FBI raids home of spy sat techie over leak of secret comms source code on Facebook

Ex-NRO bod also allegedly swiped $340k of espionage kit plus classified files

raid

The FBI has raided the home of US intelligence contractor John Weed who is suspected of leaking classified blueprints online via a fake Facebook account.

On Monday, the Feds confirmed to The Register they have executed a search warrant at the Virginia home of John Glenn Weed, who worked for the National Reconnaissance Office – which runs Uncle Sam's spy satellite fleet. The NRO called in the g-men after a screenshot of its classified source code was posted in 2017 on a Facebook profile belonging to one William Amos.

According to the FBI's court filings earlier this month, "the Facebook page had a picture on the page ... that appeared to depict computer code for a government computer system that Weed had designed. The computer code depicted in the Facebook post is related to the design, construction and use of a communications intelligence device and system used by United States government assets to communicate intelligence activities."

Staggeringly, Weed is also accused of earlier nicking $340,000 in radio spying equipment as well as taking classified computer code home.

In a search warrant application submitted this month, FBI special agent Steve Hall said he suspected William Amos is John Weed: the Amos account was used to send messages to someone called Ken Mills, reading: "Ken, this is JW."

Another message to someone called Sean Walker read: "It's me brother, Facebook didn’t like the Non Sequitor name and they wouldn't let me crate a john wed [sic] account without sending photo id because they said weed was not a valid last name."

Also, the IP address used to access the Amos Facebook account matched the public internet address associated with Weed's home address, according to his ISP Comcast in responding to a federal grand jury subpoena. A screenshot on the Amos profile revealed a folder named Connor: Weed has a son by the same name.

Agent Hall therefore alleged Weed leaked portions of the NRO's secret source code on the bogus Amos profile, and was granted his search warrant by a judge in eastern Virginia. What also helped in securing that court order is that Weed apparently has a history of taking his work home with him and, well, being a bit odd.

Up in smoke

Between 1993 and 2012, Weed worked as a coder for military contractor Analytic Sciences Corporation developing secure communications systems, much of it for the NRO. But he lost his national security clearance, and his job, after being collared by the plod multiple times.

In May 2012, he was stopped by police and accused of driving under the influence, his third such arrest. Weed didn't immediately report the allegations, despite being required to do so to keep his security clearance. He kept quiet about it until September 2012 when he pleaded guilty in court to DUI.

As a security clearance holder, Weed underwent regular background checks. During one of this routine probes, the US Department of Defense spotted the DUI arrests, and Weed 'fessed up to his conviction. An investigator scheduled a meeting with Weed for September 18 to discuss it, however, the contractor cancelled on the day saying he had to deal with "Iran issues."

It subsequently emerged Weed was instead busy that day being charged with violating his probation in Fauquier County, Virginia.

Two days later, Weed turned up to a meeting with the government investigator with a bullet-hole-riddled photograph of his arresting officer that he had used for firearms target practice, and said he was going to "ruin the life" of the policeman, it is claimed. Afterwards Weed's security clearance was revoked for "criminal and personal conduct," and he was sacked.

It gets weirder

Weed appealed the decision to terminate him and strip him of his clearance, and sent in a long letter titled "Double Standards, the Putrefaction of Public Trust and the Erratic Dispensing of Justice," detailing his work on the "global war on terror." Unfortunately, the letter was sent via regular mail from an unclassified computer system and contained classified material he should no longer have had access to, according to the FBI. Which is, suffice to say, a boo-boo.

Agent Hall said that in multiple interviews with Weed's coworkers the g-man was told that the suspect felt that the rules didn't apply to him. Weed's appeal was unsuccessful, and his clearance remained revoked.

And just days before the September showdown with Weed, four remote desktop protocol (RDP) sessions were established from Weed's secure workstation to his home broadband IP address, according to the FBI. These connections were discovered in logs in May 2013, and a search warrant for Weed's home was issued, said Agent Hall. Yes, Weed has had his home raided at least twice now.

Angst in her pants: Alleged US govt leaker Reality Winner stashed docs in her pantyhose

READ MORE

That 2013 search turned up a $200,000 radio set that had been sent to the NRO by another government agency and 11 "friendly force trackers," used to monitor the location of vehicles, it is alleged. In total, the Feds said they found purloined hardware worth $340,000 in the house, and the source code for two secret-level classified communications systems. A section of said code ultimately appeared on the Amos profile, according to the FBI.

Agents are now poring over materials collected from Weed's home in the 8.30am swoop on Thursday, March 8. The FBI sought computers and other devices suspected of storing classified material, as well as networking gear, financial records, and more. A spokesperson for the Feds declined to comment further.

We could not reach Weed for comment: his phone line has been disconnected. It is also not clear what action was taken, if any yet, by prosecutors following the 2013 search. There is no record of any charges in the public court records system.

It seems, though, that when it comes to contractors, the US government still doesn't quite have its security ducks in a row. ®




Biting the hand that feeds IT © 1998–2018