Signage is seen at the United States Department of Justice headquarters in Washington, D.C., U.S., August 29, 2020. REUTERS/Andrew Kelly
By Christopher Bing and Joel Schectman
WASHINGTON, Sept 14 (Reuters) – Three former U.S. intelligence operatives, who worked as mercenary hackers for the United Arab Emirates, agreed to pay fines of $1.685 million and cooperate with federal prosecutors to avoid trial, the Justice Department said on Tuesday.
Defendants Marc Baier, Ryan Adams, and Daniel Gericke were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the United Arab Emirates spy on its enemies.
The three entered into an agreement, known as a deferred prosecution agreement, with U.S. prosecutors who accused them of conspiring to violate hacking laws, the Justice Department said in court documents filed on Tuesday.
The three also agreed to give up foreign or U.S. security clearances and face future employment restrictions. They agreed to “cooperate fully” and provide “full, complete, and truthful information to the FBI or any other U.S. government organization” and provide documents sought by the government.
Acting U.S. Assistant Attorney General Mark J. Lesko said in a news release: “This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States.”
Reuters previously reported that Baier was a program manager for Project Raven. Adams and Gericke were operators within the effort, helping the UAE hack its targets. Text messages sent to Baier and Adams requesting comment went unanswered. A social media message to Gericke also did not receive an immediate response.
Lawyers for the three defendants did not immediately respond to a request for comment.
The court document states: “Defendants used illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information.”
Lori Stroud, a former U.S. National Security Agency analyst who worked on Project Raven and then acted as a whistleblower, said on Tuesday: “The Bureau’s dedication to justice is commendable, and I have the utmost respect for the agents assigned to this case.”
“However, the most significant catalyst to bringing this issue to light was investigative journalism – the timely, technical information reported created the awareness and momentum to ensure justice,” she said.
The court documents describe how the three men helped the UAE design, procure and deploy hacking capabilities over multiple years. Their victims allegedly included U.S. citizens, which Reuters previously reported based on information provided by Stroud.
Former program operatives told Reuters they believed they were following the law because superiors promised them the U.S. government had approved the work.
The documents describe how the Project Raven operatives acquired and wielded an elite hacking tool named Karma, which Reuters reported was used to remotely break into iPhones. The Justice Department said the hacking tool was acquired from two unnamed U.S. companies.
Karma was used to break into the iPhones of prominent activists who spoke out against the UAE’s human rights record, Reuters reported.