Three former U.S. intelligence operatives who worked as cyber spies for the United Arab Emirates admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology, under a deal to avoid prosecution announced on Tuesday.
The operatives – Marc Baier, Ryan Adams and Daniel Gericke – were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the UAE spy on its enemies.
At the behest of the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments, Reuters reported.
The three men admitted to hacking into computer networks in the United States and exporting sophisticated cyber intrusions tools without gaining required permission from the U.S. government, according to court papers released in U.S. federal court in Washington, D.C., on Tuesday.
As part of the deal with federal authorities to avoid prosecution, the three former intelligence officials agreed to pay a combined $1.69 million and never again seek a U.S. security clearance, a requirement for jobs that entail access to national security secrets.
Revelations of Project Raven in 2019 by Reuters highlighted the growing practice of former intelligence operatives selling their spycraft overseas with little oversight or accountability.
Lori Stroud, a former U.S. National Security Agency analyst who worked on Project Raven and then acted as a whistleblower, said she was pleased to see the charges.
The Reuters investigation found that Project Raven spied on numerous human rights activists here, some of whom were later tortured by UAE security forces.
Former program operatives said they believed they were following the law because superiors promised them the U.S. government had approved the work.
Baier, Adams and Gericke admitted to deploying a sophisticated cyberweapon called “Karma” that allowed the UAE to hack into Apple iPhones without requiring a target to click on malicious links, according to court papers.
Karma allowed users to access tens of millions of devices and qualified as an intelligence gathering system under federal export control rules. But the operatives did not obtain the required U.S. government permission to sell the tool to the UAE, authorities said.
Project Raven used Karma to hack into thousands of targets including a Nobel Prize-winning Yemeni human rights activist and a BBC television show host, Reuters reported.