Mysterious UAE Cyber Firm Luring ex-Israeli Intel Officers With Astronomical Salaries

Probe finds DarkMatter works for UAE’s intelligence agency attacking Western targets, journalists and human rights activists, with graduates of Israel's Defense Forces earning up to $1 million annually

Images taken from DarkMatter's YouTube channel.

Should graduates of Israel Defense Forces technology units be able to use the knowledge and skills they gained during their service to work for an Arab cyber firm with close ties to a dictatorial regime that does not have diplomatic relations with Israel?

Strange as the question may sound, there is growing evidence that such a thing is occurring. Even though it is not widespread, some say the defense establishment is growing increasingly worried.

Haaretz Weekly Ep. 44Haaretz

DarkMatter, a cybersecurity company formed in 2015 in Abu Dhabi, part of the United Arab Emirates, officially limits itself to cyber defense. But according to a Reuters expose published earlier this year, DarkMatter provides hacking services to the UAE intelligence agency against Western targets, journalists and human rights activists.

The company operates an office in Cyprus, which among other things employs Israeli software developers. “That is de facto smuggling of Israeli intellectual property without any supervision of the [Israel Defense Ministry’s] Defense Export Controls Agency,” said one source in the Israeli cyber intelligence sector, who asked to be identified only as Y. “They’re taking these young people to Cyprus, buying them off with huge salaries.”

Cyberattack researchers’ job is to find vulnerabilities in software and networks in order to break into them. Those with the skills, often acquired while serving in elite units, command some of the highest salaries in Israeli high-tech. Y. claimed DarkMatter pays even more.

“I know of researchers who were tempted with salaries of close to $1 million a year,” he said. DarkMatter did not provide a comment by press time.

In March, The New York Times reported that in 2017 the Israeli cyber intelligence company NSO suffered a wave of employee departures, all veterans of the IDF’s vaunted 8200 unit.

A private investigator retained by NSO to discover what was behind the exodus found they had all gone to Cyprus. They worked at a research facility in a building owned by a company affiliated with Dark Matter, the Times said. It cited sources as saying that DarkMatter had another office in Singapore that was managed by Israelis.

Did these Israelis working for a UAE intelligence agency get the required clearances from Israel’s Defense Ministry? The ministry declined to give a decisive answer.

In response to a query by TheMarket, it said: “The Defense Ministry doesn’t comment on specific cases regarding defense export policies and for that reason won’t comment on specific licenses or who is listed in the export registry. In regard to Israeli citizens who ask to transfer supervised security intellectual property to a foreign entity (whether it involves a company he owns or a company he works for), this is an activity that is required by law to be done with a sales and export license.”

According to the Reuters report, starting in 2014 former employees of the U.S. National Security Agency were recruited by a Baltimore headhunter to work for Project Raven. The team operated out of Abu Dhabi, whose government was also its main — perhaps its only — client.

Recruits were required to move to Abu Dhabi, in exchange for generous salaries. The goal, it appears, was to hire Western expertise to establish hacking capabilities and over time hand over the work to locals as they learned the ropes.

However, the American employees quickly grew suspicious about Project Raven’s operations and objectives. While it portrayed itself as a U.S. ally in the war on terror, some of its operations involved extensive surveillance of individuals who included journalists and anti-government activists. Its biggest operation, called Karma, involved breaking into the iPhones of hundreds of activists, suspected terrorists and political rivals in the UAE.

Project Raven was shut down in 2016, and its employees were given the option of going to work for DarkMatter. The Reuters report said the company had very close ties with the UAE intelligence services, occupying offices in the same building and in effect serving as their operations arm.

Reuters said most of the former NSA employees opted to stay on and work for DarkMatter but others left as the nature of the work they were doing became manifest, especially after they learned that some of the targets were in the United States and American citizens.

“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” Lori Stroud, a former employee, told Reuters.

Today it appears that there are Israelis working for the company despite the Reuters expose.

“DarkMatter was founded to be the Rafael and NSO of the UAE, to reach the capabilities of the leading Israeli companies,” said Y. Rafael Advanced Defense System is an Israeli government-owned defense manufacturer.

DarkMatter was founded and is led by Faisal Al Bannai, who also established Axiom Telecom, one of the Gulf’s biggest sellers of mobile phones. His father is a general in the UAE military. Al Bannai has degrees from Boston University and City University in London.

According to his LinkedIn page, DarkMatter employs 650 people and has offices in Finland, Cyprus, Singapore and other countries, Its turnover is estimated in the hundreds of millions of dollars.

Reuters reported that Al Bannai has visited Israel several times for business and met with Israeli cybersecurity executives. TheMarker could not get independent confirmation that he visited Israel, but Y. said Al Bannai’s most recent trip to Israel was probably last summer, when he was accompanied by officials from Israel’s National Security Council. He told them in advance what cybersecurity companies he wanted to meet with.

He didn’t get approval to meet with all of them but in some cases apparently arranged meetings later in third countries. “This was very embarrassing for the Defense Ministry,” said Y.

DarkMatter attracted headlines again in August after Google blocked websites certified by DarkMatter from its Chrome and Android browsers.

Google did not give a reason for the move but it cited the same decision taken by Firefox browser-maker Mozilla in July. Mozilla said it would block DarkMatter-certified websites because of “credible evidence” that the company had been involved in hacking operations.

The major browsers had granted DarkMatter a provisional status to certify the safety of websites in 2017. The company had sought to be recognized as one of around 60 firms with fully recognized status.

Under that provisional status, DarkMatter approved about 275 websites, most of which appeared to be for local firms or companies affiliated with the Abu Dhabi-based security firm itself.

Sunnis vs. Shi’ites

Another source said the problem wasn’t limited to Israelis working for an Arab country.

“Take, for instance, an Israeli who studied physics and works for Rafael,” said another cyber security industry source, who asked to be identified as T. “One day he gets an offer from Siemens or Boeing and leaves Israel to work for them. These companies sell their products without a second thought to enemy countries like Lebanon, and if there wasn’t an embargo they’d sell to Iran, too. In fact, there’s a much bigger risk that Germany will sell arms to our enemies than that the UAE will.”

T. framed the issue in terms of the war between Sunni Arab powers, led by Saudi Arabia and supported by the U.S., and Shi’ite powers led by Iran, partly backed by Russia. Israel sees Saudi Arabia and some of the Arab Gulf states as allies in the struggle.

“There are contacts between the countries at various levels. Israel doesn’t want to say this out loud,” T. said, adding that he had met with executives from DarkMatter.

“They’re very impressive people and I’d be happy to work with them. I’ve heard about several Israelis who work there and I’ve met one,” he said, estimating that around 20 Israelis work for DarkMatter.

On at least two occasions, Israeli companies sold tracking technology to the UAE. As far as is known, both contracts were cleared by Israel’s Defense Ministry.

In the first, it was revealed in 2016 that the Gulf country had bought technology from NSO that was used to break into the iPhone of the Emirati human rights activist and government opponent Ahmed Mansoor, who was subsequently arrested and tortured.

A year earlier, it was reported that AGT International, a company controlled by Mati Kochavi, an Israeli, had been contracted to develop a smart-city project in Abu Dhabi. The technology would enable the government to monitor citizens.

Another cybersecurity executive, who also asked not to be named, said there was a big difference between an Israeli company selling sensitive technology to an Arab country and an Israeli expert working for one.

‘There’s an essential difference between selling to Abu Dhabi and working for them. The minute an Israel company sells to a Gulf state, the [product’s] capabilities are restricted by orders of the Defense Ministry … but when a researcher goes to work there he takes all his knowledge with him – there’s no limit on how he can use it.