US charges American mercenary hackers over their work in UAE

The Guardian - Tue Sep 14 22:57

Three former US intelligence operatives, who went to work as mercenary hackers for the United Arab Emirates, are facing federal charges of conspiring to violate hacking laws, according to justice department court documents filed on Tuesday.

The three men, Marc Baier, Ryan Adams, and Daniel Gericke, are accused of having been part of a clandestine unit named Project Raven, first reported by Reuters, that helped the United Arab Emirates spy on its enemies.

The defendants are also being charged with violating military export restrictions.

“Defendants used illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information,” the court document states.

Reuters previously reported that Baier was a program manager for Project Raven. Adams and Gericke were operators within the effort, helping the UAE hack its targets.

Prosecutors wrote in a separate filing that they have promised to drop the charges if the three men cooperate with US authorities, pay a financial penalty, agree to unspecified employment restrictions and acknowledge responsibility for their actions.

Text messages sent to Baier and Adams requesting comment went unanswered. A social media message to Gericke also did not receive an immediate response.

“The bureau’s dedication to justice is commendable, and I have the utmost respect for the agents assigned to this case,” said Lori Stroud, a former NSA analyst who worked on Project Raven and then acted as a whistleblower.

“However, the most significant catalyst to bringing this issue to light was investigative journalism - the timely, technical information reported created the awareness and momentum to ensure justice.”

The court documents describe how the three helped the UAE design, procure and deploy hacking capabilities over several years. Their victims allegedly included US citizens, which Reuters previously reported based on information provided by Stroud.

Former program operatives previously told Reuters they believed they were following the law because superiors promised them the US government had approved the work.