On September 14, 2021, three former U.S. intelligence operatives who served as cyber spies for the UAE admitted breaking U.S. hacking laws and bans on selling military technology in a settlement to evade prosecution.
The three former US intelligence operatives – Marc Baier, Ryan Adams, and Daniel Gericke – were a secret unit named Project Raven, who assisted the United Arab Emirates in spying on its adversaries.
— Reuters U.S. News (@ReutersUS) September 15, 2021
The Project Raven team hacked the accounts of human rights activists, reporters, and opposing governments on the orders of the UAE’s monarchy.
The former operatives confessed to hacking into US networks and transporting complex cyber intrusion tools without obtaining wanted approval from the U.S. administration.
Neither the operatives nor their attorneys responded to any request for comments. Similarly, the UAE embassy in Washington, D.C., refrained from responding to any call for comment.
The former officials accepted to pay $1.69 million and never again sought a U.S. security clearance as part of the deal with federal authorities to avoid prosecution.
General Mark J. Lesko, acting Assistant Attorney for the Justice Department’s National Security Division, said:
Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct
In a statement issued by Bryan Vorndran, Assistant Director of the FBI’s Cyber Division, said:
There is a risk, and there will be consequences. This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company.
A former U.S. National Security Agency analyst, Lori Stroud, who worked on Project Raven before becoming a whistleblower, said she was happy to see the charges.
The most significant catalyst to bringing this issue to light was investigative journalism – the timely, technical information reported created the awareness and momentum to ensure justice
According to court papers, the three former US intelligence operatives revealed that they deployed a complex tool called “Karma” that allowed the UAE to hack into iPhones without the need of a target to click on malicious links.
While the Karma allowed access to millions of devices, the operatives didn’t obtain the necessary U.S. government approval to trade the tool to the UAE, officials said.
Also, the same tool was used to hack into thousands of targets, including various human rights activists and a television show host.