WASHINGTON — Three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and violating U.S. export laws that restrict the transfer of military technology to foreign governments, according to court documents made public on Tuesday.
The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in hackings aimed to damage the perceived enemies of the small but powerful Gulf nation.
The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States,” prosecutors said.
The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to build up their abilities to mount cyberoperations.
Legal experts have said the rules governing this new age of digital mercenaries are murky, and the charges made public on Tuesday could be something of an opening salvo in a battle to deter former American spies from becoming guns for hire overseas.
The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating U.S. laws as part of a three-year deferred prosecution agreement. If the men comply with the agreement, the Justice Department will drop the criminal prosecution. Each man will also pay hundreds of thousands of dollars in fines — the amount they earned working for DarkMatter. The men will also never be able to receive a U.S. government security clearance.
Mr. Baier worked for the National Security Agency unit that carries out advanced offensive cyberoperations. Mr. Adams and Mr. Gericke served in the military and in the intelligence community.
DarkMatter had its origins in another company, an American firm called CyberPoint that originally won contracts from the Emirates to help protect the country from computer attacks.
CyberPoint obtained a license from the American government to work for the Emiratis, a necessary step intended to regulate the export of military and intelligence services. Many of the company’s employees had worked on highly classified projects for the N.S.A. and other American intelligence agencies.
But the Emiratis had larger ambitions and repeatedly pressed CyberPoint employees to exceed the boundaries of the company’s American license, according to former employees.
CyberPoint rebuffed requests by Emirati intelligence operatives to try to crack encryption codes and to hack websites housed on American servers — operations that would have run afoul of American law.
So in 2015 the Emiratis founded DarkMatter — forming a company not bound by United States law — and lured numerous American employees of CyberPoint to join.
DarkMatter employed several other former N.S.A. and C.I.A. officers, according to a roster of employees obtained by The New York Times, some making salaries of hundreds of thousands of dollars a year.