The UAE’s covert web of spies, hackers and mercenary death squads
Ex-NSA operatives reveal how they spied for the UAE amidst increasing global scrutiny over illegal espionage, shady defence deals and mercenaries in the Yemen war. To what end will the UAE pursue its regional ambitions?
In a groundbreaking report, Reuters details a sweeping spy and surveillance programme, codenamed Project Raven, which made use of ex-NSA employees to spy on and hack governments, human rights activists, and American citizens.
After leaving the NSA in 2014, following the blowback from the Edward Snowden leaks, former intelligence analyst Lori Stroud, was approached by a former NSA colleague Marc Baier to work for CyberPoint, a US cybersecurity firm that ran Project Raven for the UAE.
The UAE would eventually replace CyberPoint with DarkMatter, an Emirati-run company, giving American contractors the choice to leave or sign on with the new company.
After leaving the NSA in 2014, Lori Stroud worked as a contract intelligence operative for the UAE. Photo by Reuters/Joel Schectman (Joel Schectman / Reuters)
Not long after she joined, Stroud found herself ensnared in a web of deceit and espionage as she was asked to spy on fellow Americans, underage teens, and enemies of the UAE.
Project Raven used a cutting-edge tool called Karma, letting them break into iPhones around the world through a security flaw to steal emails, locations, text messages and photographs, said, five former employees. Karma made it all too easy. Their target didn’t even need to click on any link or download a virus.
In 2016 and 2017 it would be used again and again on hundreds of targets across the world, including the governments of Qatar, Yemen, Iran and Turkey, Reuters reports.
Employees walk into offices of the cybersecurity firm DarkMatter, in Abu Dhabi, United Arab Emirates. DarkMatter, a cybersecurity company that’s recruited Western intelligence analysts, and is accused of illegal espionage. (Jon Gambrell / AP)
Digital mercenaries for hire
But DarkMatter didn’t just make use of the knowledge and skills of its ex-intelligence operatives. It also inherited CyberPoint experience with the notorious Italian Hacking Team, which sits at the top of a clandestine, multi-billion-dollar industry, supplying law enforcement, intelligence agencies and businesses with spyware and cyber capabilities.
Saud al Qahtani, a close advisor to Crown Prince Mohammed bin Salman (also known as MBS), who was fired for his involvement in the murder of Jamal Khashoggi, tried to contract the Italy-based Hacking Team on behalf of the Saudi Arabian royal family as early as 2015. Shortly after he went on to hire the Emirati firm DarkMatter, according to anonymous sources speaking to The Washington Post.
The UAE played a role in building Saudi Arabia’s fledgling cyber capacity. Qahtani would eventually be introduced to the Israeli NSO Group by the UAE, who brokered a deal between representatives of MBS and the Israeli NSO group.
In the deal, Saudi Arabia acquired the hacking software Pegasus, which it used to hack journalist Jamal Khashoggi’s phone prior to his murder, as well as a broad array of dissidents, enemies and political opponents.
A leaked spreadsheet with Hacking Team’s customers, as of July of 2015. (Wikileaks) (Wikileaks)
Odd coincidences
Stroud worked from a converted villa in Abu Dhabi called simply ‘the villa’. TRT World has not been able to verify if this was the same villa used for intelligence training in Abu Dhabi. In 2011, the UAE contracted Larry Sanchez, a CIA veteran, to build the UAE’s intelligence apparatus, also basing the operation in a villa, where training took place, according to a report in Foreign Policy.
Sanchez began training the Emiratis in surveillance, spycraft and how to work as paramilitary operators through his company CAGN Global. This would set the groundwork for the UAE’s increasingly ambition regional aims, later fueled by mercenaries and US army veterans, intelligence operatives and cyber warfare specialists.
“The dream,” said one source, was to help the UAE make its own CIA.
But was it all legal?
The US applies strict restrictions on sharing military and intelligence training and knowledge abroad because the US International Traffic in Arms Regulations defines them as “exports”.
Sanchez’s company, CAGN Global, had an export license from the State Department for basic security and intelligence. This came under investigation in 2017 when Sanchez started blurring legal boundaries on what his offered services, but was eventually resolved.
The CIA had no issue with his work. According to three sources who spoke to Foreign Policy, the CIA station chief in Abu Dhabi had no problem with their work. The station chief’s wife even worked for CAGN Global for some time.
When Project Raven started in 2009, the UAE had very little experience in cybersecurity and warfare. CyberPoint, which was working on the project, was limited in what it could provide.
“There were some types of offensive activities that CyberPoint International couldn’t or wouldn’t do for the client, and the client did not want to be told no,” said a former employee. As a consequence, the UAE established DarkMatter, an Emirati-owned company to take over the project.
Employees were given a choice: sign on with DarkMatter or leave. Stroud stayed.
But DarkMatter did not appear to have an export license, given that it was not an American company, but rather an Emirati firm employing American intelligence contractors in its takeover of the project.
TRT World reached out to the Directorate of Defense Trade Controls to verify if DarkMatter had an export license or authorization for the use of US proprietary intelligence methods and technologies, but the spokesperson stated that the information “was not publically available,” and suggested reaching out to the company in question.
Faced with the same question, DarkMatter has not yet provided a comment.
The founder and CEO of the company, Faisal al Bannai is the son of a retired major general. He claims his company is privately owned. The company, however, describes itself as “already a strategic partner to the UAE government,” in press releases.
DarkMatter’s offices, however, are only two floors away from UAE’s intelligence agency, the National Electronic Security Authority (NESA).
Coincidentally, DarkMatter’s senior vice-president of technology research was formerly employed by NESA in the same position.
China in Profit
DarkMatter’s illegal dealings didn’t end there. They also had dealings with China.
The major launch for DarkMatter took place at the Arab Future Cities Conference in November 2015, where they presented a vision of smarter, tech-driven cities.
Simone Margaritelli tells the story differently. In a blog post he wrote after being interviewed for a job with DarkMatter in 2016, he describes their plan to exploit security flaws and install stealth malware that could track, locate or hack anyone at any time in the UAE – this was later confirmed by sources speaking to The Intercept.
As Margaritelli describes it: “Basically it’s big brother on steroids.”
In his meeting with DarkMatter, the company representative identified the customer: the Emirati government.
“Imagine that there’s a person of interest at the Dubai Mall, we’ve already set up all our probes all over the city, we press a button and BOOM! All the devices in the mall are infected and traceable,” said the representative according to Margaritelli’s blog post after the experience.
Margaritelli refused to work on the project. But DarkMatter’s pet project continued and was likely completed.
On April 25 2017, DarkMatter signed a “Global Strategic Memorandum of Understanding” with Huawei for “Big Data” systems and “Smart City” solutions. Huawei has come under heavy fire recently for alleged corporate espionage and its risk to ‘infrastructure security’.
Press release of Global Strategic Memorandum of Understanding signed by DarkMatter and Huawei, April 25 2017. (DarkMatter)
What does that mean? Huawei is highly praised by the Chinese government for its role in the state’s Belt Road Initiative (BRI). One of the signature projects of the BRI is the national emergency system it developed in Ecuador. Huawei invested heavily in the system, with surveillance equipment, facial recognition technology, and wireless access controllers.
The possibility that a transfer of classified technology built by ex-intelligence operatives with deep access to the NSA and CIA is the stuff of nightmares for national security decision-makers in the United States.
But with little oversight aside from the UAE government, this raised no flags.
After contacting the UAE’s Ministry of Foreign Affairs spokesman, TRT World was not provided with a comment.
‘Enough was enough’
When Stroud raised concerns over the legality of their work, she was walked out the door and dismissed.
Stroud wouldn’t last long in DarkMatter, after leaving CyberPoint.
While working for DarkMatter, Stroud quickly discovered widespread abuses of power which she justified in the name of counterterrorism and security for a time. That was until she discovered that Project Raven was also spying on fellow American nationals.
After raising the issue twice, she was fired and walked out of the building, eventually deciding to come clean about what happened to the world.
“I am working for a foreign intelligence agency who is targeting US persons,” she told Reuters. “I am officially the bad kind of spy.”
According to former Project Raven employees, the FBI is currently investigating whether former American intelligence operatives leaked classified US information or techniques, or illegally targeted American networks during their work.
TRT World reached out to the FBI for comment, which stated that it “can neither confirm nor deny” whether an ongoing investigation was taking place. When asked whether claims from the former employees were true, the official spokesperson stated that they “could not comment on ongoing investigations” at this time.
The rot runs deeper
Not to be outdone, the UAE did not just build cyber warfare and espionage capabilities. It would go on to hire death squads and Colombian mercenaries, employ former American generals to lead its forces, and act as a power broker between Saudi Arabia and Israel as part of its bid for greater regional influence.
A key figure in the UAE’s military and cyber warfare expansion was an Israeli arms dealer, billionaire and intelligence businessman Mati Kochavi.
His company, AGT International, also specialized in ‘Smart Cities’. In 2007, the UAE approached Kocahvi’s company 4D Security Solutions to build a ‘smart’ surveillance system in Abu Dhabi. AGT International won the $6 billion contract.
Mati Kochavi, owner of AGT International Group and Vocatif provided the UAE with Falcon Eye. (VCG / Getty Images)
By 2016, he provided them with Falcon Eye, a collection of cameras, artificial intelligence sensors and cameras that allowed the UAE’s rulers to implement wholesale surveillance of the city-state, effectively enabling them to surveil everything in the UAE’s city-states.
Kochavi won another contract worth $816 million to implement the system. But that was just the tip of the iceberg. The same group of companies would go on to bid for a for a project managing the flow of pilgrims to Mecca during the Hajj season. While the bid didn’t succeed, Bloomberg later reported that Saudi Arabia acquired a similar system to the one proposed, while investigating other business between the Saudi monarchy and Israel.
Kochavi’s employees draw heavily on Israeli Mossad and Shin Bet agents. Among Kovachi’s consultants is Major General Amos Malka, who headed Israel’s Military Intelligence from 1998-2001
Despite not holding official ties with Israel, a significant portion of secret relations with the Israeli security was cultivated with the help of Palestinian intelligence figure Mohammad Dahlan. A former security strongman of the Palestinian Authority, he had been in exile in the UAE since 2011 and operated as the security advisor to the Emirati Crown Prince Mohammed bin Zayed.
Mentor to Saudi Mohammed bin Salman
In time, the UAE would come to exert its own influence over its Saudi neighbors.
Instrumental to MBS’s close ties to the Trump administration was UAE Crown Prince Mohammed bin Zayed, who introduced MBS during his debut tour of Washington, after lobbying for him extensively.
The UAE developed ties with the Israeli NSO Group as early as 2013, before brokering a meeting between the Israeli group and representatives of MBS to acquire hacking capabilities.
This took place months before MBS’s infamous purge in 2017, which saw 159 Saudi princes and business leaders imprisoned in the Ritz-Carlton.
Whistleblower Snowden, the former US intelligence contractor, believes that Khashoggi was a victim of the NSO Group’s hacking software, which enabled Saudi Arabia to violate his privacy.
Omar Abdulaziz, another victim of hacking by Saudi Arabia, believes that conversations between him and Khashoggi were accessed and motivated the Crown Prince’s decision to murder the esteemed journalist.
How much did Washington know?
With the brewing scandal over the latest leaks, both the NSA and State Department have declined to comment on Project Raven.
While nothing has implicated the US administration in the espionage directly, Project Raven employees believed that the US government had blessed their activities.
The Reuters report came well after the Snowden leak, which led to deeper regulations and restrictions on intelligence, something the ex-NSA contractors would have been particularly cautious about.
Corporate outsourced war
The US defence industry and private contractor sector is deeply invested in the UAE.
Erik Prince, the owner of Frontier Group, formerly-known-as Blackwater, provided training to South American mercenaries for combat the Saudi-UAE led coalition’s war in Yemen for $529 million.
Spear Operations Group, founded by Israeli security contractor Abraham Golan, provided the UAE with a strike force of former American soldiers who carried out “high-profile assassinations,” by his admission, and was responsible for the killing of Anssaf Ali Mayo, a Yemeni Islah party leader.
The US Department of Defense itself approved at least $27 billion in arms sales and defence deals with the small emirate since 2009.
A plethora of former American generals and senior military figures serve in a leadership position in the UAE’s army. Major General Staff Pilot Stephen A. Toumajan commands the UAE’s Joint Aviation Command in Yemen.
Stephen A. Toumajan, is the American General of a Foreign Army accused of war crimes in Yemen.
One executive responsible for ensuring Toumajan complied with US regulations resigned because Toumajan would not provide access to ensure both he and the Joint Aviation Command complied.
Retired US vice admiral Robert Harward, a former Navy SEAL, turned down an offer to be Trump’s national security advisor in favor of running UAE operations for Lockheed Martin.
The list continues. Former General Stanley McChrystal, one-time commander of US forces in Afghanistan, forced to resign after a scathing profile in Rolling Stone, served on the strategic advisory board of Knowledge International, hired by the UAE to cover Toumajan, and by extension, the campaign. With him on the board is General Doug Brown.
When asked how Toumajon could serve as a major general for a foreign army, he said: “I think I’ll stay out of this one.”
From left to right: Erik Prince, Stanley McChrystal, and James Mattis. Source: Getty Images (Getty Images)
Even James Mattis, following his retirement as Marine Corps General, served as an advisor to the UAE before Trump nominated him as US Secretary of Defense.
Little Sparta
It remains to be seen where the UAE’s aggressive pursuit of military and cyber modernization will take it. In one way or another, however, the UAE has established its credentials as a power broker and middle man, as well as a regional power.
Nonetheless, repetitive violations of sovereignty and human rights by the UAE contradict its claims to be the only progressive, tolerant and forward-looking country in the region.