DarkMatter (Emirati company)
DarkMatter Group, founded in the United Arab Emirates in 2014 or 2015, is a cybersecurity company. The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybersecurity, including on behalf of the Emirati government.
Company history
DarkMatter was founded in either 2014 or 2015 by Faisal al-Bannai, the founder of mobile phone vendor Axiom Telecom and the son of a major general in the Dubai Police Force. Around 2014, Zeline 1, a wholly owned subsidiary of DarkMatter, became active in Finland.DarkMatter's public launch came in 2015, at the 2nd Annual Arab Future Cities Summit. At this time, the company advertised capabilities including network security and bug sweeping, and promised to create a new, "secure" mobile phone handset. It promoted itself as a "digital defense and intelligence service" for the UAE.
In 2016, DarkMatter replaced CyberPoint as a contractor for Project Raven. Also in 2016, DarkMatter sought smartphone development expertise in Oulu, Finland. DarkMatter recruited several Finnish engineers.
By early 2018, DarkMatter's turnover was hundreds of millions of U.S. dollars. Eighty per cent of its work was for the UAE government and related organizations, including the NESA. It had developed a smartphone model called Katim, Arabic for "silence". DarkMatter is an official provider for the Expo 2020.
Recruitment practices
In addition to recruiting via conventional routes such as personal referrals and stalls at trade shows, DarkMatter headhunts staff from the U.S. National Security Agency and has "poached" competitors' staff after they were contracted to the UAE government, as happened with some CyberPoint employees.The company has reportedly hired graduates of the Israel Defense Force technology units and is paying them up to $1 million annually.
Simone Maragitelli, an Italian security researcher, blogged about DarkMatter's vague and dubious recruiting practices as a warning to others. He claimed that any questions or objections to the company's practices would result in being told that "things had been blown out of proportion" and that information about the job opening was extremely vague despite asking questions.
F.B.I. Investigation
DarkMatter is under investigation by the F.B.I. for crimes including digital espionage services, involvement in the Jamal Khashoggi murder, and incarceration of foreign dissidents. The F.B.I. is also investigating current and former American employees of DarkMatter for possible cybercrimes. It is not clear whether American officials have confronted their counterparts in the Emirati government about the ToTok app, a tool claimed to be used for mass surveillance. All sources have spoken out anonymously for fear of retribution.Allegations of surveillance for UAE government
Project Raven
Project Raven was a confidential initiative to help the UAE surveil other governments, militants, and human rights activists. Its team included former U.S. intelligence agents, who applied their training to hack phones and computers belonging to Project Raven's victims. The operation was based in a converted mansion in Abu Dhabi nicknamed "the Villa."From around 2014 to 2016, CyberPoint supplied U.S.-trained contractors to Project Raven. In 2016, news reports emerged that CyberPoint had contracted with the Italian spyware company Hacking Team, which damaged CyberPoint's reputation as a defensive cybersecurity firm. Reportedly dissatisfied with relying upon a U.S.-based contractor, the UAE replaced CyberPoint with DarkMatter as its contractor, and DarkMatter induced several CyberPoint staff to move to DarkMatter. After this, Project Raven reportedly expanded its surveillance to include the targeting of Americans, potentially implicating its American staff in unlawful behaviour.
Karma spyware
In 2016, Project Raven bought a tool called Karma. Karma was able to remotely exploit Apple iPhones anywhere in the world, without requiring any interaction on the part of the iPhone's owner. It apparently achieved this by exploiting a zero-day vulnerability in the device's iMessage app. Project Raven operatives were able to view passwords, emails, text messages, photos and location data from the compromised iPhones.People whose mobile phones have been deliberately compromised using Karma reportedly include:
- The Emir of Qatar, Sheikh Tamim bin Hamad Al Thani, plus his brother and several other close associates.
- Nadia Mansoor, wife of imprisoned UAE human rights activist Ahmed Mansoor.
- British journalist Rori Donaghy.
- Hundreds of other targets in Europe and the Middle East, including in the governments of Yemen, Iran and Turkey.
Certificate authority controversy
In 2016, two DarkMatter whistleblowers and multiple other security researchers expressed concerns that DarkMatter intended to become a certificate authority. This would give it the technical capability to create fraudulent certificates, which would allow fraudulent websites or software updates to convincingly masquerade as legitimate ones. Such capabilities, if misused, would allow DarkMatter to more easily deploy rootkits to targets' devices, and to decrypt HTTPS communications of Firefox users via man-in-the-middle attacks.On 28 December 2017, DarkMatter requested that Mozilla include it as a trusted CA in the Firefox web browser. For more than a year, Mozilla's reviewers addressed concerns about DarkMatter's technical practices, eventually questioning on that basis whether DarkMatter met the baseline requirements for inclusion.
On 30 January 2019, Reuters published investigations describing DarkMatter's Project Raven. Mozilla's reviewers noted the investigation's findings. Subsequently, the Electronic Frontier Foundation and others asked Mozilla to deny DarkMatter's request, on the basis that the investigation showed DarkMatter to be untrustworthy and therefore liable to misuse its capabilities., Mozilla's public consultation and deliberations are ongoing.
In July 2019, Mozilla prohibited the government of United Arab Emirates from operating as one of its internet security gatekeepers, following reports on the cyber-espionage program, which was run by Abu Dhabi-based DarkMatter staff for leading a clandestine hacking operation.
In August 2019, Google blocked websites approved by DarkMatter, after Reuters reported the firm's involvement in a hacking operation led by the United Arab Emirates. Google, previously, said that all websites certified by DarkMatter would be marked as unsafe by its Chrome and Android browsers.