Former US Intelligence Analysts Sued For Hacking A Saudi Activist's Phone On Behalf Of The United Arab Emirates

from the hacking-victim-getting-the-chance-to-inflict-some-misery-of-her-own dept

In early 2019, a whistleblower revealed some ugliness emanating from the United Arab Emirates: former NSA analysts working for a private company hired to perform counterterrorism work for the government were spying on journalists, activists, and the occasional American citizen on behalf of their royal benefactors.

Why these analysts were working for known human rights abusers was unclear. Why they decided this work should involve targeting people who weren’t terrorists, but rather critics of the UAE government, was similarly left unexplained. The program was called Project Raven and former employee Lori Stroud was the only person involved willing to speak publicly about its activities. Everyone else — from the NSA to the UAE government — refused to comment.

More than two years later, the harms perpetrated by these former analysts were given a price tag. Three former US intelligence community analysts (two of which worked for the NSA) were fined $1.68 million for utilizing powerful hacking tools to target dissidents, activists, journalists, and the occasional American citizen for the UAE government. The tools used included “Karma,” which was capable of remotely compromising targets’ phones without any interaction from phone owners, allowing for wholesale collection of photos, emails, text messages and location information.

Over the years covered in the indictment (which resulted in the fines mentioned above), the analysts began with Project Raven, which migrated from Cyberpoint (a company associated with Italy’s infamous Hacking Team), before finally ending up as a wholly-UAE-owned company called Darkmatter.

It’s this company that’s now being sued by one of its targets, a Saudi activist represented by the EFF.

The Electronic Frontier Foundation (EFF) filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.

AlHathloul is among the victims of an illegal spying program created and run by former U.S. intelligence operatives, including the three defendants named in the lawsuit, who worked for a U.S. company hired by United Arab Emirates (UAE) in the wake of the Arab Spring protests to identify and monitor activists, journalists, rival foreign leaders, and perceived political enemies.

The defendants include Darkmatter, the UAE-owned company that acted on behalf of the Kingdom of Saudi Arabia. Also named are the three former US Intelligence Community analysts who were fined $1.68 million by the federal government in September 2021.

A lot of what’s alleged mirrors what we’ve been seeing over the past several months emanating from Israel malware manufacturer, NSO Group: powerful phone hacking tools, authoritarian governments, and the targeting of government critics, political opponents, and journalists. We’ve heard plenty about who’s been targeted. We don’t often hear what happens to those targeted when the governments targeting them finally catch up to them. AlHathoul’s lawsuit [PDF] details the end result of her targeting by former NSA analysts working for Project Raven and Darkmatter.

[AlHathloul’s] phone was initially hacked in 2017, gaining access to her texts, email messages, and real-time location data. Later, AlHathloul was driving on the highway in Abu Dhabi when she was arrested by UAE security services, and forcibly taken by plane to the KSA, where she was imprisoned twice, including at a secret prison where she was subject to electric shocks, flogging, and threats of rape and death.

I’m sure the named analysts would prefer not to know the human misery their work for the UAE and KSA (Kingdom of Saudi Arabia) resulted in. It’s always easier to think of targets in the abstract: an identifier devoid of personal agency, compromised and controlled by ones and zeroes similarly devoid of personality. This lawsuit will force them to confront what they enabled and, possibly, compensate this activist for the harms they enabled.

Filed Under: , , , , ,
Companies: darkmatter

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Former US Intelligence Analysts Sued For Hacking A Saudi Activist's Phone On Behalf Of The United Arab Emirates”

Subscribe: RSS Leave a comment
8 Comments
Anonymous Coward says:

Why these analysts were working for known human rights abusers was unclear.

Is this referring to the NSA or UAE? In either case, I’d say (a) money or (b) because it’s really interesting. Some of the most appealing job ads I’ve seen were from intelligence agencies and unethical companies—almost makes me feel bad that ethical concerns prevented me from applying.

(See the recent analysis of an NSO exploit for example. Not only can JBIG2 fuck you over by changing a 6 to an 8, they found a way to fuck you over with its Turing-completeness. They built a whole virtual machine to run malware—in an image format with no scripting support—and presumably a compiler for that VM.)

Anonymous Coward says:

Why aren’t these people in prison, playing "drop the soap" with Bubba?

A monetary fine or a lawsuit is hardly enough, given the damage done. If they’d stolen even small tangible items from the display racks of some big department store chain, sooner or later the judge would be sick of seeing them and have them imprisoned. This is worse… infinitely worse.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...