 | |
| Company type | Private |
|---|---|
| Industry | Cybersecurity |
| Founded | 2014; 12 years ago (2014) |
| Headquarters | Abu Dhabi,United Arab Emirates |
Area served | UAE, Finland, Canada |
Key people |
|
| Website | www |
DarkMatter Group is a computer security company[1][2] founded in theUnited Arab Emirates (UAE) in 2014[3][4] or 2015.[5] The company has described itself as a purely defensive company; however, in 2016, it became a contractor forProject Raven. It has employed former U.S. intelligence operatives.[6]
DarkMatter was founded in either 2014[3][4] or 2015[5] by Emirati business manFaisal al-Bannai, the founder of mobile phone vendorAxiom Telecom and the son of a major general in theDubai Police Force.[5][3][2] Zeline 1, a wholly owned subsidiary of DarkMatter, became active in Finland around 2014.[4]
DarkMatter's public launch came in 2015, at the 2nd Annual Arab Future Cities Summit.[1] At this time, the company advertised capabilities includingnetwork security andbug sweeping, and promised to create a new, "secure" mobile phone handset.[1] It promoted itself as a "digital defense and intelligence service" for the UAE.[1]
In 2016, DarkMatter replacedCyberPoint as a contractor forProject Raven.[3][a][b] Also in 2016, DarkMatter sought smartphone development expertise in Oulu, Finland, recruiting several Finnish engineers.[4]
By early 2018, DarkMatter's turnover was hundreds of millions of U.S. dollars.[2] Eighty percent of its work was for the UAE government and related organizations, including the NESA.[2] It had developed a smartphone model called Katim, Arabic for "silence".[4][5] DarkMatter was an official provider for theExpo 2020,[14] but has since been dropped in favour of a different company.
In 2021, DarkMatter's cyber activities had already been transferred to Digital14, which has been distributing the secure communications system 'Katim'.[15]
In addition to recruiting via conventional routes such as personal referrals and stalls at trade shows (e.g.Black Hat),[1] DarkMatter headhunted staff from the U.S.National Security Agency and "poached" competitors' staff after they were contracted to the UAE government, as happened with some CyberPoint employees.[1][2]
The company reportedly hired graduates of theIsrael Defense Force technology units and paid them up toUS$1 million annually.[16]
Simone Maragitelli, an Italian security researcher, blogged about DarkMatter's vague and dubious recruiting practices as a warning to others. He claimed that any questions or objections to the company's practices would result in being told that "things had been blown out of proportion" and that information about the job opening was extremely vague despite asking questions.[17][18]
In response to allegedcyber spying on opponents of Iran's best interests by the government of Iran during 2010 and 2011, the United States assisted the United Arab Emirates in late 2011 with establishing theNational Electronic Security Authority (NESA) which is the UAE's equivalent to the U.S.NSA.[19]
Project Raven was a confidential initiative to help the UAE surveil other governments, militants, and human rights activists.[3] Its team included former U.S. intelligence agents, who applied their training to hack phones and computers belonging to Project Raven's victims.[3] The operation was based in a converted mansion in a suburb of Abu Dhabi in Khalifa City nicknamed "the Villa."[3]
The project originated in 2008 as the Development Research Exploitation and Analysis Department (DREAD), developed byRichard A. Clarke through his security advisory group Good Harbor Consulting, as an arm of UAE royalMohamed bin Zayed Al Nahyan's court.[20] By the end of 2010, Good Harbor had stepped back from DREAD, ceding control toKarl Gumtow, the co-founder and CEO of CyberPoint.[20][21]
From around 2014 to 2016, CyberPoint supplied U.S.-trained contractors to Project Raven. In 2016, news reports emerged that CyberPoint had contracted with the Italianspyware companyHacking Team, which damaged CyberPoint's reputation as a defensive cybersecurity firm.[1] Reportedly dissatisfied with relying upon a U.S.-based contractor, the UAE replaced CyberPoint with DarkMatter as its contractor, and DarkMatter induced several CyberPoint staff to move to DarkMatter.[3][22] After this, Project Raven reportedly expanded its surveillance to include the targeting of Americans, potentially implicating its American staff in unlawful behaviour.[3][22][23]
Following a 24 October 2016The Intercept article revealing DarkMatter surveillance for UAE, Samer Khalife, the chief financial officer for DarkMatter, transferred some United States citizens from DarkMatter to a new company Connection Systems and tiger teams were established by DarkMatter to counter the allegations contained inThe Intercept article.[24]
On 1 February 2019,Ars Technica published comments from a former employee of DarkMatter, Daniel Wolford. He stated, "We did not hack Americans...Our mission was simple: advise and assist UAE to create a national cyber security program similar to NTOC (NSA/CSS Threat Operations Center)." The work done creating a "target list," Wolford said, was part of a training operation "to teach the Emiratis about lawful targeting and collection," he asserted. "We tried to show them who is and isn't a threat to their national security."[25]
On 9 December 2021,Loujain al-Hathloul filed a lawsuit in a US district court in Oregon against three former US intelligence and military officers, who carried out hacking operations on behalf of theUAE. According to the lawsuit, the three men —Marc Baier,Ryan Adams, andDaniel Gericke — worked for DarkMatter and assisted the Emirati security officials to exfiltrate data from her iPhone. The hacking had led to al-Hathloul's arrest from the UAE and rendition toSaudi Arabia, where she was detained, imprisoned and tortured.[26]
On 22 December 2019, a very popular messaging app namedToTok was deemed to be a secretmass surveillance tool, developed by the UAE, used to gather private information from users' phones. As a result, the app was pulled from Google and Apple's app stores.[27][28]
In December 2021, U.S. lawmakers urged the Treasury and State Departments to sanction DarkMatter,NSO Group, Nexa Technologies, and Trovicor. The letter signed by the Senate Finance Committee ChairmanRon Wyden, House Intelligence Committee ChairmanAdam Schiff, and 16 other lawmakers, asked forGlobal Magnitsky sanctions, as the companies were accused of enabling human rights abuses. The letter demanded that high-ranking executives at DarkMatter, along with the three other firms, be sanctioned.[29]
On 26 August 2022, the three former U.S. intelligence operatives who helped the UAE spy on human rights activists, journalists, and governments were barred from arms export activities under a deal announced by the State Department. The operatives, Baier, Adams, and Gericke, admitted their involvement in Project Raven on 15 September 2022, resulting in them relinquishing their security clearance and paying $1.68 million in exchange for their criminal charges being dropped.[30] The three were prohibited for three years from participating directly or indirectly in any activities subject to theInternational Traffic in Arms Regulations (ITAR).[31] Gericke subsequently served as Chief Technology Officer atExpressVPN, a subsidiary of British-Israeli companyKape Technologies,[32] leadingEdward Snowden to warn the company's customers.[33][34]
In 2016, Project Raven bought a tool called Karma.[35] Karma was able to remotely exploitApple iPhones anywhere in the world, without requiring any interaction on the part of the iPhone's owner as long as a username was provided, such as Apple ID, Email address associated with the phone, or phone number.[3] It apparently achieved this by exploiting azero-day vulnerability in the device'siMessage app.[3] Project Raven operatives were able to view passwords, emails, text messages, photos and location data from the compromised iPhones.[35][3]
People whose mobile phones have been deliberately compromised using Karma reportedly include:
Around mid-2017, Apple patched some of the security vulnerabilities exploited by Karma, unknowingly reducing the tool's effectiveness.[35]
In 2016, two DarkMatter whistleblowers and multiple other security researchers expressed concerns that DarkMatter intended to become acertificate authority (CA).[1] This would give it thetechnical capability to create fraudulent certificates, which would allow fraudulent websites or software updates to convincingly masquerade as legitimate ones.[1] Such capabilities, if misused, would allow DarkMatter to more easily deployrootkits to targets' devices, and to decryptHTTPS communications ofFirefox users viaman-in-the-middle attacks.[1][38][39]
On 28 December 2017, DarkMatter requested thatMozilla include it as a trusted CA in the Firefox web browser.[40] For more than a year, Mozilla's reviewers addressed concerns about DarkMatter's technical practices, eventually questioning on that basis whether DarkMatter met the baseline requirements for inclusion.[40][41]
On 30 January 2019,Reuters published investigations describing DarkMatter's Project Raven.[3][38] Mozilla's reviewers noted the investigation's findings.[41] Subsequently, theElectronic Frontier Foundation (EFF) and others asked Mozilla to deny DarkMatter's request, on the basis that the investigation showed DarkMatter to be untrustworthy and therefore liable to misuse its capabilities.[38][39][41][40] On 5 July 2019, after Mozilla's public consultation it was decided to not allow DarkMatter to become a trusted CA in Firefox.[42][40]
In July 2019,Mozilla prohibited the government of theUnited Arab Emirates from operating as one of its internet security gatekeepers, following reports on the cyber-espionage program, which was run by Abu Dhabi-based DarkMatter staff for leading a clandestine hacking operation.[43]
In August 2019, Google blocked websites approved by DarkMatter, after Reuters reported the firm's involvement in a hacking operation led by the United Arab Emirates. Google, previously, said that all websites certified by DarkMatter would be marked as unsafe by its Chrome and Android browsers.[44]
As of 2020, DarkMatter has been under investigation by theFBI for crimes including digital espionage services, involvement in theJamal Khashoggiassassination, and incarceration of foreign dissidents.[45]
On September 14, 2021, Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, had each been indicted for violations of United States laws involving computer fraud and improper exporting of technology. They agreed to deferred prosecution in exchange for: (a) paying fines over three years of $750,000, $600,000, and $335,000, respectively, totaling $1.68 million; (b) supporting FBI andJustice Department investigations; (c) severing ties to any United Arab Emirates intelligence and law enforcement agencies; (d) submitting to a prohibition of services, including defense articles associated withITAR and future computer network exploitation employment; (e) relinquishing their security clearances with the United States and any foreign entity; (f) accepting a lifetime ban on future security clearances from the United States.
After the UAE contracts shifted from the US parent firm CyberPoint to its UAE subsidiary DarkMatter, Baier, who was a former employee of the NSA, and Adams and Gericke, who had been in the United States military and intelligence communities, failed to acquire permission to be employed by the UAE firm. According to Lori Stroud who is a formerNSA employee, the trio had worked for the United States-based CyberPoint and then for its UAE subsidiary DarkMatter. In 2018Faisal al-Bannai confirmed that DarkMatter worked very closely with the government of the UAE and was a competitor of the Israeli firmNSO Group. From January 2016 to November 2019, the trio of Marc Baier, Ryan Adams, and Daniel Gericke significantly improved the services that DarkMatter provided to the government of the UAE.
For example, DarkMatter had hacked into an electronic communication betweenFirst LadyMichelle Obama and a former Qatari minister regarding Michelle Obama andConan O'Brien's November 2015 trip to Qatar.[inconsistent] Both Obama and O'Brien visited theal-Udeid airbase which hosts the forward base headquarters ofUnited States Central Command and theRAF'sNo. 83 Expeditionary Air Group. Additionally, the airbase has served as the headquarters of theUnited States Air Force Central Command during the Wars inIraq andAfghanistan.[46][47][48][49][50][51][52][53][54][55]
DarkMatter was very interested in hackingQatar's computers to obtain and read its electronic messages, as it was believed that Qatar was supporting theMuslim Brotherhood.[56]
In January 2020, during the FBI investigations into DarkMatter employees' criminal conduct, theUnited States Congress passed a law proposed in 2019 by congresspersonMax Rose ofNew York. The law requires theUnited States intelligence agencies to annually assess the risk to the United States national security posed by American nationals working for or affiliated with foreign-based firms, governments, and entities.[57][58] The law was partially motivated by the UAE's cyber espionage operations against United States governments, firms, private citizens, and other entities.[57]
{{cite web}}:|last= has generic name (help)