[CPJ] New York, January 30, 2019--At least four journalists were surveilled under Project Raven, a United Arab Emirates (UAE) cybersurveillance and hacking operation, Reuters reported today. The UAE hired former U.S. National Security Agency employees to assist in deploying a surveillance tool called Karma that exploited a vulnerability in the iPhone's messaging application, according to a Reuters investigation based on interviews with nine former Raven operatives.Probably little more than an unfortunate coincidence.
"What we've learned about Project Raven raises significant concerns over the lengths to which the UAE will go in targeting journalists, and the involvement of former U.S. intelligence officials is also disturbing," said CPJ Middle East and North Africa Program Coordinator Sherif Mansour in Washington, D.C. "Emirati officials must stop targeting the press at home and abroad, and the U.S. must make it clear to their allies that hacking journalists' phones is not a legitimate counterterror strategy."
Reuters reported that the operation surveilled Rori Donaghy, a British journalist who has contributed to The Guardian, three U.S. journalists who were not named in the report, as well human rights activists, foreign diplomats, and foreign leaders. When CPJ called the UAE Embassy in Washington, D.C. today for comment, a representative said questions should be submitted via email. The embassy did not immediately reply to the email CPJ sent.
CPJ has previously documented the UAE's tough stance on the critical press, including its aggressive stance toward Qatar-based media, including Al-Jazeera, during a regional diplomatic dispute. Emirati-affiliated militias in Yemen have also attacked and harassed journalists who were critical of UAE action inside the country.
United Arab Emirates - Project Raven
She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.
Stroud and her team, working from a converted mansion in Abu Dhabi known internally as "the Villa," would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.
Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.
"I am working for a foreign intelligence agency who is targeting U.S. persons," she told Reuters. "I am officially the bad kind of spy."
FISA warrants, who needs them ?
Related: Breitbart - Former U.S. Government Operatives Helped UAE Hack iPhones (don't miss the lengthy list of pithy reader comments)