Optiv spokesman Jeremy Jones wrote in an email that his company “has given full cooperation to the Department of Justice” and Optiv “is not the subject of this investigation.” That’s right: the subjects of the investigation are three former U.S. intelligence and military personnel who worked illegally with the UAE. However, the role of the accountant as an equity developer and seller was so important that it could be broadly expanded in the Department of Justice’s court filings.

The iMessage exploit was the primary weapon in an emirate program called Karma, run by DarkMater, an organization that emerged as a private company but in fact acted as a de facto spy agency for the UAE.

Reuters reported the exploitation of Karma and iMessage in 2019. But on Tuesday it slapped a $ 1.68 million fine on three former U.S. intelligence and military personnel for working without a license as mercenary hackers in the U.S. That activity involves purchasing an equivalent tool and then directing a hacking campaign funded by the UAE.

U.S. court documents note that the exploits were developed and sold by American companies but did not name the hacking companies. The role of Accuvant has not yet been reported.

The FBI will conduct a thorough investigation into individuals and companies profiting from illegal criminal cyber activity, Brian Varandran, assistant director of the FBI’s cyber division, said in a statement. “This is a clear message to anyone, including former U.S. government employees, who thought of using cyberspace to take advantage of export-controlled information for the benefit of a foreign government or a foreign trading company ત્યાં there is a risk, and there will be consequences.”

Exploit the developing

Despite the fact that the UAE is considered a close ally of the United States, according to court documents and whistle blowers, Darkmeter has been linked to cyber attacks against a range of American targets.

Aided by American partnership, expertise and money, DarkMater has built the UAE’s aggressive hacking capabilities over the years from almost anything to a formidable and active operation. The group spent heavily on developing American and Western hackers and sometimes directing the country’s cyber operations.

At the time of the sale, Accuvant was a research and development laboratory located in Denver, Colorado, specializing in and selling iOS exploits.

“The FBI will conduct a thorough investigation into individuals and companies that have profited from illegal criminal cyber activity. This is a clear message to anyone … there is a risk, and the consequences will come. ”

Brandon Warden, FBI

A decade ago, Acuvent established a reputation as a formidable exploit developer, working with large American military contractors and selling bugs to government customers. In an industry that generally values ​​the Code of Silence, the company has occasionally caught people’s attention.

Journalist David Kushner wrote in the company’s 2013 profile in Rolling Stone, “Acquant represents an upside in the cyber war: a booming market.” He said it was a kind of company, “able to create custom software that can penetrate external systems and gather intelligence or even shut down servers, for which they can pay up to 1 million.” “

Optiv exited the hacking industry largely following a series of mergers and acquisitions, but Accent’s alumni network is strong and still working on exploitation. Two high-profile employees went to cofound Grayshift, an iPhone hacking company known for their skills in unlocking devices.

Acuvent sold the hacking exploit to multiple customers in both the government and the private sector, including the United States and its affiliates – and this particular iMessage exploit was simultaneously sold to many other customers, the MIT Technology Review has learned.

iMessage flaws

IMessage exploitation is one of the few serious flaws in the messaging app that has been discovered and exploited in recent years. The 2020 update for the iPhone’s operating system has been sent with a complete rebuild of iMessage security in an effort to make the goal harder.