Stealth Falcon Spyware Used by UAE to Intimidate Dissidents, Journalists

Reports show that UAE was spying on journalists and activists through spyware called Stealth Falcon

There have been a lot of stories on hacking and spying in the modern era that getting them all is close to impossible. But here and there comes a few which stand out and make people really talk about them.

In a report that was filed by two reporters Bill Marczak and John Scott-Railton from Citizen Labs, Emirati journalists, dissidents and activists have been under surveillance in their countries since 2012. The spying program has been done through the Stealth Falcon program. The attacks were seen after an individual who was asking to be from a non-existent organization contacted one of the reporters who compiled the report. The reporter received an email which offered him a job on a human rights panel. The email was full of malware. The reporter in question is Rori Donaghy. He had written critical articles about the UAE government and its actions in the past.


Must Read: Using middle finger emoji in UAE: A crime that could land you in court

He believes that the Stealth Falcon program and the UAE government are affiliated in some way. The artifacts from the digital campaign were traced to one activist’s Twitter account. The trace was back in 2012 a time when the account seemed to be in the government’s control. Around 31 tweets were seen to be sent by Stealth Falcon, and 30 of them were targeted at 27 victims. From the 27, 24 of them were linked to the UAE government through their photo IDs on the accounts.

The attack which was directed towards Donaghy, together with the Twitter accounts was made through a short malicious URL. The URL was shortened by the engineers who are responsible for the Stealth Falcon. After a user clicks on the URL, it surveys the operating system on the computer and then takes the user to a benign website. After further investigations, it seemed the URL had been sent 402 times, and 73 percent of the time it was directed towards UAE issues. However, after further study of the URLs that were sent to the various people, only the one sent to Rori Donaghy actually contained definitive spyware.


The topics used by UAE government to target users / Source: Citizen Labs
The topics used by the UAE government to target users / Source: Citizen Labs

The spyware sent to Donaghy showed that there had been a network of 67 active commands and controls which were contained in the spyware. This shows that there might be a broader and wider use of the malware that was contained in Donaghy’s email that is known out there. After scanning Donaghy’s email, the report also managed to prove that the alleged reporter who had contacted him and offered him a job was fictitious.

Stealth Falcon’s known Targets Diagram / Source: Citizen Lab

The UAE was said to suppress dissent, in a report that was written by the Freedom House in its latest Freedom in the World ranking. The country was also classified as not free when it pertains to freedom. There is also online evidence that shows that the country might have started a campaign against its citizens. There are three cases, in particular, were targeted with the Hacking Team spyware in the country.

There’s much more about this spyware on Citizen Lab’s blog, don’t miss it!

Related Posts