3 ex-U.S. intelligence operatives admit to hacking for UAE

Sept. 15 (UPI) — Three former U.S. intelligence and military operatives have admitted to being hired by the United Arab Emirates for whom they committed sophisticated cybercrimes for, the Justice Department said.

In a statement published Tuesday, the Justice Department said the three mercenary hackers Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, agreed to pay $1.685 million to resolve the department’s investigation into their alleged crimes of violating U.S. export control, computer fraud and access devices fraud laws.

According to court documents, the trio used “illicit, fraudulent and criminal means,” including hacking systems, to gain unauthorized access to protected computers in the United States and elsewhere to steal information, material, documents, records, data and personal identifying information for the UAE.

Prosecutors said the three men lacked the proper license from the U.S. government to conduct this sort of work, which they continued to do despite receiving repeated warnings.

According to the agreement to drop the charges, the men admit responsibility for their actions and agree to cooperate with the United States, accept employment restrictions and pay the monetary penalty. Baier is to pay $750,000, Adams $600,00 and Gericke $335,000, it said.

Court documents said that after leaving the military, the men began working for an unnamed U.S. company that provided cyber services to a UAE government agency in compliance with U.S. rules. However, in January 2016 the defendants joined an unnamed UAE company as senior managers of a team called Cyber Intelligence-Operations.

Between January 2016 and November 2019, the three men and other employees at the company “expanded the breadth and increased the sophistication” of the hacking operations they provided the UAE, including creating two zero-click hacks named KARMA and KARMA 2 to infect devices without the users interacting with the malware, according to prosecutors.

The operations “leveraged servers in the United States belonging to a U.S. technology company … to obtain remote, unauthorized access to any of the tens of millions of smartphones and mobile devices utilizing” a unnamed U.S. company’s…