Baier, Adams and Gericke are also accused of turning computer exploits “into secret hacking systems for UAE government agencies” and stealing personal identifying information from people around the world.
The intelligence gathering services allegedly provided by the three men included sophisticated hacking tools that can infect a mobile device without the user having to click anything, prosecutors said.
Baier, Adams and Gericke have agreed to cooperate with prosecutors in a deal with the government that will see the charges stayed and the three men will pay more than $ 1.6 million in penalties.
Lawyers for the three men could not be reached immediately for comment.
Project Raven is just one example of a burgeoning on-demand hacker market in which governments and non-government entities can enlist digital mercenaries. In another case, BlackBerry researchers discovered dozens of malicious Google and Apple apps last year that they said were being used to monitor targets in the Middle East and South Asia.
Channing Phillips, acting US attorney for the District of Columbia, said in a statement that “the proliferation of offensive cyber capabilities is undermining global privacy and security.”
Former US government employees are not getting “free passes” to export control laws, Phillips added.
Glenn Gerstell, who served as general counsel for the National Security Agency from 2015 to 2020, said U.S. intelligence officials receive extensive training on their legal obligations once they leave government.
Former government employees, “especially in the defense and intelligence fields, have special responsibilities that they must honor,” Gerstell told CNN.
This story has been updated with more detail and context.