According to prosecutors, no US licence had been issued for the man to carry out the hacking
Three former US intelligence agents have acknowledged violating US laws while working for the United Arab Emirates on cyber activities.
The individuals, identified in an unsealed court document as Marc Baier, Ryan Adams, and Daniel Gericke, were charged with violating computer crime laws and export restrictions, and have agreed to pay more than $1.6 million as part of a deferred prosecution deal.
According to the justice department, the three individuals joined the UAE-based firm as senior managers in 2016 and began conducting cyber activities for the advantage of the UAE government without acquiring the necessary licenses from the US.
Steven D’Antuono from the FBI’s Washington Field Office stated “Today’s announcement shines a light on the unlawful activity of three former members of the US intelligence community and military.”
“These individuals chose to ignore warnings and to leverage their years of experience to support and enhance a foreign government’s offensive cyber operations.
“These charges and the associated penalties make it clear that the FBI will continue to investigate such violations.”
Prosecutors claimed the accused “expanded the breadth and increased the sophistication” of activities they provided to the UAE government between January 2016 and November 2019. According to the Justice Department, they bought exploits to get into computers and mobile devices from firms all around the world, including those headquartered in the United States.
Acting Assistant Attorney General Mark Lesko of the justice department’s National Security Division made it clear that “Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct.”
Baier bought one so-called “zero-click” exploit in 2016 from an unidentified U.S. business, which can hack into mobile devices without any user input.
According to a new article from MIT Technology Review, the KARMA platform used a weakness in Apple’s iMessage program to get complete control of a target’s iPhone, and the attack was created and marketed by an American firm called Accuvant, which has since merged with Optiv.
“Accuvant sold hacking exploits to multiple customers in both governments and the private sector, including the United States and its allies — and this exact iMessage exploit was also sold simultaneously to multiple other customers.”
Commenting on hiring these individuals, VPN service provider ExpressVPN stated that it was aware of Daniel Gericke’s prior job before employing him. Gericke, the company’s current Chief Information Officer, is one of the three people accused of acting as mercenary hackers and coordinating U.A.E.-funded infiltration activities without a license.
The three hacked into servers, laptops, and phones all around the world for the UAE-based business. Emirati officials did not respond immediately.
Adams’ and Gericke’s lawyers did not respond to mails requesting comment, while Baier’s counsel declined to comment.
Companies must seek pre-approval from the US government before disclosing information about a hacking operation, and they must promise not to target US citizens, permanent residents, or US corporations, according to the laws.
The men agreed to pay to settle the charges of computer fraud, access device fraud, and breaching export restrictions, according to US authorities.
The accusations against them have been made public amid raising fears that other countries may be jeopardising US security by hiring intelligence workers to strengthen their own capabilities.
In a letter earlier this year the CIA alerted that there was “an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft.”
Sheetal Patel, the CIA’s associate director for counterintelligence, signed the letter issued to former officers. Foreign countries recruiting former intelligence agents “to build up their spying capabilities” was identified as a “detrimental trend” by the report. Using CIA information or relationships for commercial possibilities, as well as “working for state-sponsored intelligence-related companies in non-fraternisation countries” were among the examples given.
Although in a statement the DOJ said that “The defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., ‘hacking’) for the benefit of the U.A.E. government, ” Patel stated, “We ask that you protect yourself and the CIA by safeguarding the classified tradecraft that underpins your enterprise.”
Next up: Malta Week
Don’t miss out on amazing networking opportunities and exclusive industry insights at Malta Week. Four leading shows will bring the best of the business back-to-back to a first-class meeting point. Malta Week will consist of SiGMA, AIBC, Med-Tech World and AGS, each presenting the top developments of their focal industries.
The cross-collaboration of each brand makes Malta Week the number one destination for leading think-tanks of the gaming sector, emerging tech, digital health, and digital marketing. The middle of the Mediterranean is the perfect place for multi-faceted business deals and face-to-face conversations with leading affiliates, policymakers, and thought leaders.