As part of the agreement, the three men did not dispute any of the facts alleged by prosecutors.
The Justice Department described it as the “first-of-its-kind resolution of an investigation into two distinct types of criminal activity,” including providing unlicensed technology for the purposes of hacking.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct," Mark Lesko, acting assistant attorney general in charge of the Justice Department's national security division, said in a statement.
According to court documents, the trio left a U.S.-based company that was operating in the UAE to join an Emerati company that would give them “significant increases” in their salaries.
The companies aren’t named in charging documents, but Lori Stroud, a former National Security Agency employee, said she worked with the three men in the UAE at U.S.-based CyberPoint and then for UAE-based DarkMatter.
Stroud said she quit because she saw DarkMatter hacking U.S. citizens. She said she assisted the FBI in its investigation and was glad to see the case come to a resolution.
“This is progress,” Stroud said.
The Emirati government did not immediately respond to a request for comment early Wednesday. Questions sent by email to officials at Abu Dhabi-based DarkMatter could not be delivered.
Since details of DarkMatter's hacking campaign became public, the company's profile has dropped over the last few years, with some staff moving onto a new Abu Dhabi-based firm called G42. That firm has been linked to a mobile app suspected of being a spying tool as well as Chinese coronavirus tests that American officials warned against using over concerns about patient privacy, test accuracy and Chinese government involvement.
DarkMatter's founder and CEO, Faisal al-Bannai, told The Associated Press in 2018 that the company takes part in no hacking, although he acknowledged the firm's close business ties to the Emirati government, as well as its hiring of former CIA and NSA analysts.
Prosecutors said that between January 2016 and November 2019, the defendants increased operations being providing to the UAE government. They bought exploits to break into computers and mobile devices from companies around the world, including those based in the U.S., according to the Justice Department. That includes one so-called “zero-click” exploit — which can break into mobile devices without any user interaction — that Baier bought from an unnamed U.S. company in 2016.
Lawyers for Adams and Gericke did not immediately return messages seeking comment, and a lawyer for Baier declined to comment.
The Justice Department described each of them as former U.S. intelligence or military personnel. Baier previously worked at the NSA, according to a former colleague who spoke on condition of anonymity because of the sensitivity surrounding the matter.
The CIA warned in a letter earlier this year about “an uptick in the number of former officers who have disclosed sensitive information about CIA activities, personnel, and tradecraft.”
The letter sent to former CIA officials was signed by Sheetal Patel, the agency’s assistant director for counterintelligence. It described as a “detrimental trend” a practice of foreign governments hiring former intelligence officers “to build up their spying capabilities.” Some listed examples included using access to CIA information or contacts for business opportunities as well as “working for state-sponsored intelligence related companies in non-fraternization countries.”
“We ask that you protect yourself and the CIA by safeguarding the classified tradecraft that underpins your enterprise,” Patel wrote.
Suderman reported from Richmond, Virginia. Associated Press writers Nomaan Merchant in Washington and Jon Gambrell in Dubai, United Arab Emirates, contributed to this report.