Firefox Maker Fears DarkMatter 'Misuse' of Browser for Hacking

Reuters reported in January the DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The device was largely comprised of former US intelligence officers who ran offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that most DarkMatter executives were unaware of the secretive program, which operated from a transformed Abu Dhabi mansion from DarkMatter’s headquarters.

Those surgeries included hacking into the net accounts of human rights activists, officials and journalists from rival authorities, Reuters found. DarkMatter has denied conducting the operations and states it focuses on protecting computer networks.

While Mozilla had been considering whether to give DarkMatter the authority to reevaluate sites as safe, two Mozilla executives said in an interview last week that Reuters’ report raised concerns about whether DarkMatter would misuse that authority.

Mozilla said the firm has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks.

“We don’t currently have technical evidence of abuse (by DarkMatter) however, the coverage is strong evidence that misuse is likely to happen later on if it has not already,” said Selena Deckelmann, a senior director of engineering for Mozilla.

She stated Mozilla was also contemplating stripping some or all the over 400 certifications that DarkMatter has granted to websites beneath a limited authority since 2017.

Marshall Erwin, manager of trust and security for Mozilla, said the Reuters Jan. 30 report had raised concerns within the business that DarkMatter might use Mozilla’s certification authority for”offensive cyber-security functions rather than the intended purpose of producing a more secure, reliable web.”

DarkMatter didn’t respond to a Reuters petition for comment. The UAE embassy in Washington also did not respond to a request for comment.

At a February 25 letter to Mozilla, published online by the cyber-security company, DarkMatter CEO Karim Sabbagh denied the Reuters report linking his company to Project Raven. “We have never, nor will we ever, operate or handle non-defensive cyber activities against any nationality,” Sabbagh wrote.

Sites that are looking to be designated as protected have to be certified by an outside company, which will verify their identity and vouch for their security. The certifying organization helps secure the connection between an approved site and its users, promising the visitors will not be intercepted.

Organizations who want to become certifiers must employ to individual browser makers like Mozilla and Apple. Mozilla is observed by security experts as a respected leader in the field and particularly transparent since it conducts much of the process in public, submitting the documentation it receives and soliciting comments from net users prior to making a final choice.

DarkMatter was pushing Mozilla for full authority to grant certifications since 2017, the browser manufacturer told Reuters. This might take it to a new level, making it one of fewer than 60 core gatekeepers for its countless millions of Firefox users around the world.

Deckelmann stated Mozilla is worried that DarkMatter could use the ability to issue certifications to hackers impersonating real sites, like banks.

As a certificate authority, DarkMatter would be partly responsible for encryption between websites they approve and their customers.

In the incorrect hands, the certificate role could enable the interception of encrypted traffic, security specialists say.

In the past Mozilla has relied solely on technical issues when determining whether to trust a company with certificate authority.

The Reuters analysis has led it to reconsider its policy for approving applicants. “You look at the facts of the matter, the resources that came out, it’s a persuasive case,” explained Deckelmann.


Please enter your comment!
Please enter your name here