Karma police: US spies masterminded international UAE hacking operation

Karma police: American spies masterminded global UAE operation to hack US citizens and pro-democracy activists
3 min read
30 January, 2019
A new report has uncovered how former US intelligence officials helped develop UAE cyber surveillance into an international hacking operation, targeting foreign leaders and activists using state-of-the-art spying technology Karma.
The cyber technology Karma could hack iPhones just from the phone number [Getty]
A team of former US government intelligence specialists have revealed how they worked for an Emirati "hacking unit", using highly sophisticated malware and surveillance technology to spy on phones belonging to hundreds of activists, militants and rival foreign leaders across the world, according to a report published by Reuters.

The unit, known as "Project Raven" consisted of several US security veterans - working alongside Emirati intelligence officials - contracted by the UAE intelligence service who spied on a number of people across the world, including fellow American citizens.

The team hacked into the phones of local activists and foreigners alike, including those of the Emir of Qatar Tamim al-Thani, Turkey's former deputy foreign minister, prominent human rights activists - such as Nobel Peace Prize award-winner Tawakkol Karman and Ahmed Mansoor - and a host of Emirati and foreign journalists who had written critically about the UAE.

The operatives used a state-of-the-art cyber tool called Karma, developed in 2016, which could remotely access iPhones simply by uploading phone numbers or email addresses into its automated targeting system. It could then harvest emails, text messages, photos and location information, as well as saved passwords it could use in further hacking operations.

Read more: Amnesty 'targeted with Israeli spyware' while investigating Saudi Arabia

Android phones were reportedly not targeted by the software, and security updates to Apple software in 2017 has since hindered Karma's effectiveness, according to the report.

Project Raven itself was created in 2009, with the UAE hiring American intelligence officers - many of whom worked at the NSA or "big-tech" companies - to help develop its fledgling intelligence capabilities, five former operatives in the project told Reuters

Since the Arab Spring uprisings in 2011, human rights activists became the target of the intelligence operations, deemed a "threat" by the Abu Dhabi government. Also targeted were American and British journalists who had spoken critically of the Emirati regime.

According to the report, Project Raven began to use the techniques learned from the American operatives to snoop on US citizens - without the knowledge of the American workers - with one leaving following the revelation.

However, the introduction of technologies such as Karma show the acceleration of the cyber arms race between Gulf countries, particularly since the Qatar blockade erupted in 2017.

Indeed one of the alleged targets of Karma was Qatar Emir Sheikh Tamim bin Hamad al-Thani, who the UAE deem a political and ideological rival in the region. The devices of Turkey's former Deputy Prime Minister Mehmet Simsek, and Oman's head of foreign affairs, Yusuf bin Alawi bin Abdullah, were also reportedly hacked in 2017, but it is unknown what material was taken.

Tawakkol Karman, the Yemeni activist and Nobel Peace Prize winner whose phone was repeatedly hacked for years, according to the report, expressed her shock at the US involvement in the surveillance operation.

She told Reuters that Americans are "expected to support the protection of human rights defenders and provide them with all protection and security means and tools", adding they should "not to be a tool in the hands of tyrannies to spy on the activists and to enable them to oppress their peoples".

Read more: Gulf states using Israeli spyware to target activists and religious minorities

The Americans involved in Project Raven are currently under investigation from the FBI, who are looking into whether Raven's American staff leaked confidential US surveillance techniques, and if they illegally targeted computer networks in North America.

The revelations have sparked outrage on social media, with journalist Ragip Soylu tweeting: "UAE is day-by-day turning into something right out of George Orwell novels."

Cybersecurity reporter Eric Geller said the report was "just a tiny peek through the keyhole of global nation-state cyber espionage".

The Emirati government has not made any public statements on the report's findings.

Follow us on Twitter @The_NewArab