Category Archives: Intelligence Community

Rushing Spies, or just middle-class Americans? The News Media Falls Short on Analysis (Again)

The New York Times, and essentially all the other media, have assumed the 11 middle-class people arrested are spies. This, even though there is insufficient evidence to even charge them for espionage.

Experts, on the other hand, wonder why such an elaborate spy ring would be so unfocused, ineffective, and unprofessional. Unfocused, because these 11 people lived middle-class lives, working in regular jobs, with no efforts made to obtain government positions or decision-making ability, or any type of access to anything. Ineffective because the most accurate source of news for a real estate agent in suburban New England was probably the New York Times (haha!). And unprofessional because some of the 11 admitted to having Russian ties, whereas true sleeper spies would have blended in completely.

So if these people are doing none of the stuff that we think of as actually espionage, why has the media labeled them as spies? It’s time for their friends, classmates, coworkers, employers, and universities to stand up for them and at least ensure they’re not tarred and feathered by the unthinking media.

They might, indeed, be spies after all. But let’s not assume so just because the government arrests them on trumped up money laundering charges.


Hackers Announce Japan Nuked by N. Korea??!

Back in 2007, hackers broke in to a website for the Intelligence Community and made off 64,000 email addresses.

Now, using that same list, they sent out a fake news report apparently from an intelligence agency bulletin. The email is directly traceable to Georgia and Hungary, but likely misdirection from another country entirely…

What’s interesting is that it’s written intelligibly (as far as government-speak goes) and follows conventional structure. Pretty sophisticated for a link going to a weight-loss site!

From: []
Sent: Sunday, March 07, 2010 11:17 AM


(U//FOUO) DPRK has carried out nuclear missile attack on Japan

06 March 2010

(U//FOUO) Prepared by Defense Intelligence Agency

(U//FOUO) Today, March 06, 2010 at 11.46 AM local time (UTC/GMT -5 hours), US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead. The explosion caused severe destructions in the northern part of the Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.

(U//FOUO) In connection with the occurred events, it is necessary for the personnel of the services listed below to be ready for immediate mobilization:

















(U//FOUO) Additional information can be found in the following report:

Office of the Director of National Intelligence Washington, D.C. 20511

UPDATE: hundreds of visitors are seeking information about this from all over the country – from Maryland to Oklahoma; from outside consultants to intelligence agencies. Post a comment with your reaction. Did you click the link?

Bush is to Ritz-Carlton As Obama is to….

I ran across the following when reviewing government contracts…

Under the Bush Administration, the Department of Homeland Security spent $13,094 for a conference room in the Ritz Carlton on July 8, 2008.The meeting was for the National Infrastructure Advisory Council (NIAC).

Attending the meeting: Mr. Erle A. Nye; Mr. Alfred R. Berkeley  III; Mr. Edmund G. Archuleta; Dr. Craig R. Barrett; Mr. David J. Bronczek; Mr. Wesley Bush; Ms. Margaret E. Grayson; Mr. Phillip Heasley; Mr. David Kepler; Mr. Thomas E. Noonan; Hon. Tim Pawlenty; Mr. Gregory Peters; Mr. James A. Reid; Dr. Linwood H. Rose; Mr. Matthew Rose; Mr. Michael Wallace; Mr. John Williams; and Ms. Martha Wyrsch.

In addition to approving the minutes of the previous meeting, the members offered insight to the Department of Homeland Security on the need to secure America’s privately owned infrastructure.

Full minutes available here:

Under the Obama Administration, NIAC meetings have been held at the Marriott.

Why the Department of Defense Failed to Secure Our Computers

Every day, new viruses emerge that compromise the security of millions of computers – both personal and corporate. As government agencies increasingly rely upon commercial software for Top Secret computer systems, they found themselves facing a difficult dilemma: continue using their 80’s era software or upgrade to the latest commercial systems, while exposing themselves to the security vulnerabilities that plague everyday users.

From 1999-2001, Robert Meushaw, the director of the NSA’s Information Assurance Reserach Laboratory (NIARL), and his team worked on a solution that coul dgive hte best of both worlds. The system he developed, codenamed NetTop, uses a “sandbox” technique whereby inherently insecure software (such as Microsoft Windows and MS Office) is granted access to a limited portion of the computer. Even if one of the insecure applications was infected with a virus, it is unable to spread beyond the specific machine.

Unfortunately, the results were disappointing. Two crucial missteps ultimately led to its slow adoption within government agencies and by the general public.

The first problem was that NetTop compromised security for functionality. By being neither 100% secure, nor 100% functional, security experts were unsatisfied, and users were frustrated.

The second problem was around cost. Each “virtual” system required its own licenses. Thus, Top Secret computers that accessed six separate networks would require 6 licenses for Microsoft Windows on a single computer! Furthermore, the virtualization component was developed by a for-profit startup named VMWare (now publicly traded NYSE: VMW). As VMWare grew larger and more successful, Microsoft started to tamp down the competition by restricting its licensing terms to make virtualization even less cost-effective.

The end result has been another expensive government project with limited application and a dim future. – Industry Analytics and Research has released 2009 research reports on over a thousand industries providing instantaneous access to market size, typical financials (e.g., income statement, balance sheet), salary benchmarks, etc etc.

The goal is to shed light on  small businesses in “main street” industries by providing accurate and detailed statistics.


Comparison: Obtaining Top Secret Clearance vs. Disputing a Parking Ticket

I am one of the few, the fortunate, to successfully navigate two of the Government’s most formidable challenges: a few years ago I obtained Top Secret security clearance (actually, three levels above “top secret”), and more recently, I cleared my name of a parking ticket in Boston traffic court. I’d like to describe the experience so that others may learn from the grueling tribulations I endured.

Entrance & Approach

For personnel requiring the highest level of security clearance, the National Security Agency administers polygraph tests in an unmarked campus that looks like a public high school built in the 50’s. The notable difference is that the building has no windows and is surrounded by a barbed wire perimeter with security guards patrolling. To enter the building, you punch in your social security number into a rotating gate, relinquish all books and paper to the security guard, proceed through a metal detector and into the polygraph center…

Similarly, to dispute a ticket with Boston’s Department of Traffic, one enters the City Hall building, and go through a metal detector and carry-on screening similar to the airport. My blackberry did not set off the alarm, nor did I need to take off my shoes. Then I proceeded down to the cavernous basement where the Traffic Department resides.

Conclusion: security is somewhat higher at the NSA than at City Hall.

The Interviews

The NSA polygraph is a simple device – a blood pressure monitor that wraps around the arm, and two conductivity sensors that clip gently onto the fingers of one hand. The wires are then hooked up to a black box that records and prints out the results over the course of the two-hour interview. The interview consists of two sections: the first section to feret out criminal activity, the second section to feret out spies through counterintelligence. Although two hours long, there are only about 20 questions, which are asked in different ways and in different order. My NSA interviewer was a charming fellow, who encouraged me to any illicit activity, since the process is focused on trying to find major offenses and double agents, and withholding information no matter how minor would screw up the results and lead to a failure.

Back at City Hall, I was led into a small, drab, windowless room – not unlike the NSA’s polygraph room. The interviewer again had a desk, a computer, and a casette recorder. The interviewer was a very nice woman, but she sternly reminded me that perjury was a criminal offense, and that meter maids are trusted at their word, unless I could bring incontrovertable proof in my defense. We proceeded to discuss the parking ticket I had received. She drew a diagram of the situation and asked a few questions until she was reasonably convinced that I was not a serious threat to society, at which point she reticently voided the ticket.

Conclusion: The NSA is more informal, friendly, yet thorough. The Boston Traffic Dept vehemently defends the integrity of its meter maids, and is far more skeptical than the NSA.


The polygraph finished successfully, I had my fingerprints digitally scanned (no ink), a photo taken, and a voice signature recorded. I punched my social security number into the gate one final time, and stepped out into the cold, barren tundra that are beyond the suburbs of DC.

Once my parking tickets were voided, my parking lady and I chatted a little more about traffic laws and tickets, and then I was free to return to the light of day, filled with happy people unaware of the suffering taking place just below the surface of City Hall.

Conclusion: The polygraph hurt more (since the blood pressure cuff cuts off circulation), was longer, and required multiple flights and bus rides. But I still think I enjoyed the polygraph more than Traffic Court, if only because of the coolness factor.

Hackers Target Intelligence Community Job Board

Dice Holdings (NYSE: DHX) subsidiary ClearanceJobs, an online job board for the Intelligence Community, has been hacked.

The Ukrainian-based  hackers stole the names and contact info (including email, phone and/or physical address) of members who possess active U.S. security clearance (including Top Secret / SCI for NSA and CIA).

The hackers sent the victims email messages that appeared to be an official ClearanceJobs communication. The messages included a document attachment (with a potential virus), and began as follows:

From: Pamela Jones <>
Subject: Job offer-flexible schedule and high salary.ClearanceJobs

Hello, you have received this message because you have published your CV at ClearanceJobs and you meet our requirements.

Our company is one of the best in the field of e-currency. We specialize in purchasing, selling and exchanging electronic currencies for our clients all over the world. Our firm is ISO certificated. The company has been found in 1998 and by now we are one of the leaders in this market. Our main goal is: 100% customer satisfaction that is why we are looking for honest, confident and reliable employees.

Evan Lesser, founder of ClearanceJobs, indicated that the resultant “phishing scam” was similar to those that plagued in August.

According to WashingtonTechnology, ClearanceJobs had 64,000 registered users in 2006.

From a strategic standpoint, the danger here is obvious. The Intelligence Community consists of a tight-knit group of professionals who are very discreet. In order to offer a service to these people, their primal need for secrecy must be understood, respected and protected.

Fragmentation in the Department of Defense

A recent article described a problem of drug-resistant bacteria infecting wounded troops in Iraq. As specialists attempted to track down the cause of infection, “reforms ran into a major obstacle: each link in the evacuation chain was owned by a different branch of the DOD.”

The lack of coordination within the DOD evacuation chain hearkens back to a similar issue within the Intelligence Community. As Mike Wertheimer, a senior DNI official, describes:

“I am unable to send email, and even make secure phone calls, to a good portion of the Intel community from my desktop because of firewalls.”

Fragmentation within government agencies is due in part to the principle of Unity of Command, a management concept in which each member reports to only one supervisor. This leads to clear and linear control structures and operational effectiveness within a small organizational unit; however it limits interaction at the outer edges of the command chain, where an individual at an outer branch is unable to coordinate (and in some cases even communicate) with individuals at another branch.