The year 2023 saw more than its fair share of espionage cases, and while the constant hammering at the United States and its companies, assets, government secrets and people by both China and Russia has not let up one iota, the risk posed by individuals in positions of trust who are willing to ignore protocol for their selfish reasons seems to be on the uptick and has provided us quite the ignoble list of espionage cases.
Key Espionage Cases of 2023
In our January 2023 “Watch for these key espionage threats in 2023” we batted 80%, as cyber efforts to compromise supply chains continued, and CISA, NSA and the FBI responded appropriately. Where we completely missed the boat, as we truly did not forecast a sitting member of the U.S. Senate being indicted for passing sensitive U.S. government information to the government of Egypt.
1. Egypt
Yes, you read it right. A sitting member of the U.S. Senate, Senator Robert Menendez (D-NJ), who was chairman of the Senate Foreign Relations Committee at the time of his indictment, has been charged with using his influence to benefit the government of Egypt in exchange for hundreds of thousands of dollars in bribes. What exactly is it which Menendez allegedly did on behalf of Egypt?
He allegedly provided sensitive non-public U.S. government information to the Egyptians which secretly aided the country, to include information on individuals working within the U.S. Embassy Cairo. He crafted a “ghost letter” on behalf of Egypt to cajole other U.S. Senators to release $300 million in aid to Egypt. There was more, he also worked to remove the holds on various U.S. military sales and equipment for Egypt. His reach didn’t stop with defense sector, he reached right into the agricultural sector and worked to have an Egyptian entity obtain a monopoly on halal meats. The company, IS EG Halal continues to enjoy the halal monopoly as the sole halal certifier. He may have overstepped and brought the light upon himself when he stepped in and attempted to pressure the New Jersey’s Attorney General’s Office to “resolve the prosecution more favorably to the defendant.”
2. Russia
No surprise, Russia runs HUMINT (Human Intelligence) operations. Sadly, a very senior FBI official, Charles McGonigal, Special Agent in Charge of the New York Counterintelligence Division, the office with the remit for the counterintelligence portfolio within the FBI’s New York Field Office was charged and subsequently pleaded guilty to “concealment of material facts for his undisclosed receipt of $225,000 in cash from an individual who had business interests in Europe, while McGonigal was supervising the counterintelligence efforts.” From this seat, the plea deal lets McGonigal off easy as the maximum sentence is five years. He will be sentenced on February 16, 2024.
3. USAF Reserve A1C Jack Teixeira
The case of USAF reserve A1C Jack Teixeira is one for the textbooks of insider risk management failure. Not only did Teixeira demonstrate the fragility of the trust factor in the protection of U.S. secrets, but the aftermath also saw a top-to-bottom scrub of the Department of Defense (DoD) classified information handling and the creation of a new entity to handle the insider risk management programs. Furthermore, Teixeira’s efforts and the way his reporting chain handled his actions garnered reprimands for personnel within his intelligence squadron, as they saw something, they reported and handled it locally, and then did nothing. It was as if the nation’s secrets were theirs to arbitrate whether revelation was a national security concern and not the originator.
4. Cuba
Former U.S. Ambassador Manuel Rocha was arrested and charged with committing espionage on behalf of Cuba for approximately 40 years. According to the court documents, Rocha was recruited in Chile, directed to immigrate, and then work his way into the U.S national security community, the State Department. His longevity and success at being an asset of a foreign intelligence service, for more than 40 years, is no small accomplishment and while his role as a spy for Cuba was a delayed victory for the U.S. counterespionage efforts, the fact he successfully operated for so long is also a failure.
5. China
The People’s Republic of China did not disappoint, and many have said China has become ever more emboldened. They are truly using an all of government and commerce to garner U.S. secrets and know how and can be expected to do so for the rest of the millennium.
In the United Kingdom we saw two individuals arrested who worked within the UK Parliament. In addition, we saw the UKs MI5 director general admonish cleared employees for oversharing on LinkedIn and how such enables the site to be China’s (and any other country worth their salt) espionage targeting playground.
While in the U.S. we saw a bevy of indictments and criminal complaints surrounding China’s effort to abscond with national security and defense secrets. One example was former U.S. Army Sergeant, Joseph Schmidt who was arrested following his return from Hong Kong and charged with providing information on his battalion’s HUMINT operations. Then, contemporaneously with the arrest of Schmidt we saw two U.S. Navy personnel with pilfering of U.S. Navy documents and information which would put the U.S. forces in the Pacific at risk. Petty Officer Wenheng Zhao and Machinist Mate Jinchao Wei were both told to use commercially available communications applications which provided encryption, a widely used M.O.
FSO takeaway
The takeaway for FSO’s hasn’t changed in a decade. Be vigilant. Include real life instances of insiders acting in a malevolent manner in counterintelligence briefings. Emphasize the need to say something when one sees something. The Teixeira case is a case study on the consequences of not thoroughly reporting security incidents. Travel briefings and perhaps most importantly debriefings remain of tremendous import, and passing traveler information up the security chain is equally important. An odd incident happening to an employee in Lima may be identical to an odd incident happening to an individual within another entity in Oslo.
Additionally, strict adherence to the “need to know” principle of data access, will successfully feed into the evolution to the Zero Trust culture and environment which is and will be promulgated in 2024 and beyond.