AP, 3 Sep 2010: A former low-level employee of Britain’s MI6 spy agency was sentenced Friday to one year in prison for trying to sell top-secret information to Dutch agents, with the judge calling him “a strange young man.” Daniel Houghton, 25, was guilty of “an act of betrayal” when he copied secret files, including spy agency staff lists with home phone numbers, and tried to peddle them to another government, Judge David Bean said. MI6 is Britain’s overseas intelligence service. “If the material had found its way into the hands of a hostile power it would have done enormous damage and put lives at risk,” the judge said. . . . .
. . . . Prosecutors said in court Friday that Dutch agents were suspicious about Houghton’s true identity and met with him in the Netherlands in January and determined that he had worked for MI6 and that he did possess secret documents. They then told British agents about his actions. He was arrested at a London hotel in March.
Houghton, a dual Dutch and British national, admitted to two counts of unlawfully disclosing intelligence material but denied a charge of theft. He is expected to be released shortly because he has already served nearly half of his prison time while awaiting sentencing.
‘Naive’ MI6 worker who tried to sell names of British spies walks free (London Evening Standard, 3 Sep 2010)
A former MI6 worker who tried to sell a secret list of British agents for £900,000 walked free from the Old Bailey today. Daniel Houghton, 25, contacted the Dutch secret service and handed over two lists as well as information about British spying capability. In a “personal betrayal” of his former colleagues, one list contained details of 387 named operatives and the second 39 names and mobile phone numbers, the court heard. . . .
MI6 man tried to sell colleagues’ names for £2m (Guardian, 3 Sep 2010)
A software engineer working for MI6, who tried to sell intelligence for £2m, has been given a 12-month jail sentence for his “act of betrayal”. Daniel Houghton, 25, from Hoxton, east London, pleaded guilty at an earlier hearing to two offences under the Official Secrets Act. He offered computer files containing sensitive information about intelligence collection and M16 staff lists to agents from the Netherlands, the Old Bailey heard. The Dutch initially thought it was a hoax, but later tipped off their UK counterparts. Houghton was arrested after arranging a meeting at a London hotel in March. . . .
. . . . Sentencing him, he said: “You were employed by the security services and attempted to sell secret material for very large sums of money. “In particular you attempted to sell staff lists, which would have disclosed the identity and homes and whereabouts of agents whose identity must be protected almost at all costs. If the material had found its way into the hands of a hostile power, it would have done enormous damage and put lives at risk.
“On the other hand, you are not an ideologue. If you had been intent on causing harm to this country’s interests, you would have chosen a different recipient than the Netherlands. These were unsophisticated offences. You made no attempt to conceal your identity.”
Houghton had worked for the Secret Intelligence Service (SIS), also known as MI6, between September 2007 and May 2009, the court heard. During this time he accessed a number of computer files belonging to the British security service (MI5) relating to the work of both agencies and marked “secret” or “top secret”. They were described as “sensitive capabilities files, important tools developed by SIS staff for the gathering of intelligence for national security purposes”.
He also tried to sell two secret staff lists, one containing 387 names and the other with the home and mobile telephone numbers of 39 people. Piers Arnold, prosecuting, said: “It was a personal betrayal of these individuals with the potential, if it had fallen into the wrong hands, to compromise individuals’ safety.” . . .
Former MI6 man sentenced for secret files leak (BBC, 3 Sep 2010)
. . . . Houghton, who worked as a £23,000-a-year software engineer, had tried to sell copies of electronic files containing details of information-gathering software and staff lists to the agents in The Netherlands. . . . . When police searched his flat they discovered paperwork marked “top secret”. A computer memory stick was found containing 7,000 files, while a hard drive with secret documents stored on it was also discovered. . . . .
MI6 worker jailed for a year for trying to sell secrets to Dutch agents for £2m (Daily Mail, 3 Sep 2010)
. . . . Mr Arnold said Houghton ‘dishonestly’ removed them from his place of work and in August 2009 tried to sell them to the Dutch Secret Intelligence Service. After a series of telephone calls it was agreed that he would fly to Holland for a meeting in January this year, at which the Dutch agents were persuaded that he had worked for the SIS as he claimed, and they tipped off MI5.
Houghton later offered to sell the files, plus the staff lists, for £2 million but eventually a fee of £900,000 was agreed upon. He said that he had copied the material onto a disc which he had taken home and copied in turn onto two memory cards stored at his mother’s address. Houghton handed over the cards to the Dutch at a London hotel on March 1 and was given a suitcase containing £900,000. In the lobby he was arrested and handcuffed by plain clothes police officers after they wrestled him, struggling, to the floor.
An assessment carried out by SIS found that if the intelligence files he handed over had fallen into the hands of a hostile nation it would have posed ‘significant risk to future SIS operations’, while MI5 faced similar risks. Copies of the files were also found on a memory card and hard drive at Houghton’s home – contradicting his claims to the Dutch agents that there were no other copies of the documents he handed over, Mr Arnold said. . . .
CIO Update, 1 Sep 2010: A recent study produced by Verizon and the US Secret Service delivered a surprise finding: in last year’s electronics record breaches, nearly half were inside jobs, or, required insider cooperation. In the merged Verizon/Secret Service data set, 48 percent of breaches were attributed to users who maliciously abused their right to access corporate information. An additional 40 percent of breaches were the result of hacking, while 28 percent were due to social tactics and 14 percent to physical attacks.
The report covers 900-plus breaches involving more than 900 million compromised records. The majority of the Verizon investigations evaluated in the study took place outside the US whereas the bulk of the Secret Service investigations occurred within the US. While external threats still run high at 69 percent, insider threats are an increasing challenge to IT. A challenge that is further complicated by the need to allow employees and other insiders access to the very network IT works so hard to block from outsiders. . . .
. . . . So how is it, exactly, that employees get the data outside company walls despite IT’s best efforts? “A better question would be ‘What methods aren’t available to an insider?’,” said Ryan Smith, principal research scientist for Accuvant Labs.
Indeed, malicious types find creative means to steal or destroy data. The information can be photographed by a smartphone, copied to a USB device, faxed to a .pdf file, printed from a copier or printer hard drive, emailed, staged down to lesser and lesser secure storage files, or captured via key logging malware … to name but a few choices in the malefactor’s repertoire.
If they sell the stolen data to a competitor the action is typically considered traditional corporate espionage no matter how they executed it. Employees can also sell the data to criminal elements who want to do steal identities, bank accounts, and other sensitive data for personal gain. There is a third set of malicious actions designed to destroy data which is typical of angry current or former employees who mean to extract revenge. A fourth set of employees will hold data hostage in some way as a means of job protection. The thinking is that if only one person can access the data then that person is indispensable. . . . .
♦ CI CENTRE BRIEFING: Saving Jobs: Protecting Our Information, Protecting Our Corporation, Protecting Our Employees
Columbus Dispatch, 6 June 2010: Dave Thorbahn knows his business is a target. Some of his 184 employees already have been offered cash to videotape what goes on inside his barns. Who offered them the money or why, Thorbahn can’t say. It could have been someone looking for trade secrets, but he suspects otherwise. He wonders whether it was someone working for an animal-rights organization that wanted a peek inside Select Sires, a bull-semen facility with 1,791 bulls in 57 barns in Ohio and Pennsylvania. Thorbahn is president and CEO of the bovine-genetics business, which happens to have its headquarters along Rt. 42 near Plain City, with buildings directly across the highway from and beside Conklin Dairy Farms, a relatively small farm with just a handful of employees. . . .
Wired, 6 June 2010: Federal officials have arrested an Army intelligence analyst who boasted of giving classified U.S. combat video and hundreds of thousands of classified State Department records to whistleblower site Wikileaks, Wired.com has learned.
SPC Bradley Manning, 22, of Potomac, Maryland, was stationed at Forward Operating Base Hammer, 40 miles east of Baghdad, where he was arrested nearly two weeks ago by the Army’s Criminal Investigation Division. A family member says he’s being held in custody in Kuwait, and has not been formally charged.
Manning was turned in late last month by a former computer hacker with whom he spoke online. In the course of their chats, Manning took credit for leaking a headline-making video of a helicopter attack that Wikileaks posted online in April. The video showed a deadly 2007 U.S. helicopter air strike in Baghdad that claimed the lives of several innocent civilians.
He said he also leaked three other items to Wikileaks: a separate video showing the notorious 2009 Garani air strike in Afghanistan that Wikileaks has previously acknowledged is in its possession; a classified Army document evaluating Wikileaks as a security threat, which the site posted in March; and a previously unreported breach consisting of 260,000 classified U.S. diplomatic cables that Manning described as exposing “almost criminal political back dealings.”
“Hillary Clinton, and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,” Manning wrote. . . .
. . . . Manning came to the attention of the FBI and Army investigators after he contacted former hacker Adrian Lamo late last month over instant messenger and e-mail. Lamo had just been the subject of a Wired.com article. Very quickly in his exchange with the ex-hacker, Manning claimed to be the Wikileaks video leaker. “If you had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months, what would you do?” Manning asked.
From the chat logs provided by Lamo, and examined by Wired.com, it appears Manning sensed a kindred spirit in the ex-hacker. He discussed personal issues that got him into trouble with his superiors and left him socially isolated, and said he had been demoted and was headed for an early discharge from the Army.
When Manning told Lamo that he leaked a quarter-million classified embassy cables, Lamo contacted the Army, and then met with Army CID investigators and the FBI at a Starbucks near his house in Carmichael, California, where he passed the agents a copy of the chat logs. At their second meeting with Lamo on May 27, FBI agents from the Oakland Field Office told the hacker that Manning had been arrested the day before in Iraq by Army CID investigators. . . . (read ALL)
Hacker explains why he reported ‘Wikileaks source’ (BBC, 7 June 2010)
NextGov, 18 May 2010: The Defense Advanced Research Projects Agency answers that question in stark terms in its request for industry help to counter insider electronic moles: Trusted insiders … are targeting the U.S. information infrastructure for exploitation, disruption, and potential destruction. [Emphasis included.] National Counterintelligence Strategy of the United States of America (2008).
DARPA says protecting information systems against bad insider actors is often difficult because the defenses must be perfect and comprehensive, while the attacker needs to find only one flaw. That’s why the agency said it has kicked off a project called Suspected Malicious Insider Threat Elimination, which we all know stands for SMITE, a lovely play on words for fighting back against an enemy.
Detecting insider threats, DARPA said, remains a challenge because it requires unearthing subtle indicators of malicious behavior buried in enormous observational data of no immediate relevance, or zeroing in on one key signal out of a lot of background noise. One way to detect insider threats is to focus on deceptive behavior, which is characteristic of malicious intent – which, by the way, leads to the problem of assigning intent to observed behaviors. . . .
