Battling Insider Threat – The Leak of US Intel Docs
Today the FBI arrested the person they say leaked hundreds of classified documents on US surveillance related to the war in Ukraine.
The impact of this leak may rise to the level of the damage caused by Edward Snowden in 2013. They continue to find more classified documents as the investigation continues.
What is different here, apparently, is motive. Whether you agree with Snowden or think he is a traitor, Snowden had an agenda. He thought he had a duty to bring what he considered illegal spying to the light of day. We will likely continue to disagree about that, but what is clear is that he was fighting for a cause he believed in.
Apparently, what what we know so far, the only motive here was bragging rights to who was the baddest dude. That could change, but that is what we know so far.
If the government decides to charge this airman with espionage, a definite possibility given the damage he has done, he WILL BE the baddest dude in the room. If you think he was disaffected before this, I can only imagine his state of mind now. I suspect that his defense will include his assertion that he did not intend for these documents to become public. Unfortunately, the road to hell is paved with good intentions.
The documents were leaked at least since January on Discord. Then the documents spread via 4Chan, Telegram and Twitter. Why the government did not detect them will be the subject of a whole separate investigation. It also may cause the spying by the government on the American public to increase. Significantly. They will say this is to further the cause of national security. Which will cause the bad guys to go further underground, making them even harder to find.
The person arrested is a 21 year old Massachusetts Air National Guard member. He worked in the 102nd intelligence wing of the guard. Members of this group conduct intelligence, surveillance and reconnaissance (ISR) in support of warfighters on the ground in the Middle East. They are also responsible for cyber intelligence collection.
That likely explains why he had access to top secret information.
In this particular case, reporters were able to find this guy quicker than the FBI but that is likely because the reporters follow a different set of rules (i.e. no rules) and sources are not worried about reporters putting them in prison for life. I think the FBI did its job fully and correctly. While some may blame the FBI for being out done by some reporters, the FBI needs to make sure that they can convict a person they arrest. All reporters have to do is publish a story before the competitors do – even if they have to say “I’m sorry” later.
But the bigger story is how did this happen in the first place?
And how would a person sneak the documents out of s SCIF – a supposedly super secure facility.
Some of the documents were photographed. How is this possible in a facility where no cameras or even phones?
The commandant of the Guard is going to have to answer a lot of questions about this.
How was this information circulating on Discourse, 4Chan, Telegram and other channels?
As security pros understand, insider threat is really hard to detect. These are people who you have vetted, done background checks, talked to their neighbors and, in many cases, passed a polygraph. Likely, this person did pass a poly, given what he was doing.
In the meantime, the government has very tightly clamped down on the sharing of intelligence, including with allies.
But here is the wildcard.
What is the impact on the Defense Industrial Base (DIB)? Is the government going to clamp down on the defense contractors? If so, how?
Also remember that the government is about to release new rules for the protection of controlled unclassified information (CUI), both in the defense sector and, likely, also in the rest of the executive branch.
The government is well known to over react. In this case, with a breach that has huge national security implications, how much they over react is unclear.
And, then, of course, given we have an election coming up, Congress critters are going to wave the flag, get their ten seconds of air time and huff and puff a lot. Probably nothing of import will happen, but a lot of money will be wasted here.
Among the documents leaked are ones that discuss our spying on our allies. That can’t be easy for the feds, even though everyone spies on everyone else. It is understood, but typically not discussed.
Defense contractors are already required to have an insider threat program and an ITPSO. That person, the Insider Threat Program Senior Official, is the throat the feds get to choke if there is a problem. Until now, for the most part, the program is a check the box item. I predict that DCSA, the Defense Counterintelligence and Security Agency, is going to get out that magnifying glass and, in some cases, the microscope. Get ready.
If you need help with this, please contact us.
Sources: Data Breach Today, CNN and NBC