Posts

Three Former U.S. Intelligence Community and Military Personnel to Pay $1.68M Hacking Fine


On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws. The Department filed the DPA today, along with a criminal information alleging that the defendants conspired to violate such laws.

According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., “hacking”) for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a “defense service” requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.

These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.

“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization…

Source…

Three former US intelligence agents admit to hacking for the UAE


Representative: The Justice Department accused the three former intelligence officials of committing computer fraud and violating export control laws by providing defense services without the required license (Getty Images)

Representative: The Justice Department accused the three former intelligence officials of committing computer fraud and violating export control laws by providing defense services without the required license (Getty Images)

Three former US intelligence agents admitted to committing hacking crimes against the country and providing sophisticated computer hacking tools to the United Arab Emirates, according to court documents made public on Tuesday.

The three hackers that include two US nationals and a former American citizen agreed to pay the penalty of $1.68 mn under a legal settlement with the federal government in a bid to avoid prosecution, said US Justice Department.

The operatives, Marc Baier, Ryan Adams and Daniel Gericke, all former employees of the US Intelligence community, worked as senior managers in a UAE-based company called DarkMatter, reported the New York Times. The Justice Department alleged that while working with the company, the three conducted hacking operations for the benefit of the UAE government.

The department accused the three men of committing computer fraud and violating export control laws by providing defense services without the required license.

It alleged that between 2016 and 2019, the three men provided access to “zero-click” computer hacking services which could compromise a “device without any action by the target”. These were then used to “obtain unauthorized access to computers, like mobile phones, around the world, including in the US,” said the Justice Department statement.

According to the media reports, the issue came to the fore after Lori Stroud, a former National Security Advisor and a former employee with DarkMatter raised the alarm with authorities about the Abu Dhabi-based organization hacking US citizens.

“This is progress,” she told AP, as she saw the case come to a resolution.

Lori Stroud is pictured in her home at an undisclosed location in the US, 27 September 2018 (REUTERS)

Lori Stroud is pictured in her home at an undisclosed location in the US, 27 September 2018 (REUTERS)

The UAE government has so far not issued a statement in the matter, reported AP, adding that the email sent to the officials at DarkMatter could not be delivered.

In 2018, DarkMatter’s founder and CEO, Faisal al-Bannai, had told AP that the…

Source…

Ex-US intelligence officers admit hacking for UAE




a tall building in a city: Prosecutors say the men carried out hacking for the UAE without obtaining the required US licences


© Reuters
Prosecutors say the men carried out hacking for the UAE without obtaining the required US licences

Three former US intelligence operatives have admitted to breaking US laws by carrying out hacking operations for the United Arab Emirates.

US prosecutors said the men had agreed to pay $1.7m (£1.2m) to resolve charges of computer fraud, access device fraud and violating export controls.

They worked for an unnamed UAE-based firm and allegedly hacked into servers, computers and phones around the world.

There was no immediate comment from the men or Emirati officials.

Earlier this year, the UAE was accused of using malware from the Israeli company NSO Group to spy on journalists, dissidents and rival governments.

The US justice department said the former intelligence officers – US citizens Marc Baier and Ryan Adams, and former US citizen Daniel Gericke – initially worked for a US company that provided cyber services to a UAE government agency in compliance with the International Traffic in Arms Regulations (ITAR).

The regulations require companies to obtain pre-approval from the US government prior to releasing information regarding a hacking operation and to agree not to target US citizens and permanent residents or US entities.

In 2016, the three men joined the UAE-based company as senior managers and began carrying out hacking operations for the benefit of the UAE government without obtaining the required licences from the US, according to the justice department.

Over the next three years, it alleged, they supervised the creation of two similar sophisticated “zero-click” computer hacking and intelligence gathering systems – “Karma” and “Karma 2” – that could compromise a device without any action by the target and allowed users to access tens of millions of devices made by a US technology company that was not identified.

The justice department said employees of the company had leveraged the systems to illegally obtain and use credentials for online accounts issued by US companies, and to obtain unauthorised access to computers and mobile phones around the world, including in the US.

“Hackers-for-hire and those who otherwise support such activities in violation of US law…

Source…

3 ex-U.S. intelligence operatives admit to hacking for UAE


Sept. 15 (UPI) — Three former U.S. intelligence and military operatives have admitted to being hired by the United Arab Emirates for whom they committed sophisticated cybercrimes for, the Justice Department said.

In a statement published Tuesday, the Justice Department said the three mercenary hackers Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, agreed to pay $1.685 million to resolve the department’s investigation into their alleged crimes of violating U.S. export control, computer fraud and access devices fraud laws.

According to court documents, the trio used “illicit, fraudulent and criminal means,” including hacking systems, to gain unauthorized access to protected computers in the United States and elsewhere to steal information, material, documents, records, data and personal identifying information for the UAE.

Prosecutors said the three men lacked the proper license from the U.S. government to conduct this sort of work, which they continued to do despite receiving repeated warnings.

According to the agreement to drop the charges, the men admit responsibility for their actions and agree to cooperate with the United States, accept employment restrictions and pay the monetary penalty. Baier is to pay $750,000, Adams $600,00 and Gericke $335,000, it said.

Court documents said that after leaving the military, the men began working for an unnamed U.S. company that provided cyber services to a UAE government agency in compliance with U.S. rules. However, in January 2016 the defendants joined an unnamed UAE company as senior managers of a team called Cyber Intelligence-Operations.

Between January 2016 and November 2019, the three men and other employees at the company “expanded the breadth and increased the sophistication” of the hacking operations they provided the UAE, including creating two zero-click hacks named KARMA and KARMA 2 to infect devices without the users interacting with the malware, according to prosecutors.

The operations “leveraged servers in the United States belonging to a U.S. technology company … to obtain remote, unauthorized access to any of the tens of millions of smartphones and mobile devices utilizing” a unnamed U.S. company’s…

Source…