Risk
6/22/2010
05:35 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

FBI Finds Suspects In Half Of Leak Cases

Despite its fairly successful record of identifying suspected intelligence leakers, the FBI suggests that public prosecution isn't always the best way to handle the situation.

The FBI has identified suspects in just over 50% of its investigations of classified U.S. intelligence leaks over the past five years.

In a Department of Justice letter posted by the Federation of Amercian Scientists’ Secrecy News, the FBI describes its process for handling intelligence leak cases in response to questions posed by Senator Sheldon Whitehouse (D-RI).

The information on classified intelligence leaks was provided to Congress on April 8, 2010 and published this month in the record of a September 16, 2009 Senate Judiciary Committee hearing, according to Steven Aftergood of Secrecy News.




Image Gallery: Who's Who In U.S. Intelligence
(click for larger image and for full photo gallery)

The FBI says that of 183 cases referred to the Department of Justice between 2005 and 2009, it opened 26 leak investigations and that it identified 14 suspects in those cases.

Despite a roughly 50% success rate for investigations that have been undertaken, none of the identified suspects has been prosecuted.

Or at least that was the case when the FBI answered Senator Whitehouse's questions last year.

In April, Thomas A. Drake, a former high-ranking National Security Agency (NSA) official, was indicted for retaining classified information, obstruction of justice, and making false statements.

Drake, an NSA contractor from 1991 through about 2001 and subsequently an employee until his resignation from the agency in April 2008, is accused of leaking NSA information to a reporter for a national newspaper in 2005 and 2006.

In a similar case being handled by military investigators, Wired reports that Army intelligence analyst PFC Bradley Manning continues to be held in Kuwait without being charged, three weeks after being arrested for suspected involvement in the disclosure of classified information to Wikileaks.

While high-profile cases of this sort may demand prosecution, the difficulty of building a strong case and the potential for the exposure of further classified information argues for a quieter means of resolution where applicable. The FBI suggests that internal administrative action against leakers, already common practice at FBI and CIA among other agencies, may be preferable to prosecution.

"Because indictments in media leak cases are so difficult to obtain, administrative action may be more suitable and may provide a better deterrent to leaks of classified information," the FBI says in the letter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.