back to article US DoD staffer with top-secret clearance stole identities from work systems to apply for loans

A US Department of Defense staffer with top-secret clearance stole the identities of dozens of people from a work SharePoint system to apply for loans totaling nearly a quarter of a million dollars. Kevin Lee, 41, of Chula Vista, southern California, pleaded guilty on Wednesday to wire fraud. Lee, who worked for Uncle Sam's …

  1. Paul Hovnanian Silver badge
    FAIL

    Problem spotted

    Using SharePoint for classified documentation --->

    1. ShadowSystems

      Re: Problem spotted

      "Using SharePoint."

      FTFY. =-J

    2. DS999 Silver badge

      Re: Problem spotted

      When you use the classified networks at the DoD you basically remote desktop in from the unclassified network, or at least that was my experience when I consulted for the Defense Logistics Agency about 15 years ago. Security is enforced by the fact the network is isolated aside from those gateways. Actual routing between classified and unclassified outside of that is likely extremely limited (I wasn't exposed to that end of it) and I very much doubt anything at all can reach the internet directly from it, let alone be allowed in from it.

      So it doesn't matter so much if they use something "insecure" on the classified network, as they are more reliant on the vetting they do before handing out security clearances - and moreso the penalties for violating them since that vetting is far from perfect. I'm sure there is tons of monitoring of what you're doing, which while also far from perfect is also more of a "I don't even want to try anything because I'm afraid of the consequences if I got caught" sort of deal. I was very careful to never look at anything I didn't need to and knew I was entitled to!

      Also I was only exposed to Secret and Top Secret levels, there are all kinds of special classification levels above that which are probably only accessible on a DoD installation or some cases from SCIFs that are basically locked and guarded Faraday cages where the REAL secrets are kept. I can't really speak to that end as I only know what I was told by others who had been involved with it, it sounded like way too much of a pain to me! I think classification works like grade inflation, so few real secrets are kept at the standard levels, everything that matters is above Top Secret. I mean, IP addresses of individual servers were classified "Secret" just to give you an example of the silliness - what I was doing didn't expose me to ANYTHING I would consider important to the security of the US, though obviously whoever classified those things had a different opinion.

      You might do a little exploring on a typical corporate network, but with all the paperwork you sign promising long prison terms when you get a security clearance to access a classified DoD network, you don't fuck around if you have half a brain.

      1. Anonymous Coward
        Anonymous Coward

        Re: Problem spotted

        > Security is enforced by the fact the network is isolated aside from those gateways

        So it is (or was) like a ship without compartmentation (https://en.wikipedia.org/wiki/Compartment_(ship)).

        This time the DoD was lucky - it wasn't espionage.

        Compartmentation - lots of inner locks requiring individually assigned passwords to open - is a hassle, but it would be worth it for the DoD, It also leaves an easier trail and can better alert to unusual access patterns.

        All that personal government employee info in "Share Point" - a different loose cannon would have made a point of sharing that information with "others" for cash.

  2. Anonymous Coward
    Anonymous Coward

    Dont use Ransomware targets

    Stop using WindBlows for high security and mission critical infrastructure!

    1. Anonymous Coward
      Anonymous Coward

      Re: Dont use Ransomware targets

      Sure... or don't fuck with a large government's defense department for anything at all. BUT... if you DO, then you might as well hijack a Russian submarine in port at a U.S. Navy base with a Chinese admiral aboard... YOLO!!!

    2. Necrohamster Silver badge

      Re: Dont use Ransomware targets

      I don't know if you heard, but they have ransomware for Linux and macOS these days.

      Do keep up Granddad

  3. Anonymous Coward
    Anonymous Coward

    The commander in chief

    Owed $1.3Bn to Russian investors at a German bank - how did he get a security clearance?

    1. Anonymous Coward
      Anonymous Coward

      Re: The commander in chief

      The problem is: once the individual is duly elected the secrety bods don't have much choice in the big things. All they can try to do is try to hide the specific family jewels they really, really would like to keep, and repaint the Ferrari county orange and vanta black and glue on some fake panels, spoilers and light bars to make it harder to recognise.

      1. batfink

        Re: The commander in chief

        I don't know how it works elsewhere, but in Australia elected representatives don't get security cleared. Their staff do, but not the politicians themselves.

        This is apparently because it would be too easy to ban opposition figures from ever entering politics. A simple arrest and conviction for demonstrating against <current regime at the time> could be enough to fail a clearance.

  4. IvyKing

    Looking to buy the "Magic Twanger"?

    Lessee, Kevin Lee was a Chula Juana -er- Chula Vista resident, so guess he was getting the money for the Gypsy so everyone would be attracted to him.

    If you wondering what in the hell I'm referring, search YouTube for Homegrown Chula Vista.

  5. parlei

    I keep being disappointed, but no longer surprised, that people who presumably are fairly intelligent think that a significant chance of ruining your life is an ok risk to take for money that is by no means even near to "spend the rest of your days in the style you want to be accustomed to, with a well built bomb proof new identity".

  6. Pascal Monett Silver badge

    "He faces up to 20 years behind bars"

    Good. I hope he'll get all of them.

    Now there's one thing I'd like to know : how did he get caught ?

    The article states clearly what he did, but there's no mention of how he failed to keep his secret.

    I'd appreciate an addendum on that.

    1. Anonymous Coward
      Anonymous Coward

      Re: "He faces up to 20 years behind bars"

      I'd guess one of his marks got a visit from the bailiffs, investigators triangulated who would have so much access to one individual's personal data, and it started to unravel from there.

      1. Anonymous Coward
        Anonymous Coward

        Re: "He faces up to 20 years behind bars"

        Or more than one of his marks - perhaps 3 or 4 - who knew each other from work. He was probably already desperately in debt from a lot of other bad choices.

    2. ShadowSystems

      Re: "He faces up to 20 years behind bars"

      He probably shouldn't have uploaded that Youtube video of himself naked, rolling around on a bed covered in money, giggling like a tickled teenage girl after getting asked to the prom. =-)p

  7. Anonymous Coward
    Anonymous Coward

    I'm occasionally stunned by the lack of imagination of my fellow humans. Top secret clearance, could literally have done *anything*... and he uses all that access and power to fake loan applications for some fake money? smh

  8. Bitsminer Silver badge

    Assessing Security and Privacy Controls in Information Systems and Organizations

    Only 733 pages.

    A security consultant's career for the next 10 years.

  9. Necrohamster Silver badge

    Go big or go home

    He only scammed $244,500?

    Hope it was worth it for a potential 20 years in prison.

  10. EnviableOne

    What i want to know

    who the hell cleared him to TS-SCI

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like