This article is more than 1 year old
Ex-NSA trio who spied on Americans for UAE now banned from arms exports
From hero to zero-day ... to plain zero
Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.
Per the terms of the agreements, Ryan Adams [PDF], Marc Baier [PDF] and Daniel Gericke [PDF], all three former NSA operatives, will be "debarred," meaning they are prohibited from participating in any activities regulated under the International Traffic in Arms Regulations (ITAR) for three years. After three years, they can submit a request to the State Department to be reinstated if they choose to do so.
But considering the men were charged with providing hacking-for-hire services – getting paid to break into targets' devices and steal data, for instance – to UAE government agencies against US devices and users, it's probably safe to assume that any such request will be swiftly denied.
"Debarment, a fancy word for being prohibited from doing business, can actually be a significant sanction in that it can amount to a death penalty for the companies involved," attorney Bryan Cunningham, an advisory council member at data security firm Theon Technology, told The Register.
While DarkMatter claimed its intelligence gathering was strictly defensive security work, former US intelligence operatives who were recruited by the clandestine outfit have said they, on behalf of paying clients, spied on politicians, journalists, members of the local royal families, and some of Michelle Obama's emails.
According to the US Justice Department [PDF], Adams, Baier and Gericke all worked as senior managers at DarkMatter and carried out hacking services for the UAE government, including deploying zero-click exploits to install spyware on target devices, between 2016 and 2019.
This is where the State Department fits in. Performing these cyber-mercenary operations for the UAE constituted a "defense service," which required a license from the State Department. However, the three men did not obtain a license for these services, and due to their circumstances and connections to the US, they should have got the necessary paperwork, according to Uncle Sam.
- Ex-US intel, military trio were cyber-mercenaries for UAE, say prosecutors
- Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist
- NSO Group CEO steps down, 100 employees let go too
- CIA accused of illegally spying on Americans visiting Assange in embassy
A year ago, Adams, Baier and Gericke reached a first-of-its-kind deal with the US govt under which the Justice Department agreed to drop its prosecution and the men agreed to cough up $1,685,000 as a group; cooperate fully with the US government; give up all foreign and US security clearances, and never seek the latter again; and accept restrictions on future employment.
The trio also agreed they did not dispute the allegations against them.
The Justice Department declined to comment on the State Department's more recent sanctions against the three men.
"The State Department and federal prosecutors have broad discretion in export control cases — and for good reason," Cunningham said. "These decisions often involve balancing competing governmental interests, including not only enforcing US law but also our diplomatic and foreign relations, support for US allies, and protecting intelligence and law enforcement sources and methods."
This case is notable in that the Feds publicly named the country, which also happened to be a US ally, who had tapped up these guys, he said. "It may also be that the government did not want to risk having to reveal government secrets if a criminal prosecution had gone to trial," he added. ®