Three ex-US intelligence officers admit cyberspying for Emiratis

Three former US intelligence operatives who worked as cyber spies for the United Arab Emirates admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology, under a deal to avoid prosecution announced on Tuesday.

The operatives - Marc Baier, Ryan Adams and Daniel Gericke - were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the UAE spy on its enemies.

At the behest of the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments, Reuters reported.

One of the three ex-officials, Daniel Gericke, was the CIO at ExpressVPN until July 2023. Kape Technologies announced acquiring ExpressVPN for $936 million this Monday.

ExpressVPN released a statement claiming the company was aware of Gericke's employment past.

"Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defense against such threats," reads the statement.

Reuters report that the three men admitted to hacking into computer networks in the United States and exporting sophisticated cyber intrusions tools without gaining required permission from the U.S. government, according to court papers released in U.S. federal court in Washington, D.C., on Tuesday.

The former operatives and their attorneys did not respond to requests for comment by Reuters. The UAE embassy in Washington, D.C., did not immediately respond to a request for comment.

As part of the deal with federal authorities to avoid prosecution, the three former intelligence officials agreed to pay a combined $1.69 million and never again seek a U.S. security clearance, a requirement for jobs that entail access to national security secrets.

“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division said in a statement.

Revelations of Project Raven in 2019 by Reuters highlighted the growing practice of former intelligence operatives selling their spycraft overseas with little oversight or accountability.

“This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said in a statement. “There is risk, and there will be consequences.”

Lori Stroud, a former U.S. National Security Agency analyst who worked on Project Raven and then acted as a whistleblower, said she was pleased to see the charges.

“The most significant catalyst to bringing this issue to light was investigative journalism - the timely, technical information reported created the awareness and momentum to ensure justice," she said.

The Reuters investigation found that Project Raven spied on numerous human rights activists, some of whom were later tortured by UAE security forces. Former program operatives said they believed they were following the law because superiors promised them the U.S. government had approved the work.

Baier, Adams and Gericke admitted to deploying a sophisticated cyberweapon called “Karma” that allowed the UAE to hack into Apple iPhones without requiring a target to click on malicious links, according to court papers.

Karma allowed users to access tens of millions of devices and qualified as an intelligence gathering system under federal export control rules. But the operatives did not obtain the required U.S. government permission to sell the tool to the UAE, authorities said.

Project Raven used Karma to hack into thousands of targets including a Nobel Prize-winning Yemeni human rights activist and a BBC television show host, Reuters reported.

Reporting by Christopher Bing and Joel Schectman; Editing by Kieran Murray and Stephen Coates. Additional info by CyberNews.

More from CyberNews:

Millions of Microsoft web servers powered by vulnerable legacy software

Every fourth financial organization hit by ransomware succumbed to criminals’ demands

Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers

Robocalls flood Americans in billions, Texas targeted most often

Here’s how scammers threaten "closeted" LGBTQ+ people

Subscribe to our newsletter