Tim Cushing | TechDirt | Source URL
When former NSA employees and contractors decide to start working for a journalist-murdering authoritarian, they should feel sick. Instead, after targeting journalists, dissidents, and other people the United Arab Emirates government doesn't like, they felt exhilarated.
Working together with managers, Stroud helped create a policy for what to do when Raven swept up personal data belonging to Americans. The former NSA employees were instructed to mark that material for deletion. Other Raven operatives would also be notified so the American victims could be removed from future collection.
As time went on, Stroud noticed American data flagged for removal show up again and again in Raven’s NESA-controlled data stores.
Still, she found the work exhilarating. “It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,” she said. “I feel like we did a lot of good work on counterterrorism.”
That quote comes from a disturbing account of UAE "counterterrorism" work performed by a unit of Americans linked to the NSA published at Reuters. That "bullshit red tape" is, for the most part, known as the Constitution. The quote comes from Lori Stroud, who worked with a unit of hackers known as Project Raven, targeting whoever the UAE felt needed targeting. She is the only person from that unit willing to publicly-out her identity. Everyone else involved either spoke anonymously or refused to say anything at all. Here's the deafening silence that accompanied the Reuter's article:
An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment.
Lori Stroud's work with the NSA dates far enough back that it includes a stupendous irony: she recommended the NSA add Ed Snowden to her Booz Allen contracting team. A few months later, Snowden was gone, taking with him a pile of documents that Stroud's recommendation had helped him gain access to.
Hacking for the UAE meant hacking American targets and British journalists.
One of the program’s key targets in 2012 was Rori Donaghy, according to former Raven operatives and program documents. Donaghy, then 25, was a British journalist and activist who authored articles critical of the country’s human rights record. In 2012, he wrote an opinion piece for the Guardian criticizing the UAE government’s activist crackdown and warning that, if it continued, “those in power face an uncertain future.”
This is what counterterrorism looks like in UAE. This is what it can look like anywhere, once mission creep sets in and the government decides criticism is suspicious behavior. But this was done by US intelligence personnel who took better-paying offers to spy for a nation we somehow consider an ally, despite its stances on pretty much everything being antithetical to ours.
The quote opening this post was from the aftermath of an indiscriminate deployment of a virus that infected every visitor of a targeted Islamist forum. It swept up plenty of communications from Americans, but even with safeguards in place to remove inadvertent collections, it was clear UAE did not consider Americans' communications off-limits.
It should have. The UAE claims to be a partner in the War on Terror, citing its positive relationship with the United States as an intelligence partner. Even though Project Raven was run by the UAE using former US intel personnel, the NSA still was supposed to be notified before operation deployments or prior to presentations that might discuss classified techniques. What's published here shows either the NSA was cut out of the loop by UAE or that the NSA appears to have made no effort to keep tabs on operations run by its surveillance partner.
The UAE government took the project in-house, using a local tech contractor to create a company called DarkMatter that severed any ties the project might have with the US Intelligence Community. To their credit, at least eight former US intelligence analysts left when it became apparent targeting dissidents, journalists, and American citizens was going to be a large part of their work.
Lori Stroud eventually realized targeting Americans was a feature, not a bug.
When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by “certain people. You are not one of them,” the Emirati officer wrote.
Days later, Stroud said she came upon three more American names on the hidden targeting queue.
Those names were in a category she hadn’t seen before: the “white category” — for Americans. This time, she said, the occupations were listed: journalist.
“I was sick to my stomach,” she said. “It kind of hit me at that macro level realizing there was a whole category for U.S. persons on this program.”
But sick or not, it was the UAE government that removed her from DarkMatter, terminating her employment when she kept objecting to the targeting of Americans. She was met by the FBI when she returned to the US. The entire operation is now under FBI investigation, but not necessarily for the illegal targeting of Americans. The FBI appears to be more concerned about possible leaks of classified surveillance techniques. It also wants to know if any US "systems" were targeted, suggesting it will be looking at attacks against US government entities and domestic corporations. It appears spying on journalists and Americans isn't worthy of an investigation.