They were among a trend of Americans working for foreign governments trying to build their cyberoperation abilities.
WASHINGTON
— Three former American intelligence officers hired by the United Arab
Emirates to carry out sophisticated cyberoperations admitted to hacking
crimes and to violating U.S. export laws that restrict the transfer of
military technology to foreign governments, according to court documents made public on Tuesday.
The
documents detail a conspiracy by the three men to furnish the Emirates
with advanced technology and to assist Emirati intelligence operatives
in breaches aimed at damaging the perceived enemies of the small but
powerful Persian Gulf nation.
The men
helped the Emirates, a close American ally, gain unauthorized access to
“acquire data from computers, electronic devices and servers around the
world, including on computers and servers in the United States,”
prosecutors said.
The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from
foreign governments hoping to bolster their abilities to mount
cyberoperations.
Legal
experts have said the rules governing this new age of digital
mercenaries are murky, and the charges made public on Tuesday could be
something of an opening salvo by the government in a battle to deter
former American spies from becoming guns for hire overseas.
The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating U.S. laws as part of a three-year deferred prosecution agreement.
If the men comply with the agreement, the Justice Department will drop
the criminal prosecution. Each man will also pay hundreds of thousands
of dollars in fines. The men will also never be able to receive a U.S.
government security clearance.
Mr.
Baier worked for the National Security Agency unit that carries out
advanced offensive cyberoperations. Mr. Adams and Mr. Gericke served in
the military and in the intelligence community.
DarkMatter
had its origins in another company, an American firm called CyberPoint
that originally won contracts from the Emirates to help protect the
country from computer attacks.
CyberPoint
obtained approval from the American government to work for the
Emiratis, a necessary step intended to regulate the export of military
and intelligence services. Many of the company’s employees had worked on
highly classified projects for the N.S.A. and other American
intelligence agencies.
But
the Emiratis had larger ambitions and repeatedly pressed CyberPoint
employees to exceed the boundaries of the company’s American license,
according to former employees.
CyberPoint
rebuffed requests by Emirati intelligence operatives to try to crack
encryption codes and to hack websites housed on American servers —
operations that would have run afoul of American law.
So
in 2015 the Emiratis founded DarkMatter — forming a company not bound
by U.S. law — and lured numerous American employees of CyberPoint to
join, including the three defendants.
DarkMatter
employed several other former N.S.A. and C.I.A. officers, according to a
roster of employees obtained by The New York Times, some making
salaries of hundreds of thousands of dollars a year.
The
investigation into the American employees of DarkMatter has continued
for years, and it had been unclear whether prosecutors would bring
charges. Experts cited potential diplomatic concerns about jeopardizing
the United States’ relationship with the Emirates — a country that has
cultivated close ties to the past several American administrations — as
well as worries about whether pursuing the case might expose
embarrassing details about the extent of the cooperation between
DarkMatter and American intelligence agencies.
There
is also the reality that American laws have been slow to adapt to the
technological changes that have provided lucrative work for former spies
once trained to conduct offensive cyberoperations against America’s
adversaries.
Specifically, the rules
that govern what American intelligence and military personnel can and
cannot provide to foreign governments were devised for 20th-century
warfare — for instance, training foreign armies on American military
tactics or selling defense equipment like guns or missiles.
They
have not addressed the hacking skills honed in some of America’s most
advanced intelligence units and sold to the highest bidder.
This year, the C.I.A. sent a blunt letter to former officers warning them against going to work for foreign
governments. The letter, written by the spy agency’s head of
counterintelligence, said it was seeing a “detrimental trend” of
“foreign governments, either directly or indirectly, hiring former
intelligence officials to build up their spying capabilities.”
“I
can’t mince words — former C.I.A. officers who pursue this type of
employment are engaging in activity that may undermine the agency’s
mission to the benefit of U.S. competitors and foreign adversaries,”
wrote Sheetal T. Patel, the C.I.A.’s assistant director for
counterintelligence.
Prosecutors said
that the Emirates gradually transitioned its contracts from CyberPoint
to DarkMatter, but that at no time did the three men obtain the
necessary approvals to provide defense services to DarkMatter. The court
documents said that the three men and others worked in DarkMatter’s
“Cyber Intelligence Operations,” which gained access to “information and
data from thousands of targets around the world.”
In
interviews, former DarkMatter employees said that Emirati officials
were particularly focused on hacking the computer systems of the
country’s main rival, Qatar, but that operations were also carried out
against Emirati dissidents and journalists. They even hacked the emails of a Qatari minister communicating with the former first lady Michelle Obama about a planned trip to Qatar.
Mr.
Baier and his group purchased computer tools from U.S. companies for
use in hacking operations, according to prosecutors. In two instances,
DarkMatter paid about $750,000 and $1.3 million — illustrating how much
American companies stand to gain from selling those dangerous tools to
foreign countries and businesses.
Prosecutors
said the men “expanded the breadth and increased the sophistication” of
the operations that DarkMatter was providing to the Emirati government.
The efforts took aim at “individual, corporate and government targets
by compromising computers and accounts belonging to associates,
employees or relatives of the primary targets,” according to court
documents.
Prosecutors
said CyberPoint warned the Americans that it could not support
DarkMatter’s intended computer exploitation operations without obtaining
the proper U.S. authorization.
Two
former employees, Lori Stroud and Jonathan Cole, left the company after
growing troubled about DarkMatter’s hacking and targeting of American
citizens. When the pair, who are married, raised the issue with their
superiors, they were sidelined, they said.
They left the company in 2017 and began cooperating extensively with the F.B.I.’s investigation.
“This
is a huge win,” Mr. Cole said in an interview on Tuesday. “This will
send a message to former U.S. intelligence operatives working overseas.
They should not share U.S. tradecraft with foreign governments.”