How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People

How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People

Research And Publications 1018views

The article was written by Simone Margaritelli who is a former black hat hacker.

Recently, we’ve been overwhelmed with news of horrors, attacks, monsters who murder the innocent in the name of a faith they don’t truly know. I’m publishing this article today to talk about other monsters, and I can guarantee these can be much worse than the ones we are now familiar with. They are the ones you don’t see coming, those you cannot conceive to be real.

In the United Arab Emirates there is no such thing as freedom of speech; a fact that has been repeatedly confirmed by organisations such as Amnesty International and Human Rights Watch

Instances of people being incarcerated for merely criticising their employers have been documented.

Needless to say that the Web is also subject to intensive scrutiny by the authorities, who block specific sites and services, and go as far as tracking private citizens.
In light of these facts, I feel obliged to divulge my own experience, what I was asked to do, and what is happening in the UAE of which many are oblivious.

I find it of utmost importance to speak up with the intent of informing the unknowing victims of their own government, as well as proving to these “gentlemen” that all the money in the world cannot buy a persons integrity.

Clearly I have no real evidence, if not a few, rather vague emails and a number of references I will link to in this article.
These people are as capable of invading the privacy of others as they are of protecting their own. It is up to my readers to form an opinion and decide whether my story holds any validity.

Though hardly news to anyone, nor particularly shocking, it is worth keeping in mind that it is usually the private companies that sell surveillance products to governments, whereas in this case we are looking at something developed internally by the government itself.

Moreover, in these lands the line between a “person of interest” and mere political dissident is truly very fine.

Sounds like North Korea

My story begins on the 3rd of July 2016 when I was contacted for a job by an Italian citizen living in the UAE, known to be linked to Verint Systems: a large offensive security company of Israeli origins. Moreover, as absurd as it might sound, I was able to prove the involvement of a PrivateWave ex executive; a company that claims to be an ambassador of everyone’s security and privacy.

The initial exchange of emails were intentionally vague leaving much to the imagination, though the involvement of the Emirate Intelligence was evident. The following is an extract from one of the emails I received:

"Recently I was appointed a job, by an institutional client from an extra European country, to build a research and development unit that will constitute their most advanced branch of cybersecurity, to the exclusive benefit of the national security. As I previously mentioned, the aims are very ambitious in that we will have to develop a series of highly specific and complex systems, among which are host-based softwares and network infrastructures (for which your work on bettercap seems like an excellent background) as well as hardware when necessary for specific requirements (custom network interfaces, systems that operate on radio-frequencies, as well as robots and drones for certain practical applications)"

 

Once phone numbers were exchanged, we spoke for the first time (on Signal, ironically) and I was given a few more details. I was finally able to gather that the Arab Emirates government is creating an elite task force to research and develop new large scale surveillance solutions. How large this scale was to be, I discovered only later.

Personally, I’m not entirely opposed to government interception if used selectively and for good reason. I am, however, against the exploitation of terms such as “internal security” and “terrorism”. Additionally, taking into account the nation in question, and what little I knew of its policies regarding dissidents, the entire affair began to seem extremely shady.

Nevertheless, the trip was already paid for, I needed a vacation, and was curious to get to the bottom of the matter. So I agreed to an initial meeting. On the 20th of July I boarded a plane for Dubai.

After the first day, spent talking on the twenty-ninth floor of the Marina Plaza, a building in the Dubai Marina area, things became much clearer… and more sinister.

First of all, the mastermind behind this “tiger team” is mr Faisal Al Bannai, former mobile telephony tycoon and current CEO of DarkMatter: a security company deeply rooted within the Emirates Intelligence. My Italian contact often referred to Al Bannai as the “Big Boss”. Though I never got to meet him, his involvement was made abundantly clear from the get-go.

What these delightful gentlemen are set out to achieve (as I previously mentioned, they aren’t selling the government a platform, they are the government) is a series of man in the middle and man on the side operations and technologies on a massive scale, with hardware probes capable of intercepting, modifying, and diverting (as well as occasionally obscuring) traffic on IP, 2G, 3G, and 4G networks.

Local Telco companies have already agreed and are ready to deploy these probes in public places, such as airports and malls.
When I asked my contact just how vast the range and distribution of the probes would be, e candidly replied:

To operate as we want them to, these probes are going to be put everywhere.

Once the interception function will be finalised, a second team will be created to develop the more offensive component that will infect, trace, and ultimately take control of the devices within range: a range that will include all of Dubai and Abu Dhabi, given the use of drones, GSM cells, rogue APs, dedicated devices placed in the various nodes of local Telcos, and so on.
With the same smiling face, the person I spoke to went on to describe their end goal:

Imagine that there's a person of interest at the Dubai Mall, we've already set up all our probes all over the city, we
press a button and BOOM! All the devices in the Mall are infected and traceable.

In a country where criticising your employer, or worse, your government on Facebook is enough to land you behind bars, what exactly constitutes being a “person of interest”?

And what kind of protection, if any, is afforded to those who visit the country for business purposes?

Clearly, I declined the job offer as was my initial intention, and to be honest, the last days I spent in Dubai where anxiety-riddled. On the one hand, I wanted to get this information out in the open as quickly as possible, on the other, I knew I had to wait to leave the country to do it safely.

These people try to draw in young IT security talents by promising large sums of money (keeping in mind that there is no income tax in the UAE) various bonuses, apartments, and most of all, by presenting a professionally and intellectually stimulating environment. If by chance someone should raise an objection regarding potential targets and the somewhat questionable scope of the operation, they’d receive no more than a patronising lecture on how things have been blown out of proportion (yes, please do go and tell that to those poor bastards still sitting in prison) on how everything is relative and debatable, and the necessary compromises when it comes to national security; ironically, a rather US-like attitude from an Arab nation…

As far as I’m concerned, freedom of speech is indisputable; it isn’t a matter of “personal opinion” as someone pointed out to me when I voiced my doubts. It is a basic right that should be granted to anyone, regardless of geopolitical context, creed, or gender. Denying this right is fascism in its lowest form.

I hope this article will serve to warn those who, like me, might find themselves dragged into shady affairs, partially or completely unaware, as well as anyone pursuing job offers that entail moving to the UAE.

Know that you would be giving up your privacy, and more importantly, your freedom of speech for money.

One Last Thing

Maybe this is just me, someone told me I’m exagerating the things in my mind … but as a matter of fact, this was published by the International Business Times July 27, which means today, which means two day after I left Dubai:

If you get caught using a VPN in the UAE, you will face fines of up to $545,000
UAE has introduced a federal law banning the use of VPNs to try to avoid paying for expensive VOIP services.

 

 

Tags:
TrendNew

 

Join our campaign and sign up to get involved: media@icfuae.org.uk