Clandestine operatives help UAE spy on its enemies

Three former U.S. operatives - Marc Baier, Ryan Adams and Daniel Gericke - who were part of a secret unit named Project Raven that helped the United Arab Emirates spy on its enemies, have admitted that they violated U.S. hacking laws and prohibitions on selling sensitive military technology. According to the Justice Department, in 2016 the three operatives joined the UAE-based company as senior managers and began carrying out hacking operations. The men admitted to hacking into United States computer networks and exporting sophisticated cyber intrusions tools without authorization from the U.S. government, this is according to the court papers released in federal court in Washington, D.C. on Tuesday 14th. Baier formerly worked for a cyber operations unit of the National Security Agency and Adams and Gericke served in the military and intelligence communities.   

In order to avoid prosecution the former intelligence officials accepted a deal with the federal authorities and agreed to pay a combined $1.69 million and never seek a U.S. security clearance, something required for all jobs that involve access to national security secrets. The court filings however did not explicitly state why the government offered the concession but officials alluded to the legal novelty of the case and a spokesperson for the Justice Department stated that this case is the first of its kind and is intended to serve as a warning to others who could potentially be prosecuted for similar conduct.  

Acting on orders from the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments. Baier, Adams and Gericke admitted to deploying a cyber weapon named “Karma” that granted the UAE the ability to hack into iPhones without the target being required to click on malicious links. Karma qualified as an intelligence-gathering system according to federal export control rules. The operatives and their attorneys nor the UAE Embassy in Washington D.C. responded to the request for comments regarding the matter at hand. 

This incident serves to prove that insider threats, even to entire nations, are a huge risk. Someone with the capability and means to exploit a vulnerability can cause massive amounts of damage, in the case of the Project Raven team the three operatives held accountable chose to take the training they had and aid the UAE in spying on the United States, whom they have called their allies. The individuals responsible chose to use their experience in order to enhance a foreign government’s offensive cyber operations. This could prove damaging not only to the U.S. but to other nations around the world as well.