Security Experts:

Connect with us

Hi, what are you looking for?



Saudi Activist Sues 3 Former U.S. Officials Over Hacking

Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul’s behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.

In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeted at dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her “arbitrary arrest by the UAE’s security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured.”

“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene.

DarkMatter assigned her the codename of “Purple Sword,” the lawsuit says, citing a 2019 investigation by Reuters that first detailed the hacking of al-Hathloul.

The lawsuit is the latest legal challenge to the secretive private cyber-surveillance industry, which often sells pricey hacking services to authoritarian governments that are used to secretly break into phones and other devices of activists, journalists, political opponents and others. Tech giant Apple filed a lawsuit last month against Israel’s NSO Group seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Baier, Adams and Gericke admitted in September to providing sophisticated computer hacking technology to the UAE and agreed to pay nearly $1.7 million to resolve criminal charges in a deferred prosecution agreement the Justice Department described as the first of its kind. The Justice Department described each of them as former U.S. intelligence or military personnel. Baier previously worked at the National Security Agency, the AP previously reported.

The trio are part of a trend of U.S. officials with backgrounds in spying and hacking going to work for foreign governments with questionable human rights records, which has led to calls in Congress for greater oversight.

Attorneys for Baier, Adams and Gericke did not immediately return requests for comment. Questions sent by email to officials at Abu Dhabi-based DarkMatter could not be delivered.

Arrested in 2018, al-Hathloul was sentenced to almost six years in prison last year under a broad counterterrorism law. Held for 1001 days, with time in pre-trial detention and solitary confinement, she was accused of crimes such as agitating for change, using the internet to cause disorder and pursuing a foreign agenda.

From behind bars, al-Hathloul went on hunger strikes to protest her prison conditions and joined other female activists in testifying to judges that she was tortured and sexually assaulted by masked men during interrogations. The women reported that they were caned, electrocuted and waterboarded. Some said they were groped and threatened with rape. Saudi Arabia denies that any were mistreated.

Her case sparked an an international uproar over the Saudi kingdom’s human rights record and President Joe Biden called her a “powerful activist for women’s rights” when she was released in February.

Since details of DarkMatter’s hacking campaign have become public, the company’s profile has dropped over the last few years, with some staff moving on to a new Abu Dhabi-based firm called G42. That firm has been linked to a mobile app suspected of being a spying tool as well as to Chinese coronavirus tests that American officials warned against using over concerns about patient privacy, test accuracy and Chinese government involvement.

RelatedMozilla Moves to Deny DarkMatter’s Root Inclusion Request

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.