U.S. counter-spies launch campaign against ‘insider’ threats

FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

By Mark Hosenball

(Reuters) – The office of the top U.S. counterintelligence official is launching a campaign to alert government employees, contractors and the general public to “serious risks” of security breaches or violence posed by “insiders.”

The National Counterintelligence and Security Center, a branch of the Office of Director of National Intelligence, said that in partnership with spy and law enforcement agencies, it was declaring September “National Insider Threat Awareness Month” as part of an effort to educate both government and private sectors on how to spot and report potential data security and violent behavior threats to appropriate authorities.

“All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations – intentionally or unintentionally,” said William Evanina, a former FBI and CIA official who heads the counterintelligence center.

“The harm can range from negligence, such as failing to secure data or clicking on a spear-phishing link, to malicious activities like theft, sabotage, espionage, unauthorized disclosure of classified information or even violence,” Evanina said.

Evanina and another U.S. security official said that many if not most individuals who are engaged in or contemplating insider threats, ranging from leaking sensitive information to violence, display what Evanina described as “concerning behaviors before engaging in negative events.”

Such behaviors could include excessive drinking, unexpected wealth or suicide attempts, the second official said.

As examples of violent insider threats posed by government and private employees that at least in theory might have been spotted early, Evanina’s office cited the case of U.S. Coast Guard lieutenant Christopher Hasson, who was arrested in February after the FBI discovered 15 guns and more than 1,000 rounds of ammunition at his residence. In court documents, prosecutors alleged that Hasson was a “domestic terrorist.”

Another category of insider threat which the counterintelligence agency says employers should be more alert to is “betrayal” – cases such as that of Monica Witt, a former U.S. military investigator who defected to Iran in 2013.

The agency also categorizes “unauthorized disclosures” as insider threats, which under the agency’s definition includes leaks to the media. Examples the agency cites include cases such as those of Terry Albury, an FBI agent, and Reality Winner, a former NSA contractor, who both were prosecuted for leaking confidential government documents to The Intercept website.

Evanina said the point of his agency’s campaign was to “help government and corporate organizations get ahead of the problem by bolstering their insider-threat programs so they can detect, engage and assist at-risk employees before they go down the wrong path.”

A Pentagon unit, the Defense Advanced Research Projects Agency (DARPA), recently said it was launching a program designed to identify ‘fake news’ on the internet. A key objective of DARPA’s plan, called Semantic Forensics (SemaFor), is to write software capable of scanning more than 500,000 stories, videos, images and audio files to identify fake news stories.

(Reporting By Mark Hosenball in London; Editing by Steve Orlofsky)