A team of the former US government intelligence operatives have been working for the United Arab Emirates and have hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool which goes by the name Karma, in a campaign which showed how strong the cyber-weapons have been proliferating beyond the world’s superpowers and into the hands of smaller nations.
The cyber tool has allowed the small Gulf country to monitor hundreds of targets since the beginning of 2016, from the Emir of Qatar to a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen.
Karma was being used by an offensive cyber operations unit in Abu Dhabi and this unit comprised of Emirati security officials and former American intelligence operatives who had been working as contractors for the UAE’s intelligence services.
People familiar with the tool described Karma as a tool which could be used to remotely grant access to iPhones by just uploading phone numbers or email accounts into their automated targeting system. The tool also had its limitations, it couldn’t work on Android devices and couldn’t intercept phone calls. But it seemed to be unusually potent since Karma didn’t need a target to click on a link or anything which would be sent to an iPhone.
In 2016 and 2017, Karma had been used to obtain photos, emails, text messages, and location information from targets’ iPhones and it also helped hackers harvest saved passwords, that was used for other intrusions.
Lori Stroud, a former Raven operative who previously worked at the US National Security Agency, told Reuters- “The excitement when Karma was introduced in 2016 was very high. It was like, ‘We have this great new exploit which we just bought. Get us a huge list of targets who have iPhones now. It felt like Christmas.”
Michael Daniel, a former White House cyber-security czar under President Obama said- “Tools such as Karma, can be used to exploit hundreds of iPhones simultaneously and can capture their location data, photos and messages, are sought-after by veterans of cyberwarfare. Only about 10 nations, which include Russia, China, and the United States and their closest allies, are capable enough to develop such weapons.
The former Raven insiders said that Karma could be used to gather evidence on scores of targets, from activists critical of the government to regional rivals, which includes Qatar, to the UAE’s ideological opponent, and the Islamic political Muslim Brotherhood movement. It could also be used to access compromising and sexually explicit photos of targets.
Raven had the staff of the US intelligence community veterans, and they were being paid through an Emirati cyber-security firm named DarkMatter. The UAE government had purchased the tool, Karma from a vendor outside the country.
The compromise could be initiated by sending a text message to the target, no action on behalf of the target was needed.
In 2017, the operatives used Karma to hack an iPhone which was Qatar’s Emir Sheikh Tamim bin Hamad al-Thani’s, as well as the devices of Turkey’s former Deputy Prime Minister Mehmet Şimşek, and Oman’s head of foreign affairs, Yusuf bin Alawi bin Abdullah. No details regarding the found on their devices were provided.
Şimşek stepped down from his position in July and told Reuters regarding the cyber intrusion on his phone and called it “appalling and very disturbing.” The Washington embassies of Qatar, Oman and Turkey didn’t respond to multiple emails and calls regarding their opinion on this issue.
Raven hacked Tawakkol Karman, a human rights activist who is known as the Iron Woman of Yemen. She went on to say that she believed she was chosen since her leadership in Yemen’s Arab Spring protests erupted around the region in 2011 and ousted the Egyptian President Hosni Mubarak.
She said she had been receiving repeated notifications from social media accounts, warning that she had been hacked, but the fact that Americans would have helped the Emirati government monitor her was extremely shocking.
She said- “Americans are expected to support and protect the human rights defenders and provide them with all protection and security means and tools which they can. Not be a tool which would be in the hands of tyrannies and spy on the activists and to enable them to oppress their peoples.”