In a controversial decision, the U.S. Department of Justice (DOJ) announced that it reached an agreement with three former US intelligence agents, who will pay a millionaire fine due to their collaboration with the government of the United Arab Emirates (UAE) for the development of sophisticated espionage tools.
Marc Baier (49), Ryan Adams (34), and Daniel Gericke (40) will pay a total of $1.6 million as a fine after acknowledging their participation in Project Raven, a UAE government plan aimed at spying on activists, dissidents and political opponents using hacking tools implemented on the smartphones of persons of interest. With this agreement, developers will avoid spending time in federal prison.
After one of the developers of these tools expressed concern about the kind of activities the UAE government required them to perform, investigative and journalism agencies began digging into Project Raven.
According to the DOJ, the three individuals were part of the board of an Arab company, from where they developed hacking tools similar to Pegasus and organized the attacks: “Their functions included the direction, deployment and supervision of advanced intelligence work and ‘zero-click’ hacking,” the report states. As some users will recall, a zero-click cyberattack allow attackers to compromise an affected system without the need for interaction with the target, so it is considered a very dangerous hacking variant.
Inside Project Raven, the hacking tools developed by the defendants were known as KARMA and KARMA 2. This tool was capable of obtaining login credentials, messages, call history, and authentication tokens issued by email providers, cloud storage services, and social media platforms.
The defendants also ignored a U.S. government order and violated export control laws because they failed to notify the disclosure of information and deployment of cryptographic analysis, and their targets of attack included some U.S. citizens.
While Baier must pay $750,000 USD, Adams was fined $600,000 USD and Gericke will pay $335,000 USD, in addition to cooperating with the Federal Bureau of Investigation (FBI) in subsequent investigations potentially related to his participation in Project Raven. The agreement also prohibits the defendants from seeking any work related to national security, computer infrastructure development and defense issues in the U.S.
Although some consider this to be an excessive penalty, the settlement has already been recognized by the DOJ, making the decision irreversible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.