The United Arab Emirates has been recruiting American former spies in order to monitor its own citizens, and according to an explosive new lengthy Reuters investigation, the Americans which include former NSA cybersecurity specialists were increasingly asked to "cross a red line" by spying on US citizens as part of an operation called 'Project Raven'.
The story has been revealed by multiple Americans who were part of the operation, who admitted to spying on "enemies" of the UAE monarchy including journalists, activists, and foreign governments, but who only had qualms about what they were doing when asked to monitor fellow Americans.
The story begins by detailing how alarmingly fast the gulf Arab country and close GCC ally of Saudi Arabia is able to scoop up career US intelligence operatives in some cases a mere days or weeks after leaving their agencies:
Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy. She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.
Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.
It's also partly a tale of the booming and unaccountable world of the defense contractor industry and how the gulf monarchies are increasingly outsourcing defense and security work.
In Stroud's case for example, she was initially recruited by a Maryland-based cybersecurity contractor called CyberPoint which had a contract for advancing UAE hacking operations, but then her team got transferred to a UAE firm called DarkMatter, which brought all decision-making and oversight directly under the control of the Emiratis. This meant further that in recruiting career NSA experts, the UAE was able to bring a wealth of NSA methods, knowledge, and tools for use by their own intelligence service. And interestingly, the report notes, Stroud had previously in her career worked alongside Edward Snowden while still employed by the NSA at a base in Hawaii in 2013.
At this point Reuters notes, "Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance." She admitted to Reuters that she came to the realization that, “I am working for a foreign intelligence agency who is targeting U.S. persons,” and that, “I am officially the bad kind of spy.”
“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she described. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”
The team, working from their secretive Abu Dhabi location at "the Villa," utilized cutting edge cyber tools to hack into the iPhones of hundreds of activists, as well as engaged in phishing operations to track UAE political opponents, and what's described by former members as counter-terror operations against ISIS cells. This included targeting adversaries in countries like Qatar, Iran, Turkey, Yemen, and even involved tracking people who so much as criticized the UAE government.
However, an even more secretive unit was tasked with spying on and hacking American citizens, according to Reuters:
The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.
The FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents. Stroud said she is cooperating with that investigation. No charges have been filed and it is possible none will emerge from the inquiry. An FBI spokeswoman declined to comment.
Stroud, who was the only one of nine total former American Raven team members willing to use her name in the Reuters interview detailing for the first time the UAE operation, said she and others had starting salaries of over $200,000 a year, with some in supervisory positions making more than $400,000.
The team raked in major pay utilizing their NSA training in US intelligence collection and cyberwarfare methods, but while attempting to root out dissent — sometimes targeting Americans and activists living in the West — as determined by their Emirati directors. As one particularly prominent example from the Reuters piece highlights:
One of the program’s key targets in 2012 was Rori Donaghy, according to former Raven operatives and program documents. Donaghy, then 25, was a British journalist and activist who authored articles critical of the country’s human rights record. In 2012, he wrote an opinion piece for the Guardian criticizing the UAE government’s activist crackdown and warning that, if it continued, “those in power face an uncertain future.”
Before 2012, the former operatives said, the nascent UAE intelligence-gathering operation largely relied on Emirati agents breaking into the homes of targets while they were away and physically placing spyware on computers. But as the Americans built up Raven, the remote hacking of Donaghy offered the contractors a tantalizing win they could present to the client.
Yet members of the team, represented by Stroud, didn't question what they were doing so long as Americans weren't immediately targeted. “We’re working on behalf of this country’s government, and they have specific intelligence objectives which differ from the U.S., and understandably so,” Stroud explained to Reuters. “You live with it.”
Reuters uncovered many other such egregious examples of spying on dissidents in the service of Emirati intelligence trying to stamp out speech, which in many cases involved the Project Raven team sweeping up Americans' communications, even when not conducting specific missions on US citizens.
“It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,” Stroud explained further of work she found "exhilarating". And she said further, “I feel like we did a lot of good work on counterterrorism.”
But at this point it is perhaps the FBI that will determine the degree of illegality in the team's UAE work, as it's conducting an ongoing investigation. The NSA refused to comment for the Reuters report; however Rhea Siers, a former NSA deputy assistant director for policy did note that should American communications have been hacked or stolen by US citizens working on behalf of foreign intelligence, “It would be very illegal.”
Though we expect that the mainstream networks will likely shrug and yawn at this bombshell Reuters story, given that it doesn't involve Putin or Russia, but merely one of Washington's chief Arab gulf oil and gas allies.