A team of former US government intelligence agents working for the UAE has hacked the iPhone from rival militants, diplomats and foreign rulers using a sophisticated spy tool called Karma, as part of a campaign showing the proliferation of cyber-weapons powerful superpowers of the world and in the hands of small nations.

The cyber-tool allowed the small Gulf country to monitor hundreds of targets from 2016, from the Emir of Qatar to a senior Turkish official through a human rights activist to the Nobel Peace Prize in Yemen, according to five former agents and program documents reviewed by Reuters. The sources interviewed by Reuters were not UAE citizens.

Karma was being used by a cyber-offensive operations unit in Abu Dhabi, consisting of Emirati security officials and former US intelligence agents who worked as subcontractors for the United Arab Emirates intelligence services. The existence of Karma and the hacking unit, codename Project Raven, has not been reported before. Raven's activities are detailed in a separate article published today by Reuters.

Former Raven agents described Karma as a tool for remotely granting access to an iPhone by simply downloading phone numbers or email accounts into an automated targeting system. The tool has limitations - it does not work on Android devices and does not intercept phone calls. But it was exceptionally powerful because, unlike many exploits, Karma did not need a target to click on a link sent to an iPhone, they said.


In 2016 and 2017, Karma was used to obtain photos, emails, SMS and location information from target iPhones. The technique also helped hackers recover backed up passwords, which could be used for other intrusions.

It is unclear if the Karma hack remains in use. Former members said that by the end of 2017, Apple's iPhone software security updates had made Karma much less efficient.

Lori Stroud, a former Raven agent who also worked for the US National Security Agency, told Reuters of the excitement of introducing Karma in 2016. "It was as if we had this great new feat that we have just bought. Get us a huge list of targets who now have iPhones, "she said. "It was like Christmas."

The disclosure of Karma and the Raven unit comes in a context of escalating cyber-weaponry. Competitors such as Qatar, Saudi Arabia and the United Arab Emirates are competing for the most sophisticated tools and hackers.

Tools like Karma, which can exploit hundreds of iPhones simultaneously, by capturing their location data, photos and messages, are particularly sought after, according to cyberwar veterans. According to Michael Daniel, former star of the White House's cybersecurity led by President Obama, only about 10 countries, such as Russia, China, the United States and their closest allies, would be able to develop such weapons.

Karma and similar tools make personal devices such as iPhones the "juiciest targets," said Patrick Wardle, a former National Security Agency researcher and security expert at Apple.

A spokeswoman for the United Arab Emirates Ministry of Foreign Affairs declined to comment.

Apple declined to comment.

A flaw in Apple's iMessage system


Raven's former insiders said that Karma had allowed members to gather evidence on many targets, ranging from critical government activists to regional rivals, including Qatar, and the ideological opponent of the United Arab Emirates, the movement Muslim Brotherhood.

It also gave them access to pictures of compromising and sometimes sexually explicit targets. The material was described to Reuters in detail, but journalists did not inspect it. Reuters found no evidence that the UAE disclosed any harmful materials discovered via Karma.

According to documents reviewed by Reuters, Raven was largely composed of veterans of the US intelligence community, paid via an Emirati-based cybersecurity company named DarkMatter. The company did not respond to many emails and phone calls asking for a comment. The NSA declined to comment on the Raven project.

The UAE government has purchased Karma from a supplier outside the country, agents said. Reuters could not determine the creator of the tool.

The agents knew how to use the Karma, by feeding him daily new targets, in a system requiring practically no intervention on the part of an agent after the definition of its objective. But users did not understand the technical details of how the tool was able to exploit Apple's vulnerabilities. Those familiar with the art of cyber espionage said that this was not unusual in a major intelligence agency, where operators are kept informed of most engineers' knowledge of the inner workings of a weapon.

Three former members said they understood that Karma was at least partly based on a flaw in Apple's messaging system, iMessage. They added that the flaw allowed the implementation of malware on the phone via iMessage, even if the owner of the phone did not use the iMessage program, allowing hackers to establish a connection with the device.

To initiate the compromise, Karma only needed to send a text message to the target - the hacking did not require any action on the part of the recipient. The agents could not determine how the vulnerability worked.

A person with first-hand knowledge of the transaction has confirmed the sale of Karma to the Emirati by an outside provider, the details of its capabilities and its use of vulnerability of iMessage.

The Raven team has managed to hack the accounts of hundreds of Middle East politicians and activists throughout the region and, in some cases, Europe, according to former Raven agents and program documents.

Target the Yemeni Iron Woman


In 2017, for example, the agents used Karma to hack an iPhone used by the Emir of Qatar, Tamim bin Hamad al-Thani, as well as the devices of former Turkish Deputy Prime Minister Mehmet Şimşek and the head of Oman's foreign affairs, Yusuf bin Alawi. bin Abdullah. It is not clear what material was removed from their devices.

I seek, who stepped down in July, told Reuters that the cyber intrusion on his phone was "appalling and very disturbing". Washington's embassies in Qatar, Oman and Turkey have not responded to political personalities in their country.

Raven also hacked Tawakkol Karman, a human rights activist known as the Yemeni Iron Woman. Informed by Reuters that she had been targeted, she added that she thought she was chosen because of her leadership during the Yemeni Arab Spring protests, which broke out in the region in 2011 and led to the ousting Egyptian President Hosni Mubarak.

For years, she had received repeated notifications of social network accounts, warning that she had been hacked, she told Reuters. But the fact that the Americans helped the UAE government to monitor her was shocking, she said.

Americans are "supposed to support the protection of human rights defenders and provide them with all the means and tools of protection and security," she said, "not be a tool in the hands of tyrannies to spy on activists and allow them to oppress. their peoples."

Hey, Guy hope you like this article, please share it with your friends and family. Also, comment on your points of view and thank you for reading this article.