Project Raven

Moderator: kestrel9

Post Reply
User avatar
Posts: 1273
Joined: Wed Dec 23, 2020 2:00 am
Topic points (SCP): 1943
Reply points (CCP): 2881

Project Raven

Post by kestrel9 »

Sept 14 2021 ... ect-raven/
ExpressVPN exec among three facing $1.6 million fine for helping UAE spy
The former US intelligence operatives and military members have agreed to pay the Justice Department fine.
The chief information officer of a leading virtual private network is among three former US intelligence and military personnel who altogether have been fined more than $1.6 million by the US Department of Justice to resolve hacking-related charges. ExpressVPN CIO Daniel Gericke, as first reported Tuesday by Reuters, is among the three former US intelligence operatives and military members involved in Project Raven who worked as mercenary hackers for the United Arab Emirates, helping it spy on its enemies. ExpressVPN said its trust in Gericke "remains strong."

The three defendants have agreed to cooperate with US authorities and pay the fine in exchange for deferred prosecution, according to a Justice Department release. The three have also forfeited foreign and US security clearances and face future employment restrictions. The agreement comes a day after ExpressVPN announced it had been sold as part of a $936 million deal to former adware distributors Kape Technologies, a company co-founded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading.

Read more: What is Kape Technologies? What you need to know about the parent company of CyberGhost VPN ... ghost-vpn/ see also SVF: viewtopic.php?f=89&t=10596

Despite future employment restrictions, ExpressVPN noted in an email to CNET that Gericke was not among the members of the US intelligence community referenced in the Justice Department's filing but a former member of the US military, and that ExpressVPN still backs Gericke's position within the company.

"We've known the key facts relating to Daniel's employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users' privacy and security," ExpressVPN said, adding that the company has already benefitted from Gericke's history in the US government.

"We were confident at the time and continue to be confident now in Daniel's desire and ability to contribute to our mission of enabling users to better protect their privacy and security. He has demonstrated nothing but professionalism and commitment to advancing our ability to keep user data safe and private. Our trust in Daniel remains strong."

By Tuesday evening, Gericke's social media accounts on Twitter and LinkedIn appeared to have been removed from public view.

Project Raven, first exposed in 2019, involved the development and deployment of hacking and surveillance tools for the UAE that were allegedly used to target US victims and prominent activists who spoke out against the UAE's human rights record. Other Project Raven targets allegedly included the Emir of Qatar, a Nobel Peace laureate human-rights activist in Yemen.

In a Justice Department release, Acting Assistant Attorney General Mark J. Lesko called the agreement a "first-of-its-kind resolution" for an investigation into two distinct strains of crime.
"Providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States," he said. "Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct."
Correction, 11:24 p.m. PT: A previous version of this story inaccurately characterized Gericke's previous role within the US government. Gericke is a former member of the US military.
ExpressVPN Chief Information Officer Daniel Gericke previously worked as a hacker-for-hire at DarkMatter—a cybersecurity firm based in the United Arab Emirates. Between 2016 and 2019, Gericke helped to hack systems and devices all over the world as part of “Project Raven,” a secretive operation designed to help the UAE monarchy track and surveil critics of its regime, including activists, journalists, and some individuals based in the U.S.

Gericke and two other former U.S. intelligence operatives recently faced federal charges for their involvement in “Raven” but managed to reach deferred prosecution agreements with the government, allowing them to pay fines to avoid jail-time, while also agreeing to certain terms.

If the idea of an ex-spy helping a Middle Eastern government hack U.S. computers is disturbing to you, don’t worry—you’re not alone. The news of Gericke’s employment with the company has rightfully startled customers of ExpressVPN and led to a torrent of online criticism. Express initially tried to quell concerns about their executive’s ties to “Raven” by weirdly admitting that they knew “key facts” about his prior employment when they hired him and were pretty much fine with it. This strategy didn’t really pan out for them. They subsequently published a more extensive statement, noting that they did “not condone” Project Raven” as the “surveillance it represents is completely antithetical to our mission.” They also promised to increase third-party audits as a method to sustain compliance with their own privacy policy.

However, in their remarks, the company ultimately stuck by Gericke. ...

...Other recent events have caused some to question ExpressVPN’s direction. The company was recently purchased by Kape Technologies, an Israeli technology firm with a controversial past. Formerly known as CrossRider, the company was renamed in 2018 after it got a little too much publicity for, as CNET recently put it, being the “notorious creator of some pernicious data-huffing ad-ware.” Since then, it has been on an apparent rebranding effort accompanied by a privacy product buying spree. In recent years, the firm has procured the VPNs CyberGhost, Zenmate, and Private Internet Access, and purchased ExpressVPN for $936 million earlier this month.

Background Project Raven

Jan 30, 2019 ... ing-raven/
Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy.

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”...
The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.

The FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents. Stroud said she is cooperating with that investigation. No charges have been filed and it is possible none will emerge from the inquiry. An FBI spokeswoman declined to comment...

...[Stroud] spent a decade at the NSA, first as a military service member from 2003 to 2009 and later as a contractor in the agency for the giant technology consultant Booz Allen Hamilton from 2009 to 2014. Her specialty was hunting for vulnerabilities in the computer systems of foreign governments, such as China, and analyzing what data should be stolen.

In 2013, her world changed. While stationed at NSA Hawaii, Stroud says, she made the fateful recommendation to bring a Dell technician already working in the building onto her team. That contractor was Edward Snowden.

“He’s former CIA, he’s local, he’s already cleared,” Stroud, 37, recalled. “He’s perfect!” Booz and the NSA would later approve Snowden’s transfer, providing him with even greater access to classified material.

Two months after joining Stroud’s group, Snowden fled the United States and passed on thousands of pages of top secret program files to journalists, detailing the agency’s massive data collection programs. In the maelstrom that followed, Stroud said her Booz team was vilified for unwittingly enabling the largest security breach in agency history.
In the wake of the scandal, Marc Baier, a former colleague at NSA Hawaii, offered her the chance to work for a contractor in Abu Dhabi called CyberPoint. In May 2014, Stroud jumped at the opportunity and left Booz Allen.

CyberPoint, a small cybersecurity contractor headquartered in Baltimore, was founded by an entrepreneur named Karl Gumtow in 2009. Its clients have included the U.S. Department of Defense, and its UAE business has gained media attention.

In an interview, Gumtow said his company was not involved in any improper actions.
It's an in depth article, well worth a read.

see also:

The Karma Hack
The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.
March 2019 Firefox maker fears DarkMatter 'misuse' of browser for hacking ... SKCN1QL28T
WASHINGTON (Reuters) - Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.
*************** ... ven-media/

After Saudi Arabia, the United Arab Emirates, and Bahrain imposed a blockade on Qatar, UAE’s Project Raven ramped up its cyber attacks against Qatar and media targets. U.S. operatives hacked the iPhones of ten media figures, Reuters learned. Here’s a look at how a group of American mercenaries became enmeshed in a regional crisis between close U.S. allies.
ImageNote: Qatar News Agency is a government media outlet. * Bishara was hacked again on June 19, 2017.
Source: Reuters reporting
Posts: 92
Joined: Sun Jul 31, 2022 2:58 am
Topic points (SCP): 9
Reply points (CCP): 6

Re: Project Raven

Post by Savesequim »

Most recent development, deferred prosecution and a three year ban from working in military technology industries in exchange for cooperation with federal government. ... l-gericke/ ... epartment/

"Siegmann said an ITAR violation of this nature could carry a 20-year sentence, but the Justice Department did not charge the three with violating those regulations in the criminal case. She suspects the relatively light punishment is due to law enforcement concerns about “discoverable classified information” though she acknowledged the men may not have ultimately been criminally prosecuted and incarcerated due to their cooperation with the FBI."
Post Reply