Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty.

Three former NSA employees (Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40) entered into a deferred prosecution agreement that restricts their future activities and employment.

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019.

The US Department of Justice requires the payment of $1,685,000 in penalties ( $750,000, $600,000, and $335,000, respectively) to resolve its investigation regarding violations of U.S. export control, computer fraud and access device fraud laws.

The three suspects worked at the UAE company and developed at least two iOS zero-click exploits dubbed Karma and Karma 2.

In 2019, the Reuter agencies published a report that detailed the activity of “a secret hacking team of American mercenaries” that joined Project Raven as part of a clandestine team of experts that helped the United Arab Emirates in conducting a surveillance program and conducting hit-and-run hacking operations.

“The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals.” reads the report published by Reuters. “Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents.”

DOJ also ordered the former intelligence employees to cooperate with the relevant department and FBI components; they are also condemned to a lifetime ban on future US security clearances.

“In addition to the financial penalties, as part of the DPA, the defendants agreed to full cooperation with the relevant Department and FBI components; the immediate relinquishment of any foreign or U.S. security clearances; a lifetime ban on future U.S. security clearances; and certain future employment restrictions, including a prohibition on employment that involves CNE activity or exporting defense articles or providing defense services under the ITAR (e.g., CNE techniques), and restrictions on employment for certain U.A.E. organizations.” reads the press release published by DoJ.

US officials said that the three hackers ignored warnings and supported a foreign government in developing offensive cyber operations, and this is not acceptable.

“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States,” said Acting Assistant Attorney General Mark J. “This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States,” said Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division. “Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct.”.

The US authorities pointed out that hackers-for-hire who will support activities in violation of US law will be prosecuted for their conduct.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, NSA employees)

[adrotate banner=”5″]

[adrotate banner=”13″]