The agreement restricts their future activities and employment
The role of US government intelligence careers in providing unlicensed hacking services to a foreign government is certainly a no-no, Department of Justice Said this week.
The three defendants, Mark Baer, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gerrick, 40 — all former employees of the U.S. intelligence community or U.S. military — were to pay $1,685,000 in penalties as part of a deferred agreed to. Prosecution Agreement.
The agreement also restricts their future activities and employment.
The defendants were part of a “secret unit called Project Raven that helped the UAE spy on its enemies,” according to Reuters.
According to court documents, the defendants “supported and conducted computer network exploitation operations” – otherwise known as hacking – “between 2016 and 2019 for the benefit of the UAE government”.
The defendants were warned that their work for the UAE company constituted a defense service that required a license from the State Department’s Directorate of Defense Trade Control (DDTC). Despite the warnings, the defendants proceeded to provide the services without a license.
Worse, one of the services provided is known to be a particularly malicious type of hack known as “zero-click”, where malware can be downloaded without any user interaction. Typically, the user clicks on a malicious link, for example, to execute malware.
UAE company employees then “took advantage of these zero-click exploits to obtain and use access credentials for online accounts issued by US companies, and unauthorized access to computers such as mobile phones around the world, including in the United States”. to gain access,” the DOJ said.
The provision of so-called hacking hacking services is no small problem. Last week a serious iPhone hack was linked to a company providing hacking services for hire.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should be fully punished for their criminal conduct,” Mark Jay Lesko, acting assistant attorney general for the Justice Department’s National Security Division, said in a statement. should expect to be prosecuted in this manner.”
Jake Williams, Co-Founder and CTO breachquest, an Augusta, Georgia-based company that provides incident response, said the individuals involved should have been aware of the consequences of their work.
Williams told Granthshala Business: “There’s a bit of a question in my mind that Project Raven has crossed a legal threshold. It’s less clear whether the American individuals involved were aware that the project was being used by other American individuals and American organizations.” to be targeted.”
“Given that the original mission was designed to combat terrorism, a mission that is far less defined by its nature, it was conceivable that this might be the end result,” Williams said.
“[When] As US companies and US individuals were targeted under the program, every US person involved knew it was only a matter of time before some legal action was taken,” Williams said.