The Reg takes the US government's insider threat training course

No, sir, we didn't spill beer on the laptop, sir!

The US government has provided an online training course on insider threats.

To help understand its efforts to stop the spread of leaks, spills, espionage and sabotage, The Reg signed up for a bit of training from the National Insider Threat Task Force (NITTF).

Here we learned a lot about, in no particular order: former National Security Agency syadmin Edward Snowden; drugs, porn and alcohol, lies, tricks of the trade and just who these insider threat people might be (not who you think).

NITTF is a US government body that is part of the Office of the Director of National Intelligence.

It is, in its own view: "The principal inter-agency task force responsible for developing an Executive branch insider threat detection and mitigation program to be implemented by all federal departments and agencies."

In a five-module online training programme, the NITTF describes the differences between leaks, spills, sabotage and espionage. It also informs workers how to deal with the nosy media. Course-takers are also treated to a dramatized video of a group of workers dealing with a colleague who has gone rogue (no Oscars here).

According to the course, 300,000,000 pages have been stolen since 2010. These include 50TB of data by one individual and the 750,000 documents leaked by Snowden.


The task force quoted ex-soldier Chelsea Manning as saying: "I would come in with a CD RW with Lady Gaga written on it, erase the music and then write a compressed split file – no one suspected a thing."

It also uses the example of the 50TB of data that was allegedly taken by former Booz Allen Hamilton contractor Harold Martin. Martin is awaiting prosecution on charges of "stealing government documents and mishandling classified information". The NITTF, ostensibly directly quoting from a New York Times article, noted that Martin held "a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment, and posing as a police officer in a traffic dispute".

The NITTF again echoed the newspaper when it noted: "These events should have triggered closer scrutiny."

The public defender has said in Martin's defence that he is a "compulsive hoarder". Martin has reportedly agreed to plead guilty to one of the charges, the "illegal retention of national security information", but initially pleaded not guilty to all charges.

Snowden, the world's best-known document leaker and whistleblower – although the task force emphatically claimed in several places in the course that he was not a whistleblower as he did not "follow the correct procedures" – is described by the government outfit as a "disgruntled" employee who displayed many of the personality traits of someone who was an insider threat.

Snowden has always maintained that he had tried to raise his concerns with the NSA before he decided to make the documents public.

According to this training course, "a close review of Snowden's official employment records and submissions revealed a pattern of intentional lying".

Some "examples" highlighted by NITTF included: "Claimed to have left Army basic training because of broken legs when he washed out because of shin splints; claimed to have worked for the CIA as a 'senior advisor,' which was a gross exaggeration of his entry-level duties as a computer technician; doctored his performance evaluations and obtained new positions at NSA by exaggerating his résumé and stealing the answers to an employment test."

It also claimed that Snowden began his mass downloads of classified information from NSA networks "two weeks after an email argument with a supervisor".

When we think of spies and insider threats, most of us think of professionally trained individuals on a mission. The US government, however, said that most act alone or are targeted because of their behaviour and personality traits.

Are you the weakest link?

Much of it comes down to "elicitation", according to the third module of the course. A "trained elicitor understands human predispositions and uses techniques to exploit those".

What makes you the sort of mug the "trained adversary" would target? If you go by the training course, personality traits including being polite and helpful, a wish to feel well informed, being a gossip, being someone who corrects others and having a belief that people are basically honest.

You might also be a person who tends to underestimate the value of the information being sought or given.

As to whether these tendencies work, NITTF cited a pamphlet entitled "What Employees Should Know About Elicitation and Foreign Intelligence Approaches" from defence manufacturer Raytheon, which stated that since the end of the Cold War: "67 per cent of spies have been civilians; 37 per cent had no security clearance; 84 per cent of spies were successful; 67 per cent volunteered to commit espionage; 81 per cent received no money for their services; and 94 per cent went to prison".

The US Office of the Director of National Intelligence believes that each year $300,000,000,000 worth of American intellectual property and business intelligence are stolen yearly by China, Russia, Iran and others.

The course is available to take here, though it seems to run most reliably in Microsoft's browser Internet Explorer. Reg hacks have been able to access it on Opera, Safari, Firefox and Brave – although one reported being blocked on Chrome. The NITTF recommended hosting the files on a webserver "due to security features on some browsers". ®

Similar topics

Other stories you might like

  • Florida's content-moderation law kept on ice, likely unconstitutional, court says
    So cool you're into free speech because that includes taking down misinformation

    While the US Supreme Court considers an emergency petition to reinstate a preliminary injunction against Texas' social media law HB 20, the US Eleventh Circuit Court of Appeals on Monday partially upheld a similar injunction against Florida's social media law, SB 7072.

    Both Florida and Texas last year passed laws that impose content moderation restrictions, editorial disclosure obligations, and user-data access requirements on large online social networks. The Republican governors of both states justified the laws by claiming that social media sites have been trying to censor conservative voices, an allegation that has not been supported by evidence.

    Multiple studies addressing this issue say right-wing folk aren't being censored. They have found that social media sites try to take down or block misinformation, which researchers say is more common from right-leaning sources.

    Continue reading
  • US-APAC trade deal leaves out Taiwan, military defense not ruled out
    All fun and games until the chip factories are in the crosshairs

    US President Joe Biden has heralded an Indo-Pacific trade deal signed by several nations that do not include Taiwan. At the same time, Biden warned China that America would help defend Taiwan from attack; it is home to a critical slice of the global chip industry, after all. 

    The agreement, known as the Indo-Pacific Economic Framework (IPEF), is still in its infancy, with today's announcement enabling the United States and the other 12 participating countries to begin negotiating "rules of the road that ensure [US businesses] can compete in the Indo-Pacific," the White House said. 

    Along with America, other IPEF signatories are Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and Vietnam. Combined, the White House said, the 13 countries participating in the IPEF make up 40 percent of the global economy. 

    Continue reading
  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading
  • To multicloud, or not: Former PayPal head of engineering weighs in
    Not everyone needs it, but those who do need to consider 3 things, says Asim Razzaq

    The push is on to get every enterprise thinking they're missing out on the next big thing if they don't adopt a multicloud strategy.

    That shove in the multicloud direction appears to be working. More than 75 percent of businesses are now using multiple cloud providers, according to Gartner. That includes some big companies, like Boeing, which recently chose to spread its bets across AWS, Google Cloud and Azure as it continues to eliminate old legacy systems. 

    There are plenty of reasons to choose to go with multiple cloud providers, but Asim Razzaq, CEO and founder at cloud cost management company Yotascale, told The Register that choosing whether or not to invest in a multicloud architecture all comes down to three things: How many different compute needs a business has, budget, and the need for redundancy. 

    Continue reading

Biting the hand that feeds IT © 1998–2022