Monday, Jul 13, 2020 | Last Update : 11:42 AM IST

111th Day Of Lockdown

Maharashtra25442714032510289 Tamil Nadu138470895321966 Delhi112494899683371 Gujarat41906291982046 Karnataka3884315411686 Uttar Pradesh3647623334934 Telangana3467122482356 West Bengal3001318581932 Andhra Pradesh2916815412328 Rajasthan2439218103510 Haryana2124015983301 Madhya Pradesh1763212876653 Assam168071089541 Bihar1630511953125 Odisha13737875091 Jammu and Kashmir105135979179 Kerala7874409532 Punjab78215392199 Chhatisgarh4081315319 Jharkhand3760230831 Uttarakhand3537278647 Goa2453120714 Tripura206714212 Manipur16098960 Puducherry141873918 Himachal Pradesh121391610 Nagaland8453270 Chandigarh5594178 Arunachal Pradesh3601382 Meghalaya295452 Mizoram2311500 Sikkim164810
  Technology   In Other news  10 Jul 2019  Mozilla blocks UAE attempt to become an internet security guardian

Mozilla blocks UAE attempt to become an internet security guardian

REUTERS
Published : Jul 10, 2019, 11:55 am IST
Updated : Jul 10, 2019, 11:55 am IST

Firefox browser maker Mozilla is blocking the United Arab Emirates’ government from serving as one of its internet security gatekeepers.

Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program. (Photo: Representational Image)
 Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program. (Photo: Representational Image)

Firefox browser maker Mozilla is blocking the United Arab Emirates’ government from serving as one of its internet security gatekeepers, citing Reuters reports on a UAE cyber espionage program.

Mozilla said in a statement on Tuesday it was rejecting the UAE’s bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users.

Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program.

Reuters reported in January that Abu Dhabi-based DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former US intelligence officials who conducted offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.

The program’s operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found.

DarkMatter has denied being connected to offensive hacking operations, saying the reports of its involvement were based on “false, defamatory, and unsubstantiated statements.”

The UAE embassy in Washington and DarkMatter did not respond to a request for comment on Tuesday.

‘CREDIBLE EVIDENCE’

Selena Deckelmann, Mozilla’s senior director of engineering, said the reports from Reuters, as well as the New York Times and the Intercept, had made the browser company fear that DarkMatter would use the role of internet security gatekeeper to launch surveillance efforts.

Mozilla concluded “that placing our trust in DarkMatter and disregarding credible evidence would put both the web and users at risk,” Deckelmann told Reuters.

Websites seeking designation as safe by internet browsers have to be certified by an outside organization, which will confirm their identity and vouch for their security.

The certifying organization also helps secure the connection between an approved website and its users, promising traffic will not be intercepted.

But if a surveillance group gained that authority, it could certify fake websites impersonating banks or email services, allowing hackers to intercept user data, security experts say.

Organizations that want to obtain certifying authority must apply to browser makers like Mozilla and Microsoft.

Most of the certifying organizations are independent, private companies. Browsers like Firefox allow websites to obtain certification from any approved authority anywhere in the world.

But many countries, including China, the United States and Germany also have government-approved organizations in the role.

DarkMatter executives have argued that rejection of the UAE bid to become a certifying body would be a “dystopian” policy by Mozilla “against sovereign nations deemed not worthy of operating their own national certificates.”

GROWING FEARS

In 2017, DarkMatter applied on behalf of the UAE government for certificate authority. The company also applied to Mozilla to become a commercial certifier in its own right.

Following Reuters reports earlier this year, Mozilla executives began to fear that DarkMatter could use the authority to spy on users, a Mozilla executive said in the company’s public online forum.

Mozilla executives said rejecting an applicant on the basis of media reports was unprecedented. In past cases, Mozilla primarily relied on technical evidence to determine certification authority.

In Mozilla’s public discussion boards, DarkMatter executives and some security experts warned that relying on news articles to decide who can become a certificate authority would permanently taint the process with bias.

Mozilla’s stated concerns showed “a hidden organizational animus that is fatal to the idea of ‘due process’ and ‘fundamental fairness,’” Benjamin Gabriel, general counsel for DarkMatter, wrote in the online forum.

In May, a DarkMatter executive said the company would move its certificate business to a new entity called DigitalTrust. That company would be controlled by a firm called DM Investments, which is owned by DarkMatter founder Faisal Al Bannai.

“This ownership structure does not assure me that these companies have the ability to operate independently, regardless of their names and legal structure,” said Wayne Thayer, Mozilla’s certification authority program manager, in his announcement on Tuesday.

Along with rejecting the UAE’s application, Mozilla said it would block several other separate bids by DarkMatter to become a commercial certificate provider. Mozilla also said it would mark as unsafe the more than 275 websites DarkMatter had already certified under an earlier provisional authority that the company gained in 2017.

Mozilla noted that another UAE government entity called the Dubai Electronic Security Center still had a pending application to become a certificate authority, on which Mozilla had not yet made a decision.

While each browser company makes its own decisions about who it allows to become a certifying authority, Mozilla is seen as a leader in this area. Security experts say competitors, such as Google’s Chrome browser and Apple’s Safari browser, tend to follow its lead.

Thayer said in his announcement that even without a smoking gun that showed DarkMatter had misused certificates; the risks demonstrated by the reports were too great.

“While there are solid arguments on both sides of this decision, it is reasonable to conclude that continuing to place trust in DarkMatter is a significant risk to our users,” he said.

Tags: mozilla, uae, cybersecurity, internet, firefox