3 former US officials charged in UAE hacking scheme

Mercenary Hackers UAE

WASHINGTON (AP) — Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind.

The defendants — Marc Baier, Ryan Adams and Daniel Gericke — are accused of working as senior managers at a UAE-based company that conducted hacking operations on behalf of the government. Prosecutors say the men provided hacking and intelligence-gathering systems that were used to break into computers in the United States and elsewhere in the world.

The Justice Department alleges that the men committed computer fraud and violated export control laws by providing defense services without the required license. The case also appears to be part of a growing trend highlighted earlier this year by the CIA of foreign governments hiring former U.S. intelligence operatives to bolster their own spycraft — a practice officials have said risks exposing U.S. secrets.

“This is a loud statement” that the Justice Department takes such cases seriously, said Bobby Chesney, a professor at the University of Texas School of Law who specializes in national security issues.

The charges were filed under a deferred prosecution agreement that, in addition to requiring a $1.68 million payment, will also force the men to cooperate with the Justice Department's investigation, to sever any ties with any UAE intelligence or law enforcement agencies and to forego any security clearances. If they comply with those and other terms for three years, the Justice Department will abandon the prosecution.

As part of the agreement, the three men did not dispute any of the facts alleged by prosecutors.

The Justice Department described it as the “first-of-its-kind resolution of an investigation into two distinct types of criminal activity,” including providing unlicensed technology for the purposes of hacking.

“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct," Mark Lesko, acting assistant attorney general in charge of the Justice Department's national security division, said in a statement.

According to court documents, the trio left a U.S.-based company that was operating in the UAE to join an Emerati company that would give them “significant increases” in their salaries.

The companies aren’t named in charging documents, but Lori Stroud, a former National Security Agency employee, said she worked with the three men in the UAE at U.S.-based CyberPoint and then for UAE-based DarkMatter.

Stroud said she quit because she saw DarkMatter hacking U.S. citizens. She said she assisted the FBI in its investigation and was glad to see the case come to a resolution.

“This is progress,” Stroud said.

The Emirati government did not immediately respond to a request for comment early Wednesday. Questions sent by email to officials at Abu Dhabi-based DarkMatter could not be delivered.

Since details of DarkMatter’s hacking campaign became public, the company’s profile has dropped over the last few years, with some staff moving onto a new Abu Dhabi-based firm called G42. That firm has been linked to a mobile app suspected of being a spying tool as well as Chinese coronavirus tests that American officials warned against using over concerns about patient privacy, test accuracy and Chinese government involvement.

DarkMatter's founder and CEO, Faisal al-Bannai, told The Associated Press in 2018 that the company takes part in no hacking, although he acknowledged the firm’s close business ties to the Emirati government, as well as its hiring of former CIA and NSA analysts.

Prosecutors said that between January 2016 and November 2019, the defendants increased operations being providing to the UAE government. They bought exploits to break into computers and mobile devices from companies around the world, including those based in the U.S., according to the Justice Department. That includes one so-called “zero-click” exploit — which can break into mobile devices without any user interaction — that Baier bought from an unnamed U.S. company in 2016.

Lawyers for Adams and Gericke did not immediately return messages seeking comment, and a lawyer for Baier declined to comment.

The Justice Department described each of them as former U.S. intelligence or military personnel. Baier previously worked at the NSA, according to a former colleague who spoke on condition of anonymity because of the sensitivity surrounding the matter.

The CIA warned in a letter earlier this year about “an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft.”

The letter sent to former CIA officials was signed by Sheetal Patel, the agency’s assistant director for counterintelligence. It described as a “detrimental trend” a practice of foreign governments hiring former intelligence officers “to build up their spying capabilities.” Some listed examples included using access to CIA information or contacts for business opportunities as well as “working for state-sponsored intelligence related companies in non-fraternization countries.”

“We ask that you protect yourself and the CIA by safeguarding the classified tradecraft that underpins your enterprise,” Patel wrote.

____

Suderman reported from Richmond, Virginia. Associated Press writers Nomaan Merchant in Washington and Jon Gambrell in Dubai, United Arab Emirates, contributed to this report.