A UAE bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users, has failed with the browser maker Mozilla rejecting the country’s bid.
Websites seeking designation as safe by internet browsers have to be certified by an outside organization, which will confirm their identity and vouch for their security.
Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program.
Apparently Abu Dhabi-based DarkMatter had provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government.
The operation was done secretly with even DarkMatter executives unaware of the program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.
The program’s operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found.
According to Reuters, DarkMatter has denied being connected to offensive hacking operations, saying the reports of its involvement were based on “false, defamatory, and unsubstantiated statements.”
Mozilla sources said they fear DarkMatter might use the role of internet security gatekeeper to launch surveillance efforts.
Mozilla concluded “that placing our trust in DarkMatter and disregarding credible evidence would put both the web and users at risk,” Deckelmann told Reuters.
The certifying organization also helps secure the connection between an approved website and its users, promising traffic will not be intercepted.
But if a surveillance group gained that authority, it could certify fake websites impersonating banks or email services, allowing hackers to intercept user data, security experts say.
Organizations that want to obtain certifying authority must apply to browser makers like Mozilla and Microsoft.
Most of the certifying organizations are independent, private companies. Browsers like Firefox allow websites to obtain certification from any approved authority anywhere in the world.
But many countries, including China, the United States and Germany also have government-approved organizations in the role.
Also published on Medium.
