During the 21st century, and particularly during the 2010s, the issue of cybersecurity has become ever-growing for states and societies across the world, and the United Arab Emirates is no exception. The prestigious economic position of Dubai, and the general UAE economic powerhouse in the Middle East as a whole, makes the country an attractive target for cybercrime and cyberattacks.
Source: Gulf International Forum
Indeed, as of 2018, the UAE was ranked the most vulnerable country in the Middle East to cyber-related crime. A study by the cybersecurity firm Propoint showed that as late as 2019, more than 80% of organizations currently in the UAE had faced at least one cyber attack. According to DarkMatter, a cybersecurity firm in the UAE, these cybercriminal operations have tended to target oil, gas, telecommunications, governments throughout the Middle East, and other critical infrastructure. In the recent context of Coronavirus, according to The National, a pro-UAE government news outlet, there have been at least 1,500 cyber-attacks in the UAE related to the coronavirus. In addition, they have also reported that Emirati government entities have been increasingly targeted by cyberattack attempts during the month of March 2020.
In response to the growing cyber threat, the Emirati government has introduced laws with the purported objective of curtailing cybercrime. This was for instance done through Federal Law 5 of 2012 on Combating Cybercrimes. In particular, Article 2 states that an individual would be imprisoned and/or fined between 100,000 and 300,000 Dirhams for accessing a website, computer network, information system or technology without authorization. The law, furthermore, places a high emphasis on protecting the security, privacy, and integrity of cyber communications.
Source: Norse Cyber attack Map
On the other hand, DarkMatter itself has come under recent controversy as it has been heavily scrutinized for its role in targeting governments, political dissidents and human rights defenders in the UAE and in the broader Middle East. The DarkMatter group is itself an amalgamation between ex-National Security Agency hackers from the United States government, and Emirati analysts and spies. This arrangement has been known as Project Raven, a “clandestine team”. As US intelligence agents were involved in helping the UAE government to build a “secret surveillance unit”, the framework for this programme has been taking shape from 2008 onwards. In addition, a security clearance loophole allowed hackers, working previously for the NSA, to work for the UAE.
In fact, these former intelligence operatives, having worked for, among others, the National Security Agency, have been spying on behalf of the foreign intelligence agency such as the UAE, on fellow Americans. As one example of this, the DarkMatter group discussed hacking The Intercept, an American publication. These trends, currently developing within the UAE, have been referred to as the “proliferation of privatized spying”, with former American intelligence operatives essentially acting as mercenaries. These worrying developments have, therefore, prompted the US Congress to pass a law stipulating that US spy agencies, including the CIA and the NSA, detail the risks posed by ex-American spies working for foreign governments. This case is especially stark, considering both the UAE’s track record on human rights, and the US government viewing itself to be a voice for reform and a general rollback of dictatorship in the region.
In addition, the Emirati state has used the popular chatting application ToTok as a spying tool. As per a report in the New York Times, the government used this app in order to track conversations, movements, locations, images, and other various data on users’ cell phones. In response, Google and Apple subsequently removed the app from their stores a few days later, citing a “technical issue”. Moreover, it has been reported that the UAE government has been using spying technology from the NSO Group, a competitor to DarkMatter, based in Herzliya, Israel. According to two lawsuits emanating from Israel and Cyprus, the Emirati government has used this spyware in order to hack and spy on political opponents and regional rivals, inter alia the Emir of Qatar, a Saudi prince, and Abdulaziz Alkhamis, the editor of al-Arab, an Arab newspaper based in Qatar. This would be conducted via a piece of software called ‘Pegasus’.
This trend in the Gulf state is, thus, a clear signal of the government’s growing authoritarian turn, with the Emirati state not using its intelligence capabilities to protect the nation, but rather to spy on its own people, particularly individuals it deems an existential threat to the security and stability of the Emirates; indeed, several journalists and activists have been persecuted by the government. One prominent example of this is with the case of Ahmed Mansoor, who is part of the ‘UAE Five’, and who is currently imprisoned as a result of his human rights activism. He faced consistent cyber attacks during the 2010s by the UAE government and DarkMatter through Project Raven. His digital scrutinization by authorities started in 2011, when he became a main figure in the fledgling pro-democracy movement in the Emirates, amidst the context of the Arab Spring in the wider region. Ongoing campaigns by organizations such as Human Rights Watch, Amnesty International, and ADHRB are being carried out to support his release.
However, these developments also come amidst the overall geopolitical context of the Middle East, with the most powerful states from an economic and strategic perspective, such as Qatar, the UAE, Saudi Arabia, Israel, and Iran all jostling for position, both in terms of overall strategic posture and relative distribution of power, but also in terms of sophistication of cyber capabilities, tools, software, and personnel. The Emirates’ cyber developments during the 2010s can, therefore, be seen as a push to increase its geopolitical clout in the Middle East, aside from its increasing interventionist role in Yemen and Libya. Until recently, its security power has not necessarily been in sync with its vast economic power. The issue of cybersecurity in the Emirates, and indeed in the Gulf, is therefore a barometer of several other key issues in the Middle Eastern region, namely regional geopolitics and security, as well as the promotion of human rights and democracy.
The European Centre for Democracy and Human Rights (ECDHR) therefore calls upon the Emirati government to cease the gratuitous surveillance programmes on its own population and the constant cyberattacks on activists, journalists and political figures campaigning for human rights and political reform in the United Arab Emirates.