DarkMatter and former NSA officers sued over alleged phone hack of Saudi human rights activist

Person holding a smartphone with a busy city centre backdrop
(Image credit: Shutterstock)

Prominent Saudi Arabian human rights activist Loujain al-Hathloul has launched a lawsuit against DarkMatter and three ex-NSA mercenaries who allegedly hacked her phone on behalf of the United Arab Emirates (UAE), secretly tracking her communications and location.

Al-Hathloul claims to be a victim of an illegal hacking campaign run by DarkMatter and a collection of former US intelligence officers hired by the UAE following the Arab Spring protests.

Known as Project Raven, the UAE ordered hacks on dissidents, journalists, human rights activists, rival foreign leaders, and other political enemies on behalf of the Kingdom of Saudi Arabia (KSA).

Al-Hathloul alleges she was one of the activists who was targeted in the hacking campaign, the information gathered from which led to her arrest, imprisonment, and torture.

The lawsuit marks the first time al-Hathloul has taken action against the authorities against which she has protested so heavily. She was released from prison earlier this year but is still unable to leave the KSA.

Al-Hathloul is perhaps best known for her efforts in calling for greater women's rights in Saudi Arabia, most recently pushing for an overhaul of law that would see women be able to drive in the region.

As part of her campaign, in 2014 she famously drove from the UAE to KSA while filming her endeavour, which saw her imprisoned for 73 days after being stopped at the KSA border. The law was later overhauled four years later in 2018, allowing women to drive for the first time.

The three former NSA officers named in the lawsuit alongside the DarkMatter company are Marc Baier, Ryan Adams, and Daniel Gericke. The lawyers for all four defendants have been contacted for comment by IT Pro but did not respond.

DarkMatter and the three former NSA officers are accused of exploiting a vulnerability in Apple's iMessage service which allowed the trained hackers to locate and monitor targets chosen by their clients, including al-Hathloul.


Bridging the DevSecOps divide: Spotlight on zero trust

Security at the forefront


The trio named in the lawsuit, brought to them by al-Hathloul and the Electronic Frontier Foundation (EFF), have all previously admitted to violating computer fraud and abuse laws, as well as selling sensitive military technology, in a separate non-prosecution agreement with the US Department of Justice (DoJ) in September.

Al-Hathloul claims her phone was first hacked in 2017 which saw her texts, email messages, and real-time location data sent to DarkMatter and its client.

The lawsuit alleges DarkMatter intentionally directed code to Apple's US servers to place malware on al-Hathloul's phone, violating the Computer Fraud and Abuse Act (CFAA) in the process.

"Project Raven went beyond even the behaviour that we have seen from NSO Group, which has been caught repeatedly having sold software to authoritarian governments who use their tools to spy on journalists, activists, and dissidents," said Eva Galperin, cybersecurity director at EFF. "Dark Matter didn't merely provide the tools; they oversaw the surveillance program themselves."

The lawsuit seeks compensation and punitive damages against the three individuals and DarkMatter.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.