DarkMatter Group
Company type | Private |
---|---|
Industry | cybersecurity |
Founded | 2014 |
Headquarters | Abu Dhabi, United Arab Emirates |
Area served | U.A.E., Finland, Canada |
Key people |
|
Website | www |
DarkMatter Group, founded in the United Arab Emirates (UAE) in 2014[1][2] or 2015,[3] is a cybersecurity company.[4][5][1] The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybersecurity ("cracking" or, colloquially, "hacking"), including on behalf of the Emirati government.[4][1]
Company history
DarkMatter was founded in either 2014[1][2] or 2015[3] by Faisal al-Bannai, the founder of mobile phone vendor Axiom Telecom and the son of a major general in the Dubai Police Force.[3][1][5] Around 2014, Zeline 1, a wholly owned subsidiary of DarkMatter, became active in Finland.[2]
DarkMatter's public launch came in 2015, at the 2nd Annual Arab Future Cities Summit.[4] At this time, the company advertised capabilities including network security and bug sweeping, and promised to create a new, "secure" mobile phone handset.[4] It promoted itself as a "digital defense and intelligence service" for the UAE.[4]
In 2016, DarkMatter replaced CyberPoint as a contractor for Project Raven.[1] Also in 2016, DarkMatter sought smartphone development expertise in Oulu, Finland.[2] DarkMatter recruited several Finnish engineers.[2]
By early 2018, DarkMatter's turnover was hundreds of millions of U.S. dollars.[5] Eighty per cent of its work was for the UAE government and related organizations, including the NESA.[5] It had developed a smartphone model called Katim, Arabic for "silence".[3] DarkMatter was an official provider for the Expo 2020,[6] but has since been dropped in favour of a different company.
Recruitment practices
In addition to recruiting via conventional routes such as personal referrals and stalls at trade shows (e.g. Black Hat),[4] DarkMatter headhunts staff from the U.S. National Security Agency and has "poached" competitors' staff after they were contracted to the UAE government, as happened with some CyberPoint employees.[4][5]
The company has reportedly hired graduates of the Israel Defense Force technology units and is paying them up to $1 million annually.[7]
Simone Maragitelli, an Italian security researcher, blogged about DarkMatter's vague and dubious recruiting practices as a warning to others. He claimed that any questions or objections to the company's practices would result in being told that "things had been blown out of proportion" and that information about the job opening was extremely vague despite asking questions.[8][9]
F.B.I. Investigation
DarkMatter is under investigation by the F.B.I. for crimes including digital espionage services, involvement in the Jamal Khashoggi murder, and incarceration of foreign dissidents.[10] The F.B.I. is also investigating current and former American employees of DarkMatter for possible cybercrimes.[11] It is not clear whether American officials have confronted their counterparts in the Emirati government about the ToTok app, a tool claimed to be used for mass surveillance.[12] All sources have spoken out anonymously for fear of retribution.
Allegations of surveillance for UAE government
Project Raven
Project Raven was a confidential initiative to help the UAE surveil other governments, militants, and human rights activists.[1] Its team included former U.S. intelligence agents, who applied their training to hack phones and computers belonging to Project Raven's victims.[1] The operation was based in a converted mansion in Abu Dhabi nicknamed "the Villa."[1]
From around 2014 to 2016, CyberPoint supplied U.S.-trained contractors to Project Raven. In 2016, news reports emerged that CyberPoint had contracted with the Italian spyware company Hacking Team, which damaged CyberPoint's reputation as a defensive cybersecurity firm.[4] Reportedly dissatisfied with relying upon a U.S.-based contractor, the UAE replaced CyberPoint with DarkMatter as its contractor, and DarkMatter induced several CyberPoint staff to move to DarkMatter.[1][13] After this, Project Raven reportedly expanded its surveillance to include the targeting of Americans, potentially implicating its American staff in unlawful behaviour.[1][13][14]
Karma spyware
In 2016, Project Raven bought a tool called Karma.[15] Karma was able to remotely exploit Apple iPhones anywhere in the world, without requiring any interaction on the part of the iPhone's owner.[1] It apparently achieved this by exploiting a zero-day vulnerability in the device's iMessage app.[1] Project Raven operatives were able to view passwords, emails, text messages, photos and location data from the compromised iPhones.[15][1]
People whose mobile phones have been deliberately compromised using Karma reportedly include:
- The Emir of Qatar, Sheikh Tamim bin Hamad Al Thani, plus his brother and several other close associates.[4]
- Nadia Mansoor, wife of imprisoned UAE human rights activist Ahmed Mansoor.[1] (Nadia was nicknamed "Purple Egret" by Project Raven; Ahmed was nicknamed "Egret".)[4]
- British journalist Rori Donaghy.[1] (Donaghy was nicknamed "Gyro" by Project Raven.)[4]
- Hundreds of other targets in Europe and the Middle East, including in the governments of Yemen, Iran and Turkey.[4]
In 2017, Apple patched some of the security vulnerabilities exploited by Karma, reducing the tool's effectiveness.[15]
Certificate authority controversy
In 2016, two DarkMatter whistleblowers and multiple other security researchers expressed concerns that DarkMatter intended to become a certificate authority (CA).[4] This would give it the technical capability to create fraudulent certificates, which would allow fraudulent websites or software updates to convincingly masquerade as legitimate ones.[4] Such capabilities, if misused, would allow DarkMatter to more easily deploy rootkits to targets' devices, and to decrypt HTTPS communications of Firefox users via man-in-the-middle attacks.[4][16][17]
On 28 December 2017, DarkMatter requested that Mozilla include it as a trusted CA in the Firefox web browser.[18] For more than a year, Mozilla's reviewers addressed concerns about DarkMatter's technical practices, eventually questioning on that basis whether DarkMatter met the baseline requirements for inclusion.[18][19]
On 30 January 2019, Reuters published investigations describing DarkMatter's Project Raven.[1][16] Mozilla's reviewers noted the investigation's findings.[19] Subsequently, the Electronic Frontier Foundation (EFF) and others asked Mozilla to deny DarkMatter's request, on the basis that the investigation showed DarkMatter to be untrustworthy and therefore liable to misuse its capabilities.[16][17][19][18] As of March 2019[update], Mozilla's public consultation and deliberations are ongoing.[19][18]
In July 2019, Mozilla prohibited the government of United Arab Emirates from operating as one of its internet security gatekeepers, following reports on the cyber-espionage program, which was run by Abu Dhabi-based DarkMatter staff for leading a clandestine hacking operation.[20]
In August 2019, Google blocked websites approved by DarkMatter, after Reuters reported the firm's involvement in a hacking operation led by the United Arab Emirates. Google, previously, said that all websites certified by DarkMatter would be marked as unsafe by its Chrome and Android browsers.[21]
See also
References
- ^ a b c d e f g h i j k l m n o p q "Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE". Reuters.
- ^ a b c d e "Revealed: Secretive UAE cybersecurity firm with a history of spying on dissidents is operating in Finland". helsinkitimes.fi.
- ^ a b c d "UAE cyber firm DarkMatter slowly steps out of the shadows". phys.org.
- ^ a b c d e f g h i j k l m n o McLaughlin, Jenna (24 October 2016). "Featured News: Spies for Hire".
- ^ a b c d e "Emerging Gulf State cyber security powerhouse growing rapidly in..." reuters.com. 2 February 2018.
- ^ "Who's going to protect you online at Expo 2020?". Official Expo 2020 news blog. June 4, 2018. Retrieved August 20, 2020.
{{cite web}}
: CS1 maint: url-status (link) - ^ Ziv, Amitai (16 October 2019). "Mysterious UAE Cyber Firm Luring ex-Israeli Intel Officers With Astronomical Salaries". haaretz.com. archive.org.
{{cite web}}
: External link in
(help)|others=
- ^ Maragitelli, Simone (July 27, 2016). "How-The-United-Arab-Emirates-Intelligence-Tried-to-Hire-me-to-Spy-on-its-People".
{{cite web}}
: CS1 maint: url-status (link) - ^ McLaughlin, Jenna (2016-10-24). "Featured News: Spies for Hire". The Intercept. Retrieved 2020-03-03.
- ^ "Information War Led to Khashoggi's Murder | RealClearPolitics". www.realclearpolitics.com. Retrieved 2020-03-03.
- ^ Mazzetti, Mark; Goldman, Adam; Bergman, Ronen; Perlroth, Nicole (2019-03-21). "A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments". The New York Times. ISSN 0362-4331. Retrieved 2020-03-03.
- ^ Mazzetti, Mark; Perlroth, Nicole; Bergman, Ronen (2019-12-22). "It Seemed Like a Popular Chat App. It's Secretly a Spy Tool". The New York Times. ISSN 0362-4331. Retrieved 2020-03-03.
- ^ a b "A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments". The New York Times. 2019-03-21. Retrieved 2019-03-22.
- ^ "Takeaways From The Times's Investigation Into Hackers for Hire". The New York Times. 2019-03-21. Retrieved 2019-03-22.
- ^ a b c Reuters. "A top secret UAE spy operation staffed by former NSA cyber-agents hacked into the iPhones of dissidents and rivals". Business Insider.
{{cite web}}
:|last=
has generic name (help) - ^ a b c "CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns". BleepingComputer.
- ^ a b Quintin, Cooper (22 February 2019). "Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else". Electronic Frontier Foundation.
- ^ a b c d "1427262 - Add DarkMatter Root Certificates". bugzilla.mozilla.org.
- ^ a b c d "DarkMatter Concerns". Google Groups.
- ^ "Mozilla blocks UAE bid to become an internet security guardian after hacking reports". Reuters. Retrieved 9 June 2019.
- ^ "Google blocks websites certified by DarkMatter, after Reuters reports". Reuters. Retrieved 1 August 2019.