Under a deal outlined by the Department of Justice, the trio – at least two of whom formerly worked at the National Security Agency (NSA) – will pay a $1.7 million fine, and be stripped of their security clearances evermore. Their crimes were committed under the auspices of Project Raven, an operation through which Abu Dhabi spied on and intercepted the communications of domestic and overseas critics of its ruling monarchy, as well as journalists, human rights activists, feminists, UN diplomats, FIFA personnel, and even Michelle Obama, among others.
Employing scores of former US spooks, Raven used techniques invented and perfected by Western intelligence agencies, including a tool ominously named Karma, which could hack into targets’ phones and computers, and those of their friends, relatives, and associates. Several UAE-based targets were subsequently arrested, tortured, and imprisoned for many years. Opposition blogger Ahmed Mansoor, a key Raven quarry, was sentenced to a decade in solitary confinement in March 2018.
An Emirati would usually “press the button” on a Karma cyberattack to provide their US counterparts with plausible deniability, but former NSA operatives were far from passive figures in the conspiracy, constructing fake online identities to target several individuals. Among those targeted was journalist and activist Rori Donaghy who, in 2012, visited the UAE and spoke to many citizens who’d “suffered at the hands of the authorities and the security services,” and has written extensively about repression in the country thereafter.
Instructed by their controllers to “ingratiate [themselves] to the target by espousing similar beliefs,” a dedicated Raven team posed as a local human rights activist, and emailed Donaghy asking for his help to “bring hope to those who are long suffering.”
Over ensuing communications, they convinced him to download software that would make their chats “difficult to trace.” In reality, this spread malware on his electronic devices, allowing the Emiratis to continuously monitor his email account and internet browsing. This operation remained a top priority until 2015, when Donaghy learnt of the hack.
Raven operatives happily went along with the project’s shocking activities – which extended to spying on teenagers who posted negative comments about the monarchy on social media – even refusing to speak to FBI representatives who, from 2016 onwards, began approaching employees who re-entered the US and quizzing them as to whether they’d shared sensitive information with the Emiratis. However, several began talking when the extent of Raven’s targeting of US citizens – which included collecting passport scans and information on journalists – became clear.
This was collected via Karma, and the Justice filing makes clear that the three defendants “designed, implemented, [and] modified” the system, using stolen login credentials to obtain personal and private data from protected computers at two US companies, and conducting cyberattacks from those firms’ systems to cover their tracks. What’s more, the trio’s work for Raven ran from December 2015 to November 2019 – 10 months after its operation was first publicly exposed and an international scandal erupted.
Their penalty is unbelievably lenient, although such clemency is perfectly understandable. A trial might shed further damaging light on some extremely uncomfortable and inconvenient home truths, given Raven’s origins trace back to a dedicated US-sanctioned effort led by former high-ranking White House officials to equip the UAE with advanced spying capabilities to further the War on Terror.
The push was led by former US counter-terror chief Richard Clarke, who, after resigning his post in 2003, took a senior role at homeland security consulting firm Good Harbor. Subsequently, he leveraged overseas contacts built up during his government career to secure lucrative contracts for the company. Some of those contacts were based in the UAE – Clarke recommended the country’s rulers create a cybersurveillance agency and Good Harbor was subsequently invited to do so on their behalf.
Clarke claims “the incentive was to help in the fight against Al-Qaeda,” and the Emiratis had proven themselves “a very good counterterrorism partner.” His firm duly began constructing a spying unit fittingly titled DREAD – Development Research Exploitation and Analysis Department – with the express permission of the State Department and the NSA. At least six former White House officials were reportedly involved, too.
Good Harbor’s work on DREAD ended in 2010, and it was renamed Project Raven two years later. After Clarke’s company ended its involvement, the operation was subsequently passed between US private intelligence contractors – and participants were remunerated to the tune of millions. Former spies’ security clearances are, understandably, worth a fortune, and ex-Agency operatives were able to keep that privileged status, which grants them access to Washington’s most sensitive secrets, due to the exploitation of a common loophole.
An ex-spook theoretically loses their security clearance if and when they opt to work for a foreign intelligence service, and regaining it requires them to be reinvestigated at length. However, they can be retained if those individuals also remain US government contractors – and the private intelligence sector exploits this legal ambiguity by maintaining “shell contracts,” via which named staff on a project for a particular US intelligence agency in fact do no work.
Such was the case with CyberPoint, which, by 2014, was in charge of Raven. It maintained a contract titled ‘Harborview’ with the NSA, which named 67 company employees as involved – at least six of whom didn’t actually conduct any contracting work for the Agency, and at least two of whom worked on Raven. Such scheming is extremely common among large intelligence contractors, and completely legal.
CyberPoint also had a dedicated agreement with the State Department, which indicates the latter was well aware the firm was involved in the “collection of information from communications systems inside and outside the UAE” and “surveillance analysis” to ostensibly “[protect] UAE sovereignty.” Which begs the obvious question as to whether the US government was aware and approved of what the Emiratis were getting up to every step of the way.
A former White House senior national security director who worked for Good Harbor on DREAD has claimed he “felt revulsion reading what ultimately happened” to the project. Even if that’s true, and Raven spun out of control simply because no one in Washington was paying sufficient attention, the operation starkly demonstrates just how quickly and easily spying programs and technology can be expanded far beyond their original mission, and abused in the most egregious, life-threatening ways imaginable.
There are further reasons to doubt that Karma’s exposure came as much of a surprise to US officials as they claim. After all, the technology qualifies as an American intelligence-gathering system under federal export control rules, and its components were sourced from States-based companies. The issue for the authorities isn’t that the UAE possessed it, but that no export license for it was ever obtained.
The disturbing question of how, with Washington’s blessing, many other countries in the world have legitimately procured a Karma of their own, or something very similar, and today operate it totally in secret, is very much an open one.
Think your friends would be interested? Share this story!
The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.
© 2021, paradox. All rights reserved.