Security News > 2021 > September > 3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company
The U.S. Department of Justice on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company.
"The defendants worked as senior managers at a United Arab Emirates-based company that supported and carried out computer network exploitation operations for the benefit of the U.A.E. government," the DoJ said in a statement.
Besides charging the individuals for violations of U.S. export control, computer fraud and access device fraud laws, the hackers-for-hire are alleged to have supervised the creation of sophisticated 'zero-click' exploits that were subsequently weaponized to illegally amass credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to mobile phones around the world.
The development follows a prior investigation by Reuters in 2019, which revealed how former U.S. National Security Agency operatives helped the U.A.E. surveil prominent Arab media figures, dissidents, and several unnamed U.S. journalists as part of a clandestine operation dubbed Project Raven undertaken by a cybersecurity company named DarkMatter.
According to unsealed court documents, Baier, Adams and Gericke designed, implemented, and used Karma for foreign intelligence gathering purposes starting in May 2016 after obtaining an exploit from an unnamed U.S. company that granted zero-click remote access to Apple devices.
"This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company - there is risk, and there will be consequences."