This US company sold iPhone hacking tools to UAE spies


Optiv spokesman Jeremy Jones wrote in an email that his company is “cooperating fully with the Department of Justice” and that Optiv is “not the subject of this investigation.” That’s right: The subject of the investigation are three former US intelligence and military personnel working illegally with the UAE. However, Accuvant’s role as an exploit developer and seller was significant enough to be detailed in the Justice Department court filings.

The iMessage exploit was the primary weapon in an Emirati program called MixedIt was run by DarkMatter, an organization that appears to be a private company but actually acts as a de facto spy agency for the UAE.

Reuters reported Presence of Karma and iMessage exploit in 2019. However, on Tuesday fine three former US intelligence and military personnel, $1.68 million for their unlicensed work as mercenary pirates in the UAE. This activity involved purchasing Accuvant’s tool and then managing UAE-funded hacking campaigns.

US court documents noted that the exploits were developed and sold by American firms, but did not name the hacking companies. The role of Accuvant has not been reported so far.

“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” Bryan Vorndran, deputy director of the FBI’s Cyber ​​Division, said in a statement. “This is a clear message to anyone, including former U.S. government employees considering using cyberspace to exploit export-controlled information for the benefit of a foreign government or foreign business company — there is risk and there will be consequences.”

Productive exploit developer

Despite the UAE being seen as a close ally of the United States, DarkMatter has been linked to cyberattacks against a number of American targets. by the way court documents and informants.

it helped American partnership, expertise and moneyDarkMatter has developed the UAE’s offensive hacking capabilities from almost zero to a challenging and active operation in just a few years. The group has spent a lot of money recruiting American and Western hackers to develop and sometimes direct the country’s cyber operations.

At the time of the sale, Accuvant was a small research and development lab located in Denver, Colorado that specialized in and sold iOS vulnerabilities.

“The FBI will fully investigate individuals and companies that profit from illegal cybercriminal activities. This is a public message… there is risk and there will be consequences.”

Brandon VorndranF.B.I.

Ten years ago, Accuvant gained a reputation as a prolific exploit developer working with larger US military contractors and selling bugs to government customers. In an industry that typically values ​​a rule of silence, the company has occasionally caught public attention.

“Accuvant represents the good side of cyberwarfare: an emerging market,” wrote journalist David Kushner. 2013 profile of the company at Rolling Stone. It was a company that “could hack into external systems and gather intelligence, or even create custom software that could shut down a server and get paid up to $1 million for it.”

Optiv has largely exited the hacking industry after a series of mergers and acquisitions, but Accuvant’s alumni network is strong and still working on exploits. Two high-profile employees co-founded Grayshift, an iPhone hacking company Known for its ability to unlock devices.

Accuvant has sold hacking vulnerabilities to multiple customers in both governments and the private sector, including the US and its allies, and MIT Technology Review has learned that this exact iMessage exploit was being sold to multiple customers at once.

iMessage flaws

The iMessage exploit is one of the few critical flaws in the messaging app that has been discovered and exploited in recent years. A complete 2020 update for the iPhone’s operating system reconstruct iMessage security to make targeting harder.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *