3 former US officials charged in UAE hacking scheme

Mercenary Hackers UAE

WASHINGTON (AP) — Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind.

The defendants — Marc Baier, Ryan Adams and Daniel Gericke — are accused of working as senior managers at a UAE-based company that conducted hacking operations on behalf of the government. Prosecutors say the men provided hacking and intelligence-gathering systems that were used to break into computers in the United States and elsewhere in the world.

The Justice Department alleges that the men committed computer fraud and violated export control laws by providing defense services without the required license. The case also appears to be part of a growing trend highlighted earlier this year by the CIA of foreign governments hiring former U.S. intelligence operatives to bolster their own spycraft — a practice officials have said risks exposing U.S. secrets.

“This is a loud statement” that the Justice Department takes such cases seriously, said Bobby Chesney, a professor at the University of Texas School of Law who specializes in national security issues.

The charges were filed under a deferred prosecution agreement that, in addition to requiring a $1.68 million payment, will also force the men to cooperate with the Justice Department's investigation, to sever any ties with any UAE intelligence or law enforcement agencies and to forego any security clearances. If they comply with those and other terms for three years, the Justice Department will abandon the prosecution.

As part of the agreement, the three men did not dispute any of the facts alleged by prosecutors.

The Justice Department described it as the “first-of-its-kind resolution of an investigation into two distinct types of criminal activity,” including providing unlicensed technology for the purposes of hacking.

“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct," Mark Lesko, acting assistant attorney general in charge of the Justice Department's national security division, said in a statement.

According to court documents, the trio left a U.S.-based company that was operating in the UAE to join an Emerati company that would give them “significant increases” in their salaries.

The companies aren’t named in charging documents, but Lori Stroud, a former National Security Agency employee, said she worked with the three men in the UAE at U.S.-based CyberPoint and then for UAE-based DarkMatter.

Stroud said she quit because she saw DarkMatter hacking U.S. citizens. She said she assisted the FBI in its investigation and was glad to see the case come to a resolution.

“This is progress,” Stroud said.

The Emirati government did not immediately respond to a request for comment early Wednesday. Questions sent by email to officials at Abu Dhabi-based DarkMatter could not be delivered.

Since details of DarkMatter’s hacking campaign became public, the company’s profile has dropped over the last few years, with some staff moving onto a new Abu Dhabi-based firm called G42. That firm has been linked to a mobile app suspected of being a spying tool as well as Chinese coronavirus tests that American officials warned against using over concerns about patient privacy, test accuracy and Chinese government involvement.

DarkMatter's founder and CEO, Faisal al-Bannai, told The Associated Press i