The FBI and the reality of the threat within

Pierluigi Paganini August 03, 2016

An FBI cyber security expert funneled sensitive information about the Bureau to the Chinese government, and now faces years in the jail.

If it can happen to the FBI, it most likely is happening in the private industry.  Yesterday, the FBI revealed that it was been the victim of insider espionage campaign by a Chinese-born electronics technician spying for Beijing.

Kun Shan Chun, a 20 year veteran of America’s top law enforcement agency plead guilty for spying for a Chinese handler, passing an organizational chart and pictures of surveillance technology in exchange for a lenient sentence – 2 years imprisonment.  That probably won’t sit well with many in the FBI or intelligence communities!

According to court documents, Chun had been recruited by a Chinese operative while traveling in Europe in 2011.  Almost immediately, Chun began his espionage campaign including sending the travel patterns of an FBI special agent in exchange for money.

A periodic background check, routine for those holding a US clearance, revealed that Chun had been less than honest about his background and his relationship with Chinese nationals including a close relationship with Zhuhai Kolion Technology, a Chinese tech company.  The company has been accused of bribing Chun with prostitutes. According to its website, Kolion is a manufacturer of printers and photocopiers.

Although rare, the FBI isn’t immune to insider threats.  In 2001, the FBI found itself embroiled in an espionage campaign against the agency, again, by one of its own – Robert Hanssen.  Hanssen a 25 year veteran of America’s top law enforcement agency was convicted of selling secrets to then, the Soviet Union, for US$1.4 million in cash and diamonds.  For his trouble, Hanssen was sentenced to 15 life terms without the possibility of patrol.  Hanssen, along with Aldrich Ames, who was caught spying for the CIA, are believed to be responsible for major setbacks in US intelligence programs throughout the 1980s including the capture and execution of US intelligence agents inside the Soviet Union.

The news Chun’s espionage campaign against the FBI comes on the heels of recent reports by cyber security companies that Chinse cyber espionage has been seen tapering off against US industries.  Though an agreement between President Obama and Chinese President Xi to cease spying against US and Chinese industry may be taking hold, government espionage campaigns against both nations have not subsided and is clearly in play.

Insider threats have become increasingly more disconcerting among government and business alike.

New research released by global management consulting group McKinsey and the World Economic Forum documented vulnerabilities in technologies are widening, exposing businesses to an overwhelming threat of fraud and cybercrime.  The group concluded that perimeter defenses were insufficient to keep up with the dynamic changes in the threat landscape but didn’t stop there. Many executives noted that the insider threat problem was as big a risk and external attacks. And why not, the payoffs for corporate espionage can be very lucrative.

Early this year, IBM reported that insider threats were one of 2015’s top cybersecurity trends along with ransomware. In 2014 alone, IBM concluded that 55 percent of all attacks were carried out by insiders.

Rule 41 google fbi 2

Taking on the problem of insider threat head on, in July of this year, Randy Trzeciak, technical Manager of the CERT Insider Threat Center, gave a webinar on how to build an effective insider threat program. The seminar focuses on Executive Order 13587, issued by the Obama administration to draw attention to the insider threat problem within US government agencies.  The executive order simply states:

“These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and system security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government.”

EO 13587 also makes changes to National Industrial Security Program (NISPOM), requiring US federal contractors to, “…establish and maintain an insider threat program to detect, deter, and mitigate insider threats.” The change requires contractors to institute insider threat awareness training to identify suspicious activity, allow independent assessments of their program and establishes reporting requirements.

EO 13587 is not without its critics.  Most importantly, what happens to the contractor when an insider threat is identified, who gets that information, and what ramifications could it have on future contract work with the federal government.  Other critics of the program point out that EO 13587 has been in place since 2011 and it did little to prevent insider threats such as Edward Snowden and Chelsea Manning.  I’m sure the debate will continue, but baring and significant change in US policy, federal contractors have until November of this year to get their insider threat programs in place.

It is unlikely the US government is overrun with foreign agents or insider threat actors.  Even in the case of Chun, the process of reopening his background for scrutiny worked well enough to cut off China’s fast track of FBI resources; but this is the federal government, where resources seem endless.

For the past five years, cyber threat intelligence people have done a pretty good of catching up on the defensive side as they map their strategies to the kill chain but insider threat adds a completely new dimension, and headaches, to already overburdened security teams.

For CISOs, questions remain.  Is my security team able to fight the battle on two fronts, outside and inside, and can we afford not to?

Written by: Rick GamacheRick Gamache

Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program.  Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.

LinkedIn – https://www.linkedin.com/in/rick-gamache-cissp-021ab43

Twitter – https://twitter.com/thecissp

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – FBI, cyber espionage)



you might also like

leave a comment