Plausible Denial
Countries / United Arab Emirates

Signals Intelligence Agency

SIA

The United Arab Emirates' national signals-intelligence and cyber-security agency, established in 2012 as the National Electronic Security Authority (NESA) and subsequently reorganised under the SIA name; substantially staffed by Western contractors and former intelligence officers.

0:00 / 0:00

Audio readout of this profile.

Overview

The Signals Intelligence Agency (Hayʾat al-Istikhbārāt al-Ishāriyyah, SIA) is the United Arab Emirates' national signals-intelligence and cyber-security agency. It is responsible for the collection of foreign signals intelligence in support of UAE national-security and foreign-policy interests; the protection of UAE government and critical-infrastructure networks against cyber threats; and substantial offensive-cyber capability. It is unusual among comparable services in the documented degree to which it has, across its existence, relied on partnerships with Western contractors and on the recruitment of former US, UK, and other Western signals-intelligence personnel.1

The Agency reports through the Supreme Council for National Security to the President of the United Arab Emirates and the Crown Prince of Abu Dhabi, who serves concurrently as Deputy Supreme Commander of the UAE Armed Forces. It is headquartered in Abu Dhabi. Its budget and personnel are classified; published Western reporting on the Agency and its predecessor body has identified, at various points, a workforce composition with substantial expatriate technical staff.2

History & Origins

The National Electronic Security Authority (NESA), the SIA's predecessor and institutional foundation, was established by Federal Decree-Law No. 3 of 2012 as the principal UAE cyber-security and signals-intelligence body. The agency was subsequently reorganised and renamed the Signals Intelligence Agency — the precise timing and decree number of this renaming are not established in the public record. NESA itself had succeeded earlier, smaller cyber-security units within UAE federal and Abu Dhabi-emirate government agencies, including units associated with the Critical Infrastructure and Coastal Protection Authority.3

The institutional context of the Agency's establishment was the post-2010 UAE response to the Arab uprisings, the post-2011 reorientation of UAE national-security priorities, and the substantial Emirati investment in technical-collection capability that began under the leadership of Sheikh Mohammed bin Zayed Al Nahyan, then Crown Prince of Abu Dhabi (subsequently President of the UAE from 14 May 2022). The Agency's development has been closely associated with the work of two contractor companies — the Emirati firm DarkMatter (which succeeded the Baltimore-based US contractor CyberPoint in 2015–2016 and was subsequently reorganised under successor entities including G42) and the Italian firm Hacking Team (until its 2015 compromise) — and with the recruitment of former US National Security Agency and Central Intelligence Agency personnel into a programme later publicly identified as "Project Raven."4

The 2019 Reuters investigation into Project Raven, the 2021 US Department of Justice deferred-prosecution agreement with three former US Intelligence Community personnel for unlawful provision of computer-network-exploitation services to the UAE, and successive Citizen Lab and Amnesty International technical reports on the use of NSO Group's Pegasus by UAE clients have produced the most extensive public-record documentation of any contemporary signals-intelligence agency outside the Five Eyes.5

Mandate & Jurisdiction

The Agency's authorities derive from federal decrees and from the laws governing the UAE national-security architecture, including the 2003 Federal Law on the Suppression of Terrorist Crimes, the 2012 Federal Decree-Law on Combating Cybercrimes, and the 2021 successor cyber-crime legislation. Its core functions are:

  • foreign signals-intelligence collection in support of UAE national security and foreign policy;
  • cyber-security protection of UAE federal-government and designated critical-infrastructure networks;
  • offensive cyber capability development and authorised offensive cyber operations;
  • counter-cyber-threat operations against foreign actors targeting UAE entities;
  • liaison with foreign signals and cyber agencies.6

The SIA operates principally in support of the UAE federal government; substantial parallel cyber and intelligence capability exists at the level of the constituent emirates, particularly Abu Dhabi (through the Abu Dhabi Government's own cyber agencies and through entities including DarkMatter / G42 contractors) and Dubai (through the Dubai Police's cyber units).

Notable Operations

Confirmed Project Raven (2009–2019). A programme through which the United Arab Emirates contracted former United States Intelligence Community personnel — primarily former National Security Agency and Central Intelligence Agency officers — to conduct offensive cyber operations on behalf of the UAE Government, initially through the contractor CyberPoint and subsequently through the Emirati firm DarkMatter. The programme was disclosed in a January 2019 Reuters investigation by Christopher Bing and Joel Schectman; the September 2021 deferred-prosecution agreement between the US Department of Justice and three former US Intelligence Community personnel (Marc Baier, Ryan Adams, and Daniel Gericke) confirmed the basic outlines of the operation. Targets disclosed in the published reporting included Emirati dissidents, foreign journalists, foreign government officials, and rival regional governments.7

Confirmed Karma exploit and 2017 Qatari diplomatic crisis. The 2019 Reuters reporting and subsequent CitizenLab analysis identified the use by Project Raven personnel of an iPhone exploit codenamed "Karma" against targets including, in 2016 and 2017, the personal devices of senior Qatari officials. The operation has been linked in subsequent academic and journalistic analysis to the 2017 UAE–Qatari diplomatic crisis and the rupture of UAE–Qatari relations.8

Confirmed NSO Group Pegasus deployments (2010s onward). Successive Citizen Lab, Amnesty International, and Forensic Architecture investigations have documented the use of NSO Group's Pegasus mobile-spyware tool by UAE clients against multiple categories of targets — including UAE dissident Ahmed Mansoor, the personal devices of senior Qatari officials, the personal devices of two close associates of journalist Jamal Khashoggi, and successive UK, US, and Mexican civil-society figures. The most prominent specific cases are the August 2016 Mansoor disclosure (in which Citizen Lab and Lookout identified a then-unknown chain of three iOS zero-day exploits) and the July 2021 Pegasus Project consortium reporting.9

Confirmed ToTok mobile application (2019). A December 2019 New York Times investigation, drawing on US intelligence officials and on technical analysis, identified the popular video-calling mobile application ToTok — which had achieved millions of downloads, primarily across the Middle East — as a UAE intelligence-collection tool. Apple and Google subsequently removed the application from their app stores. Subsequent academic and civil-society analysis has substantially confirmed the basic outlines of the original Times reporting.10

Alleged Yemen conflict signals-intelligence support. Multiple reports, including a March 2018 Bureau of Investigative Journalism investigation, have identified UAE signals-intelligence support to the Saudi-led coalition operations in Yemen. Operational specifics remain classified; the broader pattern of UAE technical and intelligence support to coalition operations has been the subject of substantial international human-rights organisation scrutiny.11

Controversies & Abuses

Confirmed Targeting of Emirati dissidents. The cases of Ahmed Mansoor (Emirati human-rights defender, sentenced in 2018 to ten years' imprisonment by an Emirati court following a closed-door trial; his Pegasus targeting documented by Citizen Lab in 2016), Loujain al-Hathloul (Saudi human-rights activist subsequently identified as a Project Raven target; subsequently detained in Saudi Arabia from 2018 to 2021), and successive other Emirati and Gulf dissident cases have produced sustained international human-rights organisation, civil-society, and journalistic attention to the SIA's pattern of dissident-targeting work.12

Confirmed Project Raven and the recruitment of former US Intelligence Community personnel. The September 2021 US Department of Justice deferred-prosecution agreement with Baier, Adams, and Gericke established the public-record fact that former US Intelligence Community personnel had provided unauthorised computer-network-exploitation services to the UAE for approximately three to four years (2016–2019). The defendants paid $1.685 million in penalties under the agreement; subsequent Justice Department guidance has substantially restricted the post-employment activities of former US Intelligence Community personnel in this domain.13

Confirmed DarkMatter / G42 entity sanctions and reorganisation. The DarkMatter group of companies — which housed Project Raven and was the principal Emirati contractor for the operation — has been subsequently rebranded and reorganised, including under entities associated with the G42 group. Successive US Government sanctions actions, technology-export-control measures, and 2024 Microsoft-led G42 investments have produced a complex and partially-public corporate trajectory.14

Alleged Operations against US persons and US-resident dissidents. The Project Raven disclosures and the 2021 deferred-prosecution agreement specifically identified instances in which the operation had targeted US persons, contrary to undertakings the contracted personnel had given to the US Government. The full scope remains partially classified.7

Notable Figures

  • Sheikh Tahnoun bin Zayed Al Nahyan — National Security Adviser of the United Arab Emirates and the principal political-level figure overseeing the UAE national-security architecture; Chairman of multiple UAE security and economic entities.
  • Marc Baier — Former US National Security Agency officer; senior figure in Project Raven through 2019; subject of the September 2021 US Department of Justice deferred-prosecution agreement.
  • Ryan Adams and Daniel Gericke — Co-defendants in the 2021 deferred-prosecution agreement.
  • Lori Stroud — Former US National Security Agency analyst, formerly of Project Raven; whistleblower whose disclosures contributed substantially to the 2019 Reuters investigation.

Oversight & Accountability

Formal oversight of the SIA is exercised by the Supreme Council for National Security and, in practice, by the National Security Adviser of the United Arab Emirates. The UAE does not have a parliamentary oversight regime on the model of comparable Western jurisdictions; the Federal National Council holds advisory but not binding authority over national-security matters.

External public-record accountability for SIA activity has come principally from US and European judicial and regulatory actions — including the 2021 US deferred-prosecution agreement, successive US technology-export-control actions, and European court proceedings on cyber-surveillance cases — and from the work of the Citizen Lab, Amnesty International, Access Now, and other technical-civil-society organisations.15

Sources & Further Reading

  1. Christopher Bing and Joel Schectman, "Inside the UAE's secret hacking team of American mercenaries," Reuters, 30 January 2019.
  2. Bing and Schectman, op. cit.; Reuters Project Raven follow-up reporting, 2019–2021.
  3. Federal Decree-Law No. 3 of 2012 (establishing NESA); Christopher Hopper, "Government and Information Technology in the UAE," Middle East Quarterly, 2017.
  4. Andy Greenberg, Sandworm (Doubleday, 2019), sections on Hacking Team and UAE clients; David D. Kirkpatrick, "Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says," New York Times, 2 December 2018.
  5. United States v. Marc Baier, Ryan Adams, and Daniel Gericke, deferred-prosecution agreement, D.D.C., 14 September 2021.
  6. UAE federal decrees on signals intelligence; UAE Federal Law No. 7 of 2014 on Combating Terrorism Crimes; Federal Decree-Law No. 5 of 2012 on Combating Cybercrimes (with successor 2021 legislation).
  7. Christopher Bing and Joel Schectman, "Inside the UAE's secret hacking team," op. cit.; Department of Justice press release on the Baier/Adams/Gericke deferred-prosecution agreement, 14 September 2021.
  8. Christopher Bing and Joel Schectman, "Special Report: Inside the UAE's secret hacking team of U.S. mercenaries," and follow-up reporting on the Karma exploit, Reuters, 30 January 2019; Citizen Lab analysis, 2019.
  9. Bill Marczak and John Scott-Railton, "The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender," Citizen Lab, 24 August 2016; Pegasus Project consortium reporting, 18 July 2021 onward.
  10. Mark Mazzetti, Nicole Perlroth, and Ronen Bergman, "It Seemed Like a Popular Chat App. It's Secretly a Spy Tool," New York Times, 22 December 2019.
  11. Maggie Michael, "Yemen: US allies, al-Qaida battle rebels in government-backed offensive," Associated Press, 6 August 2018; Bureau of Investigative Journalism, "Kidnapped and never seen again: Inside the UAE's network of 'disappearances' in Yemen," 8 June 2017.
  12. Citizen Lab, "The Million Dollar Dissident," op. cit.; Reuters, "How a Saudi woman's iPhone revealed hacking around the world," 17 February 2022.
  13. United States v. Baier et al. deferred-prosecution agreement, op. cit.
  14. Statements by US Department of Commerce Bureau of Industry and Security on UAE entities; Microsoft-G42 partnership announcement, 16 April 2024.
  15. Citizen Lab, Annual Reports and successive specific investigations; Access Now, Pegasus reports series; Amnesty International, "Surveillance and Human Rights" reporting.