The U.S. State Department is probing an American security company founded by an ex-CIA operative over its work for Qatar, including the alleged hacking of the monarchy’s political enemies inside and outside the U.S.
The department notified Global Risk Advisors in June of last year that it was looking into whether the firm had violated International Traffic in Arms Regulations, or ITAR, which govern the sharing of U.S. defense equipment and services to third countries, according to a letter seen by Semafor.
The letter, which draws heavily from a 2021 Associated Press investigation, asks for information to determine if GRA provided unlicensed military training to Qatari defense officials. It also raises allegations that the company helped the country hack officials from FIFA, the world governing body of soccer, and a number of U.S. and Mideast leaders who’ve been critical of Qatar’s foreign policy. Qatar hosted the FIFA World Cup last fall.
The department also points to evidence that GRA’s team provided Qatar’s Ministry of Interior a “robust spying and hacking training program” based on techniques learned from U.S. military and intelligence agencies.
The inquiry comes on top of an FBI investigation of GRA first revealed by the AP last year. The New York-based company, which was founded by former CIA operative Kevin Chalker, denies allegations of wrongdoing.
The State Department told Semafor on Monday that it doesn’t comment on the status of ITAR licenses or investigations into possible violations. The Department’s Directorate of Defense Trade Controls doesn’t list GRA as a company that’s either been penalized or reached an agreement with the State Department — suggesting the investigation is ongoing.
GRA’s case is one of a growing number in which foreign governments are accused of using hacking, surveillance, and cyber operations to target their opponents globally, often using foreign companies and contractors. This dynamic has allowed rulers and governments — particularly, but not only, in the Middle East — to significantly expand the reach of their security services, including into traditional Western safe havens in Europe and the U.S.
Last October, the U.S. Treasury Department sanctioned members of Iran’s Ministry of Intelligence and Security for allegedly developing a hacking school, called the Ravin Academy, to train personnel to track and disrupt dissidents involved in anti-regime protests. These operatives work from both inside Iran and out.
Room for Disagreement
Reached by Semafor, Attorneys for GRA and Kevin Chalker denied that the company engaged in any activities for the government of Qatar outside the strict technical assistance agreements approved by the State Department in 2018.
These activities focused solely on helping Qatar and its security forces prepare for and secure the 2022 World Cup, these attorneys said, and did not include hacking, surveillance operations, or any other military training or equipment transfers not covered by the agreements.
“GRA is closely working with its regulators at the State Department,” Kevin Carroll, an attorney for GRA, told Semafor on Wednesday. Qatar’s embassy in Washington didn’t respond to a request for comment.
A former Republican Party fundraiser, Elliott Broidy, is currently suing Chalker and GRA in the Southern District Court of New York for allegedly hacking his emails and distributing them to the press beginning in 2018. Broidy’s suit initially included the government of Qatar. But a federal judge in California removed the country from the case in 2018 on the grounds it had sovereign immunity.
Broidy pled guilty in 2020 to illegally lobbying the U.S. government on behalf of a Malaysian businessman, a case that was tied to some of his hacked correspondence.
The Associated Press reported last October that the FBI is also investigating GRA and Chalker for their suspected role in hacking FIFA officials in an effort to undercut the opponents of Qatar hosting the 2020 World Cup. The AP investigation also cited documents that showed GRA targeted American critics of Qatar, such as Broidy, who supported Saudi Arabia and the United Arab Emirates in their diplomatic feud with Qatar over Doha’s foreign policy and relationship to Islamist movements in the. Middle East.
GRA “has consistently protected Qatar by attacking the attackers,” the company said in an internal document cited by the news service. GRA has questioned the validity of these documents.