Following on from the leaks of former NSA whistle-blower Edward Snowden – and Chelsea Manning before him – it has emerged that there is a second recent leaker inside the US FBI sending out confidential information to media outlets.
This has been a widely-circulated rumour for a number of months, especially after a run of sensitive documents published by German newspaper Der Spiegel (reported bySC in April) and more recently after strong hints in Lauren Poitras' Snowden documentary “Citizenfour”.
However, late on Monday, Yahoo News reported that an FBI contractor has been handing over sensitive documents about the US government's terrorist watch list to The Intercept, the news website which is edited by Glenn Greenwald, one of the investigative journalists who broke the Snowden revelations.
The case in question relates to a story posted on that site on August 5, which carried the headline ‘Barack Obama's Secret Terrorist-Tracking System, by the Numbers'. The article was accompanied by a document which provided details on the watch-listing system. The document was dated August 2013, some months after Snowden had fled the US for Hong Kong.
The newswire cites “law enforcement and intelligence sources who have been briefed on the case” for the information and says that the FBI has since carried out a search on the suspect's home. The report goes on to add that federal prosecutors in Northern Virginia have since opened up a criminal investigation on the matter.
In response to this news, veteran security researcher Graham Cluley told SCMagazineUK.com that this isn't any great surprise.
“I'm not surprised there is another whistle-blower. It's been rumoured for months, and is raised at the end of the new documentary "CitizenFour”.
“Many people involved in IT have problems with the covert surveillance being done by intelligence agencies around the world, and it's not hard to imagine that there will be some staff inside or working alongside these organisations that have access to sensitive data and are deeply troubled by what's going on.”
He added: “It's clearly a difficult decision for any individual to make, considering the potential repercussions to both themselves and their family life. We shall have to wait and see how this one pans out.”
Sean Mason, VP of incident response at computer forensics and incident response vendor AccessData, adds that this highlights that insiders are companies' biggest security risk – but one which can be managed if the correct countermeasures are put in place.
“Where an insider is determined to leak information, the underlying issue is access to the information,” he said in an email to SC. “There are many techniques that can be taken to restrict access and ensure an insider cannot exfiltrate the information.
“Unfortunately, we've continued to see instances where basic techniques or processes are not implemented or followed, which allows insiders access to information they should be restricted from, resulting in some of the leaks we've seen.”
He added: “Some of these documents were protectively marked as ‘Secret' or ‘FORN', but just because a document has a marking, doesn't mean that it is secure. The protection of the documents starts with people, essentially, who is granted access to the documents and entrusted to protect them, and while a Secret clearance may sound impressive, it is generally not too complicated or overly intrusive for an individual to be granted one.
"On the technology side, there are a myriad of techniques that can be used to protect the documents, such as controlling access to documents, restricting administrative credentials, utilising DLP (Data Loss Prevention) tools, and more.”