AfterBites: More on Espionage

The Story:

--Pentagon Official Charged with Espionage Conspiracy
(May 13 & 14, 2009)
A Pentagon official has been charged with espionage conspiracy for
allegedly leaking confidential documents to a Chinese government
operative. James Wilbur Fondren Jr. has been on administrative leave
from his job as Deputy Director, Washington Liaison Office, US Pacific
Command (PACOM) since February 2008. Fondren was allegedly able to
access the sensitive information through his security clearance. If he
is convicted of the charges against him, he could face five years in
prison and a fine of US $250,000.
http://www.nextgov.com/nextgov/ng_20090514_7707.php
http://www.scmagazineus.com/Defense-Department-insider-charged-with-espionage/article/136743/
http://www.usdoj.gov/opa/pr/2009/May/09-nsd-469.html
[Editor's Note (Northcutt): Limiting access rights based on roles is essential.]

My comment on this (which didn't get posted along with Northcutt's) was: "

Is this where I get to say "I told you so"??

For the last few months we've been treated to a well-marketed push trying to paint China as an internet cyberespionage threat. Some of us have been pointing out that "this is not how real espionage is done" and that real spies still operate by suborning trusted insiders. We should not ignore the real threat while we're chasing after what amounts to little more than a well-marketed attempt to increase security budgets for agencies and beltway bandits. "

It's obvious: a privileged insider with the clearances to access information is always going to be vastly more valuable (or damaging, depending on your perspective) than an external attack, which basically has to come in blind, penetrate defenses, and resist outward-facing detection. Furthermore, an insider with access is likely to be better positioned to know what information is valuable, and where it is. Exactly as this case reveals.

From the DOJ's (URL above) article on the incident:

"According to an affidavit filed in support of the criminal complaint, Fondren retired from active duty as a Lieutenant Colonel in the U.S. Air Force in May 1996. In approximately Feb. 1998, he began providing consulting services from his Virginia home. Fondren’s sole client for his business was a friend by the name of Tai Shen Kuo. Kuo was a naturalized U.S. citizen from Taiwan who lived primarily in Louisiana and maintained business interests in the United States and the People’s Republic of China (PRC). Kuo also maintained an office in the PRC.

In August 2001, Fondren became a civilian employee at PACOM at the Pentagon, where he was again granted a security clearance by the government. He held a Top Secret security clearance, worked in a Sensitive Compartmented Information Facility, and had a classified and unclassified computer at his cubicle."

How do you penetrate a Sensitive Compartmented Information Facility? Hire a hacker? Or hire a con$ultant?

Other than the dubious satisfaction of being able to say "I was right, again" this story affords me only a little satisfaction: they caught him quickly. He'd only been in business for a year or so. But: how much data can an insider with physical connectivity to a system steal, versus someone who has to download it over the Internet?