The US company has sold iPhone hacking tools to UAE spies
Optiv spokesman Jeremy Jones wrote in an email that his company “cooperates fully with the Department of Justice” and that Optiv “is not the subject of this investigation.” That’s right: The subjects of the investigation are three former U.S. intelligence and military personnel illegally working in the UAE. However, Accuvant’s role as exploit developer and vendor is important enough to detail the duration of the Court’s filing.
Taking advantage of iMessage is the main weapon of an Emirati program called Karma, run by DarkMatter, an organization that pretends to be a private company but actually acts as a de facto spy agency for the UAE.
Reuters reports the availability of Karma and take advantage of iMessage in 2019. But on Tuesday, the US fined three former U.S. intelligence and military personnel $ 1.68 million for their unlicensed work as mercenary hackers in the UAE. Along with that activity was the purchase of Accuvant equipment and subsequently directing UAE-funded hacking campaigns.
U.S. court documents state that the exploits were made and sold by American firms but did not name the hacking companies. Accuvant’s role has not been reported to date.
“The FBI will fully investigate individuals and companies obtained from illegal cyber criminal activity,” Bryan Vorndran, assistant director of the FBI’s FBber Division, said in a statement. “This is a clear message to anyone, including U.S. government employees, who is considering using cyberspace to access export-controlled information for the benefit of a foreign government or a foreigner. commercial company – there are risks, and there are consequences. “
Prolific exploit developer
Despite the fact that the UAE is considered a close ally of the United States, DarkMatter has been linked to cyberattacks against various American targets, ACCORDING in court documents and whistleblowers.
Helped by American cooperation, skills, and money, DarkMatter built offensive hacking capabilities in the UAE over the years from almost nothing to a heavy and active operation. The group spends heavily to recruit hackers in America and the West to create and sometimes manage cyber operations in the country.
At the time of sale, Accuvant was a small research and development lab based in Denver, Colorado, that specialized in and sold iOS exploits.
“The FBI will fully investigate individuals and companies profiting from illegal cyber criminal activity. This is a clear message to anyone… there is danger, and there are consequences.”
Brandon Vorndran, FBI
Over the past decade, Accuvant has built a reputation as a prolific exploitative developer working with numerous American military contractors and selling bugs to government customers. In an industry that typically values a code of silence, for example the company has the public’s attention.
“The accuvant represents the rise of cyberwar: a vibrant market,” journalist David Kushner wrote in a 2013 company profile of the Rolling Stone. This is the kind of company, he said, “that can create custom software that can penetrate external systems and accumulate intelligence or even shut down a server, for which they can be paid up to $ 1 million. . “
Most of the optiv exits in the hacking industry follow a series of mergers and acquisitions, but Accuvant’s alumni network is strong and still continues to take advantage. Two high-profile employees continue to support Grayshift, an iPhone hacking company known for its skills in unlocking devices.
The hacking exploits sell to many customers in both the government and private sectors, including the United States and its allies — and this exact iMessage exploit is also sold simultaneously to many other customers, it is known. in the MIT Technology Review.
Exploiting iMessage is one of the many critical messaging app flaws that have been discovered and exploited over the years. A 2020 update to the iPhone operating system has been shipped complete rebuild iMessage security in an attempt to make it a more difficult target.