Group items tagged

surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents

Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials.

While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.

The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.

Stroud had already made the switch from government employee to Booz Allen contractor, essentially performing the same NSA job at higher pay. Taking a job with CyberPoint would fulfill a lifelong dream of deploying to the Middle East and doing so at a lucrative salary. Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.

Providing sensitive defense technologies or services to a foreign government generally requires special licenses from the U.S. State and Commerce Departments. Both agencies declined to comment on whether they issued such licenses to CyberPoint for its operations in the UAE. They added that human rights considerations figure into any such approvals.

“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she said. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”

the program took aim not just at terrorists and foreign government agencies, but also dissidents and human rights activists. The Emiratis categorized them as national security targets

Emirati security forces viewed human rights advocates as a major threat to “national stability,”

Reached by phone in London, Donaghy, now a graduate student pursuing Arab studies, expressed surprise he was considered a top national security target for five years. Donaghy confirmed he was targeted using the techniques described in the documents. “I’m glad my partner is sitting here as I talk on the phone because she wouldn’t believe it,” he said. Told the hackers were American mercenaries working for the UAE, Donaghy, a British citizen, expressed surprise and disgust. “It feels like a betrayal of the alliance we have,” he said.

Mansoor was convicted in a secret trial in 2017 of damaging the country’s unity and sentenced to 10 years in jail. He is now held in solitary confinement, his health declining, a person familiar with the matter said. Mansoor’s wife, Nadia, has lived in social isolation in Abu Dhabi. Neighbors are avoiding her out of fear security forces are watching. They are correct. By June 2017 Raven had tapped into her mobile device and given her the code name Purple Egret, program documents reviewed by Reuters show. To do so, Raven utilized a powerful new hacking tool called Karma, which allowed operatives to break into the iPhones of users around the world.

Karma was particularly potent because it did not require a target to click on any link to download malicious software. The operatives understood the hacking tool to rely on an undisclosed vulnerability in Apple’s iMessage text messaging software. In 2016 and 2017, it would be used against hundreds of targets across the Middle East and Europe, including governments of Qatar, Yemen, Iran and Turkey, documents show. Raven used Karma to hack an iPhone used by the Emir of Qatar, Sheikh Tamim bin Hamad al-Thani, as well as the phones of close associates and his brother.

the UAE has been accused of suppressing free speech, detaining dissidents and other abuses by groups such as Human Rights Watch. The UAE says it is working closely with Washington to fight extremism “beyond the battlefield” and is promoting efforts to counter the “root causes” of radical violence. Raven’s targets eventually would include militants in Yemen, foreign adversaries such as Iran, Qatar and Turkey, and individuals who criticized the monarchy, said Stroud and eight other former Raven operatives. Their accounts were confirmed by hundreds of Raven program documents reviewed by Reuters.

But a 2014 State Department agreement with CyberPoint showed Washington understood the contractors were helping launch cyber surveillance operations for the UAE. The approval document explains CyberPoint’s contract is to work alongside NESA in the “protection of UAE sovereignty” through “collection of information from communications systems inside and outside the UAE” and “surveillance analysis.”

“It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,”

Under DarkMatter, Project Raven continued to operate in Abu Dhabi from the Villa, but pressure escalated for the program to become more aggressive. Before long, senior NESA officers were given more control over daily functions, former Raven operatives said, often leaving American managers out of the loop. By mid-2016, the Emirates had begun making an increasing number of sections of Raven hidden from the Americans still managing day-to-day operations. Soon, an “Emirate-eyes only” designation appeared for some hacking targets.

Stroud began searching a targeting request list usually limited to Raven’s Emirati staff, which she was still able to access because of her role as lead analyst. She saw that security forces had sought surveillance against two other Americans. When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by “certain people. You are not one of them,” the Emirati officer wrote.

Days later, Stroud said she came upon three more American names on the hidden targeting queue.

occupations were listed: journalist

When Stroud kept raising questions, she said, she was put on leave by superiors, her phones and passport were taken, and she was escorted from the building. Stroud said it all happened so quickly she was unable to recall the names of the three U.S. journalists or other Americans she came across in the files. “I felt like one of those national security targets,” she said. “I’m stuck in the country, I’m being surveilled, I can’t leave.” After two months, Stroud was allowed to return to America. Soon after, she fished out the business card of the FBI agents who had confronted her at the airport. “I don’t think Americans should be doing this to other Americans,” she told Reuters. “I’m a spy, I get that. I’m an intelligence officer, but I’m not a bad one.”

Former President George W. Bush explicitly stated that the United States was not at war with Islam, but nativist voices embraced the clash of civilizations narrative, and the ensuing war on “Islamic terrorism” enabled and perpetuated Islamophobia at home and abroad

while both terrorism and the coronavirus are themselves nonhuman entities, their invocation as foes has fueled dangerous xenophobia with very human consequences

one of the key lessons of the 9/11 period is the ease of viewing the military as the tool of first resort, despite its powerlessness in solving political or humanitarian problems

neither the coronavirus response nor the war on terrorism created xenophobia; rather, they exacerbated existing prejudices and inequities

another pair of post-9/11 measures that are once again on the table: an increase in what the government knows about the public and a decrease in what the public knows about the government.

Data-mining firms like Palantir already have contracts in place with the Centers for Disease Control and Prevention and the National Institutes of Health. Some U.S. analysts argue that the coronavirus vindicates the highly surveilled Chinese internet. Others have urged the adoption of tracking methods similar to those used by the government of Singapore, pointing out that U.S. governors can use post-9/11 legislation to force citizens to comply.

the 9/11 era showed that government surveillance—especially when implemented hastily—has the tendency to expand inertially. The Patriot Act’s scope grew in the years after its adoption, resulting in the mass collection of millions of Americans’ metadata (which a government oversight board later deemed not only illegal but also of minimal effectiveness in fighting terrorism). That law has also been applied well beyond its initial counterterrorism intent, including in cases of mortgage and food-stamp fraud.

The post-9/11 era was rife with anti-democratic secrecy, and today, the executive branch is again claiming emergency powers to evade accountability. Trump used the coronavirus as a pretext for suspending immigration—not for health reasons but, he claimed, to prevent competition from immigrant labor. He also decapitated the watchdog panel tasked with overseeing $2.2 trillion in economic relief and named a partisan ally to fill a critical inspector general role. In a haunting echo of the post-9/11 era’s habeas corpus debates, last month the Justice Department requested authorization from Congress to be able to detain Americans indefinitely during a state of emergency such as a pandemic.

Free flows of news and information create political pressure to make smart and life-saving decisions. Policymakers avoid corruption if they know their constituents are watching. By clamping down on hallmarks of democratic accountability, post-9/11 policies curtailed valuable liberties while making the United States less safe