Highlights
– Trusted insiders have caused multiple data breaches in all levels of government
– Data breaches are likely to continue
– Private sector business are not immune to the threat posed by trusted insiders
On January 31, 2008 a Fairfax County, Virginia police officer pleaded guilty in federal court to one misdemeanor count of Unauthorized Computer Access. The officer, who joined the force in 2000 admitted to illegally using local police computers to check license plate numbers through a federal law enforcement system for a friend, not knowing that the friend was the target of a federal investigation and that the license plates were from cars used to observe terror suspects.
Previous Breaches
Such data breach activities, while rare, do occur and are a security concern for law enforcement officials, who are trying to increase cooperative law enforcement initiatives across federal and state boundaries.
Previous examples of trusted law enforcement and intelligence officials accessing sensitive information include the case of a former Central Intelligence Agency (CIA) operative who pleaded guilty to conspiracy of illegally searching Federal Bureau of Investigation (FBI) computers for classified information about Hezbollah and naturalization fraud. While authorities do not believe the CIA operative was working for Hezbollah, there is a growing concern among security officials that sympathetic expatriates or American citizens may help al-Qaeda or other terrorist groups plan and execute attacks.
Perhaps the most famous examples of the threat posed by insiders to the intelligence and law enforcement community are those of Robert Hansen and Aldrich Ames. Hansen and Ames used their respective access to FBI and CIA data to purloin and sell classified data to Russia and its predecessor the Soviet Union.
Conclusion
The examples demonstrate that no level of government, local or federal, are immune to the threat posed by trusted insiders. Due to the potential reward, terrorist groups are likely to continue to seek out sympathetic individuals in security positions, and more data breech cases are likely to occur in the long-term.
Further, trusted insiders have in the past, and will in the future, target private sector companies. Private sector companies, such as credit agencies, hold enormously valuable data that may be of interest to terrorist groups and other malicious actors. As such, it should be expected that these malicious actors may also attempt to seek out sympathetic individuals with access to sensitive data at private sector companies.