National Security Agency employee indicted for 'leaking top secret info'

Managed to send material from his private email address, it is claimed


The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector.

According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified information relating to the national defense."

The indictment alleges that on 13 occasions between 2018 and 2020, Unkenholz shared some of that information with a woman identified only as "RF" who was not entitled to see it. Unkenholz did so despite allegedly having "reason to believe [the info] could be used to the injury of the United States or to the advantage of any foreign nation."

The DoJ claims that RF had a TOP SECRET/SCI clearance from April 2016 until approximately June 2019 when she worked for an entity the indictment calls "Company 1". Her clearance lapsed when, in June 2019, she went to work at "Company 2".

The indictment's timeline claims that Unkenholz sent material to RF when she was at Company 1 and at Company 2 – so it seems RF's clearance was not sufficient to read some of the info she was sent while working at Company 1.

The indictment and announcement allege Unkenholz used his personal email address to send material to RF.

The documents are silent on how he was able to do so – yet that could be the most interesting aspect of this case. The NSA is by its very nature supposed to be very good at securing data and preventing it from reaching the wrong hands. Knowing what went wrong may be as important to the USA as the leaks.

Unkenholz sent information with his personal email 13 times, it is claimed. Each instance could see him spend ten years inside – as could 13 more charges for retaining that information in his personal email account.

That sound you hear? Every nation-state-connected snooper in the world mashing their keyboard in a fast and furious effort to figure out if they ever had access to that inbox in one way or another.

Unkenholz made a brief appearance in a Maryland federal district court on Thursday, and was released on conditions including providing a DNA sample, surrendering his passport, and residing at an approved address.

No date has been set for the next hearing. Whenever it happens, can someone in the room ask about how Unkehnolz was able to sneak the NSA info out the door? ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Google said to be taking steps to keep political campaign emails out of Gmail spam bin
    Just after Big Tech comes under fire for left and right-leaning message filters

    Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.

    The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.

    Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022