Three former US intelligence and military operatives have admitted to delivering hacking technology to the United Arab Emirates (UAE), which was used to surveil targets in the United States and around the world, the Justice Department said Tuesday.
After leaving US government employment, Marc Baier, Ryan Adams and Daniel Gericke went to work for a US-based company operating in the Persian Gulf country, according to court papers filed Tuesday. After being offered “significant increases in their salaries,” they left to join a UAE-based cyber company as senior managers where they “knowingly and willfully” helped support the UAE government’s hacking operations from 2016 to 2019, prosecutors said.
Their former employers are not identified by name in the court documents. But Lori Stroud, a former National Security Agency employee, told The Associated Press she worked with the defendants in the UAE at US-based Cyberpoint and then for the UAE-owned DarkMatter.
According to Reuters, their clandestine unit at DarkMatter was named Project Raven. Ex-US intelligence operatives working for the hacking team reportedly used NSA surveillance techniques to spy on targets including human rights defenders, journalists and even US citizens.
The three defendants have entered into a deferred prosecution agreement with the US Department of Justice that requires them to cooperate with the investigation and pay a combined $1.68 million. In addition, Baier, Adams and Gericke have agreed to a lifetime ban on future US security clearances and restrictions on future employment.
Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s national security division called the agreement the first of its kind.
“Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct,” Lesko said in a statement.
Prosecutors say the hacking systems used by the defendants were used to illegally obtain information “including passwords, access devices, login credentials and authentication tokens, from victims from around the world.”
Baier, Adams and Gericke “designed, implemented, modified and used a remote computer exploitation system for foreign intelligence gathering purposes” known as Karma, court documents said. Reuters reports the “zero-click” cybertool was used to gain remote unauthorized access to Apple iPhones.
The defendants were informed on several occasions that their work required a license from the State Department’s Directorate of Defense Trade Controls, according to prosecutors, who said the three contractors chose to ignore the repeated warnings.
“This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company,” said Bryan Vorndran, assistant director of the FBI’s cyber division. “There is risk, and there will be consequences."