In January, Reuters reported that United Arab Emirates (UAE)-based DarkMatter provided staff for a secret hacking operation, code named Project Raven, that operated from a converted Abu Dhabi mansion. The program allegedly conducted offensive cyber operations for the UAE government, including hacking into the internet accounts of human rights activists, journalists and officials from rival governments.
But former Raven operatives said that many DarkMatter executives were unaware of the program’s existence, while the company has denied any involvement in Project Raven.
The allegations come as Mozilla has been trying to figure out whether it should give DarkMatter the authority to certify websites as safe. As a result of the report, two Mozilla executives told Reuters last week that the company now has serious concerns that DarkMatter would use Mozilla’s certification authority for “offensive cybersecurity purposes rather than the intended purpose of creating a more secure, trusted web.”
“We don’t currently have technical evidence of misuse (by DarkMatter) but the reporting is strong evidence that misuse is likely to occur in the future if it hasn’t already,” said Selena Deckelmann, a senior director of engineering for Mozilla.
She added that the company might also decide to get rid of some or all of the more than 400 certifications that DarkMatter has granted under a limited authority since 2017. The company has been pushing for full authority since then, which would make it one of fewer than 60 core gatekeepers for Firefox’s millions of users around the world.
In a February 25 letter to Mozilla, DarkMatter CEO Karim Sabbagh denied his company has had any involvement with Project Raven. “We have never, nor will we ever, operate or manage non-defensive cyber activities against any nationality,” he wrote.