05:35 PM
Connect Directly

FBI Finds Suspects In Half Of Leak Cases

Despite its fairly successful record of identifying suspected intelligence leakers, the FBI suggests that public prosecution isn't always the best way to handle the situation.

The FBI has identified suspects in just over 50% of its investigations of classified U.S. intelligence leaks over the past five years.

In a Department of Justice letter posted by the Federation of Amercian Scientists’ Secrecy News, the FBI describes its process for handling intelligence leak cases in response to questions posed by Senator Sheldon Whitehouse (D-RI).

The information on classified intelligence leaks was provided to Congress on April 8, 2010 and published this month in the record of a September 16, 2009 Senate Judiciary Committee hearing, according to Steven Aftergood of Secrecy News.

Image Gallery: Who's Who In U.S. Intelligence
(click for larger image and for full photo gallery)

The FBI says that of 183 cases referred to the Department of Justice between 2005 and 2009, it opened 26 leak investigations and that it identified 14 suspects in those cases.

Despite a roughly 50% success rate for investigations that have been undertaken, none of the identified suspects has been prosecuted.

Or at least that was the case when the FBI answered Senator Whitehouse's questions last year.

In April, Thomas A. Drake, a former high-ranking National Security Agency (NSA) official, was indicted for retaining classified information, obstruction of justice, and making false statements.

Drake, an NSA contractor from 1991 through about 2001 and subsequently an employee until his resignation from the agency in April 2008, is accused of leaking NSA information to a reporter for a national newspaper in 2005 and 2006.

In a similar case being handled by military investigators, Wired reports that Army intelligence analyst PFC Bradley Manning continues to be held in Kuwait without being charged, three weeks after being arrested for suspected involvement in the disclosure of classified information to Wikileaks.

While high-profile cases of this sort may demand prosecution, the difficulty of building a strong case and the potential for the exposure of further classified information argues for a quieter means of resolution where applicable. The FBI suggests that internal administrative action against leakers, already common practice at FBI and CIA among other agencies, may be preferable to prosecution.

"Because indictments in media leak cases are so difficult to obtain, administrative action may be more suitable and may provide a better deterrent to leaks of classified information," the FBI says in the letter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

Published: 2014-07-29
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

Published: 2014-07-29
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) is...

Best of the Web
Dark Reading Radio