74.5 F
Washington D.C.
Saturday, July 13, 2024

Suspected Russian IRS Hack Raises Larger Questions About Spy Recruitment, Blackmail

Had the CIA simply pulled Aldrich Hazen Ames credit report, the agency would have immediately realized his lifestyle didn’t comport with his salary.

Ames was arrested by the FBI in Arlington, Virginia on espionage charges on February 24, 1994. At the time of his arrest, Ames was a 31-year veteran of the CIA who had been spying for the Russians since 1985. Arrested with him was his wife, Rosario Ames, who aided and abetted his espionage activities.

Following guilty pleas by both Ames and his wife on April 28, 1994, Ames was sentenced to incarceration for life without the possibility of parole. Rosario Ames was sentenced on October 20, 1994 to 63 months in prison.

Ames was a CIA case officer who spoke Russian and specialized in the Russian intelligence services, including the KGB, the USSR’s foreign intelligence service. His initial overseas assignment was in Ankara, Turkey, where he targeted Russian intelligence officers for recruitment. Later, he worked in New York City and Mexico City, Mexico. On April 16, 1985, while assigned to the CIA’s Soviet/ East European Division at CIA Headquarters in Langley, Virginia, he secretly volunteered to provide classified materials to KGB officers at the USSR Embassy in Washington, DC. Shortly thereafter, the KGB paid him $50,000. During the summer of 1985, Ames met several times with a Russian diplomat to whom he passed classified information about CIA and FBI human sources, as well as technical operations targeting the Soviet Union. In December 1985, Ames met with a Moscow-based KGB officer in Bogota, Colombia. In July 1986, Ames was transferred to Rome, Italy.

In Rome, Ames continued his meetingswith the KGB, including a Russian diplomat assigned in Rome and a Moscow-based KGB officer. At the conclusion of his assignment in Rome, Ames received instructions from the KGB regarding clandestine contacts in the Washington, DC area, where he would next be assigned. In addition, the KGB wrote to Ames that he had been paid $1.88 million by them in the four years since he volunteered.

Upon his return to Washington, DC in 1989, Ames continued to pass classified materials to the KGB, using “dead drops,” or prearranged hiding places, where he would leave the documents to be picked up later by KGB officers from the USSR Embassy in Washington. In return, the KGB left money and instructions for Ames, usually in other “dead drops.”

In the meantime, the CIA and FBI learned that Russian officials who had been recruited by them were being arrested and executed. These human sources had provided critical intelligence information about the USSR, which was used by US policy makers in determining US foreign policy. Following analytical reviews and receipt of information about Ames’s unexplained wealth, the FBI opened an investigation in May 1993. But the information about Ames’ wealth wasn’t initially gleaned from his or his wife’s credit reports.

Had Ames and his wife’s credit reports – and FICO scores – been pulled early on when the CIA and FBI became aware that their own recruited spies were being killed, they would have revealed credit lines and balances that Ames’ CIA salary just couldn’t sustain. Had the CIA’s counterintelligence officials pulled his and his wife’s credit histories when they first understood there was only a small pool of people who could have provided the highly classified materials the Soviets were being given, there would have been little doubt that something was terribly amiss — that Ames and his wife, without question, had a lot of explaining to do.

Matters of financial problems – or a suddenly inordinate influx of unexplained cash – adultery or homosexuality … things like that … ordinarily weigh heavily in the secrecy and spy business. And, for very, very … good reason! If you have financial problems or sexual vulnerabilities or peculiar libidec proclivities, you’re prone to blackmail and recruitment. That’s basic spy tradecraft 101 that the CIA – and other components of the Intelligence Community — teaches all its young idealistic recruits. Ames should have raised a legitimately serious red flag that he was in the possible employ of a foreign power, where he could do irreparable harm to US national security.

The same issues that embroiled the Ames are just as applicable today; more so given the ability of hostile foreign powers to be able to hack into personal information like health and income tax records, which could prove to be a counterintelligence goldmine. For example, a spy’s adulterous affair, which could be indicated by one or more deliberately transmitted sexually diseases you know the wife or husband didn’t have. Or, an agent’s homosexuality, which in the spy business can still be ruinous to one’s spy career for any number of reasons; or a target’s tax information – combined with the person’s credit report — could reveal financial problems that could be exploited in an attempt to recruit the individual. It’s happened before. And it’s still traditional spycraft, as human nature in these aspects doesn’t change – it’s part of the human condition, or vulnerability in so far as the spying business is concerned.

Last July, the Government Accountability Office (GAO) informed Congress that its auditors “found that about 83,000 Department of Defense (DOD) employees and contractors who held or were determined eligible for secret, top secret or sensitive compartmented information (SCI) clearances, or related interim clearances, had unpaid federal tax debt totaling more than $730 million as of June 30, 2012.”

“DOD reported to GAO that about 3.2 million civilian and military employees and contractors held or were approved for similar clearances from January 1, 2006, to December 31, 2011, which was the time frame for GAO’s analysis,” GAO said. “According to data from the Internal Revenue Service (IRS), about 34,000 of these 83,000 individuals (about 40 percent) with tax debt had a repayment plan with the IRS to pay back their debt as of June 30, 2012. GAO’s analysis cannot be generalized to individuals that were granted eligibility for security clearances and were non-DOD employees of the executive branch, employees of the legislative branch or employees of the intelligence community.”

GAO said it “also identified individuals with unpaid tax debts who also had access to classified information. DOD officials stated that individuals having access to classified information pose a greater risk because they have more opportunity to actually compromise classified information than a person who is only eligible to access classified information. GAO found that about 26,000 of the 83,000 DOD employees and contractors with eligibilities who owed taxes (about 31 percent) had access to classified information, and they owed about $229 million in federal taxes as of June 2012.”

Continuing, GAO said that, “According to [the] Office of Director of National Intelligence {ODNI], as of October 2013, over 5.1 million civilian and military employees and contractors held a security clearance. Federal laws do not prohibit an individual with unpaid federal taxes from holding a security clearance, but delinquent tax debt poses a potential vulnerability.”

“From a security standpoint, concerns over financial stability run the gamut from the mundane to the serious. Financial sloppiness can be a leading indicator that extends well beyond the manner in which someone manages monthly bills. It can be a serious red flag that a person has poor self-control, continues to display poor judgment and lacks basic decisional maturity. It also sets off a series of additional alarms that stress the possibility that an individual is incapable of properly adhering to established safeguards and rules regarding the handling of classified information,” wrote Homeland Security Today Executive Editor Timothy W. Coleman, and Learline Taylor, the Facility Security Officer at Advantage SCI, a defense contractor with clients that include the Department of State, Office of the Secretary of Defense and Joint Chiefs of Staff. She served 25 years as an FSO and as the security manager for the 402nd Brigade in Iraq and a security specialist with the Department of Homeland Security (DHS).

“At its core,” they stated, “it boils down to trustworthiness and reliability. An individual who is financially overextended is at risk of engaging in illegal and illicit acts to generate funds. This can run the gambit to include financial crimes, but clearly the primary concern is ill-gotten gains provided by foreign governments for espionage.”

Continuing, they noted that, “The most common reason that a newly hired employee is unable to receive a security clearance to access classified information at DHS, Department of Defense or any government positions requiring ‘public trust,’ is because of financial difficulties. This may surprise some, but the vast majority of the hurdles and pitfalls encountered by clearance candidates can be located in credit reports.”

Remember Aldrich Ames? Given the nature of the leaks the CIA was aware of it, it wasn’t a leap of judgment to figure out who possessed the intelligence that the Soviets had been given. Therefore, the agency easily could have pulled the credit reports of everyone who had access to the intelligence the agency now knew had been provided to the KGB.

But back then, one of the problems in security was, once you were cleared and within the confines of Langley, you were far less likely to be suspected of treason. Youwere given the benefit of the doubt on the inside, but not on the outside. It was a major flaw in security protocol and thinking.

In many cases, the financial blemishes cited on a credit report are not accurate, nor are they representative of the financial circumstances of the individual applying for a security clearance, Coleman and Taylor wrote. A misreported financial blight on your credit report can be extremely disruptive. Misspellings, typos, common namesor outright oversights can cause a negative credit instance and undermine your credit report by no fault of your own. This can be particularly acute if the applicant is a junior, senior or the III.

“It may not be your fault, but it becomes your problem,” they pointed out.

“An additional and common pitfall,” they wrote, “is an individual’s decision to carry the debt burden of a family member. Cosigning for a student loan, car loan or mortgage can place an individual who is not the primary beneficiary in jeopardy of being negatively impacted by another’s poor financial management. While not directly the fault of the individual seeking a security clearance, it quickly becomes their problem and a considerable hurdle to overcome during a background check.”

Coleman and Taylor noted that, “Adjudicators from the Defense Security Services who perform background checks realize that the current economic environment has been extremely difficult, especially in recent years with the economic downturn and the housing market crash. Indeed, adjudicators are real people, too, and are more interested in ensuring that a candidate is doing their best and making a good faith effort to address any financial difficulties. In turn, it is not impossible to demonstrate a commitment to address any outstanding financial or debt obligations that may linger, but concerted action must be undertaken.”

Ultimately, though, they pointed out, if financial difficulty exists, or there are mistakes in an individual’s credit report, the onus of responsibility remains with the person seeking a security clearance. In turn, it is imperative that candidates know what their credit reports contain.

And, just like credit and financial records, “health records [also] provide a wealth of information for attackers seeking corporate weaknesses to exploit and insider information on the health of a CEO is corporate espionage gold,” said Craig Lund, CEO of SecureAuth. “As the cost of data breaches for companies continues to rise, so too do the value of compromised records. Healthcare records are one of the most valuable types for sale on the black market, worth $363 per record. With access by numerous healthcare employees typically being spread across geographies, platforms, applications and devices, securing highly valuable information has become an IT nightmare in today’s digital world.”

Healthcare organizations have become one of the top targets for hacking. According to Forbes, CHS, Anthem and Premera – three large-scale data breaches totaled about 95.5 million stolen records. Attacks on electronically protected healthcare information (ePHI) is up 125 percent since five years ago.

Reforming the way security clearances are granted is one of the urgent steps that needs to be taken to improve periodic reinvestigation (PR) of persons holding a security clearance. In addition, fundamental improvements are needed throughout the overall security clearance process, the Intelligence and National Security Alliance (INSA) said in their Security Reform Policy Council (SPRC) white paper.

The SPRC’s white paper, Leveraging Emerging Technologies in the Security Clearance Process, outlined an approach using promising new technologies to augment PRs through a process of “continuous monitoring and evaluation” (CME) that will increase the regularity and consistency of the security clearance reinvestigation process; improve the overall relevance and accuracy of PR data collection and analysis; and allow for greater portability of clearance holder data.

“The need for an enhanced PR system is immediate,” said INSA Senior Intelligence Advisor and SPRC Chair Charlie Allen, former head of the Department of Homeland Security’s (DHS) Intelligence & Analysis Directorate and a long-time CIA officer. “An improved system would provide better quality investigations, more detailed and deeper analysis of individuals in the system, and real-time evaluations of security clearance holders. It could fill gaps in the current PR process leading to a better quality investigation and ‘whole person’ adjudications.”

Merging CME capabilities with current PR requirements could permit an evolutionary way to implement a state-of-the-art process that provides an ongoing perspective on cleared individuals rather than a snapshot every five years or more.

The continuous updating and near real-time reporting of results would also allow for the flagging of suspicious behavior inconsistent with a security clearance or job assignment. This process could provide for better-informed risk-management decisions and increased opportunities to mitigate and resolve clearance holders’ problems.

The white paper also sets out recommendations for an enhanced PR solution. These include moving to an online clearance information reporting application and making use of internal agency databases.

The central use of self-reported data would allow agencies to maintain risk profiles for all clearance levels and establish escalation flags matched with levels of clearance access that could prove useful when staff members are cleared at multiple levels on differing contracts or at multiple agencies. Risk markers could also be set for when one person gains access to multiple, classified networks or other advanced caveats.

An enhanced PR through the online reporting application would also make it easier to self-report personnel security-relevant issues and encourage individual accountability because clearance holders will understand the CME capabilities to uncover errors or omissions.

As an interim measure, it could involve “greater use of randomness as a solution” which may “discourage unwise behavior in the first place or at least cause clearance holders to act with caution if they know they are being continuously monitored and can lose their jobs.”

Another recommendation called for the partnering of enhanced PR with other relevant efforts. The combination of an enhanced PR with insider threat and counterintelligence programs would provide broader access to data that officers can use to spot behavior, travel, contacts and purchases across personnel, contracts, assignments and supervisors worthy of investigation.

“Espionage post mortems could [also] benefit from pre mortem assessments that might identify suspicious behavior in time to deter or interdict illegal activities,” the paper said.

The paper also recommended that expectations involve a cost-benefit analysis, metrics and technology standards, and noted that “early articulation of the problems agencies may face in adopting new systems and applications should make it easier to accommodate exceptions.”

Finally, while the concepts discussed in the paper conform to existing privacy laws and regulations, the authors said full discussion of civil liberties and privacy issues will be essential to designing and implementing a successful CME process. Civil liberties and privacy offices and general counsels must also be active participants from the planning stage, they said.

SPRC Vice Chairman Kathy Pherson said “Improving the security reform process now allows us to take advantage of the promising technologies emerging at this time. INSA encourages timely collaboration between the government and private sector to survey evolving online tools and technologies and define best practices for improving our nation’s security clearance process.”

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles