According to court documents filed in a Washington, DC, federal court on Tuesday, Marc Baier, Ryan Adams and Daniel Gericke left their intelligence jobs in the US to work for Project Raven, an advanced cyber ops program run by Emirati intelligence company DarkMatter.
"Defendants used illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information," the court document says.
The men are charged with violating the Arms Export Control Act and the International Traffic in Arms Regulations; and conspiracy to commit access device fraud and computer hacking offenses.
However, because they have admitted to their crimes, they have been offered a deferred prosecution agreement: if they cooperate with an FBI investigation, give up their security clearances, agree to never work for Emirati law enforcement or other government companies, and agree to pay fines equal to their UAE salaries, the US Department of Justice will drop their prosecution.
Project Raven was revealed in a Reuters report in 2019 that was based on the testimony of former NSA intelligence analyst Lori Stroud, a former DarkMatter employee who became a whistleblower after discovering the company was conducting cyber ops against American targets. Baier, one of the three charged in the Tuesday documents, was also mentioned in the Reuters report as one of Stroud’s colleagues.
The program began as a US company called Cyberpoint, a Baltimore-based firm whose clients included both the US Department of Defense and the Emirati government - just one of many American firms to do so. However, the company backed away from its UAE work when Abu Dhabi pushed for more and more aggressive operations, including gaining entrance to sites housed on American servers, which would have been a violation of US law for the American employees.
Undeterred, the UAE started up Project Raven and lured much of the Cyberpoint staff with high salaries and the promise of engaging in some of the most difficult and exciting hacking work of their lives. Project Raven later became part of the purview of DarkMatter.
However, as US citizens the employees were still subject to US law, and the FBI began pressing them for information about DarkMatter’s targets. Stroud told Reuters that the identity of their American targets was kept secret, and she only found them by looking for them.
The firm also targeted critics of the Emirati government, including journalists and civil society figures. However, they also claimed to have broken up a Daesh operation in the country and interrupted planned operations by other groups, as well.
In addition to tools like Karma, brought to DarkMatter by the Americans, the Emiratis also used software developed by the Israeli intelligence firm NSO Group, including the infamous Pegasus spyware. One target, Emirati human rights activist Ahmed Mansoor, was known to DarkMatter by the code name “Egret” and his discovery of a failed installation in 2016 led to the discovery of Pegasus’ ability to break Apple’s iOS operating system primarily used for iPhones.