Online privacy company ExpressVPN claims that it knew “key facts” of their executive, Daniel Gericke’s involvement in Project Raven.
Recently, three former US intelligence and military personnel, Marc Baier, Ryan Adams, and Daniel Gericke were fined $1.6 million by the DPA, on hacking-related charges.
The three men were mercenary hackers for the UAE as part of Project Raven.
They helped the United Arab Emirates spy on various countries, including the US, through computer hacking and access device fraud.
On Tuesday, court records revealed how Daniel Gericke and the two other men had violated International Traffic in Arms Regulations.
From US Intelligence to Mercenary Hackers
Daniel Gericke, Marc Baier, and Ryan Adams had previously left US employment before coming to work for a UAE-based company (U.A.E. CO) as senior managers. The company carried out covert computer hacking operations on behalf of the UAE between 2016 and 2019.
Gericke’s trio had been previously informed that, under the International Traffic in Arms Regulations (ITAR), they needed a license from the State Department’s Directorate of Defense Trade Controls while providing services to U.A.E. CO.
However, they continued their work without a license. While working there, Gericke, Adams, and Baier supervised the development of “zero-click” intelligence hacking systems.
These systems could infiltrate devices without user interaction.
Project Raven, as this initiative was dubbed, targeted US victims and other activists that were vocal against the UAE. One such target was the Emir of Qatar, a Nobel Peace laureate and a human-rights activist in Yemen.
Acting Assistant Attorney General Mark J. Lesko described Project Raven as:
“Providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States.”
Charges Dropped on Account of Full Cooperation
Prosecutors are willing to drop the charges against Daniel Gericke and the other two if they fully cooperate with U.S. authorities.
They are also required to pay a penalty of $1.685 million and forfeit U.S. and foreign security clearances.
All three will also have future employment restrictions, as they are strictly prohibited by the DPA to seek “employment that involves CNE activity or exporting defense articles or providing defense services under the ITAR.”
Moreover, Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office stated that:
“These individuals chose to ignore warnings and to leverage their years of experience to support and enhance a foreign government’s offensive cyber operations. These charges and the associated penalties make clear that the FBI will continue to investigate such violations.”
Daniel Gericke’s present employer, ExpressVPN, claims it knew about his past employment, stating that he “disclosed them [employment details] proactively and transparently with us from the start.”
The company further states that:
“Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defense against such threats. Our product and infrastructure have already benefited from that understanding in better securing user data.”
ExpressVPN argues that Daniel Gericke has maintained a professional attitude throughout his employment with the online privacy company.
Despite their loyalty to Gericke, the company states that they also use “robust systems and security controls” to ensure their employees don’t engage in illegal behavior.