27 January 2020
Google has taken action after media reports linked a UAE-based internet security firm to a state hacking operation. Photo: Reuters
Google has taken action after media reports linked a UAE-based internet security firm to a state hacking operation. Photo: Reuters

Google blocks sites certified by UAE firm after hacking reports

Google has blacklisted websites approved by a United Arab Emirates-based security company after Reuters reports tied the firm to a state hacking operation.

The US tech giant said on a public discussion board that its Chrome and Android browsers will mark as unsafe all websites that had been certified by the UAE security firm DarkMatter.

While Google did not provide a reason for the move, it cited the same decision taken by Firefox browser-maker Mozilla last month, Reuters said.

Mozilla said it will block DarkMatter certified websites because of “credible evidence” presented by Reuters and other media reports that the Abu Dhabi-based firm had been involved in hacking operations.

Mozilla said it was concerned that DarkMatter could use its status as an internet security gatekeeper to launch covert hacking efforts.

Reuters reported in January that DarkMatter provided staff for a secret hacking operation, code named Project Raven, on behalf of a UAE intelligence agency.

The unit was largely comprised of former US intelligence officials who conducted offensive cyber operations for the UAE government, according to the report.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.

The program’s operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found.

DarkMatter has denied being connected to offensive hacking operations, saying the reports of its involvement were based on “false, defamatory, and unsubstantiated statements.”

In order to be considered safe by web browsers, companies need to seek certification from an outside organization, which will confirm their identity and vouch for their security.

But if a surveillance group gained that authority, it could certify fake websites impersonating banks or email services, allowing hackers to intercept user data.

Most of the certifying organizations are independent, private companies. Browsers like Firefox allow websites to obtain certification from any approved authority anywhere in the world.

Organizations that want to obtain certifying authority must apply to browser makers like Mozilla and Microsoft.

Major browsers had in 2017 granted DarkMatter provisional status to certify the safety of websites. The company had sought to be recognized as one of around 60 firms with fully recognized status.

Under that provisional status, DarkMatter approved about 275 websites, most of which appeared to be for local firms or companies affiliated with the Abu Dhabi-based security firm itself, according to Reuters.

Chrome or Android users visiting those websites are now warned by the browser: “Attackers might be trying to steal your information.”

DarkMatter and its affiliated company DigitalTrust have appealed Mozilla’s decision, which they said was based on “discriminatory practices”.

– Contact us at [email protected]