Three “hackers-for-hire” working for a company in the United Arab Emirates “for the benefit” of the government in Abu Dhabi have agreed to pay $1.68m in penalties as part of a legal settlement in the United States, the US Justice Department said.
The suspects, two US citizens and one former American citizen, provided “zero-click” computer hacking services to the UAE company “that could compromise a device without any action by the target”, the Justice Department said in a statement on Tuesday.
Keep readinglist of 3 items
It identified the individuals as Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, the former US citizen, age 40. US law allows Americans to renounce their citizenship.
All three previously worked for the US intelligence community or the US military, according to the Justice Department.
The deal, known as a “deferred prosecution agreement”, will see the defendants evade criminal charges if they abide by its terms.
“Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct,” Acting Assistant Attorney General Mark Lesko said in the statement.
“Left unregulated, the proliferation of offensive cyber capabilities undermines privacy and security worldwide.”
The UAE embassy in Washington, DC, did not immediately respond to Al Jazeera’s request for comment on Tuesday evening.
The Justice Department said it repeatedly warned the trio that their work falls under defence services that require special licensing by the US government. For its part, the FBI promised to crack down on Americans providing hacking services illegally.
“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” Bryan Vorndran, assistant director at the FBI’s cyber division, said in the statement.
“This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”
The Reuters news agency reported that Baier, Adams and Gericke worked as part of a covert unit called Project Raven that helped the UAE spy on its foes across the world.
Baier, a former official at the US National Security Agency (NSA), was the manager of Project Raven, according to a 2019 Reuters investigation that first revealed the existence of the hacking unit.
Baier will pay the largest share of the fine – $750,000, according to the Justice Department – while Adams and Gericke will pay $600,000 and $335,000, respectively. All three have also agreed to give up any US or foreign security clearances and fully cooperate with the FBI.
The UAE has faced criticism from human rights groups for the use of hacking against its perceived opponents, including journalists and human rights activists.
A joint investigation by several media outlets revealed earlier this year that many phone numbers potentially targeted by Pegasus, a spyware programme made by Israeli private firm NSO Group, were linked to the UAE.
The UAE denied the allegations about using Pegasus at the time, saying that they have “no evidentiary basis”.