At first glance, the recent revelations regarding a leak of sensitive Pentagon documents in a Discord chatroom appears to point to severe negligence on the part of the U.S. intelligence services in terms of even basic cybersecurity protocols.
The leak of such highly-sensitive Pentagon documents by 21-year-old reservist airman Jack Teixeira illustrates just how difficult a time organizations have safeguarding against the human factor. It’s one of the hardest security threats to prevent against, especially when dealing with sensitive information. Most cybersecurity breaches are the result of human error. Sometimes they are malicious or misguided, as in the case of Jack Teixeira, or simply the result of an oversight by a stressed member of staff.
In guarding against honest errors, the government should give proper digital security training to all intelligence staff on a regular basis. It should focus on how to handle confidential information and prevent data leaks, cover topics such as data security best practices, password hygiene, and social engineering. We need to teach staff at every level in the security organization to guard against sophisticated social engineered spear-phishing attacks because weaponized messages appearing to come from a trusted colleague are becoming increasingly sophisticated and are often incredibly convincing. For example, hackers have recently become adept at using AI services such as ChatGPT to craft credible-sounding socially engineered spear-phishing attacks.
We need to constantly remind intelligence staff that security measures do not cease when they leave the building to go home. For example, careless chat on social forums or seemingly innocuous statements about a colleague’s travel arrangements are potentially used as the basis for highly-convincing sounding messages or emails that are, in fact, weaponized attacks.
This level of increased awareness among staff, resulting from regular training sessions, also psychologically underlines the importance of keeping sensitive documents away from prying eyes and establishing a culture of constant vigilance when it comes to protecting highly-sensitive government data. Organizations also need to combine this with constant tracking of top-secret documents to internal systems and also on outside forums where such information can be shared or stolen.
The intelligence service dilemma
Intelligence agencies have always faced the dilemma of either being too secretive or letting too many pairs of eyes near sensitive documents. But the digital age has revolutionized security practices in the two decades since the 9-11 terrorist attacks and the U.S. intelligence services otherwise laudable culture of openness had drastically backfired, exposing highly restricted and potentially dangerous information.
The Pentagon has consistently explained that ever since 9-11, the intelligence services have been walking a dangerous tightrope between safeguarding information effectively and not sharing enough of it with their own people, as more widespread intelligence regarding the dangers of a terrorist attack on the World Trade Center might have averted that tragedy.
There’s currently much debate on what could have been done to prevent this most recent leak, as well as what practices the government needs to adopt. There are a number of precautions that might have been taken and which the government could adopt to prevent further leaks of top-secret U.S. documents and to detect leaks if they occur, thereby enabling the intelligence services to stop them spreading.
Intelligence can start by encrypting restricted files and folders to make it difficult for unauthorized persons to access them or to disseminate them outside the organization. It’s also essential to track file movements between servers as it’s vital not to lose track of documents containing highly-restricted information, even if they are shared across departments. At this stage, security teams also need to issue alerts for any unauthorized or suspicious activity.
Agencies should tightly control access to classified documents and only give it to authorized personnel who require access to perform their duties. We can do this through the use of security policies, access controls, and user authentication mechanisms such as passwords, biometrics, or smart cards. Security teams also need to track leaks that may have started to spread as a way to limit damage following a security breach of this nature. To do this requires constant monitoring of the dark web forums and other platforms, such as Platform and Discord, where such stolen information often gets displayed or offered for sale.
While digital defenses are essential, security teams should augment them by physical security measures designed to combat traditional espionage methods such as taking a picture of a printed document, or a shot taken directly from a computer screen. We can do this by strictly prohibiting mobile devices within conference rooms.
While one bad actor can disrupt operations for a while, security teams need to work with the intelligence agencies to put all these safeguards in place so when a lone wolf event does happen, they can help contain the damage from escalating.
Tal Samra, sources development team leader, Cyberint