For years, the United Arab Emirates (UAE) ran a secret spy organization called Project Raven. The team of former U.S. intelligence operatives used a “cyber super-weapon” called Karma to remotely access any iPhone they wanted, according to Reuters.
Karma could automatically access hundreds of iPhones at once with nothing more than their phone numbers, according to the former spies, but couldn’t listen in on calls — a real-world example of the type of uber-hack you might find in a spy novel.
In 2016 and 2017, Project Raven operatives relied on Karma to gather its targets’ pictures, messages, and passwords.
“It was like, ‘We have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now,'” Lori Stroud, a former member of Project Raven who had also worked at the NSA, told Reuters. “It was like Christmas.”
Operatives told Reuters that a 2017 patch to Apple’s iPhone security made Karma less effective and that they weren’t sure whether the UAE still uses the tool.
The existence of Karma and Project Raven demonstrates that sophisticated hacking tools now exist outside of global leaders like the U.S., China, and Russia. Prior to this report, it was thought that tools like Karma wouldn’t be found in smaller countries, Michael Daniel, a cybersecurity expert from the Obama administration told Reuters.
But now it seems that advanced hacking tools have started trickling down from superpowers to ambitious spy agencies in smaller countries — an ominous shift of global power for privacy-conscious civilians.
READ MORE: Exclusive: UAE used cyber super-weapon to spy on iPhones of foes [Reuters]
More on cybersecurity: Japan Plans to Hack 200 Million Devices to Prepare for Olympics