“DarkMatter (Emirati company)”的意思、由来-开放百科全书

DarkMatter, founded in the United Arab Emirates (UAE) in 2014^[1]^[2] or 2015,^[3] is a cybersecurity company.^[5]^[1] The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybersecurity ("cracking" or, colloquially, "hacking"), including on behalf of the Emirati government.^[1]

Company history

DarkMatter was founded in either 2014^[1]^[2] or 2015^[3] by Faisal al-Bannai, the founder of mobile phone vendor Axiom Telecom and the son of a major general in the Dubai Police Force.^[3]^[1]^[5]

Around 2014, Zeline 1, a wholly owned subsidiary of DarkMatter, became active in Finland.^[2]

DarkMatter's public launch came in 2015, at the 2nd Annual Arab Future Cities Summit. At this time, the company advertised capabilities including network security and bug sweeping, and promised to create a new, "secure" mobile phone handset. It promoted itself as a "digital defense and intelligence service" for the UAE.

In 2016, DarkMatter replaced CyberPoint as a contractor for Project Raven.^[1] Also in 2016, DarkMatter sought smartphone development expertise in Oulu, Finland.^[2] DarkMatter recruited several Finnish engineers.^[2]

By early 2018, DarkMatter's turnover was hundreds of millions of dollars.^[5] Eighty percent of its work was for the UAE government and related organisations, including the NESA.^[5] It had developed a smartphone model called Katim, Arabic for "silence".^[3]

Recruitment practices

In addition to recruiting via conventional routes such as personal referrals and stalls at trade shows (e.g. Black Hat), DarkMatter headhunts staff from the U.S. National Security Agency and has "poached" competitors' staff after they were contracted to the UAE government, as happened with some CyberPoint employees.^[5]

Allegations of surveillance for UAE government

Project Raven

Project Raven was a confidential initiative to help the UAE surveil other governments, militants, and human rights activists.^[1] Its team included former U.S. intelligence agents, who applied their training to hack phones and computers belonging to Project Raven's victims.^[1] The operation was based in a converted mansion in Abu Dhabi nicknamed "the Villa."^[1]

From around 2014 to 2016, CyberPoint supplied U.S.-trained contractors to Project Raven. In 2016, news reports emerged that CyberPoint had contracted with the Italian spyware company Hacking Team, which damaged CyberPoint's reputation as a defensive cybersecurity firm. Reportedly dissatisfied with relying upon a U.S.-based contractor, the UAE replaced CyberPoint with DarkMatter as its contractor, and DarkMatter induced several CyberPoint staff to move to DarkMatter.^[1]^[38] After this, Project Raven reportedly expanded its surveillance to include the targeting of Americans, potentially implicating its American staff in unlawful behaviour.^[1]^[1]^[2]

Karma spyware

In 2016, Project Raven bought a tool called Karma.^[42] Karma was able to remotely exploit Apple iPhones anywhere in the world, without requiring any interaction on the part of the iPhone's owner.^[1] It apparently achieved this by exploiting a zero-day vulnerability in the device's iMessage app.^[1] Project Raven operatives were able to view passwords, emails, text messages, photos and location data from the compromised iPhones.^[42]^[1]

People whose mobile phones have been deliberately compromised using Karma reportedly include:

In 2017, Apple patched some of the security vulnerabilities exploited by Karma, reducing the tool's effectiveness.^[42]

Certificate authority controversy

In 2016, two DarkMatter whistleblowers and multiple other security researchers expressed concerns that DarkMatter intended to become a certificate authority (CA). This would give it the technical capability to create fraudulent certificates, which would allow fraudulent websites or software updates to convincingly masquerade as legitimate ones. Such capabilities, if misused, would allow DarkMatter to more easily deploy rootkits to targets' devices, and to decrypt HTTPS communications of Firefox users via man-in-the-middle attacks.^[57]^[58]

On December 28, 2017, DarkMatter requested that Mozilla include it as a trusted CA in the Firefox web browser.^[59] For more than a year, Mozilla's reviewers addressed concerns about DarkMatter's technical practices, eventually questioning on that basis whether DarkMatter met the baseline requirements for inclusion.^[59]^[61]

On January 30, 2019, Reuters published investigations describing DarkMatter's Project Raven.^[1]^[57] Mozilla's reviewers noted the investigation's findings.^[61] Subsequently, the Electronic Frontier Foundation (EFF) and others asked Mozilla to deny DarkMatter's request, on the basis that the investigation showed DarkMatter to be untrustworthy and therefore liable to misuse its capabilities.^[57]^[58]^[61]^[59] {{As of|2019|March}}, Mozilla's public consultation and deliberations are ongoing.^[61]^[59]

See also

References

1. ^¹{{cite web | title=A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments | website=The New York Times | date=2019-03-21 | url=https://www.nytimes.com/2019/03/21/us/politics/government-hackers-nso-darkmatter.html | access-date=2019-03-22}}
2. ^{{cite web | title=Takeaways From The Times’s Investigation Into Hackers for Hire | website=The New York Times | date=2019-03-21 | url=https://www.nytimes.com/2019/03/21/us/politics/nso-darkmatter-government-spies.html | access-date=2019-03-22}}
3. ^¹²³⁴{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1427262|title=1427262 - Add DarkMatter Root Certificates|website=bugzilla.mozilla.org}}
4. ^¹²³⁴{{cite web|url=https://phys.org/news/2018-02-uae-cyber-firm-darkmatter-slowly.html|title=UAE cyber firm DarkMatter slowly steps out of the shadows|website=phys.org}}
5. ^¹²³⁴⁵{{cite web|url=https://www.reuters.com/article/us-emirates-cyber-darkmatter-idUSKBN1FL451|title=Emerging Gulf State cyber security powerhouse growing rapidly in...|date=2 February 2018|publisher=|via=www.reuters.com}}
6. ^¹²³{{cite web|url=https://www.businessinsider.com/r-exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-2019-1|title=A top secret UAE spy operation staffed by former NSA cyber-agents hacked into the iPhones of dissidents and rivals|first=|last=Reuters|website=Business Insider}}
7. ^{{cite web|url=https://www.engadget.com/2019/01/30/uae-surveillance-iphone-hacking/|title=UAE surveillance unit used iPhone hacking software to track dissidents|website=Engadget}}
8. ^¹²³⁴⁵⁶⁷⁸⁹¹⁰¹¹¹²¹³¹⁴¹⁵¹⁶¹⁷{{cite web|url=https://www.reuters.com/investigates/special-report/usa-spying-raven/|title=Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE|website=Reuters}}
9. ^{{cite web|url=https://arstechnica.com/information-technology/2019/02/uae-buys-its-way-toward-supremacy-in-gulf-cyberwar-using-us-and-israeli-experts/|title=UAE buys its way toward supremacy in Gulf cyberwar, using US and Israeli experts|first=Sean|last=Gallagher|date=1 February 2019|website=Ars Technica}}
10. ^¹²³⁴⁵{{cite web|url=http://www.helsinkitimes.fi/finland/finland-news/domestic/16165-revealed-secretive-uae-cybersecurity-firm-with-a-history-of-spying-on-dissidents-is-operating-in-finland.html|title=Revealed: Secretive UAE cybersecurity firm with a history of spying on dissidents is operating in Finland|website=www.helsinkitimes.fi}}
11. ^{{cite web|url=https://www.techdirt.com/articles/20190202/09354341513/ex-nsa-personnel-spied-americans-journalists-united-arab-emirates.shtml|title=Ex-NSA Personnel Spied On Americans And Journalists For The United Arab Emirates|first=Feb 7th 2019 3:51am-Tim Cushing|last=Thu|website=Techdirt.}}
12. ^¹²³⁴{{cite web|url=https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/nnLVNfqgz7g|title=DarkMatter Concerns|website=Google Groups}}
13. ^¹²{{cite web|url=https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else|title=Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else|first=Cooper|last=Quintin|date=22 February 2019|website=Electronic Frontier Foundation}}
14. ^¹²³{{cite web|url=https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/|title=CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns|website=BleepingComputer}}