That includes, according to the New York Times, Americans helping the United Arab Emirates hack Americans.
The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in breaches aimed at damaging the perceived enemies of the small but powerful Persian Gulf nation. The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States,” prosecutors said. The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyber-operations.
Oooh, “DarkMatter”! Did they all have to wear capes? Costumes? Are they part of the MCU yet? In any case, I’m not sure I want governments like those in the UAE mounting cyber-operations. Their good faith even in this episode is forever…ahem…suspect.
DarkMatter had its origins in another company, an American firm called CyberPoint that originally won contracts from the Emirates to help protect the country from computer attacks. CyberPoint obtained approval from the American government to work for the Emiratis, a necessary step intended to regulate the export of military and intelligence services. Many of the company’s employees had worked on highly classified projects for the N.S.A. and other American intelligence agencies.
But the Emiratis had larger ambitions and repeatedly pressed CyberPoint employees to exceed the boundaries of the company’s American license, according to former employees. CyberPoint rebuffed requests by Emirati intelligence operatives to try to crack encryption codes and to hack websites housed on American servers — operations that would have run afoul of American law. So in 2015 the Emiratis founded DarkMatter — forming a company not bound by U.S. law — and lured numerous American employees of CyberPoint to join, including the three defendants.
It’s not just three renegade spooks-for-hire, either. The universe of covert surveillance and cyber-monitoring is both wide and profitable. For example, on Tuesday, Apple announced that it had fixed a security flaw in many of its devices that apparently rendered them vulnerable to hacking, and which reportedly was used extensively by the notorious Israeli cyber-for-hire hacking concern the NSO Group. From CBS News:
Researchers at the University of Toronto's Citizen Lab said the security issue was exploited to plant spyware on a Saudi activist's iPhone. They said they had high confidence that the world's most infamous hacker-for-hire firm, Israel's NSO Group, was behind that attack…Citizen Lab previously found evidence of zero-click exploits being used to hack into the phones of al-Jazeera journalists and other targets, but hasn't previously seen the malicious code itself. Although security experts say that average iPhone, iPad and Mac user generally need not worry — such attacks tend to be limited to specific targets — the discovery still alarmed security professionals.
Apparently, I’m not alone in my concerns. This has been a years-long investigation and, in addition, far from the spotlight, policymakers have been trying to update the laws and regulations regarding how much of their expertise former American intelligence operatives can peddle to foreign countries, which will use that expertise to, oh, let’s just say, ratfck any attempts to reform their oil-sodden repression. This cannot be a space that is beyond the law.
There is also the reality that American laws have been slow to adapt to the technological changes that have provided lucrative work for former spies once trained to conduct offensive cyberoperations against America’s adversaries.
Specifically, the rules that govern what American intelligence and military personnel can and cannot provide to foreign governments were devised for 20th-century warfare — for instance, training foreign armies on American military tactics or selling defense equipment like guns or missiles. They have not addressed the hacking skills honed in some of America’s most advanced intelligence units and sold to the highest bidder.
That former members of what is laughingly called the American intelligence “community” have been helping these parasitic oligarchical petro-states is bad enough. But I’d also like to know why these purported “allies” are using them to facilitate, as the Times put it, “DarkMatter’s hacking and targeting of American citizens.” It’s time to slap some seriously onerous regulations on this for a while.