Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime United States Businesses

US Fines Former NSA Employees Who Provided Hacker-for-Hire Services To UAE (therecord.media) 39

The US Department of Justice has fined three former NSA employees who worked as hackers-for-hire for a United Arab Emirates cybersecurity company. From a report: Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, broke US export control laws that require companies and individuals to obtain a special license from the State Department's Directorate of Defense Trade Controls (DDTC) before providing defense-related services to a foreign government. According to court documents, the three suspects helped the UAE company develop and successfully deploy at least two hacking tools. The three entered into a first-of-its-kind deferred prosecution agreement with the DOJ today, agreeing to pay $750,000, $600,000, and $335,000, respectively, over a three-year term, in order to avoid jail time for their actions.
This discussion has been archived. No new comments can be posted.

US Fines Former NSA Employees Who Provided Hacker-for-Hire Services To UAE

Comments Filter:
  • No jail time? (Score:5, Insightful)

    by mendax ( 114116 ) on Wednesday September 15, 2021 @12:46PM (#61798993)

    They should have gone to jail. No doubt about it. Fining people for such treachery just is not sufficient.

    • Re:No jail time? (Score:5, Informative)

      by tragedy ( 27079 ) on Wednesday September 15, 2021 @02:36PM (#61799297)

      What really needs to be considered here is the web of connections that got those people working there in the first place. Apparently the three were contractors for a company named Darkmatter, which seems to be largely just a breakaway entity from another company called Cyberpoint. Whether it's truly independent or just exists to provide plausible deniability to Cyberpoint is hard to say. Cyberpoint is based in Baltimore, md (In other words, right outside Washington, D.C.) and itself has lots of ties to Booz Allen.

      So, basically I think what we're seeing here is these guys getting a slap on the wrist to avoid exposing their politically-connected overlords from scrutiny (and the same criminal charges since these guys are probably just employees following directives from their supervisors). The people behind these companies are probably the same politically-connected swamp dwellers we see all the time. They run various "consultant" companies, they're probably "operatives" or money guys of some kind in one of the two major political parties and probably have a revolving door to positions in government (probably just below the cabinet level, but maybe even cabinet members sometimes) when their party is in power. This is exactly the kind of stuff that Guliani has been involved in, for example. Remember how he ran a "cybersecurity" company. He used to run a security consulting business as well. The role these guys play in this sort of thing is really as lobbyists and selling access. That means access to politicians, but also access to other human resources. Like, for example, former NSA employees.

  • The Book (Score:4, Informative)

    by chill ( 34294 ) on Wednesday September 15, 2021 @01:13PM (#61799063) Journal

    This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth is an excellent book and details the story on these people and much more.

  • Didn't read the article or the law, but the summary says that they provided services to a UAE company and it is illegal to provide services to a foreign government. Government != company. What was illegal about what they did?
    • A person just can't "do" work for for a foreign office while a legal resident of the US without declaring "something" was done. Just being there and giving your opinion is one thing and I believe you can do just that. But developing sensitive infrastructure? Not so much and then "opinions" begin to fall in that category more and more.
    • They probably had a non-compete clause going. I mean, if I provided the same service that my employer is selling, I'd get into trouble, too.

      • No, these were "former" employees. And not accused of stealing any classified tools or techniques from the US govt., at least not that the article says.
    • by bws111 ( 1216812 )

      If the tools created were used by a foreign government, then they aided the government. Throwing a third party ('the company') in there doesn't change that.

      US export law requires the 'exporter' to know who he is exporting to, and to ensure that the export does not end up where it is restricted.

      • This would make posting a complaint to facebook about your service rifle jamming into a crime because the information could be used by a foreign government to aid in a potential military conflict with a power using that model of service rifle. I think the wording of "providing services" rather than "providing aid" is important in the law and implies a direct rather than indirect relationship between the service provider and the foreign government.
      • "If the tools created were used by a foreign government, then they aided the government."

        So would you have liability if you wrote an OS a foreign government used? Or any app they like?

        • In short: Yes. In not so short, you got to look at the classification of various types of software on the State Department export web site. Not everything is restricted. MS Windows and Mac OS for example have Mass Market licences and may be exported freely. In order to comply with the mass market license terms, these two OSs have certain design restrictions to make them unable to process Sonar and high quality military video properly - this is essentially done by adding deliberate jitter, so that it is
    • Darkmatter is a small company in the UAE, which provides security related software and hardware to the UAE government. So the end user of the services was the UAE military.
  • I find it interesting that they let these traitors get off with a plea/fine instead, since they clearly acted against citizens of the US and its government at the behest of another.

    • Makes you wonder what kind of dirt they have on some other people in the US gov't

    • "they clearly acted against citizens of the US."

      Aiding the UAE or any non-US entity does not equal acting against citizens of the US.

  • I agree with the others that this should have resulted in jail time, if not treason charges. As far as I'm concerned, (especially) anyone who holds, or has held, any level of security clearance for the US government, should be automatically charged with treason if they work for any foreign government, friendly or otherwise, unless they are given a special dispensation to do so. Jail time should be a given, not to mention monitoring of you, your family, and anyone else close to you, by your friendly neighbor

    • ...monitoring of you, your family, and anyone else close to you, by your friendly neighborhood FBI field office for the remainder of your life.

      Come join the NSA where you get paid a fraction of what private companies do AND monitoring of you, your family, and anyone else close to you, by your friendly neighborhood FBI field office for the remainder of your life. What a recruitment pitch.

      • Come join the NSA where you get paid a fraction of what private companies do AND monitoring of you, your family, and anyone else close to you, by your friendly neighborhood FBI field office for the remainder of your life. What a recruitment pitch.

        Which roughly translates to: "Don't be a fucking treasonous idiot and you'll be fine the rest of your life"

        P.S. being paid immensely elsewhere doesn't shield you from treason charges, but due to the spinelessness of the DOJ/FBI seems to mean you can get away with it by just paying a fine.

        • by Rujiel ( 1632063 )
          Being monitored the rest of your life is "fine" with you? Or rather, if your point is that someone who would work for the NSA deserves as little privacy as that agency would give any of us, then I agree.
      • Did you even read my comment? Beyond the part you quoted anyway. The monitoring would only happen if you held a security clearance and then did work for a foreign government without getting clearance first.

    • "anyone who holds, or has held, any level of security clearance for the US government"

      So anyone who was ever in the armed forced? And this lasts forever? Someone who was a Private in the Army for 2 years back in 1954 should need special permission to work for the Canadian forest service?

      • Yes, I very deliberately left out practical details about how it might be implemented for the sake of brevity since we all know that ideas floated in /. comments are all unlikely to ever be given serious consideration for implementation, and even if they were, there'd be a bunch of people in government who would be responsible for working out the particulars.

  • I don't really get this.

    If you work for the NSA and quit (or are fired, or whatever) you are then forbidden to work for anyone else in a related field ever again?

    Why would anyone work for the NSA if that's the situation?

  • by TechyImmigrant ( 175943 ) on Wednesday September 15, 2021 @04:06PM (#61799591) Homepage Journal

    >broke US export control laws that require companies and individuals to obtain a special license from the State Department's Directorate of Defense Trade Controls (DDTC) before providing defense-related services to a foreign government.

    Calling hacking a defense related service is like calling baked beans a defense related food because soldiers eat it.

    • The problem is that they worked for Darkmatter, a military information security company in the UAE. Being in the security industry, they should have known better.
  • In my day, that's the label applied.
    • Traitors no, since the work they performed wasn't all that important, but they should have known better - that is why they are getting off with fines.

C for yourself.

Working...