Home Cybersecurity Can We Predict the Next Leaker Using Threat Profiling Techniques?
Can We Predict the Next Leaker Using Threat Profiling Techniques?

Can We Predict the Next Leaker Using Threat Profiling Techniques?

0

Note: This article first appeared at In Public Safety.

By Erik Kleinsmith
Associate Vice President, Public Sector Outreach, American Military University

Intelligence — whether you look at it as a community, business, or profession — is inextricably bound by secrecy and security. Not only do intelligence personnel routinely collect and analyze highly sensitive and classified information about national threats, but these professionals must also actively work to protect that information from getting into the hands of adversaries and those who wish harm upon our nation.

Get started on your Homeland Security degree at American Military University.

Security is so important to the success of intelligence that professionals who specialize in information, network, and physical security have evolved along parallel trajectories over the past decades. Yet, despite the billions of dollars spent every year on each of these areas of security, it’s not enough to contain 100 percent of information leaks.

Who Are Leakers?

As recent embarrassing news stories can attest, leakers continually plague U.S. intelligence and national security. Leakers are individuals who share sensitive or classified information on a large scale, typically using the media as a conduit for their actions. These individuals are very different than spies, who often steal information for use by a foreign government or entity.

A recent example of a leaker is 30-year old Henry Kyle Frese, a counterterrorism analyst with the Defense Intelligence Agency who was arrested for leaking classified information to an NBC and a CNBC reporter, one of whom he was in a romantic relationship with. Frese now faces up to 20 years in prison for his poor decisions and joins the ranks of other notorious leakers including:

  • Reality Winner – A 25-year-old intelligence analyst with the National Security Agency (NSA) who mailed classified information to The Intercept and was subsequently arrested in June 2017. She now is serving five years and three months for violating the Espionage Act of 1917.
  • Edward Snowden – Then a 30-year-old defense contractor working for the CIA at a NSA facility in Hawaii who decided to pass massive amounts of information in early 2013 to Julian Assange and WikiLeaks. Currently living under asylum in Russia, Snowden is known as a deluge leaker who revealed details about U.S. intelligence collection programs and capabilities.
  • Bradley/Chelsea Manning – A then 22-year-old U.S. Army intelligence analyst who was arrested in May 2010 for leaking nearly 500,000 classified documents related to the Iraq War through a newly founded WikiLeaks after being turned down by The Washington Post and The New York Times. Also known as a deluge leaker, Manning was sentenced to 35 years, which was then commuted to roughly seven years by President Obama. In full disclosure, Manning was one of my students in a counterterrorism analysis course I created for the U.S. Army several years ago.
  • Daniel Ellsberg – A then 40-year-old strategic analyst with the RAND Corporation who, in 1971, shared copies of several classified documents with friends about the war in Vietnam, ultimately leaking them to The New York Times. Now known as the Pentagon Papers, Ellsberg’s leaking led to him being charged under the Espionage Act of 1917, but he was later acquitted.

Looking for Commonality Among Leakers

While some interesting analysis arises from looking at each of these five prominent leakers separately, in order to predict who might be the next leaker, it’s important to evaluate and identify any patterns or commonalities among them.

One way to analyze the group is to apply threat profiling techniques. Threat profiling is a predictive analysis tool that can help organize information related to different threat groups, prioritize analysis, and present the analysis within a common framework so the information can be widely shared and understood.

When evaluating this group, one of the most significant outcomes is how little they have in common. The leakers share little in the way of their demographics, selected targets, or methods of operation. There’s not much commonality beyond the fact that they all leaked classified information.

In analyzing demographic information, their ages range from 22 (Manning) to 40 (Ellsberg). Each were employed in a different government agency within the U.S. Intelligence Community or Department of Defense. Two were military or government employees at the time of their leaks (Manning and Frese), while the rest were contractors in government service (Winner, Snowden, and Ellsberg). Three of the five were military veterans (Winner, Frese, and Snowden, albeit for only a few months). They differed in their education levels as well, ranging from achieving a Ph.D. (Ellsberg) to just holding a high school degree (Winner).

There is also no common pattern in their gender, with one female (Winner), three males (Snowden, Frese, and Ellsberg), and one male who now identifies as a female (Manning).

Analysts could go further into each individual’s upbringing, social class, and even religion, but beyond the fact that they are all white, there are no discernable patterns that could help identify or predict which type of person may be most susceptible to becoming the next big leaker.

In analyzing other areas of the threat profile, we find that each leaker targeted different types of information and used different methods to spirit this information from inside a secure facility. Individuals used a photocopier (Ellsberg), a printer (Winner), a mobile phone (Frese), burned information to a CD (Manning), or downloaded documents to an SD card (Snowden).

In addition, they each had to find someone in the media who would be supportive of their cause and willing to broadcast the information. This was not a difficult task for any of them, especially after the creation of WikiLeaks.

Examining the Motives of Leakers

To find at least one significant commonality, one must look elsewhere within the threat profile and analyze the motivations, goals, and objectives of each leaker.

Here we find that each leaker decided that their personal or political viewpoints were more important than the national security of the United States. Only one of them was politically active at the time of their leak (Ellsberg), but all of them had broadcasted their political views on social media, which was, at times, at odds with their job or position.

Whether they wanted to assist the career of their girlfriend (Frese), felt that the U.S. was doing something immoral or illegal (Snowden, Ellsberg), or simply wanted to personally affect national policy through embarrassment, each one of the leakers decided that sharing highly sensitive information with the world—including our enemies—was a better option than pursuing proper channels such as through an inspector general or legal office (although Snowden disputes this claim).

Identifying this commonality of motive is highly disturbing because it is the most difficult to predict, interdict, or minimize damage caused afterwards. Leakers and other insider threats only have to be successful once, while security professionals have to be successful all the time. In this regard, intelligence agencies and organizations are in a bind, having to take responsibility for leakers within their organization while at the same time being blamed for not sharing intelligence when tragedy occurs.

It is often stated over and over again that politics ruins intelligence. Leakers who choose to jeopardize national security in support of their own political viewpoints are the embodiment of that statement in the most visible and destructive way.

leakerAbout the Author: Erik Kleinsmith is the Associate Vice President for Business Development in Intelligence, National & Homeland Security, and Cyber for American Military University. He is a former Army Intelligence Officer and the former portfolio manager for Intelligence & Security Training at Lockheed Martin. Erik is one of the subjects of a book entitled The Watchers by Shane Harris, which covered his work on a program called Able Danger tracking Al-Qaeda prior to 9/11. He currently resides in Virginia with his wife and two children. To contact the author, email IPSauthor@apus.edu. For more articles featuring insight from industry experts, subscribe to In Public Safety’s bi-monthly newsletter.

Comments

comments