US Intelligence Agencies Fear Insiders As Much As Spies

Forget about spies. It's rogue insiders that cause heartburn at US intelligence agencies these days.

Few spy cases have broken in the past decade and a half. In contrast, a proliferation of US intelligence and military insiders have gone rogue and spilled secrets to journalists or WikiLeaks, the anti-secrecy group.

The leaks are as damaging as any major spy case, perhaps more so. And they have underscored the ease of stealing secrets in the modern age, sometimes with a single stroke of a keyboard.

Since early March, WikiLeaks has published part of a trove of documents purportedly created by cyber units of the Central Intelligence Agency. WikiLeaks continues to upload the documents and hacking tools, dubbed Vault 7, to the Internet for all to see.

For its part, a mysterious group that calls itself the Shadow Brokers has re-emerged and dumped a large catalog of stolen National Security Agency hacking tools on the internet, including evidence the agency had penetrated Middle Eastern banking networks.

"In the past, we've lost secrets to foreign adversaries," retired Air Force Gen. Michael Hayden, a former director of both the CIA and the NSA, said in an interview. "Now we've got the self-motivated insider that is our most important counterintelligence challenge."

Hayden cited the cases of US Army soldier Chelsea Manning, convicted in 2013 for releasing three-quarters of a million classified or sensitive military and diplomatic documents to WikiLeaks. 

He also mentioned Edward Snowden, the former NSA contractor who shook public opinion with his disclosures to journalists in 2013 about US surveillance practices. Hayden added the Vault 7 disclosures, which others presume were stolen by a contract employee at the CIA.

Lastly, there is the case of Harold T. Martin, an NSA contractor accused by the Justice Department in February of hoarding 50 terabytes of highly sensitive data from the agency at his Maryland home, in a shed and in his car. Martin's motives are not publicly known.

Traditional motives for spying, summed up by the acronym MICE, which stands for money, ideology, compromise and ego, was not apparently at play in any of those cases.
"No foreign service used any of those characteristics against any of the people we mentioned. It's kind of sui generis. How do you stop that?" Hayden asked.

The cases have brought attention to how widely U.S. intelligence agencies, which have a total annual budget of $53 billion, employ outside contractors.
"The reason that they exist is that we have jobs that need to get done, and done rapidly," said Dave Aitel, a former chief scientist at the NSA who now is chief executive of Immunity Inc., a Miami cybersecurity firm. When global events affect security priorities, he added, large new intelligence programs can stand up rapidly with contractors.
"The government can put together a billion-dollar company in three weeks," Aitel said. "It's an amazing system."
Contractors pass the same hurdles for security clearances as government personnel.
"The government is doing the vetting," said Bryson Bort, a graduate of the Military Academy at West Point who is chief executive of Grimm, a Washington-area cybersecurity firm.

The number of contractors in the intelligence community is not publicly known. A Congressional Research Service report Aug. 18, 2015, cited figures from 2007 that indicated 27 percent of the 100,000 members of the intelligence community workforce were contractors.

At intelligence facilities, regular employees wear blue badges while contractors wear green badges. Many perform similar tasks, although contractors earn higher salaries that offset their diminished job security.
"I'm not a contractor champion per se ... But I'm reluctant to say the contractors are the sources of everything wrong," said Rhea Siers, a scholar in residence at the Center for Cyber and Homeland Security at George Washington University who left a senior post at the NSA in 2013 after a three-decade career there.
"There is a feeling among some of the people that contractors aren't treated as part of the enterprise," Siers said.

During and immediately after the Cold War, spy catchers in the FBI were kept busy looking for moles in the intelligence community. Big names included Robert Hanssen, himself a counterintelligence agent, who spent 22 years spying for Russia before his arrest in 2001. CIA analyst Aldrich Ames was arrested in 1994, a rare agency turncoat.

Siers cautioned that the difference between spies of old and leakers of the modern era may not be that great. Even some of the most infamous spies "never believed they were helping the adversary," she said.
Modern insiders who spill secrets often express patriotic sentiments about doing so, saying they are exposing government overreach.
"They've rationalised to themselves to think they are helping this country ... . Some of it is naiveté on their part," she said.
CIA Director Mike Pompeo said in his first public address recently, after taking over the agency in January, that today's intelligence community leakers, were "soulmates" of traitors from the past: "In today's digital environment, they can disseminate stolen US secrets instantly around the globe to terrorists, dictators, hackers and anyone else seeking to do us harm."

Pompeo called WikiLeaks a "non-state hostile intelligence service often abetted by state actors like Russia" and said counterintelligence units would take action against the group.

Julian Assange, the Australian founder of WikiLeaks, who had already lashed out at the CIA for "devastating incompetence" for failing to protect its hacking tools, said Pompeo's speech "only serves to underscore why WikiLeaks' publications are necessary. WikiLeaks will continue to publish true, newsworthy information that contributes to the public debate."

Experts say loyal employees don't turn into malicious insiders overnight. Work tension can meld with personal frustrations, narcissism and anger at authority on the pathway to treason. Throw in medical issues, marital discord and financial losses, and the process can accelerate.

The challenge for intelligence agency managers is to detect signs of stress, supporting troubled employees, even removing their access to some kinds of sensitive data, without putting an onerous burden on other employees.
"The last thing I want to see is a witch hunt," Siers said. But she acknowledged that some unusual behavior may not get noticed because employees "are just part of the group."

A report this month, titled Assessing the Mind of the Malicious Insider, prepared by the Intelligence and National Security Alliance, a nonprofit group representing retired intelligence agents, noted that software algorithms reach 90 percent accuracy in detecting changes in personality, life events and emotions of employees through their computer interactions.
"Postmortems of past insider malice show a trail of lesser inappropriate or uncharacteristic acts that were not dealt with by the organization or by line managers," the study noted.

Insider threats are a menace not only to the intelligence community but also to private industry, and a handful of private cybersecurity firms sell platforms that use algorithms to sift through vast amounts of data about employees to detect anomalous behavior.

Bryan Ware, the chief executive of Haystax Technology, a company that has contracts with U.S. national security agencies, said his firm's Constellation for Insider Threat platform can sort through 700 categories of continuously monitored data about employees.
"It's not the goal of our system to say, 'This is your guy,' " Ware said. Rather it is to allow organisations to rank employees into risk tiers, depending on changes in their behavior.
"We've been able to identify risks, often years in advance," Ware said.

Military.com:

You Might Also Read:

US Needed Snowden to Open the Door on NSA’s Spying:

Does Russia Benefit When Assange Reveals Secrets?:

WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy:

Wikileaks Vault 7 And The CIA Hacking Arsenal:

Secret Arrest Of A National Security Agency Contractor:

 

 

« Fake Police Ransomware Scam
Over 60% Of UK Businesses Lack Any Real Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.