Cold Open
It was a Monday afternoon in December 2014 when Ibolya Ryan approached the entrance to the Shams Boutik Mall on Reem Island in Abu Dhabi. She was accompanied by her twin 11-year-old sons.
The mall sits between the Sun and Sky Towers, the curving, modern skyscrapers that dominate Abu Dhabi’s skyline. As Ryan gazed up at the buildings, she couldn’t help but feel a sense of awe.
Inside, the mall was busy. Ryan was there to do some shopping. Her always-growing boys needed new clothes. Maybe they’d grab a bite at the Nando’s in the food court, too.
The shopping trip was a nice excursion in what had been a busy year. A special needs kindergarten teacher, Ryan had moved to the United Arab Emirates a little over a year ago. She hoped to experience Arab culture while making a difference. So far, it had gone well.
But right now, she needed a pit stop. She ducked into the ladies’ room, leaving her sons outside
In the bathroom, Ibolya Ryan felt a pair of eyes on her. A woman was staring. She was wearing a black abaya, the head-to-toe garment worn by some Muslim women. She also wore black gloves.
“Can you help me?” the woman asked.
“Of course. What do you need help with?” Ryan replied.
Suddenly, the woman drew a kitchen knife from her robes.
Ryan screamed. The woman stabbed her in the chest over and over. Ibolya sunk to the floor.
Outside, a crowd gathered. Ryan’s sons watched in horror as the abaya-clad woman emerged, trailing bloody footprints behind her. Someone tried to grab her but she raced for the entrance. She slipped through the doors and disappeared into the streets of Abu Dhabi.
In the United Arab Emirates, the killing of Ibolya Ryan was shocking and horrifying. For many Emiratis, the murder of a foreign national on their soil was unthinkable.
For the country’s Crown Prince, Mohamed bin Zayed al-Nahyan, known as MbZ, the killing of Ibolya Ryan was everything he’d always feared.
The UAE was, and is, a wealthy, cosmopolitan country, one that welcomes people from around the world. Throughout the War on Terror, it had been mostly safe from terrorist attacks. This shocking killing – of a foreign national no less – could ruin his country’s reputation.
MbZ ran the country’s counter-terrorism program. He needed to know who the mysterious attacker really was. And he needed to know if she was part of a terror cell.
Recently, the Islamic State of Iraq and Syria, or ISIS, had made an online appeal to Arabs everywhere, imploring them to kill American teachers in the Middle East. Ibolya Ryan was Hungarian-American, and a teacher. Was this attacker working with ISIS? Or was it just a strange coincidence?
MbZ needed answers, and he needed them yesterday. To get them, he would have to penetrate the murky depths of the Internet, where other extremists might be plotting their next move.
Fortunately, he had the perfect tool for the job.
MbZ headed to a mansion in suburban Abu Dhabi. It was home to a top secret project within his country’s intelligence agency. A den of hackers and analysts who protected his country from online threats, in all their forms. It was essentially the country’s cyberwarfare program.
Inside, they briefed him on the situation. Team members were already combing the Internet and the dark web for any information they could find about potential terrorist activity. But there wasn’t much to go on. They still had no idea who the attacker was. The media nicknamed her “The Reem Island Ghost.” Without a name, finding her online would be difficult.
Keep me updated, he said, and left to continue overseeing the investigation.
The name of this project was the Development Research Exploitation and Analysis Department. Or D.R.E.A.D. It was a state-of-the-art cyber-espionage program that kept tabs on anyone who posed a threat to the country.
But the Americans on staff called it “Project Raven.”
That’s right, I said Americans. The United Arab Emirates was using American hackers to spy on their own citizens. And now, they had to catch a ghost.
On this episode: cyber mercenaries, dictators dictating, Michelle Obama’s emails, and the reshaping of the Middle East. I’m Keith Korneluk, and this is Modem Mischief.
INTRODUCTION
You're listening to Modem Mischief. In this series we explore the darkest reaches of the internet. We'll take you into the minds of the world's most notorious hackers and the lives affected by them. We'll also show you places you won't find on Google and what goes on down there. This is the story of Project Raven.
Act One
In 2008, the sun glinted off the bronze sculptures outside the Crown Prince’s Court in Abu Dhabi. There were nine of them, each one a human body contorted into a letter of the alphabet. Together, they spelled “Tolerance.”
Inside, the 47-year-old Crown Prince, Mohamed bin Zayed al-Nahyan, welcomed an old friend into his office. He was an American named Richard Clarke. If you watched cable news in the mid-2000’s, you probably remember him. He was President George W. Bush’s first counter-terrorism czar. The 9/11 attack happened on his watch.
SFX: 9/11 News clip
To be fair, Clarke did spend most of 2001 trying to warn the Bush administration that a terror attack was imminent, only to be ignored. But he couldn’t very well keep his job after the worst terrorist attack on U.S. soil.
With his political career in the toilet, Clarke left the government and turned to high-level political consulting, using his decades of experience and contacts to drum up business.
MbZ and Clarke had worked together plenty of times before. In 1991, when Clarke was Assistant Secretary of State during Desert Storm, he and MbZ convinced MbZ’s father to help the coalition’s war effort. American planes used the Emirates’ air bases to stage attack runs into Iraq. On 9/11, MbZ personally called Clarke and offered his help. It was the only call from a foreign leader Clarke took that day.
But today, MbZ and Clarke were here to do business. Clarke was pitching MbZ on a new government agency. If MbZ bit, Clarke’s company, Good Harbor Consulting, would be all too happy to set it up.
Clarke launched into his spiel. The Emirates runs on computers, Clarke said. But nobody’s protecting you from hackers. You need a cyberwarfare program.
Clarke outlined various terrifying scenarios. Hackers could shut down the Emirates’ power grid. They could disrupt their public transportation. Sabotage its hydroelectric dams. Wipe out records from the country’s “hawalas,” or traditional money-transferring businesses. If a hacker was creative, the possibilities for mayhem were endless.
Then, there was terrorism to worry about. True, the United Arab Emirates wasn’t a high priority target for al-Qaeda or other extremist groups. Most years, the UAE didn’t experience any terror attacks at all.
But terrorists were increasingly using the Internet to recruit, organize, share information, and plan their activities. For the UAE, not monitoring this kind of activity would be negligent.
MbZ was well aware of the dangers posed by malicious actors on the Internet. The Americans had operations like the NSA to deal with threats like this. The Emirates had nothing. But today, that would change.
They shook hands on the deal. The project that would come to be known as Raven was set in motion.
For Clarke, landing the Project Raven contract was just another business opportunity. But for MbZ, it would be the key to his political ambitions – and those of his country.
By 2008, MbZ had already been Crown Prince of Abu Dhabi for four years. That put him directly in line for the throne, which is held by his older half-brother Khalifa.
MbZ and Khalifa’s father, Zayed, had been the country’s first president, taking office when the UAE gained independence from the declining British Empire in 1971.
Like the name suggests, the United Arab Emirates is a collection of seven sheikhdoms that are governed collectively. Altogether, they occupy a territory on the Arabian Peninsula that’s about the size of Maine. Traditionally, it was one of the poorer regions in the Middle East, but when oil was discovered in the 50’s, it became insanely wealthy in a hurry.
But even though their leader is called the “president,” the UAE isn’t a presidential republic. It’s a hereditary monarchy. The al-Nahyan family has ruled Abu Dhabi since 1793, and today it has near-absolute power.
Mohammed bin-Zayed al-Nahyan was born in 1961. He was the sheikh’s third son, after Khalifa and another brother named Sultan.
In another royal family, being the third son might have made MbZ irrelevant. MbZ could have grown up in luxury and lived the life of a Middle Eastern playboy, with sports cars, private jets, and birthday concerts sung by American pop stars.
But MbZ was too ambitious for that. Like his brothers, he went to military school, graduating from the UK’s Royal Military Academy Sandhurst in 1979. Then he joined the air force and became a pilot. He loved flying and still does. Occasionally he ferries world leaders around in his personal helicopter.
MbZ quickly rose through the ranks of the Emirates’ military. It was becoming clear to the world that among Sheikh Zayed’s children, MbZ was the star. Khalifa has been described as “uncharismatic” and distant while Sultan struggled with alcoholism.
MbZ wasn’t flashy and he didn’t like to make speeches. He preferred to wield his influence behind the scenes. But he was still charismatic, a natural leader. When he wasn’t running the country’s military, the multi-billionaire enjoyed classic royal pastimes, like fox hunting, falconry and tooling around the Persian Gulf his 26-room yacht.
You know, relatable stuff.
By 1993, MbZ was Chief of Staff of the Armed Forces, where was put in charge of updating his country’s small military for the 21st century. He spent billions of dollars on American weapons and technology. Once, he read about an advanced F-16 fighter jet in a magazine and asked the Pentagon to buy it. When he was told it didn’t exist yet, he funded the R&D.
By the dawn of the 21st century, MbZ was emerging as one of the most dynamic rulers in a new generation of Middle Eastern leadership.
And then, 9/11 happened.
MbZ’s family had always been opposed to Islamic extremism. To them, Islam is a peaceful religion, and groups like al Qaeda were hijacking it.
But there was another, simpler reason why MbZ was against extremism. Often, groups like al-Qaeda and ISIS share the same goal: creating a pan-Islamic theocracy free from Western influence.
That implies the Middle East’s monarchies, like the UAE, would have to be overthrown. For MbZ, anyone who threatened his family’s authority was an enemy–terrorist or otherwise.
In the United Arab Emirates, freedom of speech is limited, and speaking out against the government can be punishable by jail time, or worse. The arrival of the Internet made the UAE wealthier and more connected, but it also allowed political dissidents to organize and ask for reforms. For MbZ, that was almost as much of a threat as terrorism.
9/11 was a watershed moment in MbZ’s life, a call to join the United States in the War on Terror. MbZ took over the country’s counter-terrorism operations. In the months after 9/11, the Emirates arrested 200 citizens and 1,600 foreign inhabitants who were suspected of planning to move to Afghanistan and join the Taliban.
The US was all too happy to have an ally like MbZ. As long as MbZ was arresting suspected terrorists, they could overlook certain other arrests he might be making.
In 2004, MbZ’s father Sheikh Zayed died after more than three decades on the throne. MbZ’s oldest brother, Khalifa, became the next president of the Emirates.
Instead of elevating MbZ’s next-oldest brother Sultan to the office of Crown Prince, the al-Nahyan family made MbZ the heir. According to cables published on Wikileaks, the move was widely supported within the country’s government.
Next January, he was made Deputy Supreme Commander of the Armed Forces. MbZ was one of the most powerful people in the country.
By the time MbZ sat down with Richard Clarke in 2008, he was well on his way to seeing all of his ambitions realized: making the United Arab Emirates into a regional power, and making himself the most powerful ruler in the region.
Project Raven would help him with all of the above, and then some.
After their meeting, Clarke and MbZ began setting up Project Raven.
MbZ made it an official appendage of the royal family, and he put his son Khalid in charge. Clarke and his company Good Harbor set up shop in a cavernous hangar at an unused airfield in Abu Dhabi.
Then, Clarke hired an American defense contractor called SRA International. It had several former NSA employees on payroll.
The plan was, the Emirati operatives would carry out Project Raven’s operations, while SRA employees would supervise. Soon, that proved impossible. The Emirati operatives were disinterested, or they had trouble keeping up with the technology. Eventually, the SRA folks had to step in and do the job themselves.
Before we go any further, this is a good time to talk about the legal issues involved here. Because there are a lot of them.
there’s the issue of whether ex-NSA employees are allowed to become mercenaries and work for foreign governments. Unlike soldiers, NSA employees often access top secret information and are sworn to secrecy for life.
Legally, this issue is murky. All companies like CyberPoint really needed was the approval of the US State Department, and CyberPoint had it – as long as they weren’t sharing classified information. They also couldn’t spy on American citizens.
But there was nothing stopping them from spying on foreign citizens on behalf of a foreign government.
There was just one legal hurdle. The Emirates didn’t want American contractors hacking their own citizens. But the Emirati computer engineers were already struggling to keep up. So, how was Project Raven going to do its job?
Simple. The Americans would just sit next to their Emirati counterparts and tell them exactly what to do, step by step. They just couldn’t go hands-on-keyboard.
Thank god for loopholes.
This was the UAE’s first, and last, line of defense against cyber threats.
Project Raven’s first order of business was building a spy tool. It was codenamed “the Thread.” It would hack Windows computers and transmit files to a server controlled by the Court of the Crown Prince.
But before “the Thread” was finished, Project Raven got its first big test.
Around Christmas 2009, a phone call came into Project Raven’s management office. It was from the UAE’s top intelligence agency, the State Security Department. The SSD had received a tip that a suspected extremist was plotting to carry out a terror attack on the Emirates. They needed Project Raven to monitor the extremist’s online activity to learn everything it could about his plans.
But we’re not even online yet, the manager protested.
The SSD didn’t give a shit. There might be lives in the balance.
Project Raven didn’t have a lot to go on. All they had was a name and an address. The suspect’s name has never been disclosed, but they were located in the northern-most emirate in the country, Ras al-Khaimah.
Without Thread, the Windows hacking tool, Project Raven’s operatives were forced to use publicly available hacking programs. They were reduced to Googling “spying tools,” and using what they found.
It worked. Once they gained access to the suspect’s online accounts, they began the exhaustive process of scouring all their online activity for something incriminating.
We don’t know what they found. We just know that they found “plans to attack the country’s infrastructure.” Or at least they said they did.
Around this time, the UAE foiled another terror plot. In Dubai, the wealthiest emirate, the iconic Burj al-Khalifa was nearing its completion. When it was finished, it would be the tallest skyscraper in the world. That also made it a tempting target for extremists.
The UAE arrested 45 suspects who were plotting to fly a plane into the nearly finished skyscraper. They were mostly Palestinians and Lebanese.
Maybe Project Raven found plans for a plot like that. We’ll never know. Whatever they found, it was incriminating enough.
In January 2010, staffers from Project Raven gathered around the conference room to watch a video feed, which was focused on the suspect’s home. The staffers watched as Security Service operatives stormed the house, breached the door, and swarmed inside. The staffers held their collective breath. If the suspect was a bomb-maker, they could easily set off an explosive and wipe everyone out.
Finally, a voice came over the feed. Suspect in custody. We got him. Project Raven’s staffers cheered and high-fived.
On the feed, the terror suspect was brought outside bound by zip ties and placed inside a black SUV. They would be taken to an undisclosed location and interrogated. Most likely, the interrogators wouldn’t be gentle.
If the staffers felt any qualms about this, they quickly put them aside. Their first mission had been a resounding success, and they weren’t even operational yet. So far, it looked like the UAE’s investment in cyberwarfare was paying off.
In the months after the first mission, Project Raven brought The Thread online and got to work. Raven moved out of the airfield and into the mansion in Abu Dhabi. The mansion was inconspicuous, located on a quiet street tucked away from the main thoroughfares. Everyone called it “the Villa.”
Now that Project Raven was operational, Richard Clarke’s job was done. Good Harbor and SRA International had satisfied their contracts, and it was time to move on to more consulting gigs.
Management of Project Raven passed on to a Maryland-based cyber security firm called CyberPoint. It was founded by a former SRA vice president named Karl Gumtow, who left the company to take over Raven.
CyberPoint began to scale up the operation. It hired several more former NSA employees.
For the ex-NSA staffers, the gig was a chance to be stationed in the Middle East, close to the front lines of the world’s conflict spots. It didn’t hurt that they could earn two to four times as much as their government salaries, income tax-free.
Above all, it was a chance to help an ally in the War on Terror.
Or so they were told. So far, Project Raven was fulfilling its mission to protect the United Arab Emirates from terrorism and and other online threats.
But soon, the mission would drift in a disturbing new direction.
Act Two
Lori Stroud joined Project Raven in 2014.
After leaving the military, Stroud had spent the last ten years at the NSA subcontractor Booz Allen Hamilton. She was stationed in Hawaii running a team of Cyber Threat Analysts when she hired a young operative named Edward Snowden. Unbeknownst to Stroud, Snowden was secretly gathering evidence that the NSA was illegally spying on on American citizens. And if you’d like to learn more about Edward Snowden, check out Episode 4 where we tell all you about it.
When Snowden went public, Stroud was devastated–but not because of what the NSA was doing. She sincerely believed in the NSA’s stated mission to protect American interests and those of its allies. She felt that Snowden was a traitor.
But as the one who’d hired Snowden, Stroud’s career was basically over. Taking the job with CyberPoint and Project Raven would be a fresh start. Plus, she’d get to live in a new country halfway around the world.
A car took Stroud to the Villa for her first briefing on Project Raven. A manager brought her upstairs to the conference room and handed her a folder titled “Purple Briefing.”
Stroud flipped through it as the manager explained.
As an employee of Project Raven, Stroud’s job would be to protect the United Arab Emirates from online threats, from hackers to terrorists. It was defensive work. Probing the UAE’s security systems for weaknesses, guarding sensitive documents and communications, intercepting malware and phishing attempts. All familiar tasks in a Cyber Threat Analyst’s job description. Stroud was psyched to get to work.
Thinking the briefing was over, Stroud stood up from the table.
Sit back down, the manager said.
Strange, but she complied.
The manager took away the purple briefing folder and replaced it with another folder.
The Purple Briefing is your cover story, they said. This is the Black Briefing.
The Project Raven manager outlined Stroud’s real job. It wouldn’t be defensive. It would be offensive.
Project Raven would be monitoring the Internet traffic of anyone the regime deemed a threat. Should the need arise, they would hack into their Internet accounts.
Stroud frowned. Sure, she expected they might have to hack into criminal suspects’ online accounts. But this wasn’t what the recruiter had described.
The manager noticed her concern.
You’ll still be defending the Emirates from threats. You’ll just be doing it…a bit more proactively.
Stroud thought about the consequences of backing out. She had flown more than 7,000 miles to get here. She’d moved out of her last residence and had nowhere to return to. And quitting a job before you started was rarely a good career move.
The manager put away the Black Briefing folder. Let me show you to your desk.
Stroud’s new employee orientation was a typical one for CyberPoint staffers when they arrived at Project Raven.
The same year CyberPoint took over Project Raven, Middle Eastern politics underwent a seismic shift.
In late 2010, a 26-year-old Tunisian named Mohamed Bouazizi was working as a fruit and vegetable vendor. He barely made enough to support his mother, uncle, and five siblings. His dream in life was to own a van.
On the morning of December 17th, a municipal inspector named Faida Hamdy and her colleagues approached Bouazizi’s produce cart. They demanded to see his business permit. When he couldn’t produce one, a scuffle broke out. They spat in his face, slapped him, beat him, and confiscated his electronic scales.
Embarrassed and angry, Bouazizi walked to the municipal building and demanded his property be returned. He got another beating. Then he walked to the governor’s office. They ignored him.
Furious and desperate, Bouazizi approached the governor’s tall metal gate. How do you expect me to make a living? he shouted.
Then, he doused himself with paint thinner and set himself on fire. He would die almost three weeks later.
But his cousin Ali uploaded the video to Facebook, where it went viral. Bouazizi’s self-immolation inspired protests around the country against Tunisia’s harsh and unfair economic conditions.
Soon, the peaceful protests overwhelmed the government, which had been ruled by President Zine al-Abidine Ben Ali since 1987. Ben Ali fled the country to Saudi Arabia.
The ousting of Ben Ali would inspire similar movements in other countries. Collectively, they became known as the Arab Spring uprisings.
The protests spread to Egypt, where young protesters used social media to organize against President Hosni Mubarak, another autocrat who’d been in power since the 1980’s.
In Egypt, the Arab Spring protests came under the influence of the Muslim Brotherhood. This is a pan-Islamic political and social movement that was founded in 1928. Among its goals, the Brotherhood wants to remove Western influences from Muslim countries. The Egyptian chapter of the Brotherhood wants to reinstate a government based on Islamic principals, which many have interpreted to mean Sharia law.
The Brotherhood was banned in Egypt until 2011, when Arab Spring protests forced President Mubarak from power. In the country’s first democratic presidential elections, the Muslim Brotherhood’s Mohamed Morsi was elected.
The Arab Spring spread to Libya, Algeria, Syria, and Yemen. It even stirred up sympathetic movements in the United Arab Emirates. The UAE’s version of the Muslim Brotherhood, al-Islam, was demanding democratic reforms and speaking out against the country’s human rights abuses. They accused the UAE of arresting political protesters without cause, of holding them indefinitely, and in some cases torturing them.
For the UAE’s leadership, especially Mohammed bin-Zayed al Nahyan, this was a nightmare scenario on par with a major terrorist attack. If governments in Tunisia and Egypt could fall, the UAE could be next. The Arab Spring uprisings convinced MbZ that one of the most dangerous threats facing the United Arab Emirates was the Muslim Brotherhood.
MbZ poured resources into combating the Brotherhood abroad.
In Egypt, the Brotherhood’s president Mohamed Morsi was removed from power in 2013 by a military coup. The country’s defense minister, Abdel Fattah Al-Sisi, took over. Afterwards, MbZ financed the Sisi’s new administration to ensure he stayed in power.
Then, MbZ turned his attention to al-Islah.
Project Raven was assigned to track online message boards where al-Islah and other protesters met. They gathered evidence that could be perceived as threatening to the al-Nahyan regime.
Their work contributed to the arrest of 94 activists and journalists were put on trial. Many were sentenced to over a decade in prison. In 2014, the UAE designated al-Islah as a terrorist group and banned it.
For a lot of the American members of Project Raven’s staff, this wasn’t what they had signed up for. They weren’t stopping cyberattacks or online terrorism. They were to keep tabs on any “persons of interest” deemed a threat to the regime.
It was starting to seem less like they were the last line of defense in cyberwarfare and more like they were the tool of a powerful government, one with a lot of enemies.
Some of their targets weren’t even Emirati citizens, like Rori Donaghy. He’s a British blogger who published a website critical of the regime. A Project Raven hacker approached Donaghy by pretending to be a human right’s organization. Donaghy received an email inviting him to participate in a human rights panel. When he clicked the link, it installed malware on his computer.
However, since Donaghy was in England, the UAE couldn’t touch him.
Ahmed Mansoor wasn’t so lucky.
Mansoor is a former engineer educated at the University of Colorado. He’s long advocated for democratic reforms in the UAE. In 2011, he was imprisoned for posting an online petition asking for citizens to have the right to directly elect the country’s legislature. He was charged with “insulting the country’s leadership.”
After his release from prison, Mansoor continued his activism. Project Raven codenamed him “Egret.”
Project Raven discovered Mansoor making plans to protest outside the Federal Supreme Court building. They also found evidence that he had taken a photo of a detainee inside a government detention center, against prison policy. They dutifully passed along the information to the National Electronic Signals Agency, or NESA.
Mansoor was arrested again. He was later given a secret trial and sentenced to ten years for “damaging the country’s unity.”
Overall, Project Raven had monitored hundreds of people for the Emirati government. It was a proof of concept that a cyber warfare program could be used for offense, not just defense.
But they were just getting started.
January 24th, 2014 was a Friday, and so, the President of the United Arab Emirates, Sheikh Khalifa bin Zayed al-Nahyan, was getting ready to attend mosque for weekly services.
As the president was getting dressed, he picked up a cup of coffee to take a sip. Suddenly, the cup slipped from his hands, fell to the floor, and shattered.
Sheikh Khalifa scolded himself for his clumsiness. As he turned to the intercom to call someone to clean up the mess, he noticed that his hand had gone numb. Pushing the intercom button was impossible.
The sheikh tried to call out for help, but he found it difficult to speak. Soon, he lost his balance and collapsed.
The sheikh’s aide heard the clatter and gently knocked on the bedroom door. When there was no answer, he opened it and found the sheikh on the floor, unresponsive.
The sheikh has fallen! Call the ambulance!
The sheikh was rushed to the hospital, where doctors diagnosed him with a stroke. He would need emergency surgery immediately. He was prepped and taken to the operating room.
Outside, the sheikh’s brother, MbZ, waited for news about the surgery’s outcome. He feared for his brother’s life. At the same time, the stroke had big implications for his future. As the Crown Prince, he was next in line to succeed his brother should the unthinkable happen.
Finally, the surgeon emerged from the OR. The surgery was a success. The sheikh was stable. But he’d never be the same.
The next few days were a whirlwind. MbZ took calls from leaders across the Middle East and around the world, thanking them for their well-wishes. It was decided that while Sheikh Khalifa would retain the title of president and some of his ceremonial duties, MbZ would become the de facto ruler of the United Arab Emirates.
MbZ had always been a powerful figure within the UAE’s government. But he’d always been careful not to upset his older brother with reckless and aggressive decisions. Now, MbZ answered to no one.
At Project Raven, the CyberPoint staffers were becoming a vital part of the Emirates national security. But MbZ had even bigger plans in mind.
Shortly after he became the country’s de facto leader, Project Raven began Operation Brutal Challenge.
Besides Iran, one of the United Arab Emirates’ biggest rivals is Qatar, another small and oil-rich monarchy on the Arabian Peninsula.
In 2010, Qatar surprised the sports world by winning the bidding for the 2022 World Cup. Almost right away, there was suspicion that Qatari officials had bribed FIFA
-- sports?! Corrupt?! I know, I know. Shocking.
If the Emirates could discover proof that Qatar had bribed FIFA, it would be a national embarrassment for their rival.
That’s where Project Raven came in.
Operatives sent Facebook messages to top FIFA officials and officials from the Qatari government.
The messages invited the recipient to click on a link to a website called “worldcupgirls,” promising nude photos of soccer fans. If they did, it would install spyware on their devices.
Project Raven hacked into many top officials’ private correspondences. They even managed to hack Sheikha Moza bint Nassir, wife of the country’s ruler. There, they found correspondence between Sheikha Moza and First Lady Michelle Obama. They were planning the First Lady’s appearance at the annual World Innovation Summit for Education (WISE), where she would promote her "Let Girls Learn" initiative.
It’s unclear if Project Raven uncovered any actual evidence of bribery. Shortly after Qatar won the bid, evidence of the bribery was leaked to the media anyway.
For some of the Americans working for Dark Matter, this was a step too far. Embarrassing Qatar had nothing to do with their mission. On top of that, they had accessed the First Lady’s private correspondence. They hadn’t meant to, but it was dangerously close to breaking the law.
Friction began to develop between the Americans and the Emiratis. CyberPoint remained in charge of day to day operations until the end of 2014. Soon, that would change.
By now, Project Raven/D.R.E.A.D. was functioning like the country’s top cyberintelligence department. But it was still run by American contractors. It just wouldn’t do to have foreigners running the show.
In 2015, the Emirates approached CyberPoint and its CEO Karl Gumtow with an ultimatum. An Emirati cybersecurity firm called Dark Matter was going to take over Project Raven’s contracts. The Americans could stay on with Dark Matter and work directly for the Emirati government. Or, they could go home.
Many, like Lori Stroud, opted to stay. They figured the job most likely wouldn’t be very different. After all, they’d already convinced themselves it was ok to spy on the enemies of the UAE’s regime. Did it really make a difference who was calling the shots?
But after DarkMatter took over operations, things took on a different vibe.
Their new managers stopped including Lori Stroud and her American colleagues in all of their briefings. They were kept out of the loop on the big picture. Meanwhile, the Emirates had been investing in computer engineers, and more and more Emiratis were joining the staff.
Worst of all, Lori Stroud and her colleagues didn’t have access to. They have access to the Target List, which kept track of all the people Project Raven targeted.
Accessing the First Lady’s emails was bad enough. But who else might they be spying on?
Act Three
In 2016, Lori Stroud woke up to the pilot talking over the intercom.
We’re now beginning our final descent into Dulles International Airport.
The plane ride from Abu Dhabi had taken almost 15 hours. She was jet-lagged and stiff from the long trip.
She was glad to get out of Dubai and away from her work. Things hadn’t been great since Dark Matter took over. She needed this holiday break, when she would recharge with family and friends.
As she exited the plane and headed for baggage claim, two people in business suits approached her.
Ms. Stroud? We’re with the FBI. Can we speak with you for a moment?
She was pretty sure she hadn’t done anything wrong. But nobody likes talking to the FBI, not even former NSA employees.
The agents brought her into a small and stuffy room tucked away somewhere in the airport. They got right to the point.
In your work with CyberPoint, or Dark Matter, have you ever spied on American citizens?
Lori was taken aback. Maybe Lori could condone the NSA spying on its own citizens. But she couldn’t stomach spying on her fellow Americans for a foreign government.
Personally she had never spied on Americans. Yes, they had inadvertently accessed the First Lady’s emails. But that was a far cry from deliberately spying on American citizens.
But the fact that the FBI was asking at all was alarming. And she honestly had no idea what the answer was.
I’m not telling you jack, she said.
Why don’t you take a business card. The agent slid one across the table. With that, the meeting was over. But it would cast a dark shadow over her holiday break, and her work for Dark Matter.
In her time with Project Raven, Lori Stroud had been involved in some of Emirates worst crises, like the 2014 killing of Ibolya Ryan by the so-called Reem Island Ghost.
The hunt for the Reem Island Ghost didn’t last very long. Hours after the woman killed Ibolya Ryan in the Abu Dhabi shopping mall, she was caugh placing a pipe bomb outside the home of an American-Egyptian doctor. The bomb never exploded and she was arrested.
Who was the Reem Island Ghost?
Her name was Ala'a Badr Abdullah al-Hashemi. She was a 31-year-old mother of six from Abu Dhabi. She had no connection to ISIS. Her husband had been detained by Emirates authorities indefinitely without an explanation.
After digging into her Internet history, Lori and her coworkers determined al-Hashemi listened to speeches by al-Qaeda’s leaders Osama bin Laden and Abu Musab al-Zarqawi. She had also watched videos of killings and beheadings. This reportedly radicalized her and convinced her to attack Westerners and Western-sympathetic Muslims at random.
Al-Hashemi was sentenced to death for the killing of Ibolya Ryan, and a year later was executed by firing squad.
Lori Stroud had also played a small role in the UAE’s intervention in Yemen’s civil war.
Yemen is one of the poorest countries in the Middle East. In 2014, Houthi rebels in pickup trucks and armed with bolt action rifles stormed the capital of Sana’a and overthrew the government.
Since the Houthis were allied with the Muslim Brotherhood, the UAE and its allies viewed the Houthis as a threat. In 2015, the UAE led a coalition with Saudi Arabia to invade Yemen and prop up its authoritarian President Hadi.
When the UAE invaded, Lori Stroud’s team assisted the intervention by spying on Houthi officers, as well as Yemeni politicians, government officials, and even civil rights leaders, like Tawakel Karman. She was one of the leaders of the Yemeni Arab Spring movement, and nicknamed The Iron Woman of Yemen.
Stroud spent her holiday in the states and flew back to the Emirates for work. She tried to put the conversation with the FBI out of mind. She was mostly successful.
One thing that helped: Project Raven got a cool new toy to play with.
During the CyberPoint days, it was still relying on relatively simple hacks like phishing schemes. They were nowhere near as sophisticated as the techniques available to the NSA.
That changed in 2016.
For hackers everywhere, the Holy Grail of hacking was the ability to crack Apple’s famously secure operating system. In 2016, Dark Matter purchased a tool called Karma.
Karma allowed them to break into iPhones. All they needed was a phone number. Once the number was entered into Karma, the program would send a text message to the target. When it arrived, the hacker was in. The user didn’t even have to open the text for the exploit to work.
Stroud and her colleagues were shocked. Tools like this were common in countries like the US, Russia, and China, but this was one of the first times it had become available in a Middle Eastern country.
They were kept in the dark about how Karma actually worked. They knew it used an exploit in the iPhone’s iMessaging software to install malware on the smartphone. It was an amazingly powerful hacking tool. To Lori Stroud, it was like Christmas.
Project Raven used Karma to initiate a new wave of intrusions. They continued hacking dissidents and human rights activists who were inconvenient to the regime.
One was Loujain al-Hathloul. Born in Saudi Arabia in 1989, al-Hathloul has long been an opponent of Saudi Arabia’s male guardianship system, which among other things banned women from driving. In 2014, she was arrested and detained for 73 days for trying to drive across the border from the UAE into Saudi Arabia.
After her release, she relocated to the UAE and continued her activism. Since Saudi Arabia is a strong ally of the UAE, that put her on the government’s radar.
Using Karma, Project Raven’s operatives managed to break into al-Hathloul’s iPhone, track her movements, and access her private data. This allowed the Emirates’ Security Service to arrest al-Hathloul and extradite her to Saudi Arabia. She was charged with crimes like “agitating for change,” “using the internet to cause disorder,” and “pursuing a foreign agenda.”
She was sentenced to six years in prison. She’s often held in solitary confinement and told reporters that she’s regularly been tortured.
Al-Halthoul’s trial took place months before Saudi Arabia removed the ban on women driving.
Meanwhile, Project Raven was monitoring social media for people who might be critical of the regime, or even just made the country look bad. One man was arrested for posting a satirical video. Three social media influencers were arrested for a video of a viral dance challenge involving moving vehicles. One man, Osama al-Najarr, was arrested and jailed for Tweeting that his father, one of the 94 al-Islah detainees, had been tortured. He served a three year sentences and was involuntarily kept for months afterward in a “counseling center.”
Even foreign citizens were being arrested. One British woman was arrested and fined at the airport after writing critical Facebook posts about her ex-husband’s new wife.
But they still weren’t spying on American citizens, so far as Lori Stroud could tell.
Project Raven’s biggest and most ambitious project would come in 2017.
In May of that year, President Donald Trump and the King of Saudi Arabia announced an unprecedented arms deal. The US pledged to sell the Saudis $110 billion in weapons, and agreed to another $266 billion in commercial deals.
In the US, the deal was made to assist the Saudis in their ongoing war with Yemen’s rebels. It was also a strong signal that the Trump Administration supported the Saudis and their allies, like the UAE.
This gave the UAE leverage.
While the Yemen civil war raged on, Qatar continued to be a thorn in the UAE’s side. Qatar supported the Muslim Brotherhood, and it enjoyed a close diplomatic relationship with Iran—Qatar and Iran share the world’s largest oil field.
The UAE also suspected that Qatar supported terrorism, although it didn’t have enough proof to condemn them in front of the world.
But a lack of proof wasn’t about to stop them.
In the early morning hours of May 24, 2017, staffers at the country’s top state-run media organization, the Qatar News Agency, were shocked to find that someone had accessed their website. This hacker altered news reports, attributing false quotes to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani. In them, the sheikh appeared to be praising Iran and the Palestinian terrorist organization, Hamas.
They took down the fake news and alerted Qatar’s government about the intrusion just 45 minutes after it happened. But media outlets in the Middle East were already running with the story.
While the UAE’s state-run media ran with the story, it shut down broadcasts from Qatar. Including al-Jazeera, the Muslim world’s most-watched news network that’s headquartered in Doha.
The UAE, Saudi Arabia, Egypt, and Bahrain severed all diplomatic relations with Qatar. Then, they embargoed the country. They closed the land border, blocked ships from docking at ports, and banned air travel between the countries.
They presented Qatar with 13 demands in order for the embargo to be lifted. Among them, they wanted Qatar to shut down al-Jazeera, move away from Iran, and stop meddling in other countries’ affairs.
The Qataris refused to budge. They accused the UAE of hacking its news websites and planting fake news. U.S. intelligence operatives backed up the accusation.
Assuming the UAE did indeed hack Qatar’s news websites, it’s unknown if Project Raven was involved, or if it was another part of the Emirates’ expanding cybersurveillance apparatus.
But former Raven staffers have admitted that they coordinated their activities to support the 2017 Qatari diplomatic crisis.
Using Karma, Raven staffers hacked into the phones of dozens of Qatari journalists, including the chairman of al-Jazeera, and top government officials including the sheikh himself.
By keeping tabs on journalists’ phones, they could monitor their whereabouts, access their communications, or worse. This gave them a huge advantage over Qatar’s media as the story played out in the regional and global press.
For Lori Stroud, it was a lot to keep track of.
About a year and change after her sit down with the Feds, Stroud was promoted to team leader. This gave her full administrative access to the Target List.
Really it was just a big spreadsheet that listed everyone Project Raven was monitoring. Targets were color-coded based on nationality. Yemen was brown, Iran was gray, etc.
One day, Stroud was working on a backlog of assignments and noticed that a scanned American passport was in Project Raven’s system.
Hoping it was a mistake, Stroud approached her manager, Marc Baier. He told her it was nothing to worry about.
Stroud then logged onto the Target List. There, she discovered a new color-coded category: White, which stood for Americans.
Stroud saw the names of 10 journalists.
Project Raven was spying on American citizens. Here was the proof.
She confronted Baier again. He told her to drop it. But he also said that if any spying was being done on Americans, it wasn’t being done by Americans. It was being done by Emiratis. Like that was any better.
A few days later, Baier called Stroud into his office. She was being placed on administrative leave. He confiscated her phone and her passport.
Stroud knew she was fired. But without her passport, she was unable to return to the United States.
It would take two months before her passport was returned to her and she was allowed to travel home.
Finally, in the summer of 2017, Stroud’s plane touched down on the tarmac at Dulles International.
Now that she was back on U.S. soil, she had a job to do.
In the terminal, she took out her phone and the business card belonging to the FBI agent.
The woman who once thought Edward Snowden was a traitor was now going to blow the whistle.
Act Four
Stroud’s information led the FBI to investigate multiple former Project Raven staffers. In 2021, the Justice Department charged three with violating the Arms Export Control Act and the International Traffic in Arms Regulations. They were Ryan Adams, Daniel Gericke, and Marc Baier, Lori Stroud’s ex-manager.
Ultimately, prosecutors reached a deferred prosecution agreement with the staffers. They paid $1.68 million in penalties.
At the time of the agreement, Daniel Gericke was working as the chief information officer of Express VPN, a privacy and encryption software company. In response, Express VPN released a statement: “To be completely clear, as much as we value Daniel’s expertise and how it has helped us to protect customers, we do not condone Project Raven. The surveillance it represents is completely antithetical to our mission.”
After Project Raven’s activities became public knowledge, the US government passed multiple laws,
The first requires the Washington intelligence community to provide Congress with an annual report detailing the activities of former national security operatives abroad, including the risk they pose to Americans. The second law controls the sale of cyber tools like Karma.
Court documents released in 2021 revealed that the United Arab Emirates purchased the Karma hacking tool from an American company called Accuvant. Project Raven spent $1.6 million on Karma.
Accuvant is now owned by a company called Optiv. Richard Clarke’s Good Harbor Consulting is still in business, as is CyberPoint.
In the United Arab Emirates, Mohammed bin-Zayed al Nahyan still isn’t the president, but the Crown Prince remains the country’s ruler in everything but name.
The UAE withdrew from Yemen in 2020, after five years and numerous accusations of human rights abuses. The civil war continues today.
The UAE and its allies finally lifted the Qatar embargo in early 2021. Qatar never made the concessions that the UAE and its allies demanded.
In January 2022, Houthi rebels from Yemen launched a drone attack on a pipeline and terminal facility for the Abu Dhabi National Oil Co., killing three workers and injuring several. It’s one of the first terrorist attacks in the United Arab Emirates in the 21st century. Since then, the UAE has intercepted three more ballistic missile attacks from the Houthis.
Loujain al-Hathloul was released from prison in February 2021. She filed a lawsuit against Baier and other ex-Raven staffers for hacking her.
Ahmed Mansoor remains in prison, where he’s often kept in solitary confinement. So do many members of the al-Islah crackdown.
In late December 2019, Dark Matter was revealed to be the creator of the popular social media app called ToTok, which it allegedly used to monitor its own citizens.
You can still download ToTok today, although it’s not recommended.
Dark Matter still runs Project Raven, a.k.a. D.R.E.A.D. And D.R.E.A.D. is still an active part of the UAE’s national security.
So, before you go online and criticize the United Arab Emirates or its government, be aware that someone is listening.
I’m Keith Korneluk and you’re listening to Modem Mischief.
CREDITS
Thanks for listening to Modem Mischief. Don’t forget to hit the follow button in your favorite podcast app right now so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. Tell your friends, your enemies, tattoo it on your lower back next to that butterfly you got in college. And another way to support us is on Patreon or a paid subscription on Apple Podcasts. For as little as $5 a month you’ll receive an ad-free version of the show plus monthly bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by Jim Rowley. Edited, mixed and mastered by Greg Bernhard aka the You know, THAT guy. The theme song “You Are Digital” is composed by Computerbandit. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. And slide into our DM’s. Thanks for listening!