UAE Launched Aggressive Cyber Espionage Campaign using KARMA and Expertise of Ex-NSA Operatives.
Though it seems hard to believe it is indeed true that the smartphones of several prominent political and governmental personalities worldwide have been hacked by former US intelligence officers who now work for the UAE (United Arab Emirates) government.
Prominent figures targeted in this hacking spree include former Turkish Deputy Prime Minister Mehmet Şimşek, Qatari Emir Sheikh Tamim bin Hamad al-Thani, and Tawakkol Karman, Yemeni Noble laureate. However, these are just a few of the names, while the hackers managed to infiltrate the phones of hundreds of diplomats, activists, and officials. Şimşek told Reuters that this kind of cyber invasion is extremely “disturbing” and “appalling.”
Reuters reports that the ex-US intelligence officials utilize a cyber tool called Karma, which helped them hack the phones and access emails, pictures, text messages, location-related information, and passwords of their targets. Şimşek told Reuters that this kind of cyber invasion is extremely “disturbing” and “appalling.”
The campaign started in early 2016 and in total five ex-US intelligence operatives participated in it. The cyber operations unit in the UAE is based in Abu Dhabi and has been code-named Project Raven. The unit comprises of officials from Emirati security agency DarkMatter and some ex-US intelligence operatives who are serving the UAE’s intelligence on a contract basis.
According to some officers previously part of Project Raven explained that Karma is a multi-tasking tool that is capable of allowing hackers to access iPhones remotely by uploading phone numbers or email IDs “into an automated targeting system.”
The tool isn’t too sophisticated though and has its limitations such as it cannot compromise Android devices and also cannot intercept phone calls. But, it is a potent tool as far as hacking iPhones is concerned because it doesn’t need a targeted user to click on a URL sent to the iPhone, which is usually the norm in many exploits.
An ex-US National Security Agency (NSA) and former Raven operative, Lori Stroud, revealed that the UAE government bought Karma from a foreign-based vendor and handed it over to the team to conduct espionage operation on prominent political figures. The UAE government, explains Stroud, was pretty excited about the capabilities of Karma.
“It was like, ‘we have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now,’….It was like Christmas,” said Stroud.
Karma was capable of exploiting hundreds of iPhones at the same time and such tools can only be developed by a handful of nations including China, Russia, and the USA. It worked by exploiting a flaw in the iMessages app that let the malware to infect the phone even if the user wasn’t using the app. To infect the mobile phone, the hacker only had to send a text message on the targeted phone and without any action from the recipient of the message, the phone got hacked.
However, they cannot use Karma on iPhones anymore because by the end of 2017 Apple made necessary security fixes to the iOS software, rendering Karma ineffective on newer versions of iPhones. It is alleged that Project Raven was a collaborative effort between Saudi Arabia and the UAE and both the countries allied against Turkey and Qatar for its support to the Muslim Brotherhood Islamist Group.
Both Saudi Arabia and the UAE governments have referred to the group as a terrorist organization. The primary objective of operatives working under the Project Raven was to identify and destroy networks of the Muslim Brotherhood in the UAE.