There are two good ways to sabotage your plans to sell an email list to a foreign country. First, walk unsolicited into an embassy and offer up a ‘classified’ list of 1200 Nuclear Regulatory Commission (NRC) email addresses. Second, brag about your ‘Top Secret DoD Projects’ on LinkedIn.
A fired Department of Energy worker, Charles Harvey Eccleston, recently attempted to sell a list of NRC email addresses to an undisclosed country embassy in the Philippines. Eccleston married a local woman and was looking for money to stay in the country. He claimed he had email lists that would allow access to 37 NRC computers and suggested a spear phishing campaign could be used to hack into the NRC network.
Note: The FBI Follows You on LinkedIn
Fortunately, the embassy of the country Eccleston approached immediately contacted the FBI. An insight very relevant to the cleared community is that one of the ways the FBI vetted the story was by scanning Eccleston’s social media profile – where he clearly listed his most current and previous security clearances, and his access to classified information. His very-public boasting of access to U.S. government secrets was a factor in the investigation.
If you have access to classified information, it is acceptable to list your security clearance online, but you need to be incredibly careful when it comes to public facing websites such as LinkedIn. Given the significant international audience for those sites, and an ‘anyone-can-access’ model, you’re making yourself an easy target for spear phishing and other attacks. You’re advertising your clearance both to a government leadership who still adheres to a ‘careless talk costs lives’ model, as well as nefarious actors at home and abroad who may troll you for your email address or your access.
Does that mean it’s impossible to post your resume or network online? Not at all. Just make sure wherever you post your details is secure, password protected, and accessible only to vetted, U.S. based companies. A site like ClearanceJobs.com.
