Would a guy in his position even have access to these documents? I'm thinking that there has to be someone who shared them or at least shared a way to gain access to them. I'm sure the FBI will be following the trail of bread crumbs to the original source. Now if it turns out he is the original source, we're in huge trouble. Because a 21 year old kid working night shift in some remote Cape Cod office for the Massachusetts Air National Guard shouldn't have this type of access.
The dirty not-so-secret about national defense apparatus in this country is that there are thousands of people in these various sub-sub-wings of our military along side mediocre contractors cashing in on defense contracts who go through rudimentary security clearance checks and have access to all this information.
I grew up outside DC and every so often you hear of the security clearance spooks interviewing you or someone you know about some jamoke you went to high school with to determine if they're a security risk. They also ask those people really difficult questions, like, "Would you use drugs at work?" "If you did, would you download illegal documents?" "If you did get high at work and download illegal documents, would you post them on Myspace?" About half of the people actually fail to answer those questions in the expected way. The other half make 200,000 dollars a year from a subcontractor of a subcontractor of Northrop Grumman pushing paper at a desk all year.
> The other half make 200,000 dollars a year from a subcontractor of a subcontractor of Northrop Grumman pushing paper at a desk all year.
That's what happens when you don't want the government to spend money actually hiring skilled employees. Instead we waste money trying to not waste money. The government could pay a very skilled developer $150k/year + benefits. But certain people think that the government only wastes money. So we can't have public sector employees making comparable wages. Instead we pay a "contractor"[1] $200k/year where the contractor gets $110k of that and the employer takes the other $90k.
I was interviewed for a friend who was applying for clearance. They spent an awful lot of time asking me about his hypothetical interest in child porn. I didn't bother asking why at the time; I've been told that their primary interest in such questions is making sure that somebody doesn't have obvious points of leverage for blackmail.
> who go through rudimentary security clearance checks and have access to all this information.
But just getting a security clearance isn't enough to have access to "all this information", right? My understanding has been that getting security clearance can make one eligible to do work which would involve some specific sensitive information, but that stuff is still meant to be compartmentalized. There's no reason people who are working on e.g. the supply chain for some radar component need to have access to intel on some other country's chemical weapons and vice versa.
It was reported in the news today that the USA is looking to tighten access to classified material as, currently, about one million US citizens have a top secret clearance.
Failure to adapt to changing threat models. Used to be extortion, now it's just boredom. I imagine there have always been a few bored guards taking stuff home to show off at poker night, but that was as far as it went back then.
According to new WaPo article, "he was a junior member of the military, but had access to highly sensitive information through his role as an IT tech within the military organization."
UPD They changed the wording, the current version:
>Teixeira told members of the online group Thug Shaker Central that he worked as an technology support staffer for the Massachusetts Air National Guard and at a base on Cape Cod, and this was how he was able to access classified documents, one member of the Discord server told the Post.
It's the addiction of staff officer ranks (mostly Colonels, Generals), as well as senior agency executives and politicians, to paper hardcopies. They all want their briefing materials printed out so they can scribble in the margins and look important (and maybe share them with financial advisors and donors). Although some enlisted ranks have had authorized access to this stuff in the past (Chelsea Manning), in many cases they're downloading and printing it out for their superiors. Can't have these VIPs doing their own print jobs, can we? The lot of them should be fired as at best too stupid and lazy to serve.
There's a lot of trust on the internal systems, once you have clearance, to be able to access these docs. In this case, however, he might have been involved in creating some of these (or some kind of rollup product) and would therefore probably have access to different material to help support that creation.
Or its a Snowden situation and he has access because he has privileges on the system due to being a sys admin of some sort.
I agree. He claimed to have been working inside a SCIF on a regular basis. I'm sure the National Guard would have or have access to such a facility, and have the necessary clearances. But I don't see how an inactive or active-for-training guardsman could have a need to access that much information.
There are 19 year olds with TS clearances. Some jobs just require it. It can be written into an enlistment contract. National guard and reserve units of different kinds are also kind of known for having serious racism problems. Racists use it to network and meet other racists, get the training and some credibility without actually committing to active duty. That shit in active duty is not tolerated, usually cause it's actually diverse unlike a reserve unit in a place like Massachusetts.
Another problem with clearances in general is that often those eligible come from less diverse backgrounds due to parental citizenship considerations. fields that require a clearance are often less diverse because of this.
People who have some time in the military probably won't be surprised if the situation is what the media is portraying it to be. As Abraham Lincoln pointed out about the US, the biggest problems for the country will come from within.
Given the large number of individuals that have access to such top secret documents, it is likely that enemies already are in the know of the sensitive information. Classifying information as top secret primarily functions to prevent the general public from the knowledge unless it is leaked to the press.
I've done sub-sub-contract work for a few government and military orgs where standard procedure would be I would be mailed a thumb drive of what should just be images and word docs to add functionality to a small section of an internal website. Every single time there would be things on there, totally unrelated to the project, that I should definitely not have been given.
Is it significant that the leaks were allegedly of photographs of printouts, with visible creases, as oppposed to being straight file-dumps? Maybe photographic a printout is better for opsec as opposed to files with some sort of DLP.
nah, TL;DR: he got mad the teens on his Discord weren't reading his typeouts of them and started posting photos because it was more titillating to see it in all its glory, with markings etc. (also, saved him time in his weird little god simulation, why should someone as wise and talented as him A) be mostly ignored B) waste a ton of time trying to help these fools?)
I was wondering the same thing. These leaks were briefings for the Joint Chiefs, right? He worked in intelligence, I could see him having some level of access, but I can't imagine him being read in on daily executive briefings
It's not even so much as database access as it was more likely a leak from on premises. AFAIK the leaked documents were photographs of physical printouts (they had visible creases in them).
owner == leaker, multiple sources on that, then we see his family's reaction. Still not 100% clear its 100% confirmed but shy of him admitting it, probably best we'll get.
>Later, someone who appeared to be Airman Teixeira drove onto the property in a red pickup truck.
>When Times reporters approached the house again, the truck was parked in the driveway. Airman Teixeira’s mother and a man were standing outside in the driveway.
>When asked if Airman Teixeira was there and willing to speak, the man said: “He needs to get an attorney if things are flowing the way they are going right now. The Feds will be around soon, I’m sure.”
It's crazy that hes still out. Everyone learned of the name "Thug Shaker Central" 5 days ago, yet the government can't subpoena Discord for the 20 odd people on there and match it with enlisted? One of these "what is all that money going to" moments.
"Once you get past the perimeter, all bets are off" is the military's approach to security. This pervasive thinking has caused a lot of nightmares in infosec with the likes of Lockheed introducing "cyber killchain" to big corporations.
They focus on the perimeter and who gets access and how.
They essentially have RBAC but not mandatory access control. Your role gets you past a perimeter or a security control but access to data is granted implicitly not explicitly.
What the infosec community has learned is that defense is best done "in depth" or "layered". Even if he needed that information for his work and permission was given to him explicitly why was he allowed to download files? Why was he able to get any sort of electronics in or out of any facility that stored top secret information? How come there was no DLP or hard to defeat watermarking on documents? Document canaries to detect a leak? I mean even in a typical corporate O365 deployment, you can classify documents so that they are encrypted by MSIP so even if you take the document home and open it, you need to authenticate to decrypt it (and that is logged of course), he can take screenshots but you can monitor that too and he needs to get that screenshot out (and hopefully TS clearance computers don't have internet access or USB ports or mass storage device support).
I don't agree that the problem is a million people have clearance. That clearance should mean you will be allowed to request access to documente and have that granted if you need those specific docs, it shouldn't mean access is implied.
And a bit controversial take: this is why the USG can't go easy or forget about assange or snowden and others. They can make a case in court or convince a jury they had no option but to leak classified info but DoJ would be incompetent if it didn't go after all leakers regardless of context.
Manning got 35 years, although her sentence was commuted by Obama because she was arguably a "whistleblower."
Makes you wonder if Russian agents somehow got in his head. Impressionable 21 year old kids with access to the boss's computer to update IE will do stupdi things for the "100" reaction emoji on Discord.
If you read the Washington Post article it's pretty clear he was showing off for some online friends. He was even getting mad that they weren't paying attention.
It's pretty funny that the US has to deal with both a recruitment crisis, and the fact that the recruits they manage to get are willing to be charged under the espionage act for the sake of internet arguments. They really just can't catch a break
It used to be you could make a movie about this because it would involve spies and treason or somesuch. Today's national security risk is some guy wanting recognition from his couple online friends.
I am sure FBI will find that "Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case." as it usually does in cases of leaking classified info :) :) :)
He's going to be court martialed for a UCMJ Article 106(a) violation. Even if he were hauled up in a civilian court, he's got nothing to bargain with -- he transmitted classified military and IC docs to foreign citizens for the Discord clout, so has nothing to graymail with and no information about foreign intelligence services to trade. Dude's absolutely, completely, comprehensively screwed, and is going to spend the next few decades bunking in a Leavenworth six-by cell.
Yeah secretary of state having IT set up a server for her blackberry in 2006 is the same as a 22 year old forcing 16 year olds on his discord to read top secret docs
Readit News
I grew up outside DC and every so often you hear of the security clearance spooks interviewing you or someone you know about some jamoke you went to high school with to determine if they're a security risk. They also ask those people really difficult questions, like, "Would you use drugs at work?" "If you did, would you download illegal documents?" "If you did get high at work and download illegal documents, would you post them on Myspace?" About half of the people actually fail to answer those questions in the expected way. The other half make 200,000 dollars a year from a subcontractor of a subcontractor of Northrop Grumman pushing paper at a desk all year.
It's a national disgrace.
That's what happens when you don't want the government to spend money actually hiring skilled employees. Instead we waste money trying to not waste money. The government could pay a very skilled developer $150k/year + benefits. But certain people think that the government only wastes money. So we can't have public sector employees making comparable wages. Instead we pay a "contractor"[1] $200k/year where the contractor gets $110k of that and the employer takes the other $90k.
[1] They are de facto public employees
But just getting a security clearance isn't enough to have access to "all this information", right? My understanding has been that getting security clearance can make one eligible to do work which would involve some specific sensitive information, but that stuff is still meant to be compartmentalized. There's no reason people who are working on e.g. the supply chain for some radar component need to have access to intel on some other country's chemical weapons and vice versa.
Deleted Comment
No, it's s a national sport.
https://www.washingtonpost.com/national-security/2023/04/13/...
UPD They changed the wording, the current version:
>Teixeira told members of the online group Thug Shaker Central that he worked as an technology support staffer for the Massachusetts Air National Guard and at a base on Cape Cod, and this was how he was able to access classified documents, one member of the Discord server told the Post.
Or its a Snowden situation and he has access because he has privileges on the system due to being a sys admin of some sort.
Another problem with clearances in general is that often those eligible come from less diverse backgrounds due to parental citizenship considerations. fields that require a clearance are often less diverse because of this.
People who have some time in the military probably won't be surprised if the situation is what the media is portraying it to be. As Abraham Lincoln pointed out about the US, the biggest problems for the country will come from within.
Deleted Comment
Dead Comment
>When Times reporters approached the house again, the truck was parked in the driveway. Airman Teixeira’s mother and a man were standing outside in the driveway.
>When asked if Airman Teixeira was there and willing to speak, the man said: “He needs to get an attorney if things are flowing the way they are going right now. The Feds will be around soon, I’m sure.”
Looks like he didn't try to flee.
UPD Arrest video: https://twitter.com/WCVB/status/1646581173185904640
They focus on the perimeter and who gets access and how.
They essentially have RBAC but not mandatory access control. Your role gets you past a perimeter or a security control but access to data is granted implicitly not explicitly.
What the infosec community has learned is that defense is best done "in depth" or "layered". Even if he needed that information for his work and permission was given to him explicitly why was he allowed to download files? Why was he able to get any sort of electronics in or out of any facility that stored top secret information? How come there was no DLP or hard to defeat watermarking on documents? Document canaries to detect a leak? I mean even in a typical corporate O365 deployment, you can classify documents so that they are encrypted by MSIP so even if you take the document home and open it, you need to authenticate to decrypt it (and that is logged of course), he can take screenshots but you can monitor that too and he needs to get that screenshot out (and hopefully TS clearance computers don't have internet access or USB ports or mass storage device support).
I don't agree that the problem is a million people have clearance. That clearance should mean you will be allowed to request access to documente and have that granted if you need those specific docs, it shouldn't mean access is implied.
And a bit controversial take: this is why the USG can't go easy or forget about assange or snowden and others. They can make a case in court or convince a jury they had no option but to leak classified info but DoJ would be incompetent if it didn't go after all leakers regardless of context.
Makes you wonder if Russian agents somehow got in his head. Impressionable 21 year old kids with access to the boss's computer to update IE will do stupdi things for the "100" reaction emoji on Discord.
Main reporter tweeted:
> (Found him through his Steam profile, will write a step-by-step on the process at some point)
https://twitter.com/AricToler/status/1646545031493308421
Dead Comment