While the recent arrest of 21-year-old Air Force National Guardsman Jack Teixeira for the online posting of classified documents raised many issues, arguably the most interesting one is his motivation.
Emotions, finances, and politics have long been traditional motivators for malicious insiders. Teixeira’s motivation doesn’t fit well into any of these categories. Commonly, emotions that motivate insiders to action are anger and revenge over perceived grievances with their employer, such as a missed promotion or termination.
While there is still much to learn about the case, his main motivation appears to have been impressing his online friends and boosting his ego by sharing highly classified documents. While he reportedly posted angry and racist comments online, there’s no indication he leaked the documents out of anger with his employer. Unlike other emotion-driven insiders, there’s little evidence that boredom, depression, or frustration drove his actions.
The question then becomes – is he a one-off, or do we have a new deviation of a classic insider type? Is he an anomaly or a possible archetype?
With Teixeira’s generation destined to fill the ranks of the working class over the coming years, he could be the proverbial ‘canary in a coal mine’, highlighting an emerging phenomenon that insider risk and counterintelligence professionals need to examine, and possibly revise and refine their countermeasures against.
And if indeed Teixeira represents an emerging trend, it will be a challenging one to defend against, namely because of the lack of viable indicators. Traditionally, the insider hardest to counter is one that is controlled, directed, and protected by an adversary intelligence service or sophisticated criminal group. In that case, the insider’s handler knows the common indicators of insider activity and works to eliminate their existence. By nature of his unique motivation, Teixeira exhibited very few observable indicators of malicious insider intent.
The absence of traditional behavioral indicators makes this potential new insider type as dangerous as a controlled insider, particularly because this type could easily attract the attention of professionals that can socially engineer through online covers that prompt their targets to engage, trust, and undertake action harmful to their organizations, their colleagues, their families, and themselves.
Thus, it’s very believable that adversaries seeking to penetrate public and private organizations are carefully examining the Teixeira case for an operational formula that enables them to control, guide, and direct young, vulnerable, insecure, needy, injudicious, and status-seeking persons with access to privileged information.
Insider risk professionals would be well served to better understand the degree to which:
- Teixeira represents personality characteristics and behavior more prevalent in specific ages, professional domains, geographies, etc.
- Personalities like Teixeira are susceptible to using special access to gain the favor of others.
- Internet nativism and online anonymity factored into Teixeira’s insider profile.
- The beliefs and actions of the youngest professionals differ from their elders regarding secrecy oaths.
This understanding will help determine if a new type of insider is emerging, one that may be harder to identify viable indicators against and easier for external handlers to spot, assess, develop, and recruit.
While incredibly damaging, the ‘silver lining’ of the Teixeira case may be the forewarning afforded to those responsible for protecting intellectual property, national secrets, financial resources, and human lives from malicious insiders.
Pursuant to that, the Intelligence and National Security Alliance (INSA) Insider Threat Subcommittee is working to address questions raised by the Teixeira case, including how hostile actors could exploit similar personalities to harm US national security. Our goal is to conduct an objective examination of the case, determine its uniqueness, and provide recommendations to policymakers.
