Under an agreement revealed on Tuesday, three former US intelligence agents who worked as cyberspaces for the United Arab Emirates admitted to breaking US hacking laws and bans on selling classified military technologies.
Marc Baier, Ryan Adams, and Daniel Gericke were members of Project Raven, a covert team that assisted the UAE in spying on its adversaries, according to Reuters.
According to Reuters, the Project Raven team hacked into the accounts of human rights activists, journalists, and competitor nations at the request of the UAE monarchy.
According to court papers filed in US federal court in Washington, DC on Tuesday, the three individuals admitted to hacking into computer networks in the United States and exporting advanced cyber infiltration tools without first obtaining required approval from the US government.
Requests for comment from the operatives and their attorneys were not returned.
A request for comment to the UAE embassy in Washington, DC was not immediately returned.
To escape punishment, the three former intelligence officials agreed to pay a total of $1.69 million and never apply for a US security clearance, which is required for jobs that need access to national security secrets.
In a statement, Acting Assistant Attorney General Mark J Lesko of the Justice Department’s National Security Division stated, “Hackers-for-hire and those who otherwise enable such activities in violation of US law can fully expect to be punished for their illegal activity.”
Project Raven revelations by Reuters in 2019 exposed a rising trend of former CIA officers selling their spy craft overseas with no control or responsibility.
In a statement, Assistant Director Bryan Vorndran of the FBI’s Cyber Division said, “This is a clear message to anyone, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company.” “There is a danger, and there will be repercussions.”
Lori Stroud, a former US National Security Agency analyst who worked on Project Raven before becoming a whistleblower, welcomed the claims.
“Investigative journalism was the most important catalyst in bringing this situation to light,” she added. “The timely, technical information published provided the awareness and momentum to secure justice.”
Project Raven spied on a number of human rights advocates, according to a Reuters investigation, and some of them were later tortured by UAE security agents.
Former program operatives claimed they thought they were following the law because supervisors assured them that the operation had been sanctioned by the US government.
According to Baier, Adams, and Gericke, the UAE used a sophisticated cyberweapon known as “Karma” to hack into Apple iPhones without requiring a target to click on harmful links.
Karma gave users access to tens of millions of devices and was classified as an intelligence-gathering technology by the US government. According to investigators, the operatives did not secure the proper US government clearance to sell the tool to the UAE.
According to Reuters, Project Raven used Karma to hack into tens of thousands of people, including a Nobel Peace Prize-winning Yemeni human rights campaigner and a BBC television show host.