DoJ fines former intel operatives who provided hacker-for-hire services to UAE

The Department of Justice (DoJ) has announced federal computer fraud charges against three men who allegedly helped build a hacking program for the United Arab Emirates government.

The defendants - US citizens Marc Baier, 49, and Ryan Adams, 34, and a former US citizen Daniel Gericke, 40 - are all former employees of the US Intelligence Community (USIC) or military. They agreed to cooperate with prosecutors as part of a deal with the government that will see the charges suspended and the three men pay more than $1.6 million in penalties.

According to court documents, the defendants worked as senior managers at a UAE-based firm that carried out hacking campaigns on behalf of the UAE government between 2016 and 2019. They provided “zero-click” hacking that “could compromise a device without any action by the target”.

The deal is known as a deferred prosecution agreement (DPA) and restricts them in future activities and employment and requires the payment of $1,685,000 in penalties. Baier will pay the largest share of the fine, $750,000, according to the DoJ, while Adams and Gericke will pay $600,000 and $335,000, respectively.

“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting, and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States,” said acting assistant attorney general Mark Lesko for the Justice Department’s National Security Division in a statement.

“Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct.”

The DoJ said that the services provided by the men constituted a “defense service” requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC). The defendants proceeded to provide such services without a license.

The FBI said this would be a warning to any American looking to provide hacking services to foreign governments.

“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” said assistant director Bryan Vorndran of the FBI’s Cyber Division.

“This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”