EFF Sues DarkMatter for Hacking Saudi Activist

Lawsuit Filed Against DarkMatter for iPhone Hacking

The Electronic Frontier Foundation (EFF) has initiated legal action against DarkMatter, a spyware developer, and three former employees of U.S. intelligence and military organizations. The suit alleges they were involved in the unauthorized access of an iPhone belonging to a prominent Saudi Arabian human rights advocate.

Details of the Allegations

The legal complaint is brought forth on behalf of Loujain al-Hathloul, who asserts she was targeted in an unlawful hacking operation. This operation is believed to have been orchestrated by DarkMatter and the three former U.S. intelligence officers at the behest of the UAE following the Arab Spring uprisings.

The Individuals Involved

The lawsuit identifies the former NSA operatives as Daniel Gerike, currently the CIO of ExpressVPN, Marc Baier, and Ryan Adams. These individuals were reportedly participants in Project Raven, a UAE-backed initiative designed to monitor human rights activists, political figures, journalists, and those dissenting against the government during the Arab Spring.

Previously, in September, these three former spies reached an agreement to pay a total of $1.7 million. This settlement stemmed from admissions of violating the Computer Fraud and Abuse Act (CFAA) and regulations concerning the sale of sensitive military technology. The agreement was reached with the U.S. Justice Department and did not involve criminal prosecution.

Furthermore, they are now permanently prohibited from holding positions that involve computer network exploitation, working with specific UAE entities, exporting defense-related materials, or offering defense services.

Al-Hathloul's Claims

Loujain al-Hathloul, widely recognized for her advocacy for enhanced women’s rights in Saudi Arabia, alleges that the former spies exploited a security flaw within iMessage. This vulnerability was purportedly used to illegally gain access to her iPhone, enabling covert monitoring of her communications and location.

She contends that this intrusion directly contributed to her “arbitrary arrest by UAE security forces and subsequent transfer to Saudi Arabia, where she endured detention, imprisonment, and torture.”

Legal Arguments Presented

The lawsuit asserts that Gerike, Baier, and Adams procured malicious code from a U.S.-based company. They then intentionally directed this code towards Apple servers located in the U.S., facilitating the installation of harmful software on al-Hathloul’s iPhone, thus violating the CFAA.

Additionally, the suit claims they provided assistance in committing crimes against humanity, given that the hacking of al-Hathloul’s phone was part of a broader, systematic attack by the UAE against human rights defenders and activists.

EFF's Perspective

The EFF, collaborating with Foley Hoag LLP and Boise Matthews LLP, characterizes this case as a “clear-cut” instance of device hacking. They state that “DarkMatter operatives compromised al-Hathloul’s iPhone without her consent, installing malware with devastating repercussions.”

Eva Galperin, cybersecurity director at EFF, stated: “Project Raven’s actions exceeded even the behavior observed from NSO Group, which has repeatedly been implicated in selling software to authoritarian regimes for the purpose of spying on journalists, activists, and dissidents.”

Galperin further emphasized that “DarkMatter didn’t simply supply the tools; they directly supervised the surveillance operation.”

Al-Hathloul's Statement

In a released statement, al-Hathloul expressed her feelings regarding the situation.

Further Details

• The lawsuit focuses on the alleged misuse of hacking tools for political repression.
• DarkMatter is accused of actively participating in the surveillance program.
• The case highlights concerns about the sale and use of spyware by private companies.