New York, January 30, 2019–At least four journalists were surveilled under Project Raven, a United Arab Emirates (UAE) cybersurveillance and hacking operation, Reuters reported today. The UAE hired former U.S. National Security Agency employees to assist in deploying a surveillance tool called Karma that exploited a vulnerability in the iPhone’s messaging application, according to a Reuters investigation based on interviews with nine former Raven operatives.
“What we’ve learned about Project Raven raises significant concerns over the lengths to which the UAE will go in targeting journalists, and the involvement of former U.S. intelligence officials is also disturbing,” said CPJ Middle East and North Africa Program Coordinator Sherif Mansour in Washington, D.C. “Emirati officials must stop targeting the press at home and abroad, and the U.S. must make it clear to their allies that hacking journalists’ phones is not a legitimate counterterror strategy.”
Reuters reported that the operation surveilled Rori Donaghy, a British journalist who has contributed to The Guardian, three U.S. journalists who were not named in the report, as well human rights activists, foreign diplomats, and foreign leaders. When CPJ called the UAE Embassy in Washington, D.C. today for comment, a representative said questions should be submitted via email. The embassy did not immediately reply to the email CPJ sent.
CPJ has previously documented the UAE’s tough stance on the critical press, including its aggressive stance toward Qatar-based media, including Al-Jazeera, during a regional diplomatic dispute. Emirati-affiliated militias in Yemen have also attacked and harassed journalists who were critical of UAE action inside the country.