National Security Agency employee indicted for 'leaking top secret info'
Managed to send material from his private email address, it is claimed
The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector.
According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified information relating to the national defense."
The indictment alleges that on 13 occasions between 2018 and 2020, Unkenholz shared some of that information with a woman identified only as "RF" who was not entitled to see it. Unkenholz did so despite allegedly having "reason to believe [the info] could be used to the injury of the United States or to the advantage of any foreign nation."
The DoJ claims that RF had a TOP SECRET/SCI clearance from April 2016 until approximately June 2019 when she worked for an entity the indictment calls "Company 1". Her clearance lapsed when, in June 2019, she went to work at "Company 2".
The indictment's timeline claims that Unkenholz sent material to RF when she was at Company 1 and at Company 2 – so it seems RF's clearance was not sufficient to read some of the info she was sent while working at Company 1.
- NSA spies ample opportunities to harden Kubernetes
- China thrilled it captured already-leaked NSA cyber-weapon
- Russia 'stole US defense data' from IT systems
The indictment and announcement allege Unkenholz used his personal email address to send material to RF.
The documents are silent on how he was able to do so – yet that could be the most interesting aspect of this case. The NSA is by its very nature supposed to be very good at securing data and preventing it from reaching the wrong hands. Knowing what went wrong may be as important to the USA as the leaks.
Unkenholz sent information with his personal email 13 times, it is claimed. Each instance could see him spend ten years inside – as could 13 more charges for retaining that information in his personal email account.
That sound you hear? Every nation-state-connected snooper in the world mashing their keyboard in a fast and furious effort to figure out if they ever had access to that inbox in one way or another.
Unkenholz made a brief appearance in a Maryland federal district court on Thursday, and was released on conditions including providing a DNA sample, surrendering his passport, and residing at an approved address.
No date has been set for the next hearing. Whenever it happens, can someone in the room ask about how Unkehnolz was able to sneak the NSA info out the door? ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust