s impressive resume, including time in an elite NSA hacking unit known as Tailored Access Operations, the pledge was convincing. Baier did not respond to multiple phone calls, text messages, emails, and messages on social media.

In the highly secretive, compartmentalized world of intelligence contracting, it isn’t unusual for recruiters to keep the mission and client from potential hires until they sign non-disclosure documents and go through a briefing process.

When Stroud was brought into the Villa for the first time, in May 2014, Raven management gave her two separate briefings, back-to-back.

In the first, known internally as the “Purple briefing,” she said she was told Raven would pursue a purely defensive mission, protecting the government of the UAE from hackers and other threats. Right after the briefing ended, she said she was told she had just received a cover story.

She then received the “Black briefing,” a copy of which was reviewed by Reuters. Raven is “the offensive, operational division of NESA and will never be acknowledged to the general public,” the Black memo says. NESA was the UAE’s version of the NSA.

Stroud would be part of Raven’s analysis and target-development shop, tasked with helping the government profile its enemies online, hack them and collect data. Those targets were provided by the client, NESA, now called the Signals Intelligence Agency.

The language and secrecy of the briefings closely mirrored her experience at the NSA, Stroud said, giving her a level of comfort.

The information scooped up by Raven was feeding a security apparatus that has drawn international criticism. The Emirates, a wealthy federation of seven Arab sheikhdoms with a population of 9 million, is an ally of neighbor Saudi Arabia and rival of Iran.

Purple and Black

The Purple and Black briefings were given back-to-back when new operatives joined Raven in Abu Dhabi. The first briefing was to use as a cover story if operatives were asked about the operation by others in the contracting company or UAE government employees who did not have security clearance to know about Raven’s true purpose. DREAD (Development Research Exploitation Analysis Department) is the name the Emirates had for Project Raven.

PURPLE BRIEFING
Personnel will assist with the development of defensive measures within the cyber security discipline. These measures may include the development and deployment of firewalls, intrusion detection systems and other defensive measures and techniques as deemed appropriate.

BLACK BRIEFING
Project DREAD is, in fact, more extensive than briefed in the Purple Briefing ….[DREAD] will be the offensive, operational division of NESA, and will never be acknowledged to the general public. DREAD focuses on the targeting and electronic exploitation of information derived from intelligence related cyber activities.


Like those two regional powers, the UAE has been accused of suppressing free speech, detaining dissidents and other abuses by groups such as Human Rights Watch. The UAE says it is working closely with Washington to fight extremism “beyond the battlefield” and is promoting efforts to counter the “root causes” of radical violence.

Raven’s targets eventually would include militants in Yemen, foreign adversaries such as Iran, Qatar and Turkey, and individuals who criticized the monarchy, said Stroud and eight other former Raven operatives. Their accounts were confirmed by hundreds of Raven program documents reviewed by Reuters.

Under orders from the UAE government, former operatives said, Raven would monitor social media and target people who security forces felt had insulted the government.

“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she said. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”

The Americans identified vulnerabilities in selected targets, developed or procured software to carry out the intrusions and assisted in monitoring them, former Raven employees said. But an Emirati operative would usually press the button on an attack. This arrangement was intended to give the Americans “plausible deniability” about the nature of the work, said former Raven members.

TARGETING ‘GYRO’ AND ‘EGRET’

Stroud discovered that the program took aim not just at terrorists and foreign government agencies, but also dissidents and human rights activists. The Emiratis categorized them as national security targets.

Following the Arab Spring protests and the ousting of Egyptian President Hosni Mubarak in 2011, Emirati security forces viewed human rights advocates as a major threat to “national stability,” records and interviews show.

One of the program’s key targets in 2012 was Rori Donaghy, according to former Raven operatives and program documents. Donaghy, then 25, was a British journalist and activist who authored articles critical of the country’s human rights record. In 2012, he wrote an opinion piece for the Guardian criticizing the UAE government’s activist crackdown and warning that, if it continued, “those in power face an uncertain future.”

Before 2012, the former operatives said, the nascent UAE intelligence-gathering operation largely relied on Emirati agents breaking into the homes of targets while they were away and physically placing spyware on computers. But as the Americans built up Raven, the remote hacking of Donaghy offered the contractors a tantalizing win they could present to the client.

Inside the Villa

Dozens of Emirati staff and American contractors worked on Project Raven, based out of a converted mansion in Abu Dhabi. The operatives were broken up into teams each supporting the mission of hacking targets chosen by UAE security forces. This process was developed by American operatives with a deep background in U.S. intelligence.

اُكتب تعليقك (Your comment):

صحافة اسرائيل

إعلان

خاص «برس - نت»

صفحة رأي

مدونات الكتاب

آخر التعليقات

    أخبار بووم على الفيسبوك

    تابعنا على تويتر

    Translate »
    We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.
    Cookies settings
    Accept
    Privacy & Cookie policy
    Privacy & Cookies policy
    Cookie name Active

    Privacy Policy

    What information do we collect?

    We collect information from you when you register on our site or place an order. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address or mailing address.

    What do we use your information for?

    Any of the information we collect from you may be used in one of the following ways: To personalize your experience (your information helps us to better respond to your individual needs) To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you) To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs) To process transactions Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested. To administer a contest, promotion, survey or other site feature To send periodic emails The email address you provide for order processing, will only be used to send you information and updates pertaining to your order.

    How do we protect your information?

    We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to?keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be kept on file for more than 60 days.

    Do we use cookies?

    Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders by contacting customer service. Google Analytics We use Google Analytics on our sites for anonymous reporting of site usage and for advertising on the site. If you would like to opt-out of Google Analytics monitoring your behaviour on our sites please use this link (https://tools.google.com/dlpage/gaoptout/)

    Do we disclose any information to outside parties?

    We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

    Registration

    The minimum information we need to register you is your name, email address and a password. We will ask you more questions for different services, including sales promotions. Unless we say otherwise, you have to answer all the registration questions. We may also ask some other, voluntary questions during registration for certain services (for example, professional networks) so we can gain a clearer understanding of who you are. This also allows us to personalise services for you. To assist us in our marketing, in addition to the data that you provide to us if you register, we may also obtain data from trusted third parties to help us understand what you might be interested in. This ‘profiling’ information is produced from a variety of sources, including publicly available data (such as the electoral roll) or from sources such as surveys and polls where you have given your permission for your data to be shared. You can choose not to have such data shared with the Guardian from these sources by logging into your account and changing the settings in the privacy section. After you have registered, and with your permission, we may send you emails we think may interest you. Newsletters may be personalised based on what you have been reading on theguardian.com. At any time you can decide not to receive these emails and will be able to ‘unsubscribe’. Logging in using social networking credentials If you log-in to our sites using a Facebook log-in, you are granting permission to Facebook to share your user details with us. This will include your name, email address, date of birth and location which will then be used to form a Guardian identity. You can also use your picture from Facebook as part of your profile. This will also allow us and Facebook to share your, networks, user ID and any other information you choose to share according to your Facebook account settings. If you remove the Guardian app from your Facebook settings, we will no longer have access to this information. If you log-in to our sites using a Google log-in, you grant permission to Google to share your user details with us. This will include your name, email address, date of birth, sex and location which we will then use to form a Guardian identity. You may use your picture from Google as part of your profile. This also allows us to share your networks, user ID and any other information you choose to share according to your Google account settings. If you remove the Guardian from your Google settings, we will no longer have access to this information. If you log-in to our sites using a twitter log-in, we receive your avatar (the small picture that appears next to your tweets) and twitter username.

    Children’s Online Privacy Protection Act Compliance

    We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

    Updating your personal information

    We offer a ‘My details’ page (also known as Dashboard), where you can update your personal information at any time, and change your marketing preferences. You can get to this page from most pages on the site – simply click on the ‘My details’ link at the top of the screen when you are signed in.

    Online Privacy Policy Only

    This online privacy policy applies only to information collected through our website and not to information collected offline.

    Your Consent

    By using our site, you consent to our privacy policy.

    Changes to our Privacy Policy

    If we decide to change our privacy policy, we will post those changes on this page.
    Save settings
    Cookies settings