This American company sells iPhone hacking tools to UAE spies


Optiv spokesperson Jeremy Jones wrote in an email that his company “cooperates fully with the Department of Justice” and Optiv is “not the subject of this investigation.” It is true: the subjects of the investigation are three former US intelligence and military personnel working illegally in the UAE. However, Accuvant’s role as a exploit developer and seller is very important enough to be detailed in the court documents of the Ministry of Justice.

The iMessage vulnerability is the main weapon in the UAE’s plan, called KarmaOperated by DarkMatter, the organization is disguised as a private company but is actually a spy agency in the UAE.

Reuters Report The existence of vulnerabilities in Karma and iMessage in 2019.But on Tuesday, the United States fine Three former US intelligence and military personnel received $1.68 million in compensation for their unlicensed work in the UAE that hired hackers. The activity included purchasing tools from Accuvant and then directing hacking activities funded by the UAE.

U.S. court documents pointed out that these vulnerabilities were developed and sold by U.S. companies, but did not specify the name of the hacker company. The role of Accuvant has not been reported until now.

“The FBI will fully investigate individuals and companies that profit from illegal cybercriminal activities,” Brian Warndland, assistant director of the FBI’s Cyber ​​Division, said in a statement. “This is clear information for anyone, including former US government employees, who have considered using cyberspace to use export control information for the benefit of foreign governments or foreign commercial companies-this is risky and also There are consequences.”

Prolific exploit developer

Although the UAE is considered a close ally of the United States, dark matter is related to cyberattacks against a range of U.S. targets. according to Court documents and informer.

help U.S. partnership, expertise, and money, DarkMatter has established the UAE’s offensive hacking capabilities for several years, from almost nothing to powerful and aggressive actions. The organization has spent huge sums of money in hiring American and Western hackers to develop and sometimes direct the country’s network operations.

At the time of sale, Accuvant was a small R&D laboratory located in Denver, Colorado, specializing in and selling iOS exploits.

“The FBI will fully investigate individuals and companies that profit from illegal cybercriminal activities. This is a clear message to anyone… There are risks and consequences.”

Brandon Wardland, FBI

Ten years ago, Accuvant established a reputation as a prolific vulnerability developer working with larger US military contractors and selling vulnerabilities to government customers. In an industry that usually values ​​the norm of silence, the company occasionally receives public attention.

“Accuvant represents a benefit of cyber warfare: a booming market,” journalist David Kushner wrote in an article. 2013 company profile In the Rolling Stones. He said that this is a “company that can create customized software that can access external systems and collect intelligence and even shut down servers. They can get up to $1 million in compensation.”

After a series of mergers and acquisitions, Optiv basically withdrew from the hacker industry, but Accuvant’s alumni network is very strong-and is still studying the exploitation of vulnerabilities. Two well-known employees continued to co-found the iPhone hacking company Grayshift Known for its ability to unlock devices.

Accuvant sold hacking exploits to multiple customers in the government and the private sector (including the United States and its allies), and this exact iMessage exploit was also sold to multiple other customers at the same time, MIT Technology Review understands arrive.

iMessage flaws

The iMessage exploit is one of several key flaws in messaging applications discovered and exploited in recent years. The 2020 update of the iPhone operating system comes with a complete reconstruction iMessage security, trying to make it more difficult to locate.


Source link