Former intelligence operatives accept deal; Admit hacking for foreign nation

by mcardinal

Lauren Moye, FISM NEWS

 

On Sept. 7, three United States citizens with connections to the intelligence community admitted that they provided advanced hacking technologies to the United Arab Emirates. This technology was then used to target United States companies and citizens. 

As part of an agreement made with the Department of Justice, defendants Marc Baier, Ryan Adams, and Daniel Gericke will pay $1,685,000 in penalties. They will also immediately forfeit all national and foreign security clearances and face restrictions on future employment.

“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting, and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States,” said Mark J. Lesko, Acting Assistant Attorney General for the National Security Division of the Department of Justice.

All three men were former US intelligence or military operatives who, after entering the private sector for an undisclosed US-based company, continued to have access to sensitive information controlled under the International Traffic in Arms Regulation (ITAR).

In 2016, Baier, Adams, and Gericke accepted employment as senior managers in a Cyber Intelligence Operations division of a UAE-based company. As the providers of “defense services” as defined by ITAR, the men were required to obtain a license from the State Department’s Directorate of Defense Trade Controls. Instead, they ignored warnings to continue operating illegally.

Over the next few years, they developed and supervised the use of advanced hacking technology. Not only did they use their existing knowledge to provide this service, but they continued to illegally gain access to ITAR-controlled info from their previous company and former coworkers.

“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” said Lesko.

The zero-click hacking systems that they provided information on enabled unauthorized access to devices without the knowledge or need to trick a user into giving access away with the click of a button. They called these systems KARMA and KARMA 2.

With the defendants’ knowledge, the UAE company then used this technology to gain access to the servers of an undisclosed United States company. According to the DOJ, this allowed them “to obtain remote, unauthorized access to any of the tens of millions of smartphones and mobile devices” along with the data, account information, and cloud storage.

Assistant Director of FBI’s Cyber Division Bryan Vorndran said, “This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”

According to the terms of their agreement with the DOJ, Baier, Adams, and Gericke have a lifetime ban against holding US security clearances. They are also prohibited from employment involving hacking services or providing future defense services. The $1,685,000 penalty fees will be paid over a three years.

3 comments

Jean Schrader September 16, 2021 - 11:16 AM

So these men received no prison sentences for their betrayal ? Yet those who are unjustly imprisoned for entering the capitol January 6th are still being held, mistreated , and not receiving due process, bail or fair representation.

Reply
Frank McDuffee September 20, 2021 - 12:22 PM

Agreed. Until there is serious jail time, nothing changes.

Reply
Frank McDuffee September 20, 2021 - 12:19 PM

“ …undisclosed US-based company.” Employers should bear (some?) responsibility for the work of their employees. The swamp is taking care of itself.
Until the guilty parties serve jail time, there is no deterrence. Unlimited money is available to pay fines & provide lifetime security for those “penalized” with loss of clearances/access, and employment restrictions.

Reply

Leave a Comment

DONATE NOW