The Reg takes the US government's insider threat training course
No, sir, we didn't spill beer on the laptop, sir!
The US government has provided an online training course on insider threats.
To help understand its efforts to stop the spread of leaks, spills, espionage and sabotage, The Reg signed up for a bit of training from the National Insider Threat Task Force (NITTF).
Here we learned a lot about, in no particular order: former National Security Agency syadmin Edward Snowden; drugs, porn and alcohol, lies, tricks of the trade and just who these insider threat people might be (not who you think).
NITTF is a US government body that is part of the Office of the Director of National Intelligence.
It is, in its own view: "The principal inter-agency task force responsible for developing an Executive branch insider threat detection and mitigation program to be implemented by all federal departments and agencies."
In a five-module online training programme, the NITTF describes the differences between leaks, spills, sabotage and espionage. It also informs workers how to deal with the nosy media. Course-takers are also treated to a dramatized video of a group of workers dealing with a colleague who has gone rogue (no Oscars here).
According to the course, 300,000,000 pages have been stolen since 2010. These include 50TB of data by one individual and the 750,000 documents leaked by Snowden.
The task force quoted ex-soldier Chelsea Manning as saying: "I would come in with a CD RW with Lady Gaga written on it, erase the music and then write a compressed split file – no one suspected a thing."
It also uses the example of the 50TB of data that was allegedly taken by former Booz Allen Hamilton contractor Harold Martin. Martin is awaiting prosecution on charges of "stealing government documents and mishandling classified information". The NITTF, ostensibly directly quoting from a New York Times article, noted that Martin held "a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment, and posing as a police officer in a traffic dispute".
The NITTF again echoed the newspaper when it noted: "These events should have triggered closer scrutiny."
The public defender has said in Martin's defence that he is a "compulsive hoarder". Martin has reportedly agreed to plead guilty to one of the charges, the "illegal retention of national security information", but initially pleaded not guilty to all charges.
Snowden, the world's best-known document leaker and whistleblower – although the task force emphatically claimed in several places in the course that he was not a whistleblower as he did not "follow the correct procedures" – is described by the government outfit as a "disgruntled" employee who displayed many of the personality traits of someone who was an insider threat.
Snowden has always maintained that he had tried to raise his concerns with the NSA before he decided to make the documents public.
According to this training course, "a close review of Snowden's official employment records and submissions revealed a pattern of intentional lying".
Some "examples" highlighted by NITTF included: "Claimed to have left Army basic training because of broken legs when he washed out because of shin splints; claimed to have worked for the CIA as a 'senior advisor,' which was a gross exaggeration of his entry-level duties as a computer technician; doctored his performance evaluations and obtained new positions at NSA by exaggerating his résumé and stealing the answers to an employment test."
It also claimed that Snowden began his mass downloads of classified information from NSA networks "two weeks after an email argument with a supervisor".
When we think of spies and insider threats, most of us think of professionally trained individuals on a mission. The US government, however, said that most act alone or are targeted because of their behaviour and personality traits.
Are you the weakest link?
Much of it comes down to "elicitation", according to the third module of the course. A "trained elicitor understands human predispositions and uses techniques to exploit those".
What makes you the sort of mug the "trained adversary" would target? If you go by the training course, personality traits including being polite and helpful, a wish to feel well informed, being a gossip, being someone who corrects others and having a belief that people are basically honest.
You might also be a person who tends to underestimate the value of the information being sought or given.
As to whether these tendencies work, NITTF cited a pamphlet entitled "What Employees Should Know About Elicitation and Foreign Intelligence Approaches" from defence manufacturer Raytheon, which stated that since the end of the Cold War: "67 per cent of spies have been civilians; 37 per cent had no security clearance; 84 per cent of spies were successful; 67 per cent volunteered to commit espionage; 81 per cent received no money for their services; and 94 per cent went to prison".
The US Office of the Director of National Intelligence believes that each year $300,000,000,000 worth of American intellectual property and business intelligence are stolen yearly by China, Russia, Iran and others.
The course is available to take here, though it seems to run most reliably in Microsoft's browser Internet Explorer. Reg hacks have been able to access it on Opera, Safari, Firefox and Brave – although one reported being blocked on Chrome. The NITTF recommended hosting the files on a webserver "due to security features on some browsers". ®
Sponsored: Becoming a Pragmatic Security Leader