DEFENSE SECURITY SERVICE South Region Counterintelligence Suspicious Contact Reporting 1 May 2019 Special Agent Jeff Elliott

Home , David Greenglass, George Koval, Klaus Fuchs, Morris Cohen (spy), Theodore Hall

UNCLASSIFIED

UNCLASSIFIED UNCLASSIFIED

“Among the potential pool of spies are those who are disgruntled or disenchanted, those who will seek revenge against a real or perceived grievance, those who are driven by money, & those who are egotistical & subject to flattery.”

UNCLASSIFIED UNCLASSIFIED Agenda

1) DSS Counterintelligence (CI) 2) What to Protect - Awareness 3) Foreign Intelligence Threats • Methods of Contact & Operations (MCMO) 4) Potential CI Indicators • Vignettes 5) Suspicious Contact Reporting

Counterintelligence – Knowledge and Action

UNCLASSIFIED UNCLASSIFIED DSS Mission and Scope

DSS Mission DSS supports national security and the warfighter, secures the nation’s technological base, and oversees the protection of U.S. and classified information in the hands of industry. Counterintelligence Mission DSS CI collects actionable threat information across cleared industry, analyses and articulates the threat for industry and U.S. Government leaders. Deter - Detect – Disrupt {Collection Activities} Scope - 12,000+ facilities; 1.2m people - 2 CI professional / 261 facilities (South Region, Field Office) - 12% of facilities report suspicious contacts

UNCLASSIFIED UNCLASSIFIED What Should We Protect?

Any information that would degrade the nation’s advantage if compromised

Protect anything that may: • Damage national security • Alter program Quality, Cost, or Schedule • Compromise the program or system capabilities • Shorten the expected system life • Deal with Research, Development, Testing, and Evaluation to counter the impact of loss • Critical Infrastructure

It does NOT always involve classified information!

UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED Manhattan Project

16 July 1945 – US detonates world’s first nuclear explosion 25 Aug 1949 – First Soviet atomic bomb detonated… several years before date predicted by Western Intelligence

Trinity Test Site 210 miles south of Los Alamos

First Soviet atomic bomb (RDS-1) tested

Soviet Atom Bomb (RDS-1) Soviet Kazakh Desert Test Site

UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED * Codename for the U.S. atomic FAT MAN* bomb

General Leslie Groves Military Cdr with RG 77 implosion-type nuclear weapon Robert Oppenheimer Scientific Dir

Espionage

SOVIET SPIES • Klaus Fuchs • Morris Cohen U.S. Atomic Bomb RG 77 • Harry Gold Soviet Device RDS-1 “FAT MAN” • Theodore Hall • David Greenglass (US Nickname: “Joe-1”) • George Koval • Allan May • Julius & Ethel Rosenberg • Morton Sobell

UNCLASSIFIED UNCLASSIFIED CI Insider Threat… it’s real

“During the Cold War, with the possible exception of the Coast Guard, virtually every one of our national security institutions was penetrated by the Warsaw Pact, most more than once….”

-- Michelle Van Cleave National Counterintelligence Executive

as cited in The Washington Times, 10 May 2004 “Doctrine to restructure counterspy agencies” by Bill Gertz

The Human Agent Remains Key to Satisfying a Nation’s Intelligence Needs

UNCLASSIFIED UNCLASSIFIED Suspicious Contact

• Definition: Anyone, regardless of nationality, attempting to gain illegal or unauthorized access to sensitive information or material.

*sensitive information/material being defined as classified, export-controlled, and/or proprietary.

UNCLASSIFIED UNCLASSIFIED Methods of Contact & Operations

 Unsolicited / Direct Requests • Email & Telephone contact  Foreign Visits, Travel and Personal Contact  Exploitation of Relationships • Social Networking Sites  Suspicious Internet Activity  Solicitation and Seeking Employment  Insider Threat • Trusted Placement and Access  Conferences, Conventions, and Trade Shows  Cyber Operations (Phishing, social engineering)  Foreign Resume Submissions  Theft

UNCLASSIFIED UNCLASSIFIED Potential Espionage Indicators

• Reported / unreported foreign travel and contact with foreign nationals • Vacations or Work • Seeks to gain higher security clearance / expand access • Engages in classified conversations without a need-to-know • Works hours inconsistent with job assignment / insists on working in private • Exploitable behavior traits • Sexual deviance, adultery, drug abuse, alcohol abuse, and gambling activities • Repeated security violations • Attempts to enter areas not granted access • Anomalies

UNCLASSIFIED UNCLASSIFIED Potential Espionage Indicators

Foreign Contact, Indebtedness, Undue-Affluence • Contact with Foreign Officials and Representatives • Visits to Official Foreign Establishments for Unexplained Reasons • Unexplained Recurring Foreign Correspondence

• Attempts to Conceal Contacts with Aldrich Ames Foreigners Prisoner # 40087-083 • Visits to Foreign Diplomatic Facilities

UNCLASSIFIED UNCLASSIFIED Potential Espionage Indicators

Intrusion into Automated Information System • Accessing or Attempting to Access Systems Outside of Normal Work Hours • Repeated Deviations from or Circumventions of Standard Security Procedures (MBA in Information Systems) • Use of Unmarked Electronic Media Containing Classified Information • Unexplained or Out of the Ordinary Changes in System or User Activity • Use of Numerous Passwords and Log Ins • Attempting to Obtain the Passwords of Coworkers • Browsing Files and/or Records Not Authorized

Remained Anonymous to the Russians

Robert Hanssen UNCLASSIFIED prisoner #48551-083 UNCLASSIFIED Potential Espionage Indicators

Makes Jokes or Brags about Spying • “Most senior CIA agent ever convicted, twice!” • Son spied while Dad in prison • Extensive Interest in Tradecraft • “I could do it and never get caught” • Failed 3 Polygraph Exams (GG15) • Sold US intelligence for $300,000 Harold J. Nicholson Inmate: Supermax, • Sentenced to 23 years 7 months, + 8 Florence, CO years while in jail. UNCLASSIFIED UNCLASSIFIED Chi Mak

• Chi Mak, 67, of Downey, CA • Illegally sent U.S. Navy information to China (Secret Clearance) • Occupation: Principal Engineer employed by High-Tech Defense Contractor • Lead Engineer on US Navy’s Quiet Electric Drive Propulsion System (QED) • Worked on more than 200 defense contracts over a 19 year period 24 March 2008 - • March 24, 2008 - Sentenced to over 24 Sentenced to over 24 years in prison for years in prison and fined $50,000 for exporting U.S. exporting U.S. defense articles to Defense articles to China China UNCLASSIFIED UNCLASSIFIED Edward Snowden

• Systems Administrator for Defense Contractor

• Could bypass USB controls; used to smuggle classified material

• Leaked Highly Classified Information from NSA (numerous global surveillance programs) 1.7 Million docs

• China and Russia (Asylum until 2020)

• Communicated with Journalist using encrypted emails. (code name–VERAX) • 2 counts violating Espionage Act & Theft of Government Property; PP revoked (Whistle Blower Protection claimed) • Ashton Carter: "We had a cyber Pearl Harbor. His name was Edward Snowden." UNCLASSIFIED UNCLASSIFIED Noshir Gowadia

• “Father of Tech that protects B-2” • Principle design engineer of B-2 stealth technology propulsion • Denied TS / SCI access twice • Provided China with technology information valued at hundreds of millions of dollars for a sum of $2M October 24, 2005 - Arrested on charges of marketing and disclosing classified B-2 stealth technology. (“Father of CH Stealth Technology”)

August 9, 2010 – convicted on 14 of 17 charges (including conspiracy, violating the arms export control act and money laundering)

January 24, 2011, sentenced to 32 years on prison UNCLASSIFIED UNCLASSIFIED

Cyber Reporting

• Actions Upon Foreign Contact -Cyber Intrusions • Joint Cyber Intelligence Tool Suite (JCITS) • Malware Relationship Triage Tool (MReTT) • Spear Phishing Emails – Malicious Attachments (.doc, .exl, .ppt) • Social Engineering • Foreign Intelligence Threats • NTOC notification paperwork 80% FIE Collection • Social Media Targeting from Open Source

UNCLASSIFIED UNCLASSIFIED LinkedIn - Targeting

• More than 85 million members in over 200 countries • A new member joins LinkedIn approximately every second • About 50 percent of members are outside the United States • Executives from all Fortune 500 companies are LinkedIn members

UNCLASSIFIED UNCLASSIFIED Facebook - Targeting

• More than 500 million active users • 50 percent of active users log on every day • Average user has approximately 130 friends • More than 70 translations available • About 70 percent of the users are outside the United States • More than 200 million users access Facebook through mobile devices

UNCLASSIFIED UNCLASSIFIED Reporting Suspicious Behaviors (13 Adjudicative Guidelines)

• Allegiance to U.S. • Alcohol consumption • Foreign influence • Drug involvement • Foreign Preference • Emotional, mental, • Sexual Behavior and personality • Personal conduct disorders • Financial considerations • Criminal conduct • Security violations • Outside activities • Misuse of IT

Reference: Code of Federal Regulations, Title 32-National Defense, Volume 1, part 147

NISPOM 1-301 and 1-302 ; Cited Case Law

UNCLASSIFIED UNCLASSIFIED Reporting Procedures

• Your Security Officer or Manager

• Your DSS and FBI Representatives

• If Overseas: Nearest U.S. Embassy or Consulate

Be Alert. Be Aware. Be Assertive. Report Suspicious Activity!

UNCLASSIFIED UNCLASSIFIED

Questions? For additional information please contact SA Jeff Elliott Phone: (469) 329-6384 Email: [email protected] WWW.DSS.MIL

UNCLASSIFIED