Firefox maker fears DarkMatter 'misuse' of browser for
hacking
Send a link to a friend
 [March 05, 2019]
By Christopher Bing and Joel Schectman
WASHINGTON (Reuters) - Firefox
browser-maker Mozilla is considering whether to block cybersecurity
company DarkMatter from serving as one of its internet security
gatekeepers after a Reuters report linked the United Arab Emirates-based
firm to a cyber espionage program.
Reuters reported in January that DarkMatter provided staff for a secret
hacking operation, codenamed Project Raven, on behalf of an Emirati
intelligence agency. The unit was largely comprised of former U.S.
intelligence officials who conducted offensive cyber operations for the
UAE government.
Former Raven operatives told Reuters that many DarkMatter executives
were unaware of the secretive program, which operated from a converted
Abu Dhabi mansion away from DarkMatter's headquarters.
(Read Reuters reports https://www.reuters.
com/investigates/special-report
/usa-spying-raven/)
Those operations included hacking into the internet accounts of human
rights activists, journalists and officials from rival governments,
Reuters found. DarkMatter has denied conducting the operations and says
it focuses on protecting computer networks.
While Mozilla had been considering whether to grant DarkMatter the
authority to certify websites as safe, two Mozilla executives said in an
interview last week that Reuters' report raised concerns about whether
DarkMatter would abuse that authority.
Mozilla said the company has not yet come to a decision on whether to
deny the authority to DarkMatter, but expects to decide within weeks.
"We don't currently have technical evidence of misuse (by DarkMatter)
but the reporting is strong evidence that misuse is likely to occur in
the future if it hasn't already," said Selena Deckelmann, a senior
director of engineering for Mozilla.
She said Mozilla was also considering stripping some or all of the more
than 400 certifications that DarkMatter has granted to websites under a
limited authority since 2017.
Marshall Erwin, director of trust and security for Mozilla, said the
Reuters Jan. 30 report had raised concerns inside the company that
DarkMatter might use Mozilla's certification authority for "offensive
cybersecurity purposes rather than the intended purpose of creating a
more secure, trusted web."
DarkMatter did not respond to a Reuters request for comment. The UAE
embassy in Washington also did not respond to a request for comment.
[to top of second column] |
The Firefox logo is seen at a Mozilla stand during the Mobile World
Congress in Barcelona, February 28, 2013. Picture taken February 28,
2013. REUTERS/Albert Gea
In a February 25 letter to Mozilla, posted online by the cybersecurity company,
DarkMatter CEO Karim Sabbagh denied the Reuters report linking his company to
Project Raven. "We have never, nor will we ever, operate or manage non-defensive
cyber activities against any nationality," Sabbagh wrote.
Websites that want to be designated as secure have to be certified by an outside
organization, which will confirm their identity and vouch for their security.
The certifying organization also helps secure the connection between an approved
website and its users, promising the traffic will not be intercepted.
Organizations that want to become certifiers must apply to individual browser
makers like Mozilla and Apple. Mozilla is seen by security experts as a
respected leader in the field and particularly transparent because it conducts
much of the process in public, posting the documentation it receives and
soliciting comments from internet users before making a final decision.
DarkMatter has been pushing Mozilla for full authority to grant certifications
since 2017, the browser maker told Reuters. That would take it to a new level,
making it one of fewer than 60 core gatekeepers for the hundreds of millions of
Firefox users around the world.
Deckelmann said Mozilla is worried that DarkMatter could use the authority to
issue certificates to hackers impersonating real websites, like banks.
As a certification authority, DarkMatter would be partially responsible for
encryption between websites they approve and their users.
In the wrong hands, the certification role could allow the interception of
encrypted web traffic, security experts say.
In the past Mozilla has relied exclusively on technical issues when deciding
whether to trust a company with certification authority.
The Reuters investigation has led it to reconsider its policy for approving
applicants. "You look at the facts of the matter, the sources that came out,
it’s a compelling case,” said Deckelmann.
(Reporting by Joel Schectman and Christopher Bing; Editing by Sonya Hepinstall)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
