Prominent Saudi Arabian human rights activist Loujain al-Hathloul has launched a lawsuit against DarkMatter and three ex-NSA mercenaries who allegedly hacked her phone on behalf of the United Arab Emirates (UAE), secretly tracking her communications and location.
Al-Hathloul claims to be a victim of an illegal hacking campaign run by DarkMatter and a collection of former US intelligence officers hired by the UAE following the Arab Spring protests.
Known as Project Raven, the UAE ordered hacks on dissidents, journalists, human rights activists, rival foreign leaders, and other political enemies on behalf of the Kingdom of Saudi Arabia (KSA).
Al-Hathloul alleges she was one of the activists who was targeted in the hacking campaign, the information gathered from which led to her arrest, imprisonment, and torture.
The lawsuit marks the first time al-Hathloul has taken action against the authorities against which she has protested so heavily. She was released from prison earlier this year but is still unable to leave the KSA.
Al-Hathloul is perhaps best known for her efforts in calling for greater women's rights in Saudi Arabia, most recently pushing for an overhaul of law that would see women be able to drive in the region.
As part of her campaign, in 2014 she famously drove from the UAE to KSA while filming her endeavour, which saw her imprisoned for 73 days after being stopped at the KSA border. The law was later overhauled four years later in 2018, allowing women to drive for the first time.
The three former NSA officers named in the lawsuit alongside the DarkMatter company are Marc Baier, Ryan Adams, and Daniel Gericke. The lawyers for all four defendants have been contacted for comment by IT Pro but did not respond.
DarkMatter and the three former NSA officers are accused of exploiting a vulnerability in Apple's iMessage service which allowed the trained hackers to locate and monitor targets chosen by their clients, including al-Hathloul.
The trio named in the lawsuit, brought to them by al-Hathloul and the Electronic Frontier Foundation (EFF), have all previously admitted to violating computer fraud and abuse laws, as well as selling sensitive military technology, in a separate non-prosecution agreement with the US Department of Justice (DoJ) in September.
Al-Hathloul claims her phone was first hacked in 2017 which saw her texts, email messages, and real-time location data sent to DarkMatter and its client.
The lawsuit alleges DarkMatter intentionally directed code to Apple's US servers to place malware on al-Hathloul's phone, violating the Computer Fraud and Abuse Act (CFAA) in the process.
"Project Raven went beyond even the behaviour that we have seen from NSO Group, which has been caught repeatedly having sold software to authoritarian governments who use their tools to spy on journalists, activists, and dissidents," said Eva Galperin, cybersecurity director at EFF. "Dark Matter didn't merely provide the tools; they oversaw the surveillance program themselves."
The lawsuit seeks compensation and punitive damages against the three individuals and DarkMatter.
