15 September 2021

Three former US intelligence operatives fined for working as hackers-for-hire for UAE


Three former US intelligence operatives fined for working as hackers-for-hire for UAE

Three former US intelligence operatives who provided hacker-for-hire services to the United Arab Emirates are facing federal charges in the US for conspiring to violate export control, computer fraud and access device fraud laws.

Marc Baier, 49, Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40 are accused of helping the UAE government to compromise computer systems all over the world, including some in the U.S, according to the court documents.

Between 2016 and 2019, the three men worked as senior managers at a United Arab Emirates cybersecurity company that provided hacking services to the United Arab Emirates' government. Part of the services provided by the defendants was the development of two “zero-click” exploits (“KARMA” and “KARMA 2”) which were then used by the company’s employees for hacking online accounts of U.S. companies using stolen access credentials, and to obtain access to devices, like mobile phones, around the world, including in the US.

According to Reuters, the trio worked as contractors for UAE-based company DarkMatter between January 2016 and November 2019. Baier was a program manager for Project Raven. Adams and Gericke were operators within the project, helping the UAE hack its targets.

The defendants are also being charged with violating US export control laws and providing unlicensed export-controlled defense services to a foreign government.

“Defendants used illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information,” the court document states.

The three men entered into a deferred prosecution agreement, under the terms of which they have to pay $750,000, $600,000, and $335,000 respectively, over a three-year term, in order to avoid imprisonment.

Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021