A former analyst for the U.S. Defense Intelligence Agency (DIA) has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters.
The sentencing comes after the 32-year-old analyst, Henry Kyle Frese, pleaded guilty in February to leaking the data, regarding foreign countries’ weapons systems, in 2018 and 2019. Frese worked as a counterterrorism analyst from February 2018 to October 2019 at the DIA, the intelligence agency of the U.S. federal government, specializing in defense and military intelligence.
According to the Department of Justice (DoJ) on Thursday, Frese held a “Top Secret/Sensitive Compartmented Information” security clearance at the DIA. He leveraged these privileges to search for the classified data – stored in secure, classified government information systems – at least 30 times in 2018. Frese also accessed an intelligence report, unrelated to his job duties, on multiple occasions.
Frese accessed this data because of “specific requests” from the reporters. According to court records, Frese was dating and sharing a home with one of the two journalists, Amanda Macias, a CNBC reporter. Macias published eight articles containing the leaked classified information related to foreign weapons systems, court documents said. Macias introduced Frese to the second reporter that he also worked with, who has been identified as NBC News reporter Courtney Kube.
“Frese repeatedly passed classified information to a reporter, sometimes in response to her requests, all for personal gain,” said John Demers, assistant attorney general for National Security, in a statement Thursday. “When this information was published, it was shared with all of our nation’s adversaries, creating a risk of exceptionally grave harm to the security of this country. His conviction and sentence demonstrate the Department’s commitment to the investigation and prosecution of such betrayals by clearance holders as part of our mandate to protect our citizens and defend the national security of the United States.”
The incident opens up questions about how organizations can identify – and weed out – insider threats risks, particularly with employees who may have access to sensitive data.
Earlier in May, a former BlueLinx IT manager was sentenced to federal prison for hacking his former Atlanta-based employer and sabotaging their internal communications network, causing more than $800,000 in damage. The hack occurred a month after the IT manager, Charles Taylor, resigned, unhappy after his company was acquired by a large Atlanta-based building products distributor.
“Using information he gained in his employment, Taylor logged into the network remotely without authorization and used encryption methods to hide his network connections,” according to the DoJ. “In mid-August 2018, Taylor changed passwords for network routers located at dozens of company warehouses. Company employees were unable to access the routers, and the company replaced them shortly thereafter at a cost of roughly $100,000.”
This week, an internal investigation into a 2016 CIA incident, in which former CIA employee Joshua Schulte allegedly stole CIA hacking tools and gave them to WikiLeaks, condemned the government agency’s “woefully lax” security measures.
According to the report, the CIA lacked the appropriate tools for blocking insider threats – systems with sensitive data were not equipped with user activity monitoring, for instance, and historical data was available to users indefinitely.
Security experts say that insider threats are particularly important to governments, particularly with whistleblower incidents like Edward Snowden and Chelsea Manning resulting in sensitive organization data being leaked.
Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyar, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about it. Please register here for this Threatpost webinar.