Mozilla fears DarkMatter misuse

Mozilla is considering the blocking of cybersecurity company DarkMatter over allegations of a cyber-espionage program. Mozilla is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software ....

Mozilla is considering the blocking of cybersecurity company DarkMatter over allegations of a cyber-espionage program.

Background

Mozilla is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the not-for-profit Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation.

Mozilla's products include the Firefox web browser, Thunderbird e-mail client, Firefox OS mobile operating system, Bugzilla bug tracking system, Gecko layout engine, Pocket "read-it-later-online" service, and others.

DarkMatter is a cybersecurity company based out of Abu Dhabi, UAE. The company’s founder, Faisal al-Bannai has acknowledged that the company works in close ties with the Emirati government, as well as the hiring of former CIA and National Security Agency analysts.

A report published by Reuters in January incriminates DarkMatter of providing staff for a hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from the company’s headquarters. The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of people including suspected terrorists. 

Analysis

Firefox browser-maker Mozilla is considering whether to block DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber-espionage program.

DarkMatter has been pushing for full authority to certify websites at Mozilla since 2017. Although the company was considering the possibility of granting the former the license, the recent reports have caused some backlash.

“We don’t currently have technical evidence of misuse but the reporting is strong evidence that misuse is likely to occur in the future if it hasn’t already,” said Selena Deckelmann, a senior director of engineering for Mozilla.

Marshall Erwin, director of trust and security for Mozilla, said that the reports raised concerns about DarkMatter using Mozilla’s certification authority for “offensive cybersecurity purposes rather than the intended purpose of creating a more secure, trusted web.”

If the company is given full authority to certify websites, it will be one of 60 core gatekeepers for the hundreds of millions of Firefox users around the world. As a certification authority, the company would be partially responsible for encryption between websites they approve and their users. In the wrong hands, the certification role could allow the interception of encrypted traffic.

The operations at Project Raven included the hacking of internet accounts of human rights activists, journalists and politicians from other governments. In a February 25 letter to Mozilla, posted online by the cybersecurity company, DarkMatter CEO Karim Sabbagh denied the Reuters report linking his company to Project Raven. “We have never, nor will we ever, operate or manage non-defensive cyber activities against any nationality,” Sabbagh wrote.

 Mozilla is seen by security experts as a respected leader in the field and particularly transparent because it conducts much of the process in public, posting the documentation it receives and soliciting comments from internet users before making a final decision. 

According to Mozilla's manifesto, which outlines goals, principles, and a pledge, "The Mozilla project uses a community-based approach to create world-class open source software and to develop new types of collaborative activities". Mozilla's manifesto mentions only its beliefs in regards to the Internet and Internet privacy.

Assessment

Our assessment is that Mozilla is taking a different approach in the case of DarkMatter. In the past Mozilla has relied exclusively on technical issues when deciding whether to trust a company with the certification authority. We believe that Mozilla will take a couple of weeks in order to rethink their decision on granting DarkMatter certifying authority.

 

Image Courtesy - The Mozilla Foundation, Mozilla Firefox logo 2013CC BY 3.0

Comments