Optiv spokesman Jeremy Jones wrote in an email that his company “is in full cooperation with the Department of Justice” and Optiv is “not the subject of this investigation.” That’s true: the subject of the investigation is the UAE and three former US intelligence and military personnel who worked illegally. However, Accuvant’s role as an exploit developer and seller was so important that it was explained in detail in the Judiciary Court filings.
iMessage exploits were the primary weapon of the Emirati program called Karma. The program was run by Dark Matter, an organization disguised as a private sector, but it actually acted as the de facto espionage agency for the UAE.
Reuters reported the existence of karmic and iMessage exploits in 2019. But on Tuesday, the United States fined three former US intelligence agencies and military personnel $ 1.68 million for their unlicensed work as mercenary hackers in the UAE. Its activities included purchasing Accuvant tools and directing UAE-funded hacking campaigns.
A US court document states that the exploit was developed and sold by a US company, but does not name the hacking company. The role of Accubant has not been reported so far.
“The FBI will thoroughly investigate individuals and businesses that benefit from illegal criminal cyber activities,” said Brian Vondolan, assistant director of the FBI’s cyber division, in a statement. “This is a clear message for anyone, including former US government officials who have considered using cyberspace to leverage export control information for the benefit of foreign governments or foreign commercial companies. , The result will be. “
Prolific exploit developer
Despite the fact that the United Arab Emirates is considered a close ally of the United States, Dark Matter is associated with cyberattacks against various US targets, according to court documents and whistleblowers.
With the help of American partnerships, expertise, and funding, DarkMatter has built the UAE’s aggressive hacking capabilities over the years, from almost nothing to formidable active operation. The group hired American and Western hackers to spend a great deal of money developing and sometimes directing the country’s cyber activities.
At the time of sale, Accuvant was a small R & D lab based in Denver, Colorado, specializing in iOS exploits.
“The FBI thoroughly investigates individuals and businesses that benefit from illegal criminal cyber activities. This is a clear message for everyone … there are risks and results will come.”
Brandon Vorndran, FBI
Ten years ago, Accuvant worked with a larger American military contractor to establish a reputation as a prolific exploit developer selling bugs to government customers. In an industry that usually emphasizes the code of silence, companies have occasionally received public attention.
“Accuvant represents the benefits of cyberwarfare. It’s a booming market,” journalist David Kushner wrote in Rolling Stone’s 2013 company profile. It’s a kind of company, “you can create custom software that can go into external systems, collect intelligence, shut down servers, and get paid up to $ 1 million,” he said. ..
Optiv has made a major withdrawal from the hacking industry following a series of mergers and acquisitions, but Accuvant’s alumni network is strong and still working on exploits. Two prominent employees co-founded Grayshift, an iPhone hacking company known for its device unlocking skills.
Accuvant has sold hacking exploits to multiple customers in both the government and the private sector, including the United States and its allies. MIT Technology Review learned that this accurate iMessage exploit was also sold to multiple other customers at the same time.
iMessage exploits are one of the few serious flaws in messaging apps that have been discovered and exploited in the last few years. The 2020 update of the iPhone operating system shipped with a completely rebuilt iMessage security to make it harder to target.
The U.S. company sold an iPhone hacking tool to UAE spies
Source link The U.S. company sold an iPhone hacking tool to UAE spies