Three former U.S. military members have agreed to pay $1.68 million in penalties due to cybersecurity crimes that took place while employed with a United Arab Emirates-based cybersecurity company.
On Tuesday, 49-year-old Marc Baier, 34-year-old Ryan Adams and 40-year-old Daniel Gericke agreed to a deferred prosecution agreement (DPA) that limits their future actions and employment. The DPA also requires them to pay a total of $1,685,000 in penalties—$750,000, $600,000, and $335,000 respectively—over the next three years without reimbursement unless approved by the U.S. government.
In addition to financial penalties, as part of the DPA, each defendant also agreed to cooperate with various Department and FBI components; relinquish all foreign or U.S. security clearances; and submit to a lifetime ban regarding future U.S. security clearances and future employment restrictions—including employment that involves computer network exploitation (CNE) and various UAE organizations.
The penalties stem from an investigation spearheaded by the Department of Justice regarding violations of U.S. export control, computer fraud and access device fraud regulations—which are laws that all three defendants conspired to violate between 2016 and 2019.
While working as senior managers at a company that supported and handled CNE operations on behalf of the UAE government, all three men were unlicensed while operating under the guise of International Traffic in Arms Regulations (ITAR). The men utilized “zero-click” computer hacking and intelligence gathering systems to illegally obtain and use access credentials for online accounts, which were issued by U.S. companies.
The defendants also gained unauthorized access to computers and cell phones around the world, including the U.S.
Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office stated that Monday’s announcement “shines a light on the unlawful activity of three former members of the U.S. Intelligence Community and military.”
“These individuals chose to ignore warnings and to leverage their years of experience to support and enhance a foreign government’s offensive cyber operations. These charges and the associated penalties make clear that the FBI will continue to investigate such violations,” D’Antuono said.
Acting U.S. Attorney Channing D. Phillips of the District of Columbia stated in a press statement that when certain processes are left unregulated, “the proliferation of offensive cyber capabilities undermines privacy and security worldwide.”
“A U.S. person’s status as a former U.S. government employee certainly does not provide them with a free pass in that regard,” Phillps concluded in a press statement.
The investigation was handled jointly by the U.S. Attorney’s Office for the District of Columbia, the Justice Department’s National Security Division (NSD), and the FBI’s Washington Field Office.
Newsweek has reached out to the U.S. Intelligence Community for comment but did not hear back in time for publication.