US Intelligence Hackers Available For Hire
Three former US intelligence operatives have admitted to breaking US laws by carrying out hacking operations for the United Arab Emirates.
The three men worked for DarkMatter, a company that is effectively an arm of the UAE government where they undertook sophisticated hacking operations targeting victims in America and around the world.
Their work is allegedly to have included hacking into servers, computers and phones around the world, targeting the accounts of human rights activists, journalists and rival governments.
The US justice department said the former intelligence officers, US citizens Marc Baier and Ryan Adams, and former US citizen Daniel Gericke, initially worked for a US company that provided cyber services to a UAE government agency in compliance with the International Traffic in Arms Regulations (ITAR).
In 2016, the three men joined the UAE-based company as senior managers and began carrying out hacking operations for the benefit of the UAE government without obtaining the required licences from the US.
According to the Justice Department. Baier, Adams and Gericke have admitted to deploying a sophisticated cyberweapon called “Karma” that allowed the UAE to hack into Apple iPhones without requiring a target to click on malicious links, according to court papers. Karma allowed users to access tens of millions of devices and qualified as an intelligence gathering system under federal export control rules. But the operatives did not obtain the required U.S. government permission to sell the tool to the UAE, authorities said.
The three are also accused of stealing documents, personally identifiable information and passwords from computers in the United States and around the world.
The regulations require companies to obtain pre-approval from the US government prior to releasing information regarding a hacking operation and to agree not to target US citizens and permanent residents or US entities. Over the next three years, it alleged, they supervised the creation of two similar sophisticated "zero-click" computer hacking and intelligence gathering systems - "Karma" and "Karma 2" - that could compromise a device without any action by the target and allowed users to access tens of millions of devices made by a US technology company that was not identified.
The Justice Department said employees of the company had leveraged the systems to illegally obtain and use credentials for online accounts issued by US companies, and to obtain unauthorised access to computers and mobile phones around the world, including in the US. Bryan Vorndran, of the FBI's cyber division, added: "This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences."
The justice department said it filed the charges against the three men under a deferred prosecution agreement that requires them to pay financial penalties, sever ties with UAE intelligence or law enforcement agencies, and never again seek a US security clearance. The operatives have now agreed to pay $1.7m to drop the charges of computer fraud, access device fraud and violating export controls.
This appears to be part of a growing trend highlighted earlier this year by the CIA of foreign governments hiring former US intelligence operatives to strengthen their own spycraft, a practice officials have said risks exposing US secrets. The CIA warned earlier this year about "an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft."
In 2020, Congress passed a law requiring US intelligence agencies to provide Congress with an annual assessment of risks posed by retired and former intelligence personnel who contract with foreign governments.
US Dept of Justice: NPR: Reuters: Reuters: Esquire: BBC: Sky: WION:
You Might Also Read: