Firefox maker fears cybersecurity firm DarkMatter 'misuse' of browser for hacking

DarkMatter has denied conducting the operations and says it focuses on protecting computer networks.
DarkMatter has denied conducting the operations and says it focuses on protecting computer networks. PHOTO: THE NEW PAPER

WASHINGTON (REUTERS) - Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage programme.

Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency.

The unit was largely comprised of former US intelligence officials who conducted offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive programme, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found.

DarkMatter has denied conducting the operations and says it focuses on protecting computer networks.

While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters'report raised concerns about whether DarkMatter would abuse that authority.

Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks.

"We don't currently have technical evidence of misuse (by DarkMatter) but the reporting is strong evidence that misuse is likely to occur in the future if it hasn't already," said Selena Deckelmann, a senior director of engineering for Mozilla.

She said Mozilla was also considering stripping some or all of the more than 400 certifications that DarkMatter has granted to websites under a limited authority since 2017.

Marshall Erwin, director of trust and security for Mozilla, said the Reuters Jan. 30 report had raised concerns inside the company that DarkMatter might use Mozilla's certification authority for "offensive cybersecurity purposes rather than the intended purpose of creating a more secure, trusted web".

DarkMatter did not respond to a Reuters request for comment. The UAE embassy in Washington also did not respond to a request for comment.

In a Feb 25 letter to Mozilla, posted online by the cybersecurity company, DarkMatter CEO Karim Sabbagh denied the Reuters report linking his company to Project Raven.

"We have never, nor will we ever, operate or manage non-defensive cyber activities against any nationality," Sabbagh wrote.

Websites that want to be designated as secure have to be certified by an outside organization, which will confirm their identity and vouch for their security. The certifying organization also helps secure the connection between an approved website and its users, promising the traffic will not be intercepted.

Organisations that want to become certifiers must apply to individual browser makers like Mozilla and Apple. Mozilla is seen by security experts as a respected leader in the field and particularly transparent because it conducts much of the process in public, posting the documentation it receives and soliciting comments from internet users before making a final decision.

DarkMatter has been pushing Mozilla for full authority to grant certifications since 2017, the browser maker told Reuters. That would take it to a new level, making it one of fewer than 60 core gatekeepers for the hundreds of millions of Firefox users around the world.

Deckelmann said Mozilla is worried that DarkMatter could use the authority to issue certificates to hackers impersonating real websites, like banks.

As a certification authority, DarkMatter would be partially responsible for encryption between websites they approve and their users.

In the wrong hands, the certification role could allow the interception of encrypted web traffic, security experts say.

In the past Mozilla has relied exclusively on technical issues when deciding whether to trust a company with certification authority.

The Reuters investigation has led it to reconsider its policy for approving applicants.

"You look at the facts of the matter, the sources that came out, it's a compelling case," said Deckelmann.