Mercenary hackers open a can of worms for US cybersecurity
Three men have admitted sharing critical US defence technology and secrets with the UAE government
In 2012, an Iranian computer virus named Shamoon wiped data from tens of thousands of computers at two of the Middle East’s most important energy companies, Saudi Aramco and Qatar’s Ras Gas. Shamoon was no Stuxnet: unlike the Israeli digital weapon that destroyed nuclear centrifuges in the Islamic republic, the virus that attacked the energy companies did little damage to their operations.
But the demonstration of their vulnerability panicked policymakers in the Gulf Arab states. Saudi Arabia, Qatar, the United Arab Emirates, Kuwait and Oman all turned to the US for expertise to protect their vital national resources against cyberattacks. With the blessings of the Barack Obama administration, American defence contractors specialising in cybersecurity were happy to help.
To meet the surging demand for their services, these firms recruited cyber operatives and analysts from US intelligence agencies, offering what one former Federal Bureau of Investigations (FBI) agent described as “buy-yourself-a-Ferrari” salaries. For some, their job description evolved from playing defence against hackers to going on the offence, heading attackers off at the pass. Others were assigned to counterterrorism operations, doing for their new clients what they had previously done for their country, and often using the same tools...