back to article National Security Agency employee indicted for 'leaking top secret info'

The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector. According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "held a TOP SECRET/Sensitive Compartmented Information ( …

  1. Pascal Monett Silver badge

    "The NSA is [..] supposed to be very good at securing data"

    Yeah, except when it isn't.

    Having your crown jewels hacked and stolen makes for some very sloppy internal procedures when you are indeed "supposed" to be secure at all levels.

    1. diodesign (Written by Reg staff) Silver badge

      Re: "The NSA is [..] supposed to be very good at securing data"

      Keyword: supposed.


    2. Doctor Syntax Silver badge

      Re: "The NSA is [..] supposed to be very good at securing data"

      We've seen it a number of times, haven't we? Those whose business is snooping on others can be quite lax about keeping their own stuff secure.

      1. Jaybus

        Re: "The NSA is [..] supposed to be very good at securing data"

        In all fairness, betrayal of an insider who already has access is a most difficult thing to prevent. No doubt company 2 paid even better than company 1. Of course, this is far from over, and the NSA is no doubt after RF and both companies and probably some of RF's colleagues. He was the first before a court and so it became public knowledge.

    3. Anonymous Coward
      Anonymous Coward

      Re: "The NSA is [..] supposed to be very good at securing data"

      This is No Such Agency so it's never going to be possible to actually know the truth about what happened, this comment is anonymous because 40 years ago I was working in an unrelated field and saw this kind of "leak" happen, but then I discovered that the "leak" was fake and the delivery guy publicly declared a criminal to persuade the recipients that the fake leak was true.

  2. Anonymous Coward
    Anonymous Coward

    Asymmetry, anyone?

    Ah....I see.....the NSA can hoard as much data as it likes about me......... know, telephone records, email, FB, WhatsApp, hacked Proton, hacked Telegram, hacked CCTV......

    ........but God help anyone who tries to hoard ANY of their hoard!!!!

    Your taxpayer dollar at work!!! Building the STASI one dollar at a time!!!

  3. Anonymous Coward
    Anonymous Coward

    Meanwhile UK Government Ministers ...

    ... continue to use Private self-destructing Emails to conduct their business.

    1. A Non e-mouse Silver badge

      Re: Meanwhile UK Government Ministers ...

      Not quite the same. UK public sector (MPs, civil servants, etc) use private email in an attempt to avoid Freedom of Information.

      1. Anonymous Coward
        Anonymous Coward

        Re: Meanwhile UK Government Ministers ...

        Ironically while the government itself sends FOIs to health trusts/boards to get data from their e-mails.

        Rules don't seem to apply to certain government departments it seems.

        1. Doctor Syntax Silver badge

          Re: Meanwhile UK Government Ministers ...

          BoJo's SOP.

  4. Anonymous Coward
    Big Brother

    Thing about the NSA

    If you are vigorous young computer security-type person, what do you do? You could work for NSA: big government, bureaucracy, perhaps well-paid but you do not get shares, can never say what you do, lots of academic types who will sneer at you. Or you could go to work for a new thrusting young future-googlebook unicorn-type company. You get to do thrusting-young unicorn-type things, you get very well paid, you do really cool eork, and you get stock options. When company fails you find a new one, rinse and repeat until one succeeds, your options vest and you are now minor plutocrat, perhaps start own thrusting young rocket company.

    The NSA get two sorts of IT people: the ones who could not get jobs at the unicornoids because they are not very good, and the ones with a James Bond spy obsession who perhaps own too much things which are camouflaged. Not surprising they leak stuff, really.

    (This is different than the academic types: they probably are good, probably do work for NSA but their skills are in theory and sneering, not actual IT security.)

    1. Terry 6 Silver badge

      Re: Thing about the NSA

      Probably right, but more.

      There's been a good generation or two ( in the West) who've been fed the message that public service work is just one step above being on unemployment benefit. Overfed scroungers living off the tax payers' dollars/pounds/Euros. And a lot of services, of course, are outsourced- with the implication that you don't need care and commitment; just cheapness.

      So the old pride in being a Civil Servant, literally serving your nation, has been killed off. Half a century ago when I was in high school getting a job in the Government Service would have been something to talk about. Not now. It's no longer a matter of pride to get a job in the government service.

      So what do you have left?

      1. Alan Brown Silver badge

        Re: Thing about the NSA

        "Half a century ago when I was in high school getting a job in the Government Service would have been something to talk about."

        Working in this part of government service has always been something NOT to be talked about. If asked you're a cleaner or a salesman or something

      2. Jellied Eel Silver badge

        Re: Thing about the NSA

        I think some people do still have a sense of duty, and politicians could do more to encourage that. But recruitment and retention has always been a challenge, especially when us geeks have to be shoe horned into existing civil service grades. I still remember one manager marking his territory with hazard tape in a temporary building. Rank had privileges, like a specified office size, and as you gained grades, you'd be entitled to a chair with arm rests, a personal coat & hat stand and other perks.

        It was a weird environment.

        Governments responded by creating non-supervisory grades so people could get paid more, without having to meet head count requirements. Or the US implemented 'Excepted Service' for situations where traditional GS policies didn't really work. But civil service can still be lucrative, eg assuming Dr Faucci isn't fired and jailed, he could retire with a $300k pension.

        1. Doctor Syntax Silver badge

          Re: Thing about the NSA

          My experience didn't entirely match. Some of it did. When the lab was rebuilt after a fire it was decreed offices for anyone less than Director had to have lino - until it was discovered after the first office was fitted out that way that lino was dearer than the alternative non-woven floor covering that looked like carpet. Then nobody below PSO could have an office at all until it was pointed out that we had reports to write and quite often held rather confidential case discussions so we were able to put "writing rooms" on the plan.

          On the other hand salaries were held below general service grades and promotion was withheld (until I put my notice in when a much too late offer arrived PDQ) on the grounds that we didn't have management responsibility, i.e. enough junior staff; the responsibility of the job itself was ignored. As the major employer of scientists in the UK they could control salaries in general.

          Pension? Well, for a final salary scheme the low salary has its own consequences. Apart from that, a year's service accumulated 1/80th of a year credit which mean that a new graduate, joining at 21, retiring at 60, would be a year short of half pay. I went to industry where the rate was 1/60th so the same graduate would end up a year short of two thirds pay. And as a final twist the scheme was non-contributory but the salaries were adjusted down to take account of what the contributory scheme would have paid after contributions - that meant that the final salary was this discounted value.

          The Civil Service might be great for somebody in the higher ranks with a degree irrelevant to the job. If you're a specialist in the scientific branch it's crap and I wouldn't recommend it to anyone.

          1. Jellied Eel Silver badge

            Re: Thing about the NSA

            Yup, and office politics. So the 'extra responsibilities' thrust upon senior staff to get a boost to their final salaries shortly before they retire. And then end up at some quango, and another pension. Nice work if you can get it, and seems rife in the NHS.

            But there's some interesting opportunities. I once bumped into a 'Receiver of Wrecks', which was a more interesting job title than I had. Plus being a fascinating role. Apparently they used to be entitled to carry firearms before the law changed in the '90s.

        2. doublelayer Silver badge

          Re: Thing about the NSA

          From anecdotes I assume are correct, I get the idea that the sense of duty is most of the reason government still gets employees. I haven't worked for the government, and I'm not that inclined to do so because, whenever someone talks about having done it, they always have a story of the difficulties that taking on the responsibility has given them. The money point raised by the original poster is one of them, but it's not the whole story. The private sector appears to have learned that, even though they don't like it, there are types of labor that are necessary and that they need to support more, even if that is done by those lowly workers and not fellow executives.

          Government work appears to be busy, ill-resourced, inefficient, and poorly compensated, at least for technical people. Even if I was confident that my work was for the benefit of society or ethical goals I approve of, that could get frustrating. The NSA has the additional problem that there are some people with ethics who, having seen what the NSA is willing to do, are not that happy to work on anything, even the many innocuous things going on there. I know there are intelligent people working at the NSA, especially in cryptography, but I bet they are all working on the most technical projects (from least to most ethical, on surveillance, espionage, and making new cryptographic algorithms). That leaves a lot of other things for less skilled people to do. It's not surprising that they have some things that aren't done properly.

    2. Clausewitz 4.0

      Re: Thing about the NSA

      Due to its own geopolitical goals, some people would never work for the NSA or any other USA-related organization. Amazingly, some people do not like USA/UK and even DESPISE them.

      I know some engineers facing huge professional and personal costs due to this decision. But politiness should prevail.

    3. Steve Graham

      Re: Thing about the NSA

      I don't think you're right at all. I've never knowingly* met someone who worked for the NSA, but when I was at BT I had meetings with a number of GCHQ fellow nerds, and some of them were top class. Well up to my standard. ;-)

      *There was a building on the business estate in Reston, Virginia where I worked which was rumoured to be CIA.

      1. Ian Johnston Silver badge

        Re: Thing about the NSA

        There used to be a building full of spooks in Inverness which was, pleasingly, shared with an HIDB (or it may have been HIE by then) offshoot called "Network Services Agency" but known by its initials.

  5. batfink

    More info please

    So, the suspect was busy sending classified info to this lady when she was at Company A which may/may not have been ok, but wasn't ok when she was at Company 2?

    I think a little more info is needed here. Was it actually ok for him to send her the info while at Company A or not, while she was cleared? If not, that was a Bad Thing. If so, that was fine. So then she moves to Company B and her clearance lapses. So if it had been ok to send her the info previously, then maybe he had just assumed she was still cleared at Company B?

    1. AVR

      Re: More info please

      The Reg linked a copy of the indictment. "PERSONAL EMAIL ADDRESS, COMPANY 1 EMAIL ADDRESS, COMPANY 2 EMAIL ADDRESS were not authorized locations for the storage of classified information..." and apparently he wasn't authorized to send from his email or she to receive this info at either address.

      The first 6 counts are of sending to company 1's email.

      1. Doctor Syntax Silver badge

        Re: More info please

        Without actual details, however, I do wonder if the NSA had tied itself up in its own bureaucracy to the extent that this sort of thing was the only way to get the work done.

      2. Jellied Eel Silver badge

        Re: More info please

        So much the same as the classified data that ended up on the 'private' Clinton email server. Except the lack of indictment. So far. Some more of that may become public as the case against Michael Sussman winds it's way through the courts.

        That's interesting because it's showing a lot of the 'Russian' stuff around the Clinton v Trump showdown was actually disinformation created by the Democrats. There's also been a lot of arguments around privilege. Some quite novel, like claiming privilege on emails where the claimant wasn't sent, or copied on emails. Or the judge pointing out that privilege doesn't apply when running a dirty tricks campaign.

        It does show just how dirty that campaign got though.

  6. Aristotles slow and dimwitted horse

    How did he get it out?

    Perhaps he has a photographic memory and then he just typed it on his home computer and then sent it?

    You did ask.

    1. yetanotheraoc Silver badge

      Re: How did he get it out?

      It's called an eidetic memory, and anyway retyping the document won't work. The font is never quite right and how do you get that Top Secret watermark to look like the original?

  7. Marty McFly Silver badge
    Big Brother

    The NSA's best defense.... to publicly humiliate, squash, incarcerate, and destroy the few offenders they find. Tossing a little blood on the wall now & then reminds the rest of the minions who their masters are.

    1. Clausewitz 4.0

      Re: The NSA's best defense....

      And they are not really good on doing even that.

      * They tried to extradite a fellow engineer I heard of, but failed. Rumour is it was in Brazil.

  8. OldSod

    People are reading too many spy novels...

    People who work with classified information know things. Classified things. Classified things that are as easy to remember as people's names, IP addresses, or someone's birthday. They don't need eidetic memory to know them, they just remember them. TS/SCI is not only broadly classified by level and need to know, it is specifically restricted (compartmentalized), so the relationship of fairly trivial to remember information to something that else makes it classified. It sounds to me that Person A sent an e-mail to person B with said e-mail contents containing some amount of information (possibly very small) that Person B wasn't authorized to know. It could have been people's names, it could have been IP addresses, it could be some dates/times.

    Perhaps the individual in question can use the HRC defense.

  9. DS999 Silver badge

    Smuggling the data out of a secure site could be easy, depending

    If rather than some big document it is simple stuff you can easily memorize, like "name of a spy in FSB HQ telling the CIA all of Putin's secrets". Or maybe not so simple stuff none of us could easily remember if he's got an eidetic memory (and I wonder if the CIA/NSA try to filter out and refuse clearance to those people for this reason)

    Obviously it is much worse if someone smuggled TS/SCI documents out of NSA HQ or a SCIF, and he was emailing them as a Gmail attachment. If so they may need to update their procedures. But you can't make people forget top secret information they've memorized at the end of a workday, despite the imaginings of a few Hollywood screenwriters.

  10. Anonymous Coward
    Anonymous Coward

    "info" has a very broad interpretation

    Used to work on data marked "ITAR". It means International Trafficking in Arms Regulations, a set of rules written by the US Congress.

    "Data marked ITAR" includes: executable software, source codes, configuration files, input data, output data, training materials, and the name of the vendor.

    And how to operate it.

    I assume that TS/SCI has similar restrictions, except on a domestic basis.

    The poor bugger was probably helping his GF run a MS Word macro. Hence the lengthy correspondence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like