Allegations Aloft on the Karma Feathered Wing of a Raven: Reuters and the UAE

February 9, 2019

Activists, diplomats, and foreign leaders were allegedly among the targets of a surveillance operation in the United Arab Emirates, according to Reuters’ article, “Exclusive: UAD Used Cyber Super-Weapon to Spy on iPhones of Foes.” Dubbed Project Raven, the operation broke into targets’ iPhones using a hack known as “Karma,” which may or may not still be operational after Apple updated the iPhone’s software in 2017. Indeed, the breaches were made possible by a flaw in Apple’s iMessage app in the first place: hackers found they could establish their connections by implanting malware through iMessage, even if the user never used the app.

Some may be surprised learn who was involved in Project Raven; reporters Joel Schectman and Christopher Bing write:

“Raven was largely staffed by U.S. intelligence community veterans, who were paid through an Emirati cyber security firm named DarkMatter, according to documents reviewed by Reuters. … The UAE government purchased Karma from a vendor outside the country, the operatives said. Reuters could not determine the tool’s creator.

I also noted this statement:

“The operatives knew how to use Karma, feeding it new targets daily, in a system requiring almost no input after an operative set its target. But the users did not fully understand the technical details of how the tool managed to exploit Apple vulnerabilities. People familiar with the art of cyber espionage said this isn’t unusual in a major signals intelligence agency, where operators are kept in the dark about most of what the engineers know of a weapon’s inner workings. …

Did the method work? I learned:

“The Raven team successfully hacked into the accounts of hundreds of prominent Middle East political figures and activists across the region and, in some cases, Europe, according to former Raven operatives and program documents.”

The article names a few of Raven’s known victims, including the noteworthy human rights activist Tawakkol Karman, also known as the Iron Woman of Yemen. Having been a prominent leader of her country’s Arab Spring protests in 2011, Karman is used to hacking notices popping up on her phone. However, even she was bewildered that Americans, famously champions of human rights, were involved.

Cynthia Murrell, February 09, 2019

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta