WASHINGTON – Three former U.S. intelligence officers hired by the United Arab Emirates to conduct sophisticated cyber operations have admitted to committing hacking crimes and violating U.S. export laws that restrict the transfer of military technology to foreign governments, according to reports. court documents released on Tuesday.
The documents detail a three-man plot to provide the Emirates with cutting-edge technology and aid UAE intelligence operatives in breaches aimed at harming perceived enemies of the small but powerful Persian Gulf nation.
The men helped the Emirates, a close ally of the United States, gain unauthorized access to “acquire data from computers, electronics and servers around the world, including computers and devices. servers in the United States, ”prosecutors said.
The three men worked for DarkMatter, a company that is actually an arm of the UAE government. They are part of a trend of former U.S. intelligence officers to take lucrative jobs with foreign governments in the hope of boosting their abilities to mount cyber operations.
Legal experts have said the rules governing this new era of digital mercenaries are murky, and the charges released on Tuesday could be some sort of opening salvo by the government in a battle to deter former U.S. spies from turning guns. for rent abroad.
The three men, Marc Baier, Ryan Adams and Daniel Gericke, have admitted to violating US laws under a three-year deferred prosecution agreement. If the men stick to the deal, the Justice Department will drop the criminal charges. Each man will also pay hundreds of thousands of dollars in fines. Men will also never be able to receive a security clearance from the US government.
Mr. Baier worked for the National Security Agency unit that conducts advanced offensive cyber operations. Mr. Adams and Mr. Gericke have served in the military and in the intelligence community.
DarkMatter has its origins in another company, an American company called CyberPoint which initially won contracts from the Emirates to help protect the country from cyber attacks.
CyberPoint has obtained US government approval to work for the Emiratis, a necessary step intended to regulate the export of military and intelligence services. Many of the company’s employees had worked on highly classified projects for the NSA and other US intelligence agencies.
But the Emiratis had bigger ambitions and repeatedly pressured CyberPoint employees to exceed the company’s U.S. license limits, according to former employees.
CyberPoint has rejected requests by UAE intelligence agents to try to crack encryption codes and hack websites hosted on US servers – operations that would have been against US law.
So in 2015, the Emiratis founded DarkMatter – forming a company not bound by US law – and attracted many US CyberPoint employees to join, including the three defendants.
DarkMatter employed several other former NSA and CIA officers, according to an employee list obtained by The New York Times, some earning salaries of hundreds of thousands of dollars a year.
The investigation of DarkMatter’s U.S. employees has been going on for years and it was not clear whether prosecutors would press charges. Experts raised potential diplomatic concerns over the endangering U.S. relations with the Emirates – a country that has cultivated close ties with several past U.S. administrations – as well as concerns over whether the continuation of the case could reveal embarrassing details about the extent of cooperation between DarkMatter and US intelligence agencies.
There’s also the reality that U.S. laws have been slow to adapt to technological changes that have provided lucrative jobs for former spies once trained to conduct offensive cyber operations against America’s adversaries.
Specifically, the rules that govern what U.S. intelligence and military personnel can and cannot provide to foreign governments were designed for 20th century warfare – for example, training foreign armies in U.S. military tactics or sale of defense equipment such as firearms or missiles.
They didn’t address the hacking skills honed in some of America’s most advanced intelligence units and sold to the highest bidder.
This year, the CIA sent a direct letter to former officers warning them against going to work for foreign governments. The letter, written by the spy agency’s counterintelligence chief, said it was witnessing a “nefarious trend” of “foreign governments, directly or indirectly, hiring former intelligence officials to bolster their positions. espionage capabilities “.
“I can’t mince my words – former CIA officers who do this type of job are engaging in activities that may undermine the agency’s mission for the benefit of American competitors and foreign adversaries,” Sheetal wrote. T. Patel, Deputy Director of CIA Counterintelligence. .
Prosecutors said the Emirates gradually transferred their contracts from CyberPoint to DarkMatter, but at no time did the three men obtain the necessary approvals to provide defense services to DarkMatter. Court documents said the three men and others were working in DarkMatter’s “cyber-intelligence operations”, which gained access to “information and data from thousands of targets around the world.”
In interviews, former DarkMatter employees said Emirati officials were particularly focused on hacking into the computer systems of the country’s main rival, Qatar, but that operations were also being carried out against Emirati dissidents and journalists. They even hacked the emails of a Qatari minister communicating with former first lady Michelle Obama about a planned trip to Qatar.
Mr. Baier and his group bought computer tools from US companies for use in hacking operations, prosecutors said. In two cases, DarkMatter paid around $ 750,000 and $ 1.3 million, illustrating how much American companies can gain by selling these dangerous tools to foreign countries and companies.
Prosecutors said the men “have broadened the scope and increased the sophistication” of the operations DarkMatter is providing to the UAE government. The efforts targeted “individual, corporate and government targets by compromising computers and accounts belonging to associates, employees or relatives of the primary targets,” according to court documents.
Prosecutors said CyberPoint warned Americans it could not support DarkMatter’s planned computer mining operations without obtaining the proper US clearance.
Two former employees, Lori Stroud and Jonathan Cole, have left the company after becoming concerned about DarkMatter’s hacking and targeting of US citizens. When the couple, who are married, raised the issue with their superiors, they were sidelined, they said.
They left the company in 2017 and began to cooperate intensively with the FBI investigation.
“It’s a huge victory,” Cole said in an interview on Tuesday. “This will send a message to former US intelligence operatives working overseas. They shouldn’t be sharing American commerce with foreign governments.