DOJ allows Intelligence Community contractors to pay their way out of prison sentences with fines for criminal misconduct

Once again, as in the case of Kevin Clinesmith, the Department of Justice is letting people guilty of serious crimes escape imprisonment.  Those, like Paul Manafort, aligned against the political faction that dominates the DOJ may be subject to predawn raids and solitary confinement, but three former employees of the Intelligence Community, who worked as contractors, have been allowed to pay fines and escape prison sentences in a "first of its kind resolution of an investigation" of their serving a foreign power, presumably using the skills they acquired working for the U.S. Intelligence Community (USIC).  It is the National Security Division of the DOJ responsible for this leniency.

Here is part of the DOJ press release patting itself on the back:

On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws. The Department filed the DPA today, along with a criminal information alleging that the defendants conspired to violate such laws.

According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., "hacking") for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a "defense service" requiring a license from the State Department's Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.

These services included the provision of support, direction and supervision in the creation of sophisticated "zero-click" computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.

"This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States," said Acting Assistant Attorney General Mark J. Lesko for the Justice Department's National Security Division. "Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct."

The UAE is not a hostile foreign power, to be sure, but even with allies, we have secrets and technologies that should not be shared.  Why was precedent broken ("first of its kind")?  U.S. individuals and companies doing business with the UAE could well have been compromised, their bargaining positions harmed, their trade secrets exposed and lost, thanks to the tools given it by these three.

How much money the three men earned from the UAE is not specified.  Has all of it been taken away with the fines?  The DOJ does not bother letting us know.

To comment, you can find the MeWe post for this article here.