EFF sues spyware maker DarkMatter for illegally hacking Saudi activist – TechCrunch

The Electronic Frontier Foundation (EFF) has filed a lawsuit against spyware firm DarkMatter, along with three former members of US intelligence or military agencies, for allegedly hacking the iPhone of a prominent Saudi human rights activist.

The lawsuit was filed on behalf of Loujain Al-Hathloul, who claims she was among the victims of an illegal hacking campaign orchestrated by DarkMatter and three former US intelligence officers hired by the UAE after the Arab Spring protests.

Former NSA agents — named in the suit as ExpressVPN CIO Daniel Gerrick, Mark Baer and Ryan Adams — were part of the Project Raven hacking program, an effort by the UAE to spy on human rights activists, politicians, journalists and anti-government opponents during the spring protests Arabi.

Back in September, the three former spies agreed to pay a cumulative $1.7 million after admitting CFAA violations and banning the sale of sensitive military technology under a non-prosecution agreement with the US Department of Justice. They are also permanently prohibited from any jobs that involve exploiting computer networks, working for some Emirati institutions, exporting defense materials or providing defense services.

Al-Hathloul – best known for her efforts to demand more women’s rights in Saudi Arabia – alleges that ex-spies exploited a vulnerability in iMessage to illegally hack her iPhone in order to secretly monitor her communications and location. She claims that this led to her “arbitrary arrest by the Emirati security services and her extradition to Saudi Arabia, where she was detained, imprisoned and tortured.”

The lawsuit alleges that Jerick, Bayer, and Adams purchased malicious code from a US company and intentionally routed the code to Apple’s US servers to gain access to malware and placed it on Al-Hathloul’s iPhone in violation of the CFAA. It also alleges that they aided and abetted crimes against humanity because the hacking of Al-Hathloul’s phone was part of the UAE’s widespread and systematic attack against human rights defenders and activists.

The EFF, which filed the lawsuit alongside law firms Foley Hoag LLP and Boise Matthews LLP, says this is an “obvious” case of a hardware hack, in which “DarkMatter agents broke into Al-Hathloul’s iPhone without her knowledge to introduce malware, with severe consequences”.

“Project Raven has even gone beyond the behavior we’ve seen from the NSO group, which has been repeatedly caught selling software to authoritarian governments using their tools to spy on journalists, activists and dissidents,” said Eva Galperin, director of cybersecurity at the EFF. “Dark Matter not only provided the tools; they oversaw the monitoring program themselves.”

Al-Hathloul said in a statement:

No government or individual should tolerate the misuse of malicious spyware to deter human rights or jeopardize the voice of human consciousness. That’s why I chose to defend our collective right to stay safe online and limit cyber abuses of government-backed power.

I still realize my privilege to work perhaps based on my beliefs. I hope this cause inspires others to confront all kinds of cybercrime while creating a safer space for all of us to grow, share, and learn from each other without the risk of abuses of power.

Leave a Comment