Three former members of the American intelligence or military forces who later were paid to hack computers for the United Arab Emirates (UAE) will not be criminally prosecuted after the U.S. Department of Justice granted a “deferred prosecution agreement” that has them pay $1,685,000 “to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws.”
Marc Baier, Ryan Adams, and Daniel Gericke worked for a UAE-based company that “carried out computer network exploitation” for the benefit of the UAE government between 2016 and 2019, including sophisticated “zero-click” hacking that could “compromise a device without any action by the target.” These hacks were used to break into computers and phones around the world, including within the U.S., and to gain passwords from U.S. companies, the DOJ said Tuesday.
They did so despite being repeatedly informed that such work required approval from the State Department under the International Traffic in Arms Regulations, the department said.
Mark J. Lesko, Acting Assistant Attorney General for the National Security Division, said in a press release that the money-instead-of-prison deal is “the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States.”
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” he said, even though the men were not prosecuted.