UNITED STATES (OBSERVATORY NEWS) — In the years after the September 11 attacks, US counterterrorism expert Richard Clarke warned Congress that the country needed more extensive spying capabilities to prevent a new catastrophe. Five years after leaving office, he put forward the same idea to a more enthusiastic partner: a Gulf country with huge fortunes.
In 2008 Clarke went on to work as a consultant to the United Arab Emirates, after establishing electronic reconnaissance capabilities in which prominent US intelligence contractors are hired to help monitor threats to them.
The name of the secret unit that Clark supervised its establishment was a harbinger: (Duraid), which means panic in English, and it consists of the initials of the phrase “Development Research Exploration and Analysis Department”, meaning the Development Research and Analysis Unit. In the following years, the Emirati unit expanded its activities far beyond the suspected extremists to include a Saudi women’s rights activist, UN diplomats and members of the International Football Association (FIFA). By 2012, the program became known to the Americans working on the Revin project.
Reuters reports this year revealed how a group of National Security Agency and other elite US intelligence personnel helped the UAE spy on a wide range of targets through the program, which was not previously disclosed. Among the targets are terrorists, human rights activists, journalists, and defectors.
And now an examination of the origin of the Duraid program, published here for the first time, shows how two former senior White House officials worked with former National Security Agency spies and contractors to Beltway and played vital roles in developing a program whose activities are currently being audited by federal authorities.
In order to envision an assessment of the Emirati espionage mission, Reuters examined more than 10,000 documents from the Durrid program and interviewed more than 12 contractors, intelligence workers, and former government officials who were directly aware of the program. The documents examined by Reuters cover a period of about ten years of the life of the Durrid program starting in 2008 and include internal notes describing project logistics, operating plans and goals.
Clarke was the first of a group of former White House and Pentagon executives who arrived in the UAE after the September 11 attacks to establish the espionage unit. Thanks to his close ties to state rulers, cemented by decades of experience from being among the elite of US policymakers, Clark managed to win numerous security consulting contracts in the UAE. One of them was to establish a spy unit at an unused airport in Abu Dhabi.
Clark said in an interview in Washington that after recommending that the UAE set up an electronic espionage unit, his company (Good Harbor Consulting) was chosen to help set it up. He pointed out that the idea was to create a unit capable of tracking down terrorists. He added that the US State Department and the National Security Agency agreed to the idea and that his company followed US law.
“The motivation was to help fight al Qaeda,” he said. The UAE is a very good partner in combating terrorism. You have to remember the timing at that time, after the September 11 attacks. ” “The National Security Agency wanted this to happen.”
The National Security Agency did not respond to written questions about its knowledge of the DREAD program or any link with any of the contractors. The State Department said it was carefully examining foreign defense services agreements on human rights issues. Spokesmen for the Emirates, whether in its embassy in Washington or the Ministry of Foreign Affairs, did not respond to requests for comment.
Clark’s founding of Duraid was the start of a decade that saw the heavy involvement of Beltway and US intelligence personnel in the UAE’s electronic espionage unit. The Americans have helped the UAE expand the mission from merely focusing on militant threats to a massive surveillance operation targeting thousands around the world whom the UAE government considers enemies.
Paul Curtis, Clarke’s former partner in (Good Harbor), said earlier reports to Reuters showed that the program has spanned dangerous terrain and that the spread of electronic skills requires greater US surveillance. “I felt disgusted as I read what happened in the end,” said Curtis, a former senior director of national security at the White House.
At least five former veteran White House officials worked for Clark in the Emirates, whether on the DREAD program or on other projects. Good Harbor left the DRED project in 2010 to other US contractors, while the project began to successfully spy on targets.
Reuters found that the succession of American contractors helped to keep the American team in Duraid on the payroll in the Emirates, a link allowed by secret agreements concluded by the US State Department.
The program’s development stages demonstrate how the culture of contracting contractors in Washington benefits from a system of legal and regulatory loopholes that allows ex-spies and former government officials to transfer their expertise to foreign countries, even those with a poor record of respect for human rights.
American workers at Duraid were able to avoid the few barriers that prevent spying for foreigners, including restrictions on electronic infiltration of American computer systems.
Although US servers were prohibited from targeting, for example, Dried workers targeted by 2012 email accounts on Google, Hotmail, and Yahoo. Ultimately, it included electronic spy nets that expanded other US citizens as reported by Reuters earlier this year.
Mike Rogers, the former chairman of the House of Representatives Intelligence Committee, said in an interview that he was watching with increasing concern how the numbers of former US intelligence officers who are profiting from foreign countries are mounting.
He added, “These skills are not yours.” He went on to say that Washington does not allow its spies to work for foreign countries while working for the National Security Agency, “How can God really encourage them to do so after they leave the government?”
A spokesman for the National Security Agency said the former workers were charged for life with not disclosing classified information.
– From the White House to the Gulf –
Over the years, before Dred’s founding, Clark had clashed with the need for domestic spying in the United States as well as the potential dangers of that.
Clark, Bill Clinton and George Bush Jr., the most famous counterterrorism adviser, was most famous for having made a public apology for Washington’s inability to prevent the September 11 attacks.
“Your government has let you down, those charged with protecting you have let you down, and I have let you down,” Clark said in 2004, a year after he left the government, in testimony before a US committee established to investigate the intelligence failures that led to the September 11 attacks.
To prevent future attacks, Clarke urged the United States to set up an internal intelligence service, but said the infringement of civil liberties should be avoided. “We must explain to the American people in a very convincing manner why they need internal intelligence service, because I believe that most Americans will fear the idea of a secret police,” he added.
Clark’s testimony before the September 11 Commission helped in the efforts that led to the creation of an internal intelligence service in 2005 within the FBI, in what he described as a “in-service service”, employed by federal intelligence officers, language analysts, and observation specialists.
Two years earlier, Clark joined his former deputy, Roger Crissy, at the new security consulting firm Good Harbor Consulting. Clark brought one of the most prominent names in US national security.
It also came with a relationship spanning decades with a potential wealthy client, Sheikh Mohammed bin Zayed Al Nahyan, son of the most powerful ruler of the Emirates. In the months leading up to the US-led war in Iraq in 1991, Clark, then a senior diplomat, was sent to the Gulf to seek help from regional allies. Sheikh Mohammed bin Zayed Al Nahyan advanced as the United States prepared to fight a war.
Sheikh Mohammed bin Zayed gave Clark a helping hand to obtain permission from the government to bomb the UAE airspace, and to pour billions into the American war effort. And in 1991, when Congress arose in questions about whether the United States should allow arms sales of $ 682 million to the UAE, Clark replied.
“They transferred four billion dollars to the American treasury to support the war effort … Is this a country we are making with preventing it from obtaining 20 attacking helicopters?” I don “t think so”. And the Emirates got the aircraft.
And in the years after Clarke joined Good Harbor after 2003, Sheikh Mohammed bin Zayed, the de facto ruler of the UAE at the time, provided a rare opportunity for the company to help shape the Homeland Security strategy at its foundation. The company then won a set of security contracts to help the UAE secure its infrastructure, including work to protect its ports, nuclear projects, airports, embassies and petrochemical facilities, according to two people familiar with these contracts.
Besides helping him establish an emergency unit and a maritime security unit, Clark believed that the UAE needed a device like the National Security Agency with the ability to spy on terrorists. He said he entrusted the contract to Paul Curtis, his partner at Good Harbor and a former White House official.
“At the top level, it was about cyber defense and how to protect your private networks,” Curtis said by phone to Reuters. He added that the UAE wanted to know “how to understand more about what the terrorists might do.”
“The biggest concern was reaching out to al Qaeda,” Clark said when asked if he was concerned that the UAE would use this capacity to carry on activists and opponents. He added that his knowledge of the program was limited at that time and that Curtis was responsible for managing the daily work of the contract to establish this program.
Curtis said that his personal intervention was limited to high-level consultations and that his knowledge of daily activities was “almost nonexistent”. He added that the company relied on technical expertise in the field of infiltration on subcontractors from the American Defense Company (SRA International), which is managed by Carl Jomto.
Clarke said that the SRA, which at that time employed seven thousand people and was based in Fairfax, Virginia, was chosen for her previous experience with contracts with the National Security Agency.
– The mission was launched –
Good Harbor began using eight SRA contractors to establish Dread in 2008 inside a building that looks like a hangar on the outskirts of Al Bateen Airport in Abu Dhabi. The program began as an arm of Sheikh Mohammed bin Zayed Al-Amiri’s office and was initially run by his son Khaled.
The contractors established the project from scratch, trained a potential Emirati crew on electronic infiltration, and prepared secret computer networks and hidden accounts on the Internet that the Emirates could use in espionage operations.
Durrid documents showed that in 2009 the group started working on a spyware called the Thread, a computer program that enables Emiratis to steal files from computers using the Windows operating system and transfer them to servers controlled by the Prince’s Court.
Good Harbor and SRA had no vital role in espionage, except for guidance and support.
The aim of the program was to provide the Emirates with electronic capabilities that allow them to track terrorist threats themselves. But three former Duraid workers said that the Americans had found, within a few months, that they needed to take command of their less experienced Emirati colleagues.
But some Emirati trainees seemed to lack enthusiasm and skill. A report on the program, seen by Reuters, showed that a trainer, a former SRA contractor, a coding expert named Keith Tuttle concluded that one of his students “lost interest” and that another “still suffers with technology”.
Two of Dureid’s former employees told Reuters that this left the Americans no choice but to interfere more. In the end, they did everything except press the last button in an electronic sneak. Tuttle declined to comment on the advice of his lawyer.
A spokesman for General Dynamics, which owned SRA International after several acquisitions, said the original contract with Good Harbor expired in 2010 and declined to comment further.
Electronic spying requests from the Emirati security forces on the new unit increased after Christmas in 2009, one year after (Good Harbor) began establishing Duraid. UAE leaders have received intelligence warnings of an imminent and violent attack from extremists. A frightening request of the electronic espionage team Al-Walid arrived in its content: Help us spy on outbound Internet traffic from a computer network at the home of a suspected extremist in the northern region of the country.
And it still took a few months for Dred staff to complete a Thread spyware program on Windows. Two people with knowledge of the incident said that American workers were suddenly involved in preparing temporary spying tools based on a free computer security test program available online for free.
Within weeks, they succeeded in infiltrating the suspected extremist on a mission the Emiratis considered an important success that may have prevented an attack. The incident represented an important point in the relationship. Two people familiar with the matter said that after this success, spying requests increased and the Americans’ role increased.
Program documents showed that, by the end of 2010, Good Harbor had moved away from Dread, leaving control in the hands of Jomtu, the vice president of the SRA. He had just started his own company, Cyber Point, in Maryland. “Our focus was on helping them defend their country,” Jomto said by telephone.
With the departure of (Good Harbor), Curtis joined (Cyber Point) but said that his participation in (Dread) ended in 2011.
– 40 Americans and 34 million dollars –
Within two years, Jomto had increased the number of Americans on the program from about 12 to as many as 40. It had brought more than 12 National Security Agency corridors or a list of its contractors. Duraid’s annual budget was an estimated $ 34 million, according to project documents.
Some American workers had concerns about working for a foreign spy. But the affiliation of the program with respected national security figures such as Clarke, Curtis and Jomto have led them to believe that these efforts are above suspicion, according to four former workers.
Jonathan Cole, a former US intelligence officer who joined Duraid in 2014, said he believes the UAE mission has the blessing of Washington because of the participation of the (Cyber Point) crew in Maryland in other classified programs for the US government. “I made some assumptions,” he added.
In 2011, the program moved to the first of a series of secret palaces known as the “Villa”, which American contractors called Project Revin.
Jomto told Reuters that the mission of the US contractors was limited to training Emirati electronic spies and that they were prevented from assisting in the operations themselves. American law generally prohibits Americans from infiltrating computers anywhere, and specifically prohibits targeting American citizens, companies, or servers.
Jomto administered the Duraid contract for a five-year period from Baltimore, but said he had never known of such activities occurring among his crew. He added that his vision was limited, as he visited his crew in the Emirates five or six times a year.
“I have not been involved in the daily activities of the program … If we have a rogue person there is nothing I can do.”
However, soon the Americans held all the key positions in the program. US workers have helped identify the accounts of targeted people, discover their vulnerabilities and plot cyber attacks. To avoid breaking the law, ten former workers told Reuters that the Americans were not pressing the last button to launch an attack, but rather they were literally standing behind the Emirati who did so.
After the Arab Spring uprisings shook the region, Emirati security experts feared that the role would come in their country. The objectives of the Duraid program began to shift from combating terrorism to a separate category that the Emirates called “national security goals” – so they helped in large-scale campaigns against opponents and others the government considered to be a political threat. The operations included previously undisclosed breaches of a German human rights group, UN officials in New York and FIFA executives.
From 2012 to 2015, individual teams were entrusted with electronic spying on rival governments, as the focus of the program shifted from counter-terrorism to spying on geopolitical opponents, according to the documents.
Among the goals was the State of Qatar, which in 2010 became the center of attention of the world after its victory in hosting the FIFA World Cup in 2022. In 2014, workers at (Durrid) targeted FIFA officials, the International Football Association, which is based in Switzerland, and people charged with Organizing Qatar to host the tournament.
The plan was developed to steal information that could harm Qatar’s bid to win the hosting of the tournament and could be leaked to embarrass it. In 2014, the media reported allegations of FIFA officials receiving bribes from Qatar in exchange for granting them the right to host the FIFA World Cup.
Duraid’s operational planning notes, seen by Reuters, showed that electronic spying on FIFA, whose name is Dynamic Challenge, was planned by Chris Smith, a former SRA analyst. The hackers sent booby-trapped messages to Facebook and to the e-mail containing a link called (World Cup Girls) and by clicking on it they spread a spyware virus on the computer of the targeted person or entity.
It was not clear if the mission was successful. However, Hassan Al-Thawadi, Secretary General of the Supreme Committee for Projects and Legacy, was responsible for the projects and initiatives of the FIFA World Cup in Qatar in 2022, and Jack Warner, a former FIFA official who was subsequently condemned by the United States on money-laundering accusations, was among the targets.
The Supreme Committee for Projects and Legacy did not respond to the request for comment, and a spokesman for the Qatari government said that his country considered its successful bid to host the World Cup “an opportunity for the world to see our region from a new perspective”.
A FIFA spokeswoman said in a statement that the FIFA was “not aware” of any infiltrations related to the Qatari bid to host the tournament. Another spokesman said that an internal investigation opened by FIFA had not concluded that Qatar had paid a bribe to win the hosting of the tournament.
Warner, who faces a US extradition request from Trinidad and Togo, could not be reached. He had repeatedly said he was innocent of the charges. Smith did not respond to emails and social media.
– Foreign license and weak oversight –
(Cyber Point) obtained a foreign defense services license from the US State Department from 2010 to 2014 to conduct its business in the Emirates.
The agreements seen by Reuters were written in broad formulas, describing cyber espionage operations as “gathering information from communications systems inside and outside the UAE.” The agreements did not place any restrictions on targeting human rights activists, journalists, or US allies.
A spokesman for the Foreign Ministry said that the ministry was studying carefully before granting such a license human rights considerations. He added that the license does not give the right to violate human rights, but he refused to comment on the agreements concluded between the ministry and (Cyber Point).
But agreements with (DREAD) prevented the program from assisting infiltrations against Americans or American-owned e-mail servers. And a lawyer from (Cyber Point) warned in a note issued in 2011 that doing so “exposes you to criminal responsibility under US law, even if these activities are carried out abroad.”
But project documents show repeated circumvention of this limitation. Cyber Point employees helped infiltrate hundreds of accounts on Google, Yahoo, Hotmail, and Facebook, and displayed snapshots of pages they had obtained from the hacker at presentations to prominent UAE intelligence officials. For example, (Duraid) hacked accounts on Google and Yahoo to steal browsing history on the Internet for one of the targeted people, and the hackers highlighted what they saw important in reports they submitted to their bosses.
In 2012, the program targeted accounts on Hotmail and Google for five employees of the Konrad Adenauer Foundation, a German pro-democracy group that was pressuring for more press and expression freedoms in the UAE. Dureid intercepted messages from a Gmail account belonging to one of the Foundation’s directors. A letter from a manager to an employee said, “I think all communication channels” have been neutralized.
Behind the scenes, an informed source said that the German ambassador to the Emirates had been summoned to meet officials from the UAE Ministry of Foreign Affairs who said that the German non-profit organization should leave the country.
American workers also helped target Gmail and Facebook accounts of Ahmed Ghaith Al-Suwaidi, an Emirati economist and member of the Muslim Brotherhood, in 2011. Program documents showed that hackers were told in January of 2012 that Al-Suwaidi had signed e-mail documents that made his wife responsible About his assets in case anything happens to him.
After two months, al-Suwaidi was arrested and placed in a secret prison where he said he was tortured and forced to sign a confession, according to Amnesty International. In 2013, he was convicted as part of the trial of 94 activists accused of inciting the overthrow of the regime and sentenced to ten years in prison. His activist friend, Mohamed Al-Zoubi, said that Al-Suwaidi had never called for a coup but was only calling for political reform.
Jomto said that (Cyber Point) was, to his knowledge, careful not to exceed the limits of what is permitted by its license and American law.
– “Slippery slope” –
Over time, conflicts erupted between Americans and Emiratis over the choice of targets that Americans sometimes believed had crossed the line by targeting entities associated with the United States. The Emiratis began to impose restrictions on the entry of Americans to surveillance databases and put some of them on the phrase “prohibited from being read by non-Emiratis.” Towards the end of 2015, the UAE canceled the contract (Cyber Point) and replaced it with the Emirati Cyber Security Company (Dark Matter).
Jomto warned his staff that their continued work on the program would not be authorized in accordance with the US State Department agreement. More than 12 continued to work.
(Dark Mater) took over the project, but it remained secret until some company executives were unaware of its existence, according to six people who are familiar with the events.
A former worker said that the DREAD program, led by Dark Matter, targeted United Nations offices in New York in an attempt to hack into the e-mail accounts of diplomats from countries that the UAE regards as competitors. A UN spokesman confirmed that the organization’s cyber security team monitored attacks from an infiltration group linked to the UAE.
In some cases, espionage operations carried out by the Duraid program involved torture of targets.
A former Duraid worker said that in 2017, the email of Saudi human rights activist Jain al-Hathloul was hacked after she tried to challenge a ban on women driving in the kingdom. Three years before that, the Saudis arrested Al-Hathloul, who was studying in the Emirates after trying to drive across the border, and imprisoned her for 73 days.
And the workers in (Dureid), who were watching the activated gene of Hathloul, gave a kinetic name, the purple sword.
In 2018, a few weeks before the issuance of a royal decree allowing women for the first time to drive cars in the Kingdom, UAE security forces arrested Jane al-Hathloul again in Abu Dhabi and brought her back with a private plane for her country. And Saudi security forces imprisoned her upon arrival on charges of incitement and sedition, and her brother Walid Al-Hathloul told Reuters that they had tortured her in a secret facility outside Jeddah and that she was still being held there.
Saudi Arabia and the United Arab Emirates are close allies. A Saudi embassy spokesman did not respond to a request for comment.
In a brief statement emailed to Dark Matter, she said she was not aware of what Reuters had found or any wrongdoing by the company.
A federal jury in Washington is investigating whether the US crew violated US infiltration laws on its mission in the UAE. The FBI and the Justice Department declined to comment.
And Congress raises questions as well, referring to previous reports published by Reuters, while pressing the Ministry of Foreign Affairs to interpret the (Duraid) program and pushing for more transparency with regard to foreign licenses. Members of Congress wrote in May to the Director of Intelligence and the State Department that foreign governments “seem to have taken advantage of the advanced training and expertise of individuals who have developed their technical skills while working in the United States’ national service”.
Rogers, the former chairman of the House Intelligence Committee, said it was time for Washington to place restrictions on intelligence contracts abroad. He added, “I think that eliminating such opportunities entirely should be put on the table.”
Curtis, who helped launch the program ten years ago, agrees that the US government needs to review its ability to transfer electronic capabilities abroad, saying, “It could be a very slippery slope.”
This article is written and prepared by our foreign editors writing for OBSERVATORY NEWS from different countries around the world – material edited and published by OBSERVATORY staff in our newsroom.
OBSERVATORY — Breaking news source, real-time coverage of the world’s events, life, politics, money, business, finance, economy, markets, war and conflict zones.
Contact us: firstname.lastname@example.org
We are OBSERVATORY — the only funding and support we get from people – we are categorically not funded by any political party, any government somewhere or from any grouping that supports certain interests – the only support that makes OBSERVATORY possible came from you.