Portland, Oregon – The Electronic Frontier Foundation (EFF) filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spyware maker DarkMatter Group and three of its former executives for illegally hacking into his iPhone to secretly track his communications and whereabouts.
AlHathloul is among the victims of an illegal espionage program created and run by former US intelligence agents, including the three defendants named in the lawsuit, who worked for an American company contracted by the United Arab Emirates (UAE) to the aftermath of the Arab Spring protests. to identify and monitor activists, journalists, rival foreign leaders and perceived political enemies.
Reuters announced the news about the hacking program called Project Raven in 2019, reporting that when the United Arab Emirates transferred surveillance work to the Emirati company DarkMatter, the American agents, who learned espionage while working for the National Security Agency and d other US intelligence agencies, tracked and directed DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissidents, and even Americans residing in the United States
DarkMatter executives Marc Baier, Ryan Adams and Daniel Gericke, working for their client UAE – which was acting on behalf of the Kingdom of Saudi Arabia (KSA) – oversaw the hacking project, who exploited a vulnerability in the iMessage app to locate and monitor targets. Baier, Adams, Gericke, all former members of US intelligence or military agencies, designed and operated the United Arab Emirates’ cyber surveillance program, also known as Project DREAD (Development Research Exploitation and Analysis Department), using malicious code purchased from an American company.
Baier, who resides in the United Arab Emirates, Adams, an Oregon resident, and Gericke, who lives in Singapore, admitted in September to violating the Computer Fraud and Abuse Act (CFAA) and prohibitions on selling computers. sensitive military technologies under a non-prosecution agreement with the US Department of Justice.
“Companies that sell their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Director of Civil Liberties David Greene. “The harm done to Loujain AlHathloul can never be repaired. But this trial is a step towards accountability.
Al Hathloul, whose statement on the case is below, is a chef in the movement to advance women’s rights in Saudi Arabia, where women were barred from driving until 2018, are required by law to obtain permission from a male guardian to work or travel , and suffer from discrimination and violence. She became known for her advocacy of women’s right to drive and put herself in danger in 2014 when she publicly announced her intention to cross the border from the United Arab Emirates into Saudi Arabia and to film oneself conduct. She was arrested at the Saudi border and imprisoned for 73 days. Undeterred, AlHathloul continued to advocate for women’s rights and continues to be the target of the kingdom’s efforts to suppress dissent.
DarkMatter intentionally directed code to Apple servers in the United States to reach and place malware on AlHathloul’s iPhone, a violation of the CFAA, EFF said in a lawsuit filed in US federal court. ‘Oregon. The phone was originally hacked in 2017, gaining access to his text messages, emails and real-time location data. Later, AlHathloul was driving on the highway in Abu Dhabi when she was stopped by the United Arab Emirates security services and forcibly flown to Saudi Arabia, where she was imprisoned twice, including in a prison. where she was subjected to electric shocks, floggings, and threats of rape and death.
“Project Raven even went beyond the behavior we saw from the NSO Group, which has been repeatedly caught selling software to authoritarian governments who use their tools to spy on journalists, activists and dissidents,” said Eva Galperin, EFF’s director of cybersecurity. Dark Matter didn’t just provide the tools; they themselves oversaw the monitoring program.”
While the EFF has long insisted on the need to reform the CFAA, this case represents a direct application of the CFAA to the type of gross violation of user safety that everyone agrees the law was intended to address.
“This is a clear case of device hacking, where DarkMatter agents broke into AlHathloul’s iPhone without his knowledge to insert malware, with horrific consequences,” Mukund said. Rathi, EFF lawyer and Stanton Fellow. “That kind of crime is what the CFAA was supposed to punish.”
In addition to the CFAA violations, the complaint alleges that Baier, Adams and Gericke aided and abetted crimes against humanity because the hacking of AlHathloul’s phone was part of the UAE’s widespread and systematic attack on human rights defenders, activists and other alleged critics of the United Arab Emirates and Saudi Arabia.
The law firms Foley Hoag LLP and Boise Matthews LLP are co-counsel with EFF in this matter.
Loujain Alhathloul trial statement
“I never imagined myself being recognized for standing up for what I believed to be right. My early realization of my privilege to speak out loudly for women and myself prompted me to engage in the sphere of human rights defenders.
“In a 2018 article titled kidnapped freedoms, I expressed my understanding of the freedom to be security and peace:
security to express, to feel protected, to live and to love.
[And] peace to reveal the purest and most sincere humanity implanted deep within our souls and minds without suffering unforgivable consequences.
Deprived of security and peace, I lost my freedom. Always?’
“Previously, I had limited consideration of all aspects of harm that a human rights defender, or any individual for that matter, might face, particularly in the online world. Today, I integrate online security as well as protection against abuse of power by cyber companies into my understanding of security. The latter must be considered a fundamental and natural right in our digital reality.
“No government or individual should condone the misuse of spyware malware to deter human rights or endanger the voice of human conscience. That is why I have chosen to defend our collective right to stay safe online and limit government-sponsored cyber abuse of power.I continue to realize my privilege to eventually act on my beliefs.
“I hope this case inspires others to confront all kinds of cybercrimes while creating a safer space for us all to grow, share and learn from each other without the threat of abuse of power.”
For the complaint:
To learn more about state-sponsored malware: