A foundational element of insider threat management with respect to personnel is everyone within the circle of trust has been adequately vetted and meet a certain standard. In the U.S. national security clearance world, the process begins with the SF-86 and culminates with the adjudication following the background check. Whatever the system used in Israel, it failed when Omri Goren Gorochovsky managed to become the personal housekeeper for the Israeli Minister of Defense, Benny Gantz. Gorochovsky was recently arrested for espionage, but he shouldn’t have been hired in the first place.
During the 2019 elections, Shin Bet warned Gantz that it appeared that Iranian intelligence had hacked his mobile phone. The investigation ultimately led back to Gorochovsky.
Gorochovsky’s actions
Gorochovsky provided the Iranians a good deal of information concerning Gantz and his home. He sent photos of the home, office, computer, mobile phone, tablet, router, IP addresses and tax papers. The bright spot, according to Shin Bet, while Gorochovsky had access to Gantz and the residence, he “was not exposed to classified material and subsequently none was passed on from him to the elements with whom he mad contact.” That said, it was also revealed that Gorochovsky was discussing installing malware onto the computer/phone of the defense minister with the Iranians.
Given that Shin Bet had Gorochovsky under observation and technical surveillance, the operational act of compromising the defense minister’s devices may have been the impetus to end the operation and arrest Gorochovsky.
INSIDER THREAT Paradigms
When people think of insider threat risks, they are often times focusing on the paradigm, surrounding those with direct and continuous access to sensitive information that needs to be monitored. That paradigm just took a major hit with the arrest of Gorochovsky. The Israeli’s vetting process missed his criminal record entirely, and created a self-inflicted wound. The adage, “criminals are going to crime” held true, Gorochovsky’s motivation was greed.
In 2019, the United States learned this the hard way.
State Department Listening Device
Stanislav Borosovich Gusec, a known Russian technical intelligence officer, operating under diplomatic cover, was observed by the FBI (surveillance) sitting on a bench next to the State Department main building. Gusec had a cigarette in one hand and the other inside a bag next to him, in his lap was an open Washington Post. To the casual observer, he was reading the paper, to the trained observer he was engaged in an operational act of some sort; Gusec was holding the newspaper upside down on his lap.
Video was sought and obtained, showing that Gusec would regularly drive down to the same area, park, sit at the bench for a few hours and then drive off – actions consistent with either covert communications with a source or exploitation of a listening device.
On December 9, 2019, Gusec was arrested. He had with him an array of technical equipment designed to interrogate and receive information from an implanted listening device. The Russians had a bug in the State Department. The ensuing search for the device discovered it had been implanted in the chair rail along the wall in a seventh floor conference room where the “D committee” met, and just down the hall from the Secretary of State. The D committee reviewed the professional performance of senior State officers.
To this day it is unknown how the device was implanted. What is known is physical access to the conference room was necessary – multiple and sustained access – to successfully implant a device in a chair rail and make it look as if nothing had been touched, requires a modicum of carpentry and finishing skills, as well as a good deal of chutzpa.
When thinking insider threat, think about who is walking your halls.