WASHINGTON — Three former U.S. intelligence and military operatives have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind.
The defendants — Marc Baier, Ryan Adams and Daniel Gericke — are accused of working as senior managers at a UAE-based company that conducted hacking operations on behalf of the government. Prosecutors say the men provided hacking and intelligence-gathering systems that were used to break into computers in the United State and elsewhere in the world.
The case, in federal court in Washington, accuses the former U.S. officials of violating American laws related to export control and computer fraud. It appears to be part of a growing trend highlighted just months ago by the CIA of foreign governments hiring former U.S. intelligence operatives to bolster their own spycraft — a practice officials have said risks exposing information about U.S. secrets.
The charges were filed under a deferred prosecution agreement that, in addition to requiring a $1.68 million payment, will also force the men to cooperate with the Justice Department’s investigation and to sever any ties with any UAE intelligence or law enforcement agencies. If they comply with those terms for three years, the Justice Department will not move forward with any prosecution.
As part of the agreement, the three men did not dispute any of the facts alleged by prosecutors.
The Justice Department described it as the “first-of-its-kind resolution of an investigation into two distinct types of criminal activity,” including providing unlicensed technology for hacking.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” Mark Lesko, acting assistant attorney general of the Justice Department’s national security division, said in a statement.
Prosecutors said the trio left a U.S.-based company that was operating in the UAE to joined an Emerati company that would give them “significant increases” in their salaries.
The companies aren’t named in charging documents, but Lori Stroud, a former National Security Agency employee, said she worked with the three men in the UAE at U.S.-based CyberPoint and then for UAE-owned DarkMatter. The company’s founder and CEO, Faisal al-Bannai, told The Associated Press in 2018 that DarkMatter takes part in no hacking, although he acknowledged the firm’s close business ties to the Emirati government, as well as its hiring of former CIA and NSA analysts.
Prosecutors said that between January 2016 and November 2019, the defendants “expanded the breadth and increased the sophistication” of operations being providing to the UAE government. They bought exploits to break into computers and mobile devices from companies around the world, including those based in the U.S, according to the Justice Department.
That includes one so-called “zero-click” exploit — which can break into mobile devices without any user interaction — that Baier bought from an unnamed U.S. company in 2016.
Lawyers for Adams and Gericke did not immediately return messages seeking comment, and a lawyer for Baier declined to comment.
The Justice Department described each of them as former U.S. intelligence or military personnel, and said their work for the UAE-based company began after they had left the government. Baier is identified in a 2019 Reuters news story as previously having worked in an elite hacking unit of the NSA.
The CIA warned in a letter earlier this year about “an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft.”
The letter sent to former CIA officials was signed by Sheetal Patel, the agency’s assistant director for counterintelligence. It described as a “detrimental trend” a practice of foreign governments hiring former intelligence officers “to build up their spying capabilities.” Some listed examples included using access to CIA information or contacts for business opportunities as well as “working for state-sponsored intelligence related companies in non-fraternization countries.”
“We ask that you protect yourself and the CIA by safeguarding the classified tradecraft that underpins your enterprise,” Patel wrote.