Moonlighting, Edward Snowden and Cybersex – Three Ways to Abuse Your Position as a Security Program Officer

Cybersecurity

Last week a redacted report from the Office of the Director of National Intelligence (ODNI) was obtained by Buzzfeed via a Freedom of Information Act request. The 32-page document details how a GS-14 CIA senior security program officer assigned to the ODNI abused her position of trust.

The unnamed employee held the position of “Senior Security Database Program Officer” for the ODNI National Counterintelligence Executive (NCIX). Her abuse of position came to the attention of investigators during her “re-adjudication investigation” when the CIA’s Clearance Division found evidence of “unreported outside activities.”

The ensuing investigation showed the extent to which this individual leveraged her trusted position within the intelligence community and inappropriately used her access to closed government systems for personal gain.

  1. Moonlight as an FSO or NISPOM/DCID advisor to 14 separate companies.
  2. Search the JPAS system for information on Edward Snowden or herself.
  3. Spend four to six hours a day playing games, cruising Facebook or engaging in cybersex with a colleague.

Moonlighting

The investigation into the actions of the employee showed she had “engaged in a conflict of interest.” The redacted report shows she operated a personal contracting business from within the ODNI. Among her official duties was the management of the “Scattered Castles” repository for the NCIX.  Her position gave her unencumbered access to Scattered Castles, JPAS and other government databases. In addition, she was responsible for administration of the Sensitive Compartmented Information Facility database. By any measure, she held a position of trust.

A review of her most recent SF-86 showed that she was working as a Facility Security Officer (FSO) for a number of companies since 2007. While she declared some of her activity in her “outside activity” requests (Form 879), she omitted the breadth of her engagements and indeed obfuscated or purposefully downplayed the actual work being conducted.

The ensuing investigation showed that her number of “contracts” had blossomed from 10 to 14 companies. Evidence she used her government system in support of her engagements was revealed when the investigators dug into the systems archives. She conducted the following activities from her government workstation

  • 856 files pertaining to her outside activities (including form DD254) classified contracts
  • Time and attendance and SF86s for employees of the entities (279 separate SF86s) with whom she contracted her FSO services.
  • 6 gigabytes of documents, forms, images, etc.
  • 600 separate files associated with her contract FSO work on her government computer, including evidence she had accessed the JPAS on behalf of these entities. She maintained JPAS accounts for 11 of her clients.
  • Operated as the point of contact between DSS and company which she was operating as FSO.
  • Solicited work via her LinkedIn account and used the social network as a means to communicate with her clients.

JPAS searches – Snowden and self

During a one year period she accessed the JPAS 12,121 times, of which 41 percent were in support of her FSO moonlighting. More alarming, perhaps, is that her supervisor (Deputy Director of the Special Security Directorate) attested to investigators that her job at the ODNI required zero need to access the JPAS system.

Demonstrating a high degree of curiosity, and lack of restraint, she ran 357 searches within the JPAS on Edward Snowden, using three of her contract FSO accounts. These searches were all conducted while she was on duty at the ODNI.

Then during the period of time where her outside activities were being questioned (2013-14), she ran 442 searches on her own record. The investigators surmised that she was looking for evidence regarding the inquiry into her outside activities and to determine if she was under investigation. Of the 442 searches, 342 of them were conducted from her ODNI workstation.

Idling away the hours – games, social networks and internet sex

The analyst found that uploading “games” aka executable files to her workstation gave her a means to idle away her time. The investigation into her internet browsing habits showed that she would visit specific game sites for a set period of time and then move on to the next. When confronted, she admitted to spending 4-6 hours per day on Facebook or playing games or engaging in sexually explicit “Sametime” with a contractor (but only for the first year of her employment).

In an audit of her computer usage for the month of June 2014 – despite having no access to the Army Information Network (AIN) system in her office – 95% of her computer usage was on AIN. This demonstrates her ability to find alternate workstations to support her outside employment.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity