“The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals.”
“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”
“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter. But it’s an intelligence mission, you are an intelligence operative. I never made it personal,”
According to one of a two-part Reuters investigative report, Project Raven: Inside the UAE’s Secret Hacking Team of American Mercenaries, released last Wednesday, the above were the words of Lori Stroud, a former US NSA intelligence analyst who, after two weeks leaving her position with NSA in 2014, left for a more lucrative deal in the Middle East “working as a hacker for an Arab monarchy.”
She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.
Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.
Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.Reuters; Project Raven
“Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents.”
Of the nine, Stroud was the only one willing to speak on the record for the story. The other eight would only speak on the condition of anonymity.
Stroud’s story, however, comes with a twist. It was on her recommendation to hire Edward Snowden in 2013.
In 2013, her world changed. While stationed at NSA Hawaii, Stroud says, she made the fateful recommendation to bring a Dell technician already working in the building onto her team. That contractor was Edward Snowden.
“He’s former CIA, he’s local, he’s already cleared,” Stroud, 37, recalled. “He’s perfect!” Booz and the NSA would later approve Snowden’s transfer, providing him with even greater access to classified material.
Two months later, Snowden fled with “thousands of top secret files,” then passed them on to journalists.
After the fallout of the Snowden debacle, Stroud, already having made the move from government to contractor with Booz Allen, was recruited by “a former colleague at NSA Hawaii” Marc Baier, offering her a “chance to work for a contractor in Abu Dhabi called CyberPoint.” For an analyst of Stroud’s caliber, the pay ranged from $200,000 to $400,000.
Stroud’s new job she understood would “involve a counterterrorism mission in cooperation with the Emiratis,” but she knew little else in the beginning.
Holy. Fucking. Shit. Ahmed Mansoor, a UAE activist, has been hacked for years; we knew that. Now, this Reuters report confirms it was Americans working on that operation. Mansoor has been tortured, now in prison for 10 years https://t.co/jYtETkkJY0 pic.twitter.com/V8eorXHehD— Joseph Cox (@josephfcox) January 30, 2019
For what it is worth, in case you missed it: International Operatives Target Citizen Lab Cybersecurity Watchdog
According to an Associated Press report last Saturday, “the researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives.”
The Background: Laying the foundation.
In mid-October, an @ theNewsBlender ICYMI discussed the story that, in light of the Saudi Arabia dissident and America resident journalist Jamal Khoahoggi’s murder, Committee to Protect Journalist (CPJ) re-upped their report from Oct 1 and Citizen Lab’s published report showing it had detected the spyware called Pegasus – created by the software vendor called the NSO Group – in 45 countries being used that may be used to track journalist and their resources.
The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.Reuters; Project Raven
The Karma Hack: UAE Used Cyber Super-Weapon to Spy on iPhones of Foes
There is a companion piece here, talking more about the Karma exploitation platform itself. Bought from an outside vendor, it provided no click infection of iPhones. Became less effective in 2017. Used iMessage vulns https://t.co/Ob8H1z4ubu— Joseph Cox (@josephfcox) January 30, 2019
The hacking tool was used to “monitor hundreds of targets beginning in 2016.”
Raven also hacked Tawakkol Karman, a human rights activist known as the Iron Woman of Yemen. Informed by Reuters she had been targeted, she said she believes she was chosen because of her leadership in the Arab Spring protests, which erupted around the region in 2011 and led to the ousting of Egyptian President Hosni Mubarak.
For years she had received repeated notifications from social media accounts, warning that she had been hacked, she told Reuters. But the fact that Americans helped the Emirati government monitor her was shocking, she said.
Americans are “expected to support the protection of human rights defenders and provide them with all protection and security means and tools,” she said, “not to be a tool in the hands of tyrannies to spy on the activists and to enable them to oppress their peoples.”Reuters; The Karma Hack
The UAE’s government run company Dark Matter and the build up of their security capabilities using former American spooks turned mercenaries was also reported by Foreign Policy’s Jenna McLaughlin in December 2017, in, Deep Pockets, Deep Cover – The UAE Is Paying Ex-CIA officers to build a spy empire in the Gulf.
If you’ve been reading the Reuters piece, you also need to read @JennaMC_Laugh‘s coverage, which has been all over this story before anyone else. Here’s the Americans coming over to work on the UAE surveillance project: https://t.co/Ed49fXYy6Q— Joseph Cox (@josephfcox) January 30, 2019
McLaughlin reported, while the UAE’s ‘reliance on foreigners to build its security institutions is not new,” legal questions are now arising “as the U.S. government struggles to decide how laws govern highly trained intelligence officials hawking their skills abroad.”
Running a program for new recruits with morning seminars for intelligence training, learning surveillance techniques, to more ‘advanced,” instructions on how to create ‘cover identities to use when attending galas with diplomats,” and “how to groom intelligence assets, and they watch skits about recruiting Libyan sources.”
The Emirati recruits also train at another site about 30 minutes outside downtown Abu Dhabi called “The Academy” — complete with gun ranges, barracks, and driving courses — reminiscent of the CIA’s “Farm” at Camp Peary, a training facility located in southeastern Virginia.Foreign Policy
The “key figure behind this growing intelligence training operation, according to multiple sources, is Larry Sanchez, a former intelligence officer who helped kickstart a controversial partnership between the CIA and the New York Police Department that tried to pre-empt the radicalization of potential terrorists by tracking people — many of them Muslims…”
Sanchez, an ex-CIA ‘veteran of the CIA clandestine services” has been in the UAE for six years helping the Emiratis build their spying apparatus from the ground up and is only one of many American ex-CIA, former intelligence officials and “security professionals” – such as, now infamous Erik Prince, Besty DeVos’ brother, who “moved to the UAE to create a battalion of foreign troops serving the crown prince, details of which were first revealed by the New York Times in 2011 – who are “working for the crown prince of Abu Dhabi in the UAE.”
Speaking to FP on conditions of anonymity, six US former “intelligence officials,” describe to FP rising concerns about the operation and Dark Matter.
Two of those interviewed expressed concerns about whether the company had the proper export licenses for the advanced training, especially as other international instructors arrived on the scene.
Even more concerning for employees was that the government-affiliated UAE company now involved in managing the contract, DarkMatter, is currently under investigation by the FBI.Foreign Policy
According to the Reuters’ report, “the FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents. Stroud said she is cooperating with that investigation. No charges have been filed and it is possible none will emerge from the inquiry. An FBI spokeswoman declined to comment.”
For full reading:
Deep Pockets, Deep Cover – The UAE Is paying Ex-CIA officers to build a spy empire in the Gulf; by Jenna McLaughlin; Foreign Policy Magazine.
Project Raven: Inside the UAE’s Secret Hacking Team of American Mercenaries; by Christopher Bing and Joel Schectman; Reuters.
The Karma Hack – UAE Used Cyber Super-Weapon to Spy on iPhones of Foes; by Joel Schectman and Christopher Bing; Reuters.
On A Side Note
Committee to Protect Jounalists (CPJ) in a CPJ special report by Elana Beiser.
“For the third year in a row, 251 or more journalists are jailed around the world, suggesting the authoritarian approach to critical news coverage is more than a temporary spike. China, Egypt, and Saudi Arabia imprisoned more journalists than last year, and Turkey remained the world’s worst jailer.”
Reuters reported two of its journalists have been imprisoned in Myanmar for 388 days.