Firefox Maker Fears DarkMatter 'Misuse' of Browser for Hacking

Reuters reported in January the DarkMatter provided staff for a covert hacking performance, codenamed Project Raven, on behalf of an Emirati intelligence bureau. The unit was largely comprised of former US intelligence officials who conducted offensive cyber surgeries for the UAE authorities.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which functioned from a converted Abu Dhabi mansion from DarkMatter’s headquarters.

Those operations included hacking to the internet accounts of human rights activists, journalists and officials from rival authorities, Reuters found. DarkMatter has denied conducting the surgeries and says it concentrates on protecting computer networks.

While Mozilla had been considering whether to give DarkMatter the ability to certify websites as secure, two Mozilla executives said in a meeting last week that Reuters’ report raised concerns about whether DarkMatter would abuse authority.

Mozilla said the company has not yet come to some decision on whether to refuse the ability to DarkMatter, however, hopes to decide within weeks.

“We don’t currently have specialized proof of misuse (from DarkMatter) however, the coverage is powerful evidence that abuse is very likely to happen later on if it hasn’t already,” said Selena Deckelmann, a senior director of engineering for Mozilla.

She stated Mozilla was also considering stripping some or all the more than 400 certificates that DarkMatter has given to websites under a restricted authority since 2017.

Marshall Erwin, manager of security and trust to Mozilla, said the Reuters Jan. 30 report had increased concerns within the company which DarkMatter might use Mozilla’s certificate authority for”offensive cyber-security functions rather than the intended goal of producing a secure, reliable web.”

DarkMatter didn’t respond to a Reuters request for comment. The UAE embassy in Washington did not respond to a request for comment.

“We have not, nor will we ever, operate or handle non-defensive cyber actions against any nationality,” Sabbagh wrote.

Websites that want to be designated as secure have to be certified by an outside company, which will verify their identity and vouch for their safety. The certifying organization also helps secure the link between an approved website and its customers, promising the traffic will not be intercepted.

Organizations that want to become certifiers must apply to individual browser makers like Mozilla and Apple. Mozilla is seen by security experts as a respected leader in the field and particularly transparent because it conducts a lot of the process in general public, submitting the documentation it receives and soliciting comments from net users before making a final choice.

DarkMatter was pushing Mozilla for complete authority to grant certificates since 2017, the browser maker told Reuters. That would take it to a new level, making it among fewer than 60 core gatekeepers for the countless millions of Firefox users round the world.

Deckelmann stated Mozilla is worried that DarkMatter could use the authority to issue certifications to hackers impersonating real websites, like banks.

As a certification authority, DarkMatter would be partially accountable for encryption between sites they approve and their customers.

In the wrong hands, the certificate role could allow the interception of encrypted traffic, safety experts say.

Before Mozilla has relied solely on technical issues when determining whether to trust a company with certificate authority.

“You examine the facts of the matter, the sources that came out, it’s a persuasive case,” explained Deckelmann.