Ex-NSA security specialists admit to working as 'mercenaries' targeting UAE dissidents
Apple iPhones cracked in UAE government operation targeting activists, politicians and dissidents - including a British journalist
Former National Security Agency security specialists have admitted helping authorities in the United Arab Emirates hack the phones and computers of dissidents, journalists and opposition politicians.
And the targets included a British journalist, Rori Donaghy, who had written articles critical of the human rights record of the UAE government.
That's according to a Reuters investigation, which claims that the specialists were originally contracted from a cyber security specialist based in Maryland in the US as part of the UAE authorities' Project Raven, targeting opponents of the regime.
The operation had started as a counter-terrorism move following an attack on a teacher, claimed by Islamist terror group ISIS, to find out whether other attacks might be likely.
Reuters claims to have interviewed nine former members of the operation, including one who has gone on the record.
The operatives, Reuters added, used an espionage platform code-named Karma to crack the security of targets' Apple iPhones.
Karma, according to Reuters, enabled operatives to exfiltrate information from iPhones "simply by uploading lists of numbers into a preconfigured system", without the need to persuade targets to download and install malware. Instead, it took advantage of security flaws in Apple's iMessage software.
The security specialists started coming forward, and speaking to Reuters, after management of the operation was transferred from the US company to a local company, called DarkMatter - and they were asked to start spying on Americans, in contravention of US law.
"The FBI is now investigating whether [Project] Raven's American staff leaked classified US surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents," reported Reuters.
The one contractor willing to be named, Lori Stroud, was responsible for bringing Edward Snowden onto her team in 2103 - the same Edward Snowden who would turn whistleblower just two months later.
Stroud claims that when she joined Project Raven she was given two briefings, an official briefing and one - the real story - that would be denied should it ever become public knowledge.
Targets of the Project included alleged extremists in Yemen, as well as critics of the UAE monarchy, Iran, Turkey and Qatar. Social media was also targeted, as were anyone on social media that the UAE security forces said had insulted the UAE government.
"The Americans identified vulnerabilities in selected targets, developed or procured software to carry out the intrusions and assisted in monitoring them… But an Emirati operative would usually press the button on an attack," reported Reuters.
In the case of London-based Donaghy, the target was persuaded to download and run software that would make messages "difficult to trace" by an operative claiming to be a human rights activist. The software enabled UAE agents to monitor all of Donaghy's email and internet browsing.
The malware was found by Canada-based rights group Citizen Lab after Donaghy became suspicious that he was being spied on - but only after running it for three or so years.
Another activist targeted by the Project, UAE-based Ahmed Mansoor, was sentenced last years to 10 years' imprisonment.