MEMORY HACKER SECTOR CODE
In an industry that typically values a code of silence, the company occasionally got public attention. This is a clear message to anybody… there is risk, and there will be consequences.” Brandon Vorndran, FBIĪ decade ago, Accuvant established a reputation as a prolific exploit developer working with bigger American military contractors and selling bugs to government customers. “The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity. The group spent heavily to hire American and Western hackers to develop and sometimes direct the country’s cyber operations.Īt the time of the sale, Accuvant was a research and development lab based in Denver, Colorado, that specialized in and sold iOS exploits. Helped by American partnership, expertise, and money, DarkMatter built up the UAE’s offensive hacking capabilities over several years from almost nothing to a formidable and active operation.
“This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company-there is risk, and there will be consequences.” Prolific exploit developerĭespite the fact that the UAE is considered a close ally of the United States, DarkMatter has been linked to cyberattacks against a range of American targets, according to court documents and whistleblowers. “The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement.
The court documents then describe manipulation of the exploit by the mercenaries to make it a more powerful tool for the UAE's purposes. A source with close knowledge of the development and sale of the exploit says that Accuvant was explicitly “directed” to make the sale of the exploit by a US intelligence agency and that the company did not know it would be used for foreign espionage. Accuvant’s role has not been reported until now.Īccuvant was not the focus of the investigation because the sale it made was licensed and legal. The US court documents noted that the exploits were developed and sold by American firms but did not name the hacking companies. That activity included buying Accuvant’s tool and then directing UAE-funded hacking campaigns. But on Tuesday, the US fined three former US intelligence and military personnel $1.68 million for their unlicensed work as mercenary hackers in the UAE. Reuters reported the existence of Karma and the iMessage exploit in 2019. The iMessage exploit was the primary weapon in an Emirati program called Karma, which was run by DarkMatter, an organization that posed as a private company but in fact acted as a de facto spy agency for the UAE. However, Accuvant's role as exploit developer and seller was important enough to be detailed at length in Justice Department court filings. Optiv spokesperson Jeremy Jones wrote in an email that his company has "cooperated fully with the Department of Justice" and that Optiv "is not a subject of this investigation." That's true: The subjects of the investigation are the three former US intelligence and military personnel who worked illegally with the UAE. News of the sale sheds new light on the exploit industry as well as the role played by American companies and mercenaries in the proliferation of powerful hacking capabilities around the world. It merged several years ago with another security firm, and what remains is now part of a larger company called Optiv. Two sources with knowledge of the matter have confirmed to MIT Technology Review that the exploit was developed and sold by an American firm named Accuvant.
But the case documents do not reveal who sold the powerful iPhone exploit to the Emiratis. It was used against hundreds of targets in a vast campaign of surveillance and espionage whose victims included geopolitical rivals, dissidents, and human rights activists.ĭocuments filed by the US Justice Department on Tuesday detail how the sale was facilitated by a group of American mercenaries working for Abu Dhabi, without legal permission from Washington to do so. The tool exploited a flaw in Apple’s iMessage app to enable hackers to completely take over a victim’s iPhone. When the United Arab Emirates paid over $1.3 million for a powerful and stealthy iPhone hacking tool in 2016, the monarchy’s spies-and the American mercenary hackers they hired-put it to immediate use.