America’s cyber-warfare capabilities are second to none. Since 9/11, we have spent lavishly on the intelligence infrastructure that enables us to intrude into nearly anyone’s electronic communications, all over the world. While civil libertarians have long warned, correctly, against government surveillance abuses, the military and intelligence communities have nevertheless trained and cultivated thousands of very capable hackers.

But what happens when these hackers leave government service and wage cyber-war in the private sector, on behalf of well-heeled clients? What happens when these frightening powers are put in the service of enemy states that are sponsors of terrorism and extremism—and then target American citizens?

Americans may soon find out.

A shadowy firm comprised of former U.S. intelligence and cyber-warfare experts was paid at least $100 million to conduct elaborate, years-long campaigns of hacking, surveillance and defamation against American opponents of Qatar and the Muslim Brotherhood, according to new legal documents filed last week in a New York court.

The lawsuit, filed by prominent Republican fundraiser and Qatar critic Elliott Broidy, accuses Global Risk Advisors (GRA)—a constellation of other subsidiaries and shell companies operated by former CIA operative and cyber-warfare expert Kevin Chalker—of working with hired lobbyists and government officials in Qatar to hack his personal and business communications, plant false stories and destroy his reputation in the media.

“Qatar turned to GRA for support in hacking, surveillance and using the resulting materials and astroturfing to denigrate and silence those whom the wealthy emirate viewed as potential threats,” the lawsuit alleges. “Mr. Broidy’s high-profile criticism of Qatar, and his apparent influence on the president, put him on a list of targets whom Qatar wanted neutralized.”

A 2015 GRA video touts its “advanced techniques to penetrate target networks,” including private sector networks, using both common attack methods to intrude into servers, as well as “uncommon and customized attacks,” like “spear phishing” campaigns. Chalker and GRA allegedly used these techniques to compromise Broidy’s accounts.

“The purpose of the hacks,” according to the lawsuit, “was to obtain access to Mr. Broidy’s confidential documents so that they could be manipulated and strategically disseminated to damage Mr. Broidy economically and as a spokesperson for opponents of Qatar’s support of terrorism.”

This is a touchy subject for Qatar. For the last six decades, Qatar’s ruling al-Thani clan has relied on the Muslim Brotherhood for ideological legitimacy, and it has used its oil and gas wealth to promote Brotherhood ideas through its massive Al Jazeera network and to harbor high-ranking Brotherhood-linked terrorists—such as those with the designated terrorist group Hamas—in its capital city of Doha. They’ve spent lavishly on propaganda, influence and information campaigns in the United States in order to beat back the emirate’s unmistakable record of promoting Islamism abroad.

This isn’t the first time Qatar has hired Americans to do its dirty work. In a lawsuit filed last year, Broidy accused Qatar of working with U.S.-based communications strategist Greg Howard at Mercury Public Affairs, as well as lobbyists Joey Allaham and Nick Muzin of Stonington Strategies, in order to place these negative stories about Broidy at The New York Times, The Wall Street Journal and elsewhere.

GRA’s illicit “special projects” were allegedly managed by Qatari official Ali al-Thawadi, the chief of staff of Mohammed bin Hamad bin Khalifa Al Thani, the brother of Qatar’s emir. He oversaw the campaign to secure the 2022 World Cup for Qatar. According to Broidy’s complaint, Hassan al-Thawadi—who is currently overseeing Qatar’s preparation for the World Cup—personally approved the agreement with GRA.

Doha, Qatar skyline
GIUSEPPE CACACE/AFP VIA GETTY IMAGES

“GRA’s U.S.-based teams would regularly compile and synthesize the results of their covert intelligence gathering, including their hacking and physical and electronic surveillance efforts, and produce a glossy, printed deliverable for [al-Thawadi] every two to three months. The information GRA brought included highly personal, non-public information on American citizens.”

GRA received contracts worth at least $100 million from Qatar, according to the complaint, primarily for illegal activity. It alleges that the company “identified and proposed multiple national security enhancements and surveillance work, including ‘Project Deviant,’ in which GRA would train Qatari officers in defensive counter-intelligence and offensive intelligence collection tactics, including advanced, sophisticated skills that trained former U.S. intelligence and military operatives are typically barred from sharing or conferring unto foreign governments.”

The lawsuit chronicles Chalker and GRA’s shady, offensive cyber-operations work for Qatar going back several years, including conducting covert hacking and information warfare campaigns against whistleblowers who chronicled rampant corruption and bribery in Doha’s 2022 World Cup bid.

One such campaign, GRA’s “Project Riverbed,” targeted Theo Zwanziger, former president of the German Football Association and a then-member of FIFA’s executive committee. “Operation Frosty,” by contrast, was said to have illegally monitored the communications of the Asian Football Confederation, which includes parts of the Middle East and the Gulf states.

As Broidy’s lawsuit progresses, Americans will be exposed to the underbelly of today’s media industry—especially when it comes to controversies that can be tied to President Trump and the mainstream media’s other enemies. How much of what we read in supposedly reputable newspapers or media outlets was generated by hacking, spying or even outright manipulated documents?

Today’s media is less journalism than it is information warfare. It’s time for us to see the receipts.