WASHINGTON, Sept. 14 (Reuters) – Three former U.S. intelligence officers who worked as cyber spies for the United Arab Emirates have admitted to breaking U.S. hacking laws and bans on the sale of sensitive military technology, as part of a deal aimed at avoiding prosecution announced Tuesday.
The agents – Marc Baier, Ryan Adams and Daniel Gericke – were part of an underground unit called Project Raven, first reported by Reuters, which helped the UAE spy on their enemies.
At the behest of the UAE monarchy, Project Raven’s team hacked into the accounts of human rights activists, journalists and rival governments, Reuters reported.
The three men admitted to hacking into computer networks in the United States and exporting sophisticated cyber intrusion tools without obtaining the required permission from the United States government, according to court documents released Tuesday in a United States federal court in Washington, DC.
Agents and their lawyers did not respond to requests for comment.
The United Arab Emirates Embassy in Washington, DC, did not immediately respond to a request for comment.
As part of the deal with federal authorities to avoid prosecution, the three former intelligence officials agreed to pay a total of $ 1.69 million and never again seek a US security clearance, a requirement for them. jobs that involve access to national security secrets.
“Hackers and those who otherwise support such activities in violation of US law should expect to be prosecuted for their criminal conduct,” said Acting Deputy Attorney General Mark J. Lesko for the Security Division National Ministry of Justice in a press release.
The 2019 Raven revelations by Reuters highlighted the growing practice of former intelligence operatives selling their spy devices abroad with little oversight or accountability.
“This is a clear message to anyone, including former U.S. government employees, who has considered using cyberspace to mine export controlled information for the benefit of a foreign government or foreign trading company. “said Deputy Director Bryan Vorndran of the Cyber Division of the FBI. in a report. “There is a risk, and there will be consequences. “
Lori Stroud, a former U.S. National Security Agency analyst who worked on Project Raven and then acted as a whistleblower, said she was delighted to see the accusations.
“The most important catalyst in bringing this problem to light has been investigative journalism – the technical and timely information reported has created the awareness and momentum needed to ensure justice,” she said.
The Reuters investigation found that Project Raven was spying on numerous human rights activists, some of whom were later tortured by UAE security forces.
Former program officers said they believed they were following the law because superiors promised them the U.S. government approved the work.
Baier, Adams and Gericke have admitted to deploying a sophisticated cyber weapon called “Karma” that allowed the UAE to hack Apple iPhones without a target clicking on malicious links, according to court documents.
Karma has given users access to tens of millions of devices and has been labeled an intelligence gathering system under federal export control rules. But agents did not get the required permission from the U.S. government to sell the tool in the United Arab Emirates, authorities said.
Project Raven used Karma to hack thousands of targets, including a Yemeni Nobel Prize-winning human rights activist and a host of a BBC television show, Reuters reported.
Reporting by Christopher Bing and Joel Schectman; Editing by Kieran Murray and Stephen Coates
Our Standards: Thomson Reuters Trust Principles.