U.S. Intelligence Officers Found guilty of Hacking for UAE Company
Reading Time: 2 minutes

3 former U.S. Intelligence Officers found guilty of hacking for UAE company. The US Department of Justice(DoJ) confirmed on Tuesday, three intelligence and military personnel were penalized $1.68 million for their role as cyber mercenaries working for UAE based cybersecurity company.

The trio involved in this incident was Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40. They have been accused of “knowingly and willfully combine, conspire, confederate, and agree with each other to commit offenses. These individuals were involved in serving defense services to persons and entities in the country for over three years from December 2015 to November 2019. This also includes them providing the development of invasive spyware capable of breaking into mobile devices without any action by the targets.

DOJ in a statement said, “The defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., ‘hacking’) for the benefit of the U.A.E. government.”

It further goes on to mention, “Despite being informed on several occasions that their work for [the] U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a ‘defense service’ requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.”

All three individuals were also charged for violations of US export control, computer fraud, and access device fraud laws. The so-called hackers-for-hire has been charged with supervising the creation of sophisticated ‘zero-click exploits. These exploits were subsequently weaponized to illegally amass credentials for online accounts issued by U.S. companies, to obtain unauthorized access to mobile phones around the world.

Earlier in 2019, Reuters revealed how former US National Security Agency(NSA) operatives helped the UAE spy on prominent Arab media figures, dissidents, and several unnamed U.S. journalists under a secret operation called Project Raven. This secret mission was undertaken by a cybersecurity company named DarkMatter. The company used to hire “cyberwarriors from abroad” to research offensive security techniques that first came to light in 2016.

The court documents reveal Baier, Adams and Gericke designed, implemented, and used Karma, a zero-click exploit for foreign intelligence gathering purposes. They started the operation back in May 2016 after obtaining an exploit from an unnamed U.S. company that granted zero-click remote access to Apple devices.

Later in September, the underlying security weakness was plugged, resulting in the defendants hiring another US firm to acquire a second exploit which utilized compromised another vulnerability in iOS. Finally using it to re-architect and modify the Karma exploitation toolkit.

Ironically the charges arrive a day after Apple disclosed it tried to plug a zero-day vulnerability (CVE-2021-30860) exploited by NSO Group’s Pegasus spyware to target activists in Bahrain and Saudi Arabia.

Assistant Director Bryan Vorndran of the FBI’s Cyber Division said, “The FBI will fully investigate individuals and companies that profit from the illegal criminal cyber activity. This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is a risk, and there will be consequences.”

Related Articles:

Australia Proposes to Teach Cybersecurity to 5 year Old Kids
Bazaloader Phishing Attack Tricks People into Installing Malware on their Windows PC
BazarLoader Downloader Now Uses Social Engineering Techniques