DUBAI: Three ex-US intelligence officers admit hacking for UAE

DUBAI: Three former US intelligence
operatives have admitted to breaking US laws by carrying out hacking operations
for the United Arab Emirates.

US
prosecutors said the men had agreed to pay $1.7m (£1.2m) to resolve charges of computer fraud, access device
fraud and violating export controls.

They
worked for an unnamed UAE-based firm and allegedly hacked into servers,
computers and phones around the world.

There was
no immediate comment from the men or Emirati officials.

Earlier
this year, the UAE was accused of using malware
from the Israeli company NSO Group to spy on journalists, dissidents
and rival governments.

The US
justice department said the former intelligence officers – US citizens Marc
Baier and Ryan Adams, and former US citizen Daniel Gericke – initially worked
for a US company that provided cyber services to a UAE government agency in
compliance with the International Traffic in Arms Regulations (ITAR).

The
regulations require companies to obtain pre-approval from the US government
prior to releasing information regarding a hacking operation and to agree not
to target US citizens and permanent residents or US entities.

In 2016,
the three men joined the UAE-based company as senior managers and began
carrying out hacking operations for the benefit of the UAE government without
obtaining the required licences from the US, according to the justice
department.

media captionWhat’s it like to
have spyware on your phone?

Over the
next three years, it alleged, they supervised the creation of two similar
sophisticated “zero-click” computer hacking and intelligence
gathering systems – “Karma” and “Karma 2” – that could
compromise a device without any action by the target and allowed users to
access tens of millions of devices made by a US technology company that was not
identified.

The
justice department said employees of the company had leveraged the systems to
illegally obtain and use credentials for online accounts issued by US
companies, and to obtain unauthorised access to computers and mobile phones
around the world, including in the US.

“Hackers-for-hire
and those who otherwise support such activities in violation of US law should
fully expect to be prosecuted for their criminal conduct,” said Acting Assistant
Attorney General Mark Lesko of the justice department’s National Security
Division.

The
justice department said it filed the charges against the three men under a
deferred prosecution agreement that requires them to pay financial penalties,
sever ties with UAE intelligence or law enforcement agencies, and never again
seek a US security clearance.