WASHINGTON : Forget about spies. It’s rogue insiders that cause heartburn at U.S. intelligence agencies these days.Few spy cases have broken in the past decade and a half. In contrast, a proliferation of U.S. intelligence and military insiders have gone rogue and spilled secrets to journalists or WikiLeaks, the anti-secrecy group.
The leaks are as damaging as any major spy case, perhaps
more so. And they have underscored the ease of stealing secrets in the modern
age, sometimes with a single stroke of a keyboard.
Since early March, WikiLeaks has published part of a
trove of documents purportedly created by cyber units of the Central
Intelligence Agency. WikiLeaks continues to upload the documents and hacking tools,
dubbed Vault 7, to the internet for all to see.
For its part, a mysterious group that calls itself the
Shadow Brokers has re-emerged and dumped a large catalog of stolen National Security
Agency hacking tools on the internet, including evidence the agency
had penetrated Middle Eastern banking networks.
“In the past, we’ve lost secrets to foreign adversaries,”
retired Air Force Gen. Michael Hayden, a former director of both the CIA and
the NSA, said in an interview. “Now we’ve got the self-motivated insider that
is our most important counterintelligence challenge.”
Hayden cited the cases of Army Pfc. Chelsea Manning,
convicted in 2013 for releasing three-quarters of a million classified or
sensitive military and diplomatic documents to WikiLeaks. He also mentioned Edward Snowden, the former NSA contractor who
shook public opinion with his disclosures to journalists in 2013 about U.S.
surveillance practices. Hayden added the Vault 7 disclosures
last month, which others presume were stolen by a contract employee at the CIA.
Lastly, there is the case of Harold T. Martin, an NSA
contractor accused by the Justice Department in February of hoarding 50 terabytes of highly sensitive data from
the agency at his Maryland home, in a shed and in his car. Martin’s motives are
not publicly known.
Traditional motives for spying – summed up by the acronym
MICE, which stands for money, ideology, compromise and ego – were not apparently
at play in any of those cases.
“No foreign service used any of those characteristics
against any of the people we mentioned. It’s kind of sui generis. How do you
stop that?” Hayden asked.
The cases have brought attention to how widely U.S. intelligence
agencies, which have a total annual budget of $53 billion, employ outside
contractors.
“The reason that they exist is that we have jobs that
need to get done, and done rapidly,” said Dave Aitel, a former chief scientist at the NSA
who now is chief executive of Immunity Inc., a Miami cybersecurity firm. When
global events affect security priorities, he added, large new intelligence
programs can stand up rapidly with contractors.
“The government
can put together a billion-dollar company in three weeks,” Aitel said. “It’s an
amazing system.”
Contractors pass the same hurdles for security clearances
as government personnel.
“The government is doing the vetting,” said Bryson
Bort, a graduate of the Military Academy at West Point who is chief
executive of Grimm, a Washington-area cybersecurity firm.
The number of contractors in the intelligence community
is not publicly known. A Congressional Research Service report Aug.
18, 2015, cited figures from 2007 that indicated 27 percent of the 100,000
members of the intelligence community workforce were contractors.
At intelligence facilities, regular employees wear blue
badges while contractors wear green badges. Many perform similar tasks,
although contractors earn higher salaries that offset their diminished job
security.
“I’m not a
contractor champion per se. . . . But I’m reluctant to say the contractors are
the sources of everything wrong,” said Rhea Siers,
a scholar in residence at the Center for Cyber and Homeland Security at George
Washington University who left a senior post at the NSA in 2013 after a
three-decade career there.
“There is a feeling among some of the people that
contractors aren’t treated as part of the enterprise,” Siers said.
During and immediately after the Cold War, spy catchers
in the FBI were kept busy looking for moles in the intelligence community. Big
names included Robert Hanssen, himself a counterintelligence
agent, who spent 22 years spying for Russia before his arrest in 2001. CIA
analyst Aldrich Ames was arrested in 1994, a rare
agency turncoat.
Siers cautioned that the difference between spies of old
and leakers of the modern era may not be that great. Even some of the most
infamous spies “never believed they were helping the adversary,” she said.
Modern insiders who spill secrets often express patriotic
sentiments about doing so, saying they are exposing government overreach.
“They’ve
rationalized to themselves to think they are helping this country. . . . Some
of it is naiveté on their part,” she said.
CIA Director Mike Pompeo said in his first public address last week after
taking over the agency in January that today’s intelligence community leakers
were “soulmates” of traitors from the past: “In today’s digital environment,
they can disseminate stolen U.S. secrets instantly around the globe to
terrorists, dictators, hackers and anyone else seeking to do us harm.”
Pompeo called WikiLeaks a “non-state hostile intelligence
service often abetted by state actors like Russia” and said counterintelligence
units would take action against the group.
Julian Assange, the Australian founder of
WikiLeaks, who had already lashed out at the CIA for “devastating incompetence”
for failing to protect its hacking tools, said Pompeo’s speech “only serves to
underscore why WikiLeaks’ publications are necessary. WikiLeaks will continue
to publish true, newsworthy information that contributes to the public debate.”
Experts say loyal employees don’t turn into malicious
insiders overnight. Work tension can meld with personal frustrations,
narcissism and anger at authority on the pathway to treason. Throw in medical
issues, marital discord and financial losses, and the process can accelerate.
The challenge for intelligence agency managers is to
detect signs of stress, supporting troubled employees, even removing their
access to some kinds of sensitive data, without putting an onerous burden on
other employees.
“The last thing I want to see is a witch hunt,” Siers
said. But she acknowledged that some unusual behavior may not get noticed
because employees “are just part of the group.”
A report this month, titled “Assessing the Mind of the Malicious Insider,” prepared by
the Intelligence and National Security Alliance, a nonprofit group representing
retired intelligence agents, noted that software algorithms reach 90 percent
accuracy in detecting changes in personality, life events and emotions of
employees through their computer interactions.
“Postmortems of past insider malice show a trail of
lesser inappropriate or uncharacteristic acts that were not dealt with by the
organization or by line managers,” the study noted.
Insider threats are a menace not only to the intelligence
community but also to private industry, and a handful of private cybersecurity
firms sell platforms that use algorithms to sift through vast amounts of data
about employees to detect anomalous behavior.
Bryan Ware, the chief executive of Haystax Technology, a
McLean, Va., company that has contracts with U.S. national security agencies,
said his firm’s Constellation for Insider Threat platform can
sort through 700 categories of continuously monitored data about employees.
“It’s not the goal of our system to say, ‘This is your
guy,’ ” Ware said. Rather it is to allow organizations to rank employees into
risk tiers, depending on changes in their behavior.
“We’ve been able to identify risks, often years in
advance,” Ware said.
**Tim Johnson: 202-383-6028, tjohnson@mcclatchydc.com
@timjohnson4
***Read more here:
http://www.mcclatchydc.com/news/nation-world/national/national-security/article145256784.html#storylink=cpy