Ex-US intelligence officers admit to hacking crimes in work for Emiratis

The New York Times
WashingtonWritten By: Adam Goldman © 2021 The New York Times CompanyUpdated: Sep 15, 2021, 05:08 PM IST

Representational picture. Forensic analysts studied the complex and unstructured data-set on dark web and told ACL that data of 223,000 patients had been exposed in the breach, and it included the medical and health records of about 18,000 people. Photograph:(Reuters)

Story highlights

The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government.

Three former US intelligence officers hired by the United Arab Emirates to carry out sophisticated cyber operations admitted to hacking crimes and violating US export laws that restrict the transfer of military technology to foreign governments, according to court documents made public on Tuesday.

The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in breaches aimed at damaging the perceived enemies of the small but powerful Persian Gulf nation.

The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States,” prosecutors said.

The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former US intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyber operations.

Legal experts have said the rules governing this new age of digital mercenaries are murky, and the charges made public on Tuesday could be something of an opening salvo by the government in a battle to deter former American spies from becoming guns for hire overseas.

The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating US laws as part of a three-year deferred prosecution agreement. If the men comply with the agreement, the Justice Department will drop the criminal prosecution. Each man will also pay hundreds of thousands of dollars in fines. The men will also never be able to receive a U.S. government security clearance.

Baier worked for the National Security Agency unit that carries out advanced offensive cyber operations. Adams and Gericke served in the military and in the intelligence community.

DarkMatter had its origins in another company, an American firm called CyberPoint that originally won contracts from the Emirates to help protect the country from computer attacks.

CyberPoint obtained approval from the US government to work for the Emiratis, a necessary step intended to regulate the export of military and intelligence services. Many of the company’s employees had worked on highly classified projects for the NSA and other U.S. intelligence agencies.

But the Emiratis had larger ambitions and repeatedly pressed CyberPoint employees to exceed the boundaries of the company’s American license, according to former employees.

CyberPoint rebuffed requests by Emirati intelligence operatives to try to crack encryption codes and to hack websites housed on American servers — operations that would have run afoul of American law.

So in 2015 the Emiratis founded DarkMatter — forming a company not bound by United States law — and lured numerous American employees of CyberPoint to join, including the three defendants.

DarkMatter employed several other former NSA and CIA officers, according to a roster of employees obtained by The New York Times, some making salaries of hundreds of thousands of dollars a year.

The investigation into the American employees of DarkMatter has continued for years, and it had been unclear whether prosecutors would bring charges.

Experts cited potential diplomatic concerns about jeopardizing the United States’ relationship with the Emirates - a country that has cultivated close ties to the past several US administrations - as well as worries about whether pursuing the case might expose embarrassing details about the extent of the cooperation between DarkMatter and US intelligence agencies.

There is also the reality that US laws have been slow to adapt to the technological changes that have provided lucrative work for former spies once trained to conduct offensive cyber operations against America’s adversaries.

Specifically, the rules that govern what US intelligence and military personnel can and cannot provide to foreign governments were devised for 20th-century warfare — for instance, training foreign armies on American military tactics or selling defense equipment like guns or missiles.

They have not addressed the hacking skills honed in some of America’s most advanced intelligence units and sold to the highest bidder.

This year, the CIA sent a blunt letter to former officers warning them against going to work for foreign governments. The letter, written by the spy agency’s head of counterintelligence, said it was seeing a “detrimental trend” of “foreign governments, either directly or indirectly, hiring former intelligence officials to build up their spying capabilities.”

“I can’t mince words - former CIA officers who pursue this type of employment are engaging in activity that may undermine the agency’s mission to the benefit of US competitors and foreign adversaries,” wrote Sheetal T. Patel, the CIA’s assistant director for counterintelligence.

Prosecutors said that the Emirates gradually transitioned its contracts from CyberPoint to DarkMatter, but that at no time did the three men obtain the necessary approvals to provide defense services to DarkMatter. The court documents said that the three men and others worked in DarkMatter’s “Cyber Intelligence Operations,” which gained access to “information and data from thousands of targets around the world.”

In interviews, former DarkMatter employees said that Emirati officials were particularly focused on hacking the computer systems of the country’s main rival, Qatar, but that operations were also carried out against Emirati dissidents and journalists. They even hacked the emails of a Qatari minister communicating with former first lady Michelle Obama about a planned trip to Qatar.

Baier and his group purchased computer tools from US companies for use in hacking operations, according to prosecutors. In two instances, DarkMatter paid about $750,000 and $1.3 million - illustrating how much American companies stand to gain from selling those dangerous tools to foreign countries and businesses.

Prosecutors said the men “expanded the breadth and increased the sophistication” of the operations that DarkMatter was providing to the Emirati government. The efforts took aim at “individual, corporate and government targets by compromising computers and accounts belonging to associates, employees or relatives of the primary targets,” according to court documents.

Prosecutors said CyberPoint warned the Americans that it could not support DarkMatter’s intended computer exploitation operations without obtaining the proper US authorisation.

Two former employees, Lori Stroud and Jonathan Cole, left the company after growing troubled about DarkMatter’s hacking and targeting of US citizens. When the pair, who are married, raised the issue with their superiors, they were sidelined, they said.

They left the company in 2017 and began cooperating extensively with the FBI’s investigation.

“This is a huge win,” Cole said in an interview Tuesday. “This will send a message to former US intelligence operatives working overseas. They should not share US tradecraft with foreign governments.”