White House Spy Probe Shows Computer Vulnerability
Oct. 6, 2005 — -- The proliferation of computers and network technology has made it a lot easier to create and share vital information. Sometimes, too easy.
Leandro Aragoncillo, a former White House staff member, was arrested last month for allegedly using his top secret security clearance to download more than 100 classified intelligence documents and pass them to others – mostly via e-mail, say federal prosecutors.
More worrisome, federal investigators believe Aragoncillo may have been spying for his Philippine contacts for more than three years.
How could this type of espionage case have been prevented? Security experts and computer industry consultants offer mixed views.
Richard Clarke, former White House adviser on cybersecurity and now an ABC News consultant, told ABC News' "Good Morning America" that the espionage case clearly shows how far government computer networks lag behind corporate systems in terms of online security and monitoring programs.
"What it says about the computer network [allegedly accessed by Aragoncillo] is that they don't have at the White House or at the FBI the kind of basic software that &$133; American banks operate to find the insider threat," Clarke told "Good Morning America."
Looking Over Insiders' Shoulders
Indeed, while in the past companies have been concerned about outside threats such as spam and e-mailed viruses, corporate America has been also rapidly developing tools for "insider threats" – disgruntled employees stealing or sharing corporate secrets, or e-mails among co-workers with inappropriate jokes or comments.
"The new wave of technology out there is about monitoring the networks ... protecting up-front from both inbound and outbound threats," says Sandra Vaughan, a senior vice president at Proofpoint, a software security firm in Cupertino, Calif. "But a real big market for us is the insider threat – preventing insider information from getting out."
One of the key pieces of security technology is so-called mail monitoring software. In principal, the programs are similar to spam filters, which block incoming junk e-mails based on a variety of conditions: where they're coming from, or if they contain words like "sex," "Viagra" or "Nigerian bank," for example.
But Vaughan says the programs can be set to be much more aggressive with outbound electronic messages. Proofpoint's software, for example, can examine documents and other files workers attach to e-mails to "learn" what they contain. Network administrators can also establish rules and relationships to all outgoing messages, so the software can help spot suspicious e-mail –, say, a worker from the finance department trying to send a spreadsheet to an Internet address that belongs to a competitor.
"Why the White House hasn't put something like this in place is beyond me," says Vaughan. "You put a [security] appliance in there and usually – in about four hours to a day – you're up and running. Bottom line: There are no barriers to entry on why these guys can't plug a computer leak."
Others, however, note that these new technological defenses might not have prevented the Aragoncillo espionage incident.
Mark Rasch, a former Justice Department prosecutor and now senior vice president at Solutionary, a computer security firm, says that because Aragoncillo had legitimate access to sensitive electronic information, it would have been tough to catch him using just software monitoring.
"Once you allow access, then you've gotten out of the area of technical security to personnel security," he says. "'Do I trust this person with these secrets?'"
And Rasch, who says he handled roughly a dozen espionage cases during the 1980s, says competent intelligence agents would have the skills – sometimes called "tradecraft" – to circumvent monitoring and counter-surveillance tools.
"If I'm experienced in tradecraft, I'm going to know how to do it [spy] by staying under the radar," says Rasch. "I know what the trip-wires are that look for unusual activity to catch people who mess up, and I'll avoid them."