US Intelligence Hackers Available For Hire

Three former US intelligence operatives have admitted to breaking US laws by carrying out hacking operations for the United Arab Emirates.  

The three men worked for DarkMatter, a company that is effectively an arm of the UAE government where they undertook sophisticated hacking operations targeting victims in America and around the world. 

Their  work is allegedly to have included hacking into servers, computers and phones around the world, targeting  the accounts of human rights activists, journalists and rival governments. 

The US justice department said the former intelligence officers, US citizens Marc Baier and Ryan Adams, and former US citizen Daniel Gericke, initially worked for a US company that provided cyber services to a UAE government agency in compliance with the International Traffic in Arms Regulations (ITAR).

In 2016, the three men joined the UAE-based company as senior managers and began carrying out hacking operations for the benefit of the UAE government without obtaining the required licences from the US.

According to the Justice Department. Baier, Adams and Gericke have admitted to deploying a sophisticated cyberweapon called “Karma” that allowed the UAE to hack into Apple iPhones without requiring a target to click on malicious links, according to court papers. Karma allowed users to access tens of millions of devices and qualified as an intelligence gathering system under federal export control rules. But the operatives did not obtain the required U.S. government permission to sell the tool to the UAE, authorities said.

The three are also accused of stealing documents, personally identifiable information and passwords from computers in the United States and around the world.

The regulations require companies to obtain pre-approval from the US government prior to releasing information regarding a hacking operation and to agree not to target US citizens and permanent residents or US entities. Over the next three years, it alleged, they supervised the creation of two similar sophisticated "zero-click" computer hacking and intelligence gathering systems - "Karma" and "Karma 2" - that could compromise a device without any action by the target and allowed users to access tens of millions of devices made by a US technology company that was not identified.

The Justice Department said employees of the company had leveraged the systems to illegally obtain and use credentials for online accounts issued by US companies, and to obtain unauthorised access to computers and mobile phones around the world, including in the US. Bryan Vorndran, of the FBI's cyber division, added: "This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences."

The justice department said it filed the charges against the three men under a deferred prosecution agreement that requires them to pay financial penalties, sever ties with UAE intelligence or law enforcement agencies, and never again seek a US security clearance. The operatives have now agreed to pay $1.7m to drop the charges of computer fraud, access device fraud and violating export controls.

This appears to be part of a growing trend highlighted earlier this year by the CIA of foreign governments hiring former US intelligence operatives to strengthen their own spycraft, a practice officials have said risks exposing US secrets. The CIA warned earlier this year about "an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft." 

In 2020, Congress passed a law requiring US intelligence agencies to provide Congress with an annual assessment of risks posed by retired and former intelligence personnel who contract with foreign governments.

US Dept of Justice:      NPR:     Reuters:     Reuters:      Esquire:        BBC:       Sky:      WION

You Might Also Read: 

Outsourced Cyber Spying:

 

« Cyberspace & Outer Space Are New Frontiers For National Security
EU Proposes Legislation To Secure Connected Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Indusface

Indusface

Indusface offers best website security, web application firewall and SSL certificate to keep your online business much safer.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Abacode

Abacode

Abacode is a Managed Security Services Provider (MSSP). We help businesses consolidate all of their Regulatory Compliance & Cybersecurity needs, under one roof.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

Exodata

Exodata

Exodata is a French digital services company specializing in the outsourcing of IT Systems and solutions.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

Cyex

Cyex

Cyex helps people to become cyber wise. We enable our clients to find, track and improve cyber awareness in one place.

Future Crime Research Foundation (FCRF)

Future Crime Research Foundation (FCRF)

FCRF is a Non-Profit NGO specializing in Research in Cyber Security, Digital Crime, Fraud Risk Management, Cyber Laws and Cyber Forensics.