Lori Stroud is an ex-NSA spy who also contracted with the NSA through Booz Allen, who says that after she left the NSA, she was recruited to work on Project Raven, a secret, offensive surveillance and digital attack squad working for the autocratic United Arab Emirates regime alongside other ex-US intelligence operatives, working with the knowledge and approval of the NSA.
Stroud says that while she originally believed she was only targeting non-US persons for surveillance and electronic attacks — primarily journalists and dissidents, including children who had spoken out against the UAE's rulers — she eventually realized that Project Raven was also targeting US people, including journalists and activists.
Stroud was responsible for hiring Edward Snowden, and after he blew the whistle on wrongdoing in the NSA, she says she and her colleagues were in such bad odor with the NSA that she left. She was recruited by Cyberpoint, a Maryland-based cybersecurity company founded by Karl Gumtow, and relocated to a converted mansion in Abu Dhabi codenamed "the Villa."
Reuters has obtained documents from Cyberpoint that say that while Project Raven was publicly tasked with defensive targeting of terrorists, that a secret "Black Briefing" described a second "offensive, operational division," called Project Dread, that " will never be acknowledged to the general public."
Stroud worked at the Villa for years, and some of the dissidents she helped target have since been arrested and tortured by the UAE. But what really made the situation untenable was eventual attempts by the UAE to force Cyberpoint to sell out to a UAE-based company, and the subsequent power-struggle that saw the US Project Dread staffers isolated from their UAE counterparts, who had their own target lists, including — as Stroud eventually discovered — Americans.
This was a bright line for Stroud, as a former US intelligence operative: she did not feel that she could work to help foreign governments spy on Americans.
Stroud's story was corroborated for Reuters by eight other Project Raven alumni who declined to be named for the story. Reuters say the FBI is investigating whether any of the ex-NSA employees — who earned several multiples of their government salaries while contracting for the UAE — revealed US state secrets in the course of their duties.
Stroud's story provides some vital, missing puzzle-pieces for recent high-profile news stories, like the 2016 Citizen Lab investigation of cyberattacks on UK journalist and human rights activist Rori Donaghy, who is now revealed to have been of the targets of Project Raven.
Cyberpoint founder Karl Gumtow denied that his company participated in offensive operations, sticking to the cover story spelled out in the leaked Project DREAD briefing documents.
When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by "certain people. You are not one of them," the Emirati officer wrote.
Days later, Stroud said she came upon three more American names on the hidden targeting queue.
Those names were in a category she hadn't seen before: the "white category" — for Americans. This time, she said, the occupations were listed: journalist.
"I was sick to my stomach," she said. "It kind of hit me at that macro level realizing there was a whole category for U.S. persons on this program."
Once more, she said she turned to manager Baier. He attempted to downplay the concern and asked her to drop the issue, she said. But he also indicated that any targeting of Americans was supposed to be done by Raven's Emirate staff, said Stroud and two other people familiar with the discussion.
Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE [Christopher Bing and Joel Schectman/Reuters]