What if three disgruntled employees left your organization and took top secret information to a competing company? What repercussions would follow and how would it impact your business? In many cases, there would be a lawsuit. In this case, there was federal prosecution and a cybersecurity threat.
The US Department of Justice (DOJ) released a shocking statement on 16 September 2021, which explains the scenario at the federal level. Three men, who formerly worked for the US intelligence community and military, offered hacking services to a company based in the United Arab Emirates (UAE).
Information provided was highly sensitive, and the release paints a picture of three "hackers-for-hire" conspiring to offer their insights to another country. The employees apparently decided to pursue their illegal activities for a significant pay raise. Prosecutors say, "despite being informed on several occasions" that the defendants' work required a license to be issued, they pressed on anyway.
An Acting Assistant Attorney General describes the case where insiders left to become criminal hackers: "This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting, and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States.
Hackers-for-hire and those who otherwise support such activities in violation of US law should fully expect to be prosecuted for their criminal conduct." The three men, provided direction to the foreign companies in teaching hacking techniques, some of which could be used to attack the US.
Most unsophisticated cyberattacks rely on a click factor, where targets must click on something to initiate the attack. However, there have been a rising number of stories about "zero-click" exploits in use. SecureWorld News reported on the patch Apple released for an attack of this kind that targeted iPhones.
The DOJ says the defendants created this type of "zero-click" technology for the company located in the UAE. While the UAE company was not named in the court documents, Law360 found evidence that the company in question may be the DarkMatter Group. "These services included the provision of support, direction, and supervision in the creation of sophisticated 'zero-click' computer hacking and intelligence gathering systems—i.e., one that could compromise a device without any action by the target.
The UAE employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by US companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States."
The hackers used their clearance and access to private information from US agencies to attack targets, including some in the United States.[1]
The three men charged in this hacker-for-hire case agreed to repay more than $1.68 million in lieu of prison time. An Assistant Director of the FBI’s Cyber Division condemned the crimes and warned others in similar roles about moving forward with illegal actions like these. "This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company—there is a risk, and there will be consequences," the FBI said.
Some commenters online believed the punishment was too lenient and questioned whether or not this would hinder insider threats like this in the future. "The only 'message' the @FBI and @TheJustice Dept sends with this is: 'If you charge enough for your services, you can get off with a simple fine if we catch you.'"
Malicious actors are malicious actors, but some don't leave your company or organization, they attack from within it. Sometimes on accident.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.secureworld.io/industry-news/us-intelligence-insider-threats
Comments