An Egyptian-born U.S. naturalized citizen, Ahmedelhadi Yassin Serageldin, pleaded guilty to illegally retaining classified national defense information regarding U.S. military programs.
Serageldin was a systems engineer for a defense contractor in Massachusetts for approximately 20 years (1997-2017). He held a Secret clearance and worked on several defense contracts involving military radar technologies.
His employer’s insider threat program failed.
Their financial audit programs succeeded.
It was the latter which discovered Serageldin’s misdeeds. The company’s ethics office in April 2017 notified the company’s global security services office that Serageldin was being investigated for time-card fraud. Specifically, he was suspected of taking off every Friday from January through March 2017.
The time-card fraud investigation uncovered evidence that Serageldin had downloaded files from the company’s intranet and connected removable media devices, which violated security protocol. The subsequent investigation and interview with Serageldin didn’t go well, as Serageldin did his best to prevent other employees from communicating information about both the timecard fraud and potential mishandling of classified information.
The prosecutor noted at the plea hearing that “while executing a search warrant at Serageldin’s house, federal agents found thousands of paper documents and electronic files belonging to Raytheon or the U.S. Department of Defense, and that many of them were marked as containing classified information. The Superseding Information lists five specific documents, all of which pertain to U.S. military programs involving missile defense and are classified at the SECRET level.”
Which begs the question, if Serageldin was able to pilfer documents over a sustained period of time, how many other employees may be going undetected as they squirrel away classified documents? It was only when investigating a completely separate crime against the company – time-card fraud – that the company stumbled upon the violation of information security protocols concerning the removal of information from the classified intranet.
Questions no doubt being asked at Raytheon include,
- Why didn’t the data loss protection protocols of the information security processes and procedures detect Serageldin’s unauthorized download of classified information?
- When an external device was attached to the network, why was an alert not issued to the corporate global security services?
- Which classified programs were compromised?
- What was the intent of the theft of classified information? Sharing with a foreign intelligence entity? Hoarding?
The episode proves the adage, that it is always better to be lucky than smart. It was luck that identified Serageldin’s theft of thousands of documents – unfortunately, not the components of an insider threat program.
Serageldin is scheduled to be sentenced on April 14, 2020 and faces a $250,000 fine and up to 10 years in prison. The U.S. Attorney has recommended five years in prison, followed by three years of supervised release.
