The US Department of Justice said in a statement on Tuesday that Marc Baier and Ryan Adams, both US citizens, and Daniel Gericke, a former US citizen, had agreed to the DPA to resolve an investigation into violations of US laws around export control, computer fraud and access device fraud.
Baier, Adams and Gericke agreed to pay US$750,000, US$600,000, and US$335,000 respectively, over a three-year term, with reimbursement of the amounts needing US Government permission.
The trio worked as senior managers for a clandestine unit known as Project Raven, operating within a company known as DarkMatter, that spied on enemies of the UAE from 2016 to 2019. The existence of this project was uncovered by Jenna McLaughlin of The Intercept in in October 2016. Reuters published a similar yarn in January 2019, with a former NSA analyst, Lori Stroud, blowing the whistle on the activities of the ex-intelligence operatives.
As the story gets renewed attention today, highly recommend reading the last piece in our 2019 series.— Chris Bing (@Bing_Chris) September 14, 2021
How Project Raven was initial built by White House insiders https://t.co/aLY3HBLaQc
They were said to have carried out hacking operations for a UAE Government firm known as NESA during the years mentioned despite being told on numerous occasions that, under the International Traffic in Arms Regulations, their actions constituted a “defence service” requiring a licence from the US State Department’s Directorate of Defence Trade Controls.
After the three men left US Government jobs, they worked for an unnamed American firm that conformed to the necessary rules while providing services to a UAE Government agency.
When they left this American firm for jobs in the UAE, they were told the services they were going to provide came under "defence services" under the International Traffic in Arms Regulation, and that US citizens could not lawfully provide such services to an UAE firm without obtaining a Technical Assistance Agreement.
It's almost like the folks at Project Raven were daring @TheJusticeDept to charge them ("fsck around and find out" style). I highly doubt this would be happening today without @Bing_Chris reporting on Raven that made it impossible for DOJ to ignore.https://t.co/ZCcyW8ZbjP pic.twitter.com/I0A2CIsfjL— Jake Williams (@MalwareJake) September 14, 2021
“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defence services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorisation from computers worldwide, including in the United States,” said Acting Assistant Attorney-General Mark Lesko on behalf of the Justice Department’s National Security Division.
“Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct.”
Acting US Attorney Channing Phillips of the District of Columbia said: “Left unregulated, the proliferation of offensive cyber capabilities undermines privacy and security worldwide.
"Under our International Traffic in Arms Regulations, the United States will ensure that US persons only provide defence services in support of such capabilities pursuant to proper licences and oversight.
“A US person’s status as a former US Government employee certainly does not provide them with a free pass in that regard.”
Assistant Director Bryan Vorndran of the FBI’s Cyber Division said: “The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity.
“This is a clear message to anybody, including former US Government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”