3 Former Intelligence Community Members Agree to Pay $1.68M to Settle ITAR Violation Charges
Three former U.S. intelligence community or military members -- Marc Baier, Ryan Adams and Daniel Gericke -- entered into a deferred prosecution agreement, agreeing to pay more than $1.68 million to resolve export control violation charges, the Department of Justice said. The trio worked as senior managers at a United Arab Emirates-based company that carried out computer hacking operations to benefit the UAE government during 2016 to 2019, DOJ said. All three were told repeatedly that their work constituted a “defense service” under the International Traffic in Arms Regulations, requiring a license from the State Department's Directorate of Defense Trade Controls. Nevertheless, all three continued their hacking without a license, court documents laid out.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
At the heart of the work done by Baier, Adams and Gericke were “zero-click” hacking and intelligence gathering systems, which involve compromising target computer networks without any action by a given target. These schemes were used to obtain credentials for online accounts issued by U.S. companies and to get unauthorized access to computers and smartphones globally, including those located in the U.S., DOJ said.
The three originally worked for a U.S. company after leaving the intelligence community and military. The company provided permitted cyber services to a UAE government agency under a DDTC-approved Technical Assistance Agreement in compliance with the ITAR. The trio then joined the UAE company for higher pay and were explicitly told they needed another TAA. Instead, Baier, Adams and Gericke sought to continue using the U.S. company's ITAR-controlled information in violation of the company's TAA and the ITAR, DOJ said.
The three expanded their work for the UAE company, setting up two zero-click hacking schemes that used servers in the U.S. belonging to another unnamed U.S. company. These schemes could be used to obtain unauthorized access to any of the tens of millions of smartphones and mobile devices that used this unnamed company's operating system, the release said.
Under the DPA, Baier, Adams and Gericke agreed to pay $750,000, $600,000 and $335,000, respectively, over three years. They also agreed to cooperate with the relevant DOJ and FBI components, relinquish any U.S. or foreign security clearances, adhere to a lifetime ban on future U.S. security clearances and follow certain employment restrictions, DOJ said.