A former U.S. National Security Agency (NSA) employee has been
arrested on charges of attempting to sell classified information to
a foreign spy, who was actually an undercover agent working for the
Federal Bureau of Investigation (FBI).
Jareh Sebastian Dalke, 30, was employed at the NSA for less than
a month from June 6, 2022, to July 1, 2022, serving as an
Information Systems Security Designer as part of a temporary
assignment in Washington D.C.
According to an affidavit[1]
filed by the FBI, Dalke was also a member of the U.S. Army from
about 2015 to 2018 and held a Secret security clearance, which he
received in 2016. The defendant further held a Top Secret security
clearance during his tenure at the NSA.
“Between August and September 2022, Dalke used an encrypted
email account to transmit excerpts of three classified documents he
had obtained during his employment to an individual Dalke believed
to be working for a foreign government,” the Justice Department
(DoJ) said[2]
in a press release.
Dalke is also alleged to have arranged to transfer additional
National Defense Information (NDI) in his hands to the undercover
FBI agent at an undisclosed location in the U.S. state of Colorado.
He was subsequently arrested on September 28 by the law enforcement
agency upon arriving at the agreed-upon location.
Conversations with the individual that Dalke assumed was
associated with the foreign government commenced on July 29, 2022.
In them, he claimed to have stolen sensitive data pertaining to
foreign targeting of U.S. systems and information on U.S. cyber
operations.
The first of the document excerpts shared as proof was
classified at the Secret level, while the two others were
classified at the Top Secret level, with Dalke demanding a
cryptocurrency payment in return for passing the information.
Some of the snippets offered relate to the NSA’s plans to update
an unspecified cryptographic program as well as threat assessments
related to sensitive U.S. defense capabilities and the foreign
government’s offensive capabilities.
“On or about August 26, 2022, Dalke requested $85,000 in return
for additional information in his possession,” the DoJ said,
stating, “Dalke agreed to transmit additional information using a
secure connection set up by the FBI at a public location in
Denver,” eventually leading to his capture.
The DoJ is tight-lipped about the name of the foreign
government, but there are indications that it could be Russia,
given the fact that Dalke claimed to have attempted to establish
contact through a “submission to the SVR TOR site.”
It’s worth pointing out that SVR, Russia’s Foreign Intelligence
Service, set up a SecureDrop[3]-like whistleblowing
platform on the dark web in April 2021, as reported[4]
by The Record, to anonymously share information regarding “urgent
threats to the security of the Russian Federation.”
On top of that, email communications with the agent also show
that Dalke was motivated by the fact his “heritage ties back to
your country” and that he had “questioned our role in damage to the
world in the past.”
The ex-NSA employee has been charged with three violations of
the Espionage Act, an allegation that, if proven guilty, carries a
potential sentence of death or any term of years up to life.
Dalke’s arrest arrives days after the Russian government
granted[5]
Russian citizenship[6]
to former U.S. intelligence contractor Edward Snowden, who faces
espionage charges for disclosing numerous surveillance programs run
by members of the UKUSA community[7].
In a related development, researchers at the Citizen Lab at the
University of Toronto disclosed[8]
“fatal” security flaws in the websites the U.S. Central
Intelligence Agency (CIA) used as a front for covert communications
with its informants, culminating in the arrest and execution of
dozens of assets in China and Iran.
The now-defunct communication method leveraged hundreds of
seemingly legitimate websites, including a soccer news portal
called Iraniangoals[.]com, in which entering a password into the
search field caused a hidden chat interface to pop up, Reuters
reported[9].
The Citizen Lab said it was able to map the network of 885
sites, which were active between 2004 and 2013, just by using
iraniangoals[.]com in conjunction with publicly available material
from the Internet Archive’s Wayback Machine, a task that could have
been accomplished by a “motivated amateur sleuth.”
References
Read more https://thehackernews.com/2022/10/ex-nsa-employee-arrested-for-trying-to.html