https://www.nytimes.com/2021/09/14/us/politics/darkmatter-uae-hacks.html



Ex-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis

They were among a trend of Americans working for foreign governments trying to build their cyberoperation abilities.

WASHINGTON — Three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments, according to court documents made public on Tuesday.

The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in breaches aimed at damaging the perceived enemies of the small but powerful Persian Gulf nation.

The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States,” prosecutors said.

The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyberoperations.

Legal experts have said the rules governing this new age of digital mercenaries are murky, and the charges made public on Tuesday could be something of an opening salvo by the government in a battle to deter former American spies from becoming guns for hire overseas.

The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating U.S. laws as part of a three-year deferred prosecution agreement. If the men comply with the agreement, the Justice Department will drop the criminal prosecution. Each man will also pay hundreds of thousands of dollars in fines. The men will also never be able to receive a U.S. government security clearance.

Mr. Baier worked for the National Security Agency unit that carries out advanced offensive cyberoperations. Mr. Adams and Mr. Gericke served in the military and in the intelligence community.

DarkMatter had its origins in another company, an American firm called CyberPoint that originally won contracts from the Emirates to help protect the country from computer attacks.

CyberPoint obtained approval from the American government to work for the Emiratis, a necessary step intended to regulate the export of military and intelligence services. Many of the company’s employees had worked on highly classified projects for the N.S.A. and other American intelligence agencies.

But the Emiratis had larger ambitions and repeatedly pressed CyberPoint employees to exceed the boundaries of the company’s American license, according to former employees.

CyberPoint rebuffed requests by Emirati intelligence operatives to try to crack encryption codes and to hack websites housed on American servers — operations that would have run afoul of American law.


So in 2015 the Emiratis founded DarkMatter — forming a company not bound by U.S. law — and lured numerous American employees of CyberPoint to join, including the three defendants.

DarkMatter employed several other former N.S.A. and C.I.A. officers, according to a roster of employees obtained by The New York Times, some making salaries of hundreds of thousands of dollars a year.

The investigation into the American employees of DarkMatter has continued for years, and it had been unclear whether prosecutors would bring charges. Experts cited potential diplomatic concerns about jeopardizing the United States’ relationship with the Emirates — a country that has cultivated close ties to the past several American administrations — as well as worries about whether pursuing the case might expose embarrassing details about the extent of the cooperation between DarkMatter and American intelligence agencies.

There is also the reality that American laws have been slow to adapt to the technological changes that have provided lucrative work for former spies once trained to conduct offensive cyberoperations against America’s adversaries.

Specifically, the rules that govern what American intelligence and military personnel can and cannot provide to foreign governments were devised for 20th-century warfare — for instance, training foreign armies on American military tactics or selling defense equipment like guns or missiles.

They have not addressed the hacking skills honed in some of America’s most advanced intelligence units and sold to the highest bidder.

This year, the C.I.A. sent a blunt letter to former officers warning them against going to work for foreign governments. The letter, written by the spy agency’s head of counterintelligence, said it was seeing a “detrimental trend” of “foreign governments, either directly or indirectly, hiring former intelligence officials to build up their spying capabilities.”

“I can’t mince words — former C.I.A. officers who pursue this type of employment are engaging in activity that may undermine the agency’s mission to the benefit of U.S. competitors and foreign adversaries,” wrote Sheetal T. Patel, the C.I.A.’s assistant director for counterintelligence.

Prosecutors said that the Emirates gradually transitioned its contracts from CyberPoint to DarkMatter, but that at no time did the three men obtain the necessary approvals to provide defense services to DarkMatter. The court documents said that the three men and others worked in DarkMatter’s “Cyber Intelligence Operations,” which gained access to “information and data from thousands of targets around the world.”

In interviews, former DarkMatter employees said that Emirati officials were particularly focused on hacking the computer systems of the country’s main rival, Qatar, but that operations were also carried out against Emirati dissidents and journalists. They even hacked the emails of a Qatari minister communicating with the former first lady Michelle Obama about a planned trip to Qatar.

Mr. Baier and his group purchased computer tools from U.S. companies for use in hacking operations, according to prosecutors. In two instances, DarkMatter paid about $750,000 and $1.3 million — illustrating how much American companies stand to gain from selling those dangerous tools to foreign countries and businesses.

Prosecutors said the men “expanded the breadth and increased the sophistication” of the operations that DarkMatter was providing to the Emirati government. The efforts took aim at “individual, corporate and government targets by compromising computers and accounts belonging to associates, employees or relatives of the primary targets,” according to court documents.

Prosecutors said CyberPoint warned the Americans that it could not support DarkMatter’s intended computer exploitation operations without obtaining the proper U.S. authorization.

Two former employees, Lori Stroud and Jonathan Cole, left the company after growing troubled about DarkMatter’s hacking and targeting of American citizens. When the pair, who are married, raised the issue with their superiors, they were sidelined, they said.

They left the company in 2017 and began cooperating extensively with the F.B.I.’s investigation.

“This is a huge win,” Mr. Cole said in an interview on Tuesday. “This will send a message to former U.S. intelligence operatives working overseas. They should not share U.S. tradecraft with foreign governments.”