Breach of Faith
Please read and follow the instructions in the Syllabus and below.
On the title page, provide your full name and complete course number.
Repeat in full and respond to all parts of each of the questions you address.
Your replies should be clear, complete, succinct and substantive. All conclusions and statements of fact must be supported by specific citation of sources, including page numbers.
Proofread and edit your statements for organization, coherence, sentence structure, grammar and spelling.
Your completed exam should be submitted in Microsoft Word, Times New Roman 12, single-spaced, with an extra space after headings and between paragraphs.
Your completed exam should total not more than 7 pages, excluding title page, the points I have assigned to be addressed, and bibliography.
UMUC requires the use of an accepted manual of style, as indicated in the syllabus.
Your exam must include the following statement:
"This examination is my own work. Any assistance I received in its preparation is acknowledged within, in accordance with academic practice. For any material, from whatever source, quoted or not, I have cited sources fully and completely and provided footnotes and bibliographical entries. The exam was prepared by me for this class, has not been submitted in whole or significant part to any other class at UMUC or elsewhere, and is not to be used for any other purpose except that I may submit this material to a professional publication, journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature."
Safeguarding personal and confidential information, critically important corporate trade secrets, proprietary, top secret government and national defense information from outside intruders is an increasing challenge, as we have indicated throughout this course, but it is often even more disturbing when misuse of privilege and confidence or betrayal of trust by insiders results in compromise of information, significant financial loss, and even the loss of human life.
Perhaps the most frustrating and potentially disastrous type of security breach is perpetrated by a trusted insider who passes highly sensitive government information to foreign governments often hostile to the U.S. The information passed on may put innocent people in danger and severely compromise the security of our nation.
The case of U.S. Army Private First Class Bradley Manning, accused of passing thousands of logs from the Secret Internet Protocol Router Network SIPRNet on U.S. military maneuvers in Afghanistan to WikiLeaks, which disclosed thousands of the files to the public, comes quickly to mind. But the details of that incident are still not fully known, and, although Manning has been held in prison since last May, neither he nor WikiLeaks founder Julian Assange has come to trial.
In recent years, the following persons, all American citizens and all U.S. Government employees, were convicted or pled guilty:
? Leandro Aragoncillo, an Analyst at the FBI?s Intelligence Technology Center at Fort Monmouth, NJ, was arrested in 2005. Aragoncillo was assigned to the White House on detail as administration chief of security for Vice President Gore and later Vice President Cheney, and received six Good Conduct medals. He was accused of improperly combing the agency?s computer system and downloading or printing more than 100 classified documents on the Philippines, his native country, and passing the information to Manila
. In July, 2007, Aragoncillo was sentenced to ten years in prison.
? Aldrich Ames, a CIA counter-intelligence officer, together with his wife, Rosario Ames, who had assisted in his crimes, was arrested by the FBI in Arlington, VA, on espionage charges on February 24, 1994. Ames was a 31-year veteran of the Central Intelligence Agency, who had been spying for the Russians since 1985. For two decades, Ames had passed on classified documents and information that compromised the identities of foreign contacts who had given important information to the U.S. and who were subsequently executed by their government. Ames and his wife pled guilty and, on April 28, 1994, Ames was sentenced to life imprisonment without possibility of parole; his wife was later sentenced to 63 years in prison.
? Ana Belen Montes, a high-ranking analyst with the Defense Intelligence Agency, was arrested in 2001. She was sentenced the following year to 25 years in prison for passing secret information to Cuba over 16 years, including the identities of four U.S. undercover intelligence officers.
? John A. Walker, Jr., a retired U.S. Navy officer, was arrested in 1985 and subsequently convicted of espionage for the Soviet Union. Beginning in 1967 and until his arrest, Walker organized and operated a spy ring with his son and brother and allowed the Soviets to decode more than a million communications.
As you prefer, you may choose any of the above cases for this exam. The case addressed in detail below is well-known and its causes remain as puzzling today as they did when first disclosed a decade ago. Our objective in analyzing this case is to first gain a more complete perspective of what happened and understand how and why it was allowed to happen. We need then to recognize through this incredible story the importance of securing the personal, confidential and sensitive information that resides in our systems and learn from this example what we can do to better secure our nation?s most privileged and closely held information.
If you have not had the opportunity to see the film, ?Breach,? based on the Robert Hanssen case and released several years ago, you may find it helpful. CBS 60 Minutes and CBS News have also reported on this discomfiting story.
On February 18, 2001, Robert Philip Hanssen, an FBI Supervisory Agent, was arrested at Fox Stone Park, near his home in Vienna, VA, where he had gone to drop information for pickup by a Soviet contact. Not five months later, on July 6, 2001, Hanssen pled guilty to fifteen counts of espionage. During 20 years of spying, first for the USSR and then for Russia, Hanssen delivered 26 computer discs and some 6,000 pages of classified information to his contacts. His treason, which has been called the worst intelligence disaster in U.S. history, is reported to have led to the deaths of nine persons working for the U.S. Hanssen received more than $1.4 million in cash and diamonds in return for the information he provided.
The Webster Commission, appointed after Hanssen?s arrest in 2001 by then Attorney General John Ashcroft, has written that every U.S. agency involved with national security, except the U.S. Coast Guard, has been penetrated by foreign agents, going back to the 1930?s. A link to the Webster Commission Report, a fundamental source of information on the Hanssen case, can be found in the webliography.
Robert Hanssen was born in Chicago in 1944. Although physically mistreated by his father, a Chicago police officer, Hanssen seems never to have lost respect for his father, whom he often praised. Hanssen attended Knox College in Illinois, where he met his wife, a devout Catholic, who had great religious influence on him. He practiced his religion assiduously, joining Opus Dei, a rigid, very conservative group of Catholics, and attended Mass daily. Although his wife suffered several miscarriages, they had six children and sent them to Catholic schools.
Ironically, and perhaps holding some clues to his behavior, Hanssen befriended a female stripper in Washington, DC, and displayed a penchant for pornography. His trial psychologist has said that Hanssen suffered guilt feelings because of ?an obsession with pornography?. Hanssen tried unsuccessfully to persuade a friend to have sex with his (Hanssen?s) wife, which Hanssen intended to secretly videotape.
Hanssen?s considerable IT skills eventually enabled him to access privileged information and at the same time conceal his tracks. His skills sufficiently impressed his supervisors to gain their respect and trust, so that activities that might have raised suspicion of another agent did not do so for Hanssen. He first warned his supervisors about security vulnerabilities at the agency and then, to demonstrate his point, hacked into his supervisor?s computer?an effective if rather daring demonstration of his abilities and perhaps a manifestation of frustration over his failure to gain the recognition he thought he deserved.
Hanssen had the freedom to walk unchallenged into FBI offices where he had formerly worked and quite casually use an idle computer to seek out information and identities of secret agents. He was proficient in combing such information from agency files without leaving any tell-tale personal trail of his presence. He did at times let down his guard, sharing his frustrations with others at the agency over what he saw as failure to gain the stature he sought.
Hanssen was not greedy in seeking compensation from the Soviets or Russians and not ostentatiously show off his increased wealth?mistakes that frequently draw attention to a traitor. The payments he received were typically $10,000-$50,000 in cash, but cumulatively over 20 years amounted to some $600,000, and he also received a number of diamonds. But he did not move from his Virginia home and continued to drive the same modest sedan. In 1991, Hanssen?s brother-in-law became suspicious after spotting a substantial amount of cash in an envelope at Hanssen?s home, which he reported to the FBI; there was no apparent follow-up and, in that same year, when the FBI became aware that there was a mole in the agency, Hanssen was chosen as a member of the team to root out the traitor.
After the collapse of the USSR in 1991, Hanssen had no dealings with members of the former Soviet Union for seven years, but re-initiated contact with the Russians in 1999. Following the USSR break-up, the FBI was able to persuade the Russians to disclose information they had received from the U.S. mole, Hanssen, but the agency could only prosecute him successfully if the evidence could be corroborated by U.S. law enforcement. The FBI promoted Hanssen to a newly created role in an office where his activities could be watched more closely and appointed a young man hired not long before to watch him. In spite of his self-proclaimed genius in spotting any undercover activity, and his apparent suspicions at various times of the young man the agency had assigned to investigate him, Hanssen shared with the investigator his level of IT skills, his career frustrations, and even his erotic interests. At times he seemed to consciously want to be discovered. And he was.
In a telephone conversation with a retired senior FBI agent a few years ago, I was told that the agency had changed its procedures little since the Webster Commission offered its recommendations in 2002.
After carefully reviewing the Hanssen case or another, using your own select sources, the Webster Commission report, and other sources, please respond to each of the questions below. Provide specific citation of sources for your statements.
1. Identify specific vulnerabilities that allowed Robert Hanssen to access highly sensitive personal and secret information, disclosure of which could prove harmful to U.S. security and endanger American lives, to breach FBI security rules and requirements, and pass this sensitive information to the Soviet Union, a government inimical to the U.S. at the time. Cite specific examples to make your point and cite specific sources to support all points.
2. Considering the serious consequences of security breaches at the highest levels of our government, as evidenced in the example of Robert Hanssen and others, what organizational, management, technology and procedural approaches would you employ to prevent any future recurrence of such breaches? Be specific and provide specific citations to support your points.
3. To what extent can personality traits, temperament, family or social history, relationships, associations, habits or practices signal attitudes or behavior contrary to what is needed and required of persons entrusted with government secrets, and what specific actions can and should be taken by organization management and IT management when such attitudes or behaviors are observed? Again, be specific and provide specific citation of sources to support your points.
Your completed exam is due in the assignment folder of the Gradebook by 11:59 pm, Thursday, April 12, 2012.
Trost (2010).Practical Intrusion Analysis:Prevention & Detection for the Twenty-First Century
Caswell, Brian / Beale, Jay / Baker, Andrew . Snort IDs and IPs Toolkit
[ Order Custom Essay ]
[ View Full Essay ]