UAE spies hacked devices belonging to Qatar’s royal family and intercepted private communications between then-US First Lady Michelle Obama and Her Highness Sheikha Moza bint Nasser, according to a new book by a New York Times reporter.
Previous news reports have highlighted the sophisticated intelligence operation carried out by the UAE (United Arab Emirates) with the assistance of former US operatives. Targets included governments officials, United Nations offices in New York, and FIFA executives.
But a Times story on Saturday with excerpts of the book – This Is How They Tell Me the World Ends by Times’ cybersecurity journalist Nicole Perlroth – is the first to report on the surveillance of email communications in late 2015 between Obama and Sheikha Moza, wife of Qatar’s former Emir Sheikh Hamad bin Khalifa Al Thani.
The communications intercepted included personal reflections, security details, and an itinerary change after Obama was scheduled to speak in Qatar at her royal highness’ annual education summit in Doha.
The spying effort reportedly led one American operative to resign from the spy programme and leave Abu Dhabi.
“That was the moment I said, ‘We shouldn’t be doing this. We should not be targeting these people,” the former US National Security Agency (NSA) analyst was quoted as saying.
Known as Project Raven, hackers employed state-of-the-art cyber-espionage tools to help the UAE engage in surveillance of other governments, armed groups, and human rights activists critical of the monarchy.
Interviews by Reuters news agency in 2019 with former Raven operatives, along with a review of thousands of pages of project documents and emails, showed spying techniques taught by the NSA were central to the UAE’s efforts to monitor opponents.
Operatives used an arsenal of cyber tools including a cutting-edge espionage platform known as Karma, with which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists.
The FBI is now investigating because US laws prohibit the hacking of US networks or stealing the communications of Americans.
US operatives helped locate target accounts, discover their vulnerabilities and cue up cyber-attacks for UAE spies. To stay within the bounds of the law, the US staff did not press the button on the ultimate attack, but would often literally stand over the shoulders of the Emiratis who did, Reuters reported.
Between 2012 and 2015, individual teams were tasked with hacking into entire rival governments, as the programme’s focus shifted from counterterrorism to espionage against geopolitical foes, documents show.
Qatar was a prime target, along with Iran, Turkey, and rebels in Yemen.
In 2010, Doha gained global attention by winning the right to hold football’s 2022 World Cup. In 2014, UAE operatives targeted directors at FIFA, the Swiss-based body that runs international football, and people involved in Qatar’s World Cup organising body.
The ploy aimed to steal damaging information about Qatar’s World Cup bid, which could be leaked to embarrass the UAE’s Gulf rival.
The FIFA hacking operation was codenamed Brutal Challenge. Hackers sent boobytrapped Facebook messages and emails containing a malicious link to a website called “worldcupgirls”. Clicking on the link deployed spyware into the target’s computer.
It is not clear whether the mission succeeded. But the targets included Hassan al-Thawadi, secretary-general of Qatar’s FIFA organising body.
The UAE has not officially commented on the spying operation but says it faces real threats from armed groups and works with the US on counterterrorism efforts.