Earlier this month, former US Intelligence operatives Marc Baier, Ryan Adams, and US military Daniel Gericke entered into a deferred prosecution agreement and were fined a combined $1.6 million in penalties for providing computer network exploitation (CNE) operations and other cyber intelligence for the United Arab Emirates (UAE) government against various targets.
According to the U.S. Department of Justice, the services included the development and management of “zero-click” exploits and intelligence harvesting. The operatives joined the
U.A.E.-based company (U.A.E. CO) back in 2016 as senior managers of a team known as the Cyber Intelligence-Operations (CIO), in which they directed and supervised the creation of computer hacking and intelligence gathering systems. Referred to as KARMA and KARMA 2, these systems were known to deploy exploits in vulnerabilities found in Apple’s iMessage, which allowed the full unauthorized access and control of millions of smartphones and mobile devices.
All three operatives were fined respectively and have relinquished any foreign or U.S. security clearances that would grant them employment in CNE activity or exporting defense articles.
The contracting of these former agents is a prolific method for obtaining high end cyber intelligence globally. As federal agencies catch up to investigate and prosecute these types of cyber violations, it is advised that companies, at all levels, maintain a strong security posture and threat research strategy to avoid sophisticated zero-click exploits.