• 9 hours Bezos’ Next Big Project Could Be Worth $100 Billion Per Year
  • 11 hours 3,600 Years Later, Climate Change Turns Mammoths Into $40M Market
  • 15 hours Tesla, Apple Claim China Is Stealing Intellectual Property
  • 17 hours EV Giants Duke It Out For Battery Dominance
  • 1 day Tech Billionaire Takes Aim At Google
  • 1 day Chinese Police Bust Largest Ever Illicit Crypto Mining Operation
  • 2 days Expect A Pullback Before Gold's Next Major Rally
  • 2 days Why Interest On Gold Matters
  • 2 days Ten Extravagant Food Items For The Wealthy Only
  • 3 days Why Saudi Arabia Won't Give Up On The Aramco IPO
  • 3 days $32 Million Crypto Heist Halts Tokyo Exchange
  • 4 days Is A Gold Selloff Looming?
  • 4 days Central Banks Are Stashing Gold And Dumping Treasuries
  • 5 days Three Cannabis Trends Flying Under Investors’ Radars
  • 5 days $1.3 Billion In Cocaine Found On JPMorgan Vessel
  • 5 days Amazon Teams Up With Lady Gaga To Win Over Generation Z
  • 6 days Dollar Falls As Powell Teases Rate Cuts
  • 6 days Will The World's First Trillion Dollar Company Ever Bounce Back?
  • 6 days Many Americans Will Never Stop Working
  • 6 days Mozilla vs DarkMatter: The Cyber Espionage End Game
Fake Website Traffic Costs Companies $50 Billion Per Year

Fake Website Traffic Costs Companies $50 Billion Per Year

Advertising fraud online is being…

Using Chrome? You May Be Sacrificing Your Privacy

Using Chrome? You May Be Sacrificing Your Privacy

Google's Chrome is essentially spy…

  1. Home
  2. Tech
  3. Internet

Mozilla vs DarkMatter: The Cyber Espionage End Game

Cyber

DarkMatter is a name that conjures up all sorts of … darkness, even when you don’t know who, or what, is behind it. 

The truth is, DarkMatter is two very different beasts in one. 

On the surface, it is a certificate authority--a cryptographic entity that issues digital certificates that certify the ownership of a public key. In other words, it verifies the ownership of a domain and validates that identity. 

It’s a powerful authority, but Firefox thinks it’s too much power for a company that is also believed to be involved in high-level espionage. 

DarkMatter has been waiting for months for Firefox to whitelist it, but in a July 9th discussion group post, Mozilla’s certification authority manager Wayne Thayer said it was his company’s top priority to protect users and DarkMatter posed “a significant risk”.  While the name “DarkMatter” doesn’t help, neither does the reputation. 

The UAE company has been accused of developing malware and spyware for surveillance operations. It’s also been singled out for targeting dissidents, journalists and a lineup of royal rivals. And if that wasn’t clear, it’s been accused of state-sponsored hacking--all of which the company denies. 

According to a Reuters report from late January, not only DarkMatter used the “Karma” spying tool to hack into the iPhones of activists, diplomats and rival foreign leaders, but they also did it with help from former U.S. government intelligence operatives now on the UAE payroll. Reuters got five of those former operatives to spill the beans on what was dubbed “Project Raven”. 

The underlying message, then, is that DarkMatter is believed to be a contractor for the UAE intelligence services. 

And Karma isn’t just another hacking tool--it is powerful enough to tap into hundreds of iPhones at once, and it’s the height of cyberwarfare tools right now. Few countries would be capable of developing it. 

Related: The Ultimate Virus-Infected Computer Fetches $1.35M At Auction

With this in mind, Mozilla’s view seems to be that DarkMatter is both a protector of internet security, and one of its biggest enemies. 

What DarkMatter was asking from Mozilla was this: Formally trust our root certificates in the Firefox certificate store, where trusted certificate authorities are approved to issue HTTPS certificates. 

The risk, according to TechCrunch, is that a “malicious certificate authority could allow the interception of encrypted internet traffic by faking or impersonating websites”. And that would, indeed, be a “dark matter”. 

Certificate authorities are at the top of the hierarchy of trust in the digital world. They are there to secure the web, email and other connections that allow commerce, government and every single online community to function securely, and without external infiltration. 

As a root authority, DarkMatter, through Mozilla, could issue invalid certificates for domains they don’t manage. That would allow attackers to slip in and steal data and intercept encrypted traffic. A root authority, put in another way, is the perfect espionage tool. 

It’s a vastly powerful positioning, and--largely thanks to Reuters--Mozilla won’t be letting a questionable power broker in through the front door. 

By Michael Kern for conil.me

More Top Reads From conil.me:

Back to homepage

Leave a comment

Leave a comment