+ A
A -
Reuters
WASHINGTON
A team of former US government intelligence operatives working for the UAE hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma.
The cyber tool allowed the UAE to monitor hundreds of targets beginning in 2016, from Qatari and Turkish officials to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and programme documents reviewed by Reuters. Karma was used by an offensive cyber operations unit in Abu Dhabi consisting of Emirati security officials and former American intelligence operatives working as contractors for the UAE’s intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven’t been previously reported.
The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.
In 2016 and 2017, Karma was used to obtain emails, text messages and location information from targets’ iPhones. The technique also helped the hackers harvest saved passwords, which could be used for other intrusions. The former operatives said that by the end of 2017, security updates to Apple Inc’s iPhone software had made Karma far less
effective.
WASHINGTON
A team of former US government intelligence operatives working for the UAE hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma.
The cyber tool allowed the UAE to monitor hundreds of targets beginning in 2016, from Qatari and Turkish officials to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and programme documents reviewed by Reuters. Karma was used by an offensive cyber operations unit in Abu Dhabi consisting of Emirati security officials and former American intelligence operatives working as contractors for the UAE’s intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven’t been previously reported.
The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.
In 2016 and 2017, Karma was used to obtain emails, text messages and location information from targets’ iPhones. The technique also helped the hackers harvest saved passwords, which could be used for other intrusions. The former operatives said that by the end of 2017, security updates to Apple Inc’s iPhone software had made Karma far less
effective.
