FBI: We tracked who was printing secret documents to unmask ex-NSA suspect A 30-year-old ex-NSA employee was accused by the FBI of trying to sell classified US information to a foreign government – after the Feds said they linked him to the printing of secret documents. The FBI also claimed it followed payment for the information as it moved from a cryptocurrency exchange to the former staffer's …
As long as you can link a wallet address to a real person, almost all cryptocurrencies are completely traceable – the blockchain is after all a complete record of every transaction ever made – hence the existence of mixing (i.e. money laundering) services.
There are a few that bundle transactions into blocks in a way that makes them effectively untraceable, but we don't know whether he used one of those. In this case, even if he did it wouldn't have helped!
Nah, it's actually easier than that and I suspect the Feds have worked that one out too.
Most of the exchanges use the same remote library to generate the graphics they display (the whole thing is one money-grabbing exercise so there's no way they would allow you to run it locally because it would be cloned all over the world in seconds).
That library can't generate those graphics without the actual data, and as a US based company I suspect it's pretty much an open door for US law enforcement as crypto has become the currency to (attempt to) hide the proceeds of crime.
A developer with only 3 weeks on the job had access to classified documents.
Question :. Developers don't usually need access to actual documents, especially not classified documents. So why was this not case here, we are talking about the NSA here ?
Question :. Why were the documents in a readable format and not encrypted?
Question : Don't the NSA thoroughly vet all candidates ? Even for the States a debt of 250000 is quite substantial and not easy to hide.
Haven't the FBI recently had a small problem with blaming the Russians ?
The documents were in readable format and not encrypted so that they could be tracked, every document that gets printed in this environment has unique but very minor changes that are recorded and allow anyone seeing the "revealed" printed document to know who did it.
For example, the original document could say "This is an important document" but the printed version might say "This is a important document" ... a minor change or two in a printed version that allows each unique printed version to be identified but most readers would just read straight past it.
Many places these days, you print to a queue. Then you go off and find a printer and use your NFC ID badge to release your print jobs. It's unlikely jobs would be left on a printer in those circumstances. I'd expect any TLA or anywhere with security requirements to have been using this managed print system for quite some time by now,
You'd have thought so, but there's an insidious line of thinking that goes "hey, if you can get into the room, past the randomizing keypad and all that, you must be One Of Us and so no need to mess around with that stuff. And anyway, our BOFH refuses to install that feature because it can fail and that requires support...".
(Strange but true: I had an installation that was, shall we say, behind closed doors, and we had a "four hour on site" service requirement. Passwords needed to expire, and so we couldn't use normal access methods as they'd inevitably expire the password at 2am on a Sunday morning leaving the system dead in the water. So I came up with this approach of having a copy of the root password in a sealed envelope in a closed cabinet in a closed room in a secured area within a guarded base... and any time we ripped the envelope open, we'd notify the IT leads and they could regenerate the whole shooting match, change the password, replace the envelope, etc.
Worked well, but in the five or so years we'd use it -- not just at 2am on Sunday -- the IT folk _never_ changed the password or redid the envelope. The envelope got to be really tatty, too... Oh, well...)
There is no need to do that if a document is printed. Every printer encodes unique colour dots on the edge of the page that identifies exactly where it came from. Combine that with logging who used the printer and there's no need to make it look like the author can't write correct English.
That depends on the level of classification. Some of the user manuals for certain infantry weapons has some very low level of classification, which is why other manuals will have the following paragraph on page 1:
DISTRIBUTION RESTRICTION: Approved for public release; distribution is unlimited.
If it doesn't have that paragraph, you just committed a Federal felony by downloading a PDF from a public-facing Department of Defense website. Yes, really. They won't actually care unless they need something to charge you with...
(The para quoted is from TC 3-22.249, Light Machine Gun, M249 Series, available from https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/ARN3242_TC%203-22x249%20FINAL%20WEB.pdf Note that some lightly classified stuff is at that site, so be careful what you download.) (Yes, you can get the Official US Army Manual for a light machine gun direct from the Army, for free. Really. There's all kinds of good stuff in there.)
That's Distribution Statement A you listed (approved for public release). There are actually 5 ("A" though "E").
But you're wrong to say if a doc doesn't have Distro A on it, you've committed an felony. What matters is whether the doc is actually cleared for public release, not whether the doc says it is. And an affirmative defense is that you believed the doc was approved, even if it wasn't... although trying to flog the thing to people you think are Russians tends to discredit the notion that you believed it to be released!
In particular, this doc https://discover.dtic.mil/wp-content/uploads/2018/09/distribution_statements_and_reasonsSept2018.pdf describes the Statements and how to pick the right one and what to say on it. It does not carry it's own Distro A statement.
Astute readers might see some parallels to newsworthy events in Florida related to a disaster called "Donald", not to be confused with the one called "Ian".
Note that some lightly classified stuff is at that site, so be careful what you download.
Nopenopenopenope, bitten once, twice shy.
A longish while ago the City of Johannesburg (hereafter referred to as CoJ) got upset that people was able to view the accounts and details of other people online just by simple URL manipulation.
A lot of people, including yours truly, did just that, out of curiosity.
The result was that the CoJ threatened legal action against all responsible, but nothing happened, and it's now more than 8 years later.
Learnt my lesson. Curiosity did kill the cat indeed. Not worth the excitement.
Ans1: the affidavit states: "DALKE also noted that certain of the information he had access to was due to a misconfiguration in the system that granted him access to information beyond what he should otherwise have." We also don't know what he was supposed to be developing, so the "don't usually" qualifier is pretty meaningless unless one knows what his job description actually was.
Ans2: Because you can't read documents if they're encrypted.
Ans3: looking at the affidavit, it appears the debt was likely ~$90K of student loan + credit card, and the rest is a mortgage. Not insignificant, but possibly the value of the property on which he had a mortgage outweighed the amount of unsecured debt (and for a number of folks, student loans are a "cheap" debt, so get prioritized lower than credit card, etc).
It's not about the amount of debt but whether you are in arrears on that debt. Debt, in an of itself doesn't make you a risk, failure to pay that debt does. When people are about to lose their house, car, etc and the creditors are banging down the door, that's when the risk increases? Why the NSA seems not to be doing regular credit checks is the big question.
(The NSA pulling credit reports on employees/contractors should have no impact on the subjects credit as the NSA is not potentially issuing loans.)
"Question :. Developers don't usually need access to actual documents,"
You misread the article. He was "Information Systems Security Designer", not a developer. If you design the security systems and implement them, you may have a lot more access for good reasons.
"Question : Don't the NSA thoroughly vet all candidates ? Even for the States a debt of 250000 is quite substantial and not easy to hide."
Many people have debts, that shouldn't deter employment. Perhaps he has a housing loan? According to the article he has two University degrees so he probably has accumulated student loans as well. If debts would automatically unqualify from NSA jobs, then NSA could only hire those graduates who were already wealthy.
Also, that 250k is just what Dalke claimed to the undercover agent. May be true or not, although I cannot understand why you would say such things since it would put you in worse position to negotiate payment, but he doesn't seem to be the sharpest crayon in the box...
although I cannot understand why you would say such things since it would put you in worse position to negotiate payment
Probably because spy handlers (or someone posing as one) will ask "why you are selling out your country", because they want to know the motive. It matters to them because they have to judge whether the person will be providing legit info or catfishing them. It also gives them a sense of whether they'll be able to go back to them for more secrets or if it was a one off.
Even if you decided that "I have debts" is the right answer to that question, you don't have to tell them an accurate number. Having never recruited a spy, I don't know what answer they'd be most comfortable with. Pretending to like their country over yours is probably the best thing if true, but probably also the most frequent lie they get. A financially-motivated spy might be more likely to be caught by incorrectly managing the payments, which could be dangerous as well.
Someone who works for the NSA would be aware of how easily Russian hackers could find out the amount of student loan and credit card debt etc. a specific person is carrying, so they may figure it is not worth trying to lie.
Where it would be possible to lie would be private debts, like if you owe money to a loan shark or bookie, or even a family member, since such debt isn't going to be recorded somewhere hackers can get at it.
If you're doing espionage right, you don't tell your spymasters who you are. After all, if this guy had extracted files in a way that didn't involve printing them on NSA printers and didn't deposit the money directly into his bank account, the FBI wouldn't have known who he was. That's ruined if you give anyone enough information to verify the amount of debt you claim to have.
It feels weird to give advice for how to spy properly, but I'm going to do it anyway. If you're going to do it, you want to be as anonymous as you can be. If you end up talking to law enforcement instead of who you think you are, you don't want to be identified. If the country you're spying for decides that it wants to negotiate with the one you're in, you don't want your identity to be on their list of bargaining chips. If you end up regretting your decision to spy, you don't want the country you were spying for to have blackmail material on you (for example that you were spying). If they can verify the information you give them about how much debt you have, you've failed at this important step.
Not strange in the least. The FBI and NSA are your typical TLA.
Notice how utterly inept was the person who was caught, and how loudly the USG is touting its success in thwarting this nefarious plot.
Apropos of nothing I think the FCO had half a dozen natives working with IBM on its new passport & visa mangling system when I was there, out of a team of nearly 50. I know *I* wasn't vetted at all.
Don't look behind the curtain.
Barring a mortgage, even that isn't that bad unless he is in arrears! Which he most likely was. Why isn't the NSA doing routine credit checks to see of employees are entering a dangerous state of credit trouble.
When I had a military Secret clearance we were routinely reminded that unpaid or late debts could endanger our clearance!
Just another example of the agency in charge of the nations secrets is incompetent when it comes to keeping these secrets.
The FBI says the person they communicated with had criticized the United States for its actions around the world and said the "country it is not as great as it thinks it once was. It is all about the businesses and their money, not anything about the people or those that serve it to include the military."
And that is why he got arrested. Can't have people criticising the U.S.A. can we?
Close. What got him arrested was sticking his head into a honey pot like a drunken pooh-bear, putting the exact amount of his ill gotten gains into his personal account, and politely running back to the honey pot the next time the dinner bell was rung.
It doesn't sound rational, but rage rarely is.
I tend to think of the Russians as fairly smart so if someone turned up offering classified documents their first reaction would be to either persuade him/her to go away or to get some low level individual to interact with them to see if they really have something useful to say.
Overall, I'd guess that the value of the information he had was negligible. Obviously the security services will make a Big Deal of it -- he was in a position of trust and was scheming to abuse it within three weeks. The most likely scenario is he got dismissed for unspecified reasons probably relating to him not really being suited for that environment and the documents were just a honey trap.
On at least a few occasions, when someone contacts an embassy offering things and the judgement is that they're not worth bothering with, the embassy turns them over to law enforcement on their own. I don't know how often that happens, but more than zero. Doing that builds a relationship with the host country at least a little. It's possible that happened this time.
"country it is not as great as it thinks it once was. It is all about the businesses and their money, not anything about the people or those that serve it to include the military."
.. which I am proving by trying to sell its secrets for, er, money. Yay.
Given where he worked he should have had a decent clearance, which implies at least a moderately good salary. Very bright idea to throw that all away by a criminal act.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
