Tag Archive for: Operatives

Former U.S. intel operatives to pay $1.6M for hacking for foreign govt

/in


Former U.S. intel operatives to pay $1.6M for hacking for foreign govt

The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government.

Between 2016 and 2019, Marc Baier, Ryan Adams, and Daniel Gericke provided their services to a company that ran sophisticated hacking operations for the United Arab Emirates (UAE) government against various targets.

“These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target” – the U.S. Department of Justice

Former employees of the U.S. Intelligence Community (USIC) or the U.S. military, the three agreed to pay $1,685,000 in penalties to not be prosecuted for violations of U.S. export control, computer fraud, and access device fraud laws.

Essential U.S. input

After leaving the U.S. government employment, the trio joined the senior management ranks of a UAE company where they coordinated hacking operations against various targets.

They also supervised the creation of two hacking and espionage platforms called KARMA and KARMA 2, used to compromise iPhones belonging to targets of interest to the UAE.

In 2019, journalists at Reuters revealed that the two hacking platforms were used by a clandestine UAE hacking team codenamed Project Raven run through a UAE-based company called DarkMatter.

The unit had more than a dozen former U.S. intelligence operatives helping the UAE with “surveillance of other governments, militants and human rights activists critical of the monarchy.”

KARMA and its successor relied on “zero-click” exploits (no user interaction needed) that enabled collecting sensitive info that allowed access to the targets accounts (email, cloud storage, social network) to steal data.

According to a report from Patrick Howell O’Neill at MIT Technology Review, the vulnerability that the KARMA platform exploited to take full control of a target’s iPhone was in Apple’s iMessage app and it was developed and sold by an American company named Accuvant (merged…

Source…

3 ex-U.S. intelligence operatives admit to hacking for UAE

/in


Sept. 15 (UPI) — Three former U.S. intelligence and military operatives have admitted to being hired by the United Arab Emirates for whom they committed sophisticated cybercrimes for, the Justice Department said.

In a statement published Tuesday, the Justice Department said the three mercenary hackers Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, agreed to pay $1.685 million to resolve the department’s investigation into their alleged crimes of violating U.S. export control, computer fraud and access devices fraud laws.

According to court documents, the trio used “illicit, fraudulent and criminal means,” including hacking systems, to gain unauthorized access to protected computers in the United States and elsewhere to steal information, material, documents, records, data and personal identifying information for the UAE.

Prosecutors said the three men lacked the proper license from the U.S. government to conduct this sort of work, which they continued to do despite receiving repeated warnings.

According to the agreement to drop the charges, the men admit responsibility for their actions and agree to cooperate with the United States, accept employment restrictions and pay the monetary penalty. Baier is to pay $750,000, Adams $600,00 and Gericke $335,000, it said.

Court documents said that after leaving the military, the men began working for an unnamed U.S. company that provided cyber services to a UAE government agency in compliance with U.S. rules. However, in January 2016 the defendants joined an unnamed UAE company as senior managers of a team called Cyber Intelligence-Operations.

Between January 2016 and November 2019, the three men and other employees at the company “expanded the breadth and increased the sophistication” of the hacking operations they provided the UAE, including creating two zero-click hacks named KARMA and KARMA 2 to infect devices without the users interacting with the malware, according to prosecutors.

The operations “leveraged servers in the United States belonging to a U.S. technology company … to obtain remote, unauthorized access to any of the tens of millions of smartphones and mobile devices utilizing” a unnamed U.S. company’s…

Source…

‘Western Government Operatives’ Behind This Hacking Campaign

/in


Illustration for article titled Turns Out This Sophisticated Hacking Campaign Was Actually the Work of 'Western Government Operatives'

Photo: Damien Meyer/AFP (Getty Images)

A sophisticated hacking campaign that was previously witnessed targeting security flaws in Android, Windows and iOS devices is actually the work of “Western government operatives” conducting a “counterterrorism operation,” according to a new report from MIT Technology Review.

The campaign in question, which has garnered more and more attention from media outlets over the last few weeks, was first written about in January by Google’s threat research team Project Zero. At the time, all that was publicly known was that someone had been up to some very tricky business: a “highly sophisticated” group, likely staffed by “teams of experts,” was responsible for targeting numerous zero-day vulnerabilities (the grand total would later turn out to be 11) in various prominent operating systems, researchers wrote.

This hacking campaign, which ended up going on for about nine months, used the so-called “watering hole” method—in which a threat actor injects malicious code into a website to effectively “booby trap” it (visitors to the site will subsequently become infected with malware, which allows the hacker to target and escalate compromise of specific targets).

From all of these descriptors, signs naturally pointed to the involvement of some sort of high-level nation-state hackers—though few would’ve guessed that the culprits were, in fact, our friends! Nevertheless, that would appear to be the case. It is unclear what government is actually responsible for the attacks, who its targets were, or what the so-called “counterterrorism” operation related to all of this entailed. MIT has not divulged how they came into this information.

One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) has apparently derailed whatever government operation was occurring. MIT writes that, by going public, the tech company effectively shut down a “live counterterrorism” cyber mission, also adding that it “is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down”…

Source…

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

/in

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
Mobile Security – Threatpost