Three Former US Intelligence Agents Admit To Hacking US Computer Networks For UAE

Hacking illustration. (Unsplash/Arget)

JAKARTA - Three former US intelligence agents who worked as cyberspies for the United Arab Emirates (UAE) have admitted violating US hacking laws and a ban on selling sensitive military technology, under a deal to avoid prosecution announced on Tuesday.

The three former intelligence agents, Marc Baier, Ryan Adams, and Daniel Gericke, were part of a clandestine unit called Project Raven, first reported by Reuters, to help the UAE spy on its enemies.

At the behest of the UAE monarchy, the Project Raven team hacked the accounts of human rights activists, journalists, and rival governments, Reuters reports.

The three men admitted to hacking computer networks in the United States, exporting sophisticated cyber intrusion tools without obtaining the necessary permits from the US Government, according to court documents released in US federal court in Washington, DC, Tuesday local time.

The operators and their lawyers did not respond to requests for comment. Meanwhile, the UAE Embassy in Washington, DC, did not immediately respond to a request for comment.

As part of a deal with federal authorities to avoid prosecution, the three former intelligence agents agreed to pay a combined USD 1.69 million fine and never again to seek a US security clearance, a requirement for jobs requiring access to national security secrets.

"Hired hackers and those who support such activities that violate US law should fully expect to be prosecuted for their criminal acts", Acting Assistant Attorney General Mark J. Lesko for the Justice Department's National Security Division said in a statement.

'Revelations of Project Raven' in 2019 by Reuters, highlights the growing practice of former intelligence agents selling their spies overseas with little oversight or accountability.

"This is a clear message to anyone, including former US Government employees, who have considered using cyberspace to exploit export-controlled information for the benefit of foreign governments or foreign commercial companies. There are risks, and there will be consequences", said Assistant Director Bryan. Vorndran of the FBI's Cyber ​​Division in a statement.

Separately, Lori Stroud, a former US National Security Agency analyst who worked on Project Raven and later acted as a whistleblower, said she was pleased to see the charges.

"The most significant catalyst for uncovering this issue is investigative journalism, the timely reporting of technical information creates awareness and momentum to ensure justice", he said.

To note, a Reuters investigation found that Project Raven spied on numerous human rights activists, some of whom were later tortured by UAE security forces.

Former program implementers said they believed they were following the law because their boss promised them the US government had approved the job.

Baier, Adams, and Gericke admitted to using a sophisticated cyberweapon called 'Karma', which allowed the UAE to hack Apple's iPhones without requiring targets to click on malicious links, according to court documents.

'Karma' allows users to access tens of millions of devices and qualifies as an intelligence-gathering system under federal export control rules. However, the operators did not get the necessary US government permits to sell the device to the UAE, authorities said.

Project Raven used Karma to hack thousands of targets, including a Nobel Prize-winning Yemeni human rights activist and BBC television host.