I admit, it’s surprising to hear offensive InfoSec folks talk about how they “accidentally” worked for or were in the process of being recruited by UAE intelligence.
I rejected ~$1mio worth of mobile exploitation training requests from the Middle East without a second thought.
I rejected ~$1mio worth of mobile exploitation training requests from the Middle East without a second thought.
None of the recently revealed practices of Middle Eastern intelligence is surprising. You don’t need to wait until a country is blacklisted before you consider not supplying them with offensive capabilities.
Do you really feel comfortable putting a price tag on your morals?
I even got requests from front companies that turned out to have connections to ME intelligence. At some point the effort of vetting these companies became to time consuming so I decided to use a whitelist approach for accepting requests and only work with established orgs.
I’m not saying there’s a universal rule for what’s morally wrong. You have to decide that for yourself. I know of folks who knowingly work with the UAE. That’s their choice.
But if you decide against entities that violate human-rights, don’t be naive and end up working for one.
But if you decide against entities that violate human-rights, don’t be naive and end up working for one.
“But I didn’t know that this Middle Eastern company founded by a prince would use offensive capabilities for practices I don’t support” — really?