U.S. Company Sold Zero-Click Hacking Tool to UAE Company For Spy & Collect Foreign Intelligence

Recently, the US Department of Justice has seized three former employees of the US National Security Agency (NSA) who have worked as contracted hackers for a data security company in the UAE.

However, the authorities have stated that all the three employees:-

  • Marc Baier, 49
  • Ryan Adams, 34
  • Daniel Gericke, 40

As per the records of the court, all the three defendants assisted a company in the UAE develop and strongly used at least two hacking tools during their operation. They have dishonored the U.S. export control laws, which mandated defense-related services to foreign governments.

All the companies and individuals are expected to get a relevant license from the Directorate of Defense Trade Controls (DDTC) of the US Department of State.

According to the report, on September 14, all the three suspects signed a first-of-its-kind agreement to suspend the prosecution. However, the men agreed to pay $750,000 (Bayer), $600,000 (Adams), and $335,000 (Guericke) within three years, so that they don’t need to go to jail.

“Defendants used illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information, material, documents, records, data and personal identifying information, including passwords, access devices, login credentials, and authentication tokens, from victims from around the world,” DOJ said.

The court document also stated that the defendants BAIER, ADAMS and GERICKE purchased and obtained numerous proprietary computer exploits from companies around the world to be deployed against computers (e.g., smartphones) using U.S. companies’ software, services, and internet browsers.

Defendants are also received $1,300,000 via wire transfers from a company controlled by U.A.E. CO to U.S. COMPANY FIVE located in the United States. These payments were for the purchase of EXPLOIT TWO and another computer exploit.

The security experts pronounced that the zero-click exploit is one that needs no user communication to infect the device. But, all of these exploits are especially solicited later, because a victim is typically less expected to be informed that they have been attacked by the hackers.

Apple has patched a zero-click vulnerability on Tuesday in iMessage that was being utilized by clients of government malware vendor NSO Group. Not only this, but the report also claimed that the hackers have also participated in the development of two exploits for iOS called Karma and Karma 2.

And these exploits do not need any kind of communication with the victim who has been attacked. The UAE government employed these exploits to spy on opponents of the political regime, journalists, and opposition leaders.

Moreover, the report declared that to pay the demanded amounts, Bayer, Adams, and Guericke also pledged to completely participate with DDTC and the FBI. 

Not only this, but the three employees were being banned from working in the same areas, and all those who are associated with the operation of computer networks and the shipping of defense products or the provision of defense services are also banned.

The security analysts stated that they are trying their best to know all the key details regarding the exploits and they asserted that they will inform all the key details they will get to know during the investigation.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.