The Reg takes the US government's insider threat training course

No, sir, we didn't spill beer on the laptop, sir!


The US government has provided an online training course on insider threats.

To help understand its efforts to stop the spread of leaks, spills, espionage and sabotage, The Reg signed up for a bit of training from the National Insider Threat Task Force (NITTF).

Here we learned a lot about, in no particular order: former National Security Agency syadmin Edward Snowden; drugs, porn and alcohol, lies, tricks of the trade and just who these insider threat people might be (not who you think).

NITTF is a US government body that is part of the Office of the Director of National Intelligence.

It is, in its own view: "The principal inter-agency task force responsible for developing an Executive branch insider threat detection and mitigation program to be implemented by all federal departments and agencies."

In a five-module online training programme, the NITTF describes the differences between leaks, spills, sabotage and espionage. It also informs workers how to deal with the nosy media. Course-takers are also treated to a dramatized video of a group of workers dealing with a colleague who has gone rogue (no Oscars here).

According to the course, 300,000,000 pages have been stolen since 2010. These include 50TB of data by one individual and the 750,000 documents leaked by Snowden.

Whodunnit

The task force quoted ex-soldier Chelsea Manning as saying: "I would come in with a CD RW with Lady Gaga written on it, erase the music and then write a compressed split file – no one suspected a thing."

It also uses the example of the 50TB of data that was allegedly taken by former Booz Allen Hamilton contractor Harold Martin. Martin is awaiting prosecution on charges of "stealing government documents and mishandling classified information". The NITTF, ostensibly directly quoting from a New York Times article, noted that Martin held "a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment, and posing as a police officer in a traffic dispute".

The NITTF again echoed the newspaper when it noted: "These events should have triggered closer scrutiny."

The public defender has said in Martin's defence that he is a "compulsive hoarder". Martin has reportedly agreed to plead guilty to one of the charges, the "illegal retention of national security information", but initially pleaded not guilty to all charges.

Snowden, the world's best-known document leaker and whistleblower – although the task force emphatically claimed in several places in the course that he was not a whistleblower as he did not "follow the correct procedures" – is described by the government outfit as a "disgruntled" employee who displayed many of the personality traits of someone who was an insider threat.

Snowden has always maintained that he had tried to raise his concerns with the NSA before he decided to make the documents public.

According to this training course, "a close review of Snowden's official employment records and submissions revealed a pattern of intentional lying".

Some "examples" highlighted by NITTF included: "Claimed to have left Army basic training because of broken legs when he washed out because of shin splints; claimed to have worked for the CIA as a 'senior advisor,' which was a gross exaggeration of his entry-level duties as a computer technician; doctored his performance evaluations and obtained new positions at NSA by exaggerating his résumé and stealing the answers to an employment test."

It also claimed that Snowden began his mass downloads of classified information from NSA networks "two weeks after an email argument with a supervisor".

When we think of spies and insider threats, most of us think of professionally trained individuals on a mission. The US government, however, said that most act alone or are targeted because of their behaviour and personality traits.

Are you the weakest link?

Much of it comes down to "elicitation", according to the third module of the course. A "trained elicitor understands human predispositions and uses techniques to exploit those".

What makes you the sort of mug the "trained adversary" would target? If you go by the training course, personality traits including being polite and helpful, a wish to feel well informed, being a gossip, being someone who corrects others and having a belief that people are basically honest.

You might also be a person who tends to underestimate the value of the information being sought or given.

As to whether these tendencies work, NITTF cited a pamphlet entitled "What Employees Should Know About Elicitation and Foreign Intelligence Approaches" from defence manufacturer Raytheon, which stated that since the end of the Cold War: "67 per cent of spies have been civilians; 37 per cent had no security clearance; 84 per cent of spies were successful; 67 per cent volunteered to commit espionage; 81 per cent received no money for their services; and 94 per cent went to prison".

The US Office of the Director of National Intelligence believes that each year $300,000,000,000 worth of American intellectual property and business intelligence are stolen yearly by China, Russia, Iran and others.

The course is available to take here, though it seems to run most reliably in Microsoft's browser Internet Explorer. Reg hacks have been able to access it on Opera, Safari, Firefox and Brave – although one reported being blocked on Chrome. The NITTF recommended hosting the files on a webserver "due to security features on some browsers". ®

Similar topics


Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022