>> They learned the tools of their trade here in the halls of the US National Security Agency, but a group of former NSA cyber-spies is now coming under scrutiny after they left the NSA to work here, as hackers for the United Arab Emirates. An investigation by Reuters found the group helped the UAE spy on targets, such as rival governments and militants, in an operation code named Project Raven.
It also targeted human rights activists who are critical of the UAE's monarchy. The UAE's Ministry of Foreign Affairs and the NSA both declined to comment, but hackers Reuters spoke to say Project Raven went even further, putting some Americans under surveillance. Correspondents Joel Schectman and Christopher Bing uncovered the story.
>> Project Raven hired people with deep backgrounds from the NSA and other American intelligence services to serve as contract spies. You might think of them as mercenary spies.>> One former operative, Lori Stroud, joined as a contractor for Project Raven in 2014. Stroud told Reuters she collected data on hundreds of targets selected by the Emirates' National Electronic Security Authority.
>> Operatives on Project Raven would do essentially online reconnaissance of those targets. And once they discovered a potential vulnerability, then they would say, okay. Well, here's the systems that this person is using, here's a type of malware that we can use against them, and here's how we can conduct this attack.
>> One target was Ahmed Mansoor, a prominent Emirati activist who had publicly criticized the country on several issues, including its role in Yemen's civil war. Sources say Project Raven gave Emirati officials what they considered evidence against Mansoor, who was later convicted and sentenced to ten years in jail.
The operatives say the project did some work they are proud of, such as breaking up an Islamic State network inside the Emirates, but it also raised red flags. The operatives say, over time, data collection became broader, with Americans' data also being collected. Stroud told Reuters she left Project Raven after she found out Americans were being deliberately targeted.
>> When she discovered this, she complained to her supervisors, she complained to the managers, and their response to her, she said, was quite telling. They said this was basically something she wasn't supposed to see.>> Documents reviewed by Reuters showed that the US State Department, which issue licenses for contractors to work with foreign governments, knew that Americans were setting up cyber surveillance operations for the Emiratis.
But it's not clear if State knew the extent of Project Raven's operations. The State Department said its licenses don't give people permission to violate human rights, but declined to comment on any specific license. Stroud and other former Project Raven operatives are now cooperating with the FBI, as it probes whether Project Raven leaked classified US surveillance techniques, and whether they illegally targeted Americans