UAE surveillance contractor is recruiting an army of foreign hackers to break into its citizens' devices

The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor — but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance.

Darkmatter denies this, but numerous near-hires say they had similar experiences with the company. The company has poached talent from some of the world's most respected tech firms, "including Google, Samsung, Qualcomm, McAfee, and even a co-founder of the encrypted messaging service Wickr" (disclosure: I am an advisor to Wickr).

Darkmatter has also acquired some of the other offshort contractors that did business with the UAE, creaming off their top engineering talent.

The main Darkmatter recruiter is an American named Victor Kouznetsov, who, hilariously, denied that he was Victor Kouznetsov when The Intercept called his cellphone ("When asked why his voicemail message gave his name as 'Victor,' he hung up.")

Most disturbing is that Darkmatter is seeking to become a certificate authority, which would allow it to stage undetectable man-in-the-middle attacks on most of the internet's security infrastructure, allowing it to eavesdrop on connections to financial institutions and corporate networks, to send out fake, poisoned software updates, and stage other attacks.

Darkmatter is believed to have hired the team behind the Stealth Falcon attack on human rights journalists.

Several researchers whom DarkMatter approached, including Margaritelli, confirmed they were specifically told they would be working on offensive operations. In Margaritelli's case, he was informed the company wanted to install a set of probes around Dubai, including base transceiver stations — equipment that allows for wireless communication between a device and a network — wireless access points, drones, surveillance cameras, and more.

The probes could be installed by DarkMatter surreptitiously or facilitated by telecoms tacitly agreeing to the surveillance setup, and the company could attach an offensive implant directly onto the probes capable of intercepting and modifying digital traffic on IP, 2G, 3G, and 4G networks. Anyone with a cellphone or using a device to connect to a wireless network connected to one of the probes would be vulnerable to hacking and tracking.

As Margaritelli explained it, the software DarkMatter originally designed to penetrate the probes "does not scale well enough" and therefore couldn't handle the massive amounts of traffic it would be intercepting — forcing the need for a second team of hackers to do the job. The company wanted him to help solve the problem.

Margaritelli's account is the most revealing, but several other sources discussed similar projects proposed by DarkMatter, including researching and developing exploits for zero-day vulnerabilities, as well as deploying and developing some of the same stealth malware implants Margaritelli was asked to work on. DarkMatter asked one researcher, who has discovered and reported bugs to Facebook, Google, and other major technology companies, to use his vulnerability research "to allow them to have access on trusted domains." Basically, he would find a flaw in a website that would allow DarkMatter to manipulate it to help spread malware to targets without being detected. The researcher, who spoke anonymously, said he refused, even after getting an offer for more money, because, in contrast to DarkMatter's proposal, "what I'm doing is ethical hacking."

Spies for Hire [Jenna McLaughlin/The Intercept]

(Image: DarkMatter CEO Faisal Al Bennai)