Web viewelectronic surveillance, research and audit, forensic analysis, undercover work and bringing...

Running Head: MSA565 THEFT OF CLASSIFIED INFORMATION AND EQUIPMENT

THEFT OF CLASSIFIED INFORMATION

AND EQUIPMENT

Brian Disorbo

Southwestern College

MSA565

Prepared for:

Affiliate Instructor

Peter J. Herdt

23 June 2013

THEFT OF CLASSIFIED INFORMATION AND EQUIPMENT

Introduction

“Espionage, for the most part, involves finding a person who knows something or has

something that you can induce them secretly to give to you. That almost always involves a

betrayal of trust” (Ames, n.d.). The age of the American spy is long from over; as long as the

United States produces classified national defense information, the threat of “flipping” U.S.

Intelligence Community (I.C.) employees will remain steady. The insider threat carries what

many security managers consider the biggest threat not only to their organization, but the United

States, wholly.

This investigation is centered on what is believed to be an “insider”, stealing classified

information and selling it to an adversarial nation. As such, this mid-term exam will focus the

six methods of an investigation. Using physical surveillance, electronic surveillance, research

and audit, forensic analysis, undercover work and bringing it all together with the

interview/interrogation, this investigator hopes to either confirm or disprove that a company

insider is stealing classified information.

The Chief Security Officer (CSO), United States Special Operations Command

(USSOCOM), has handed this tasking down to my office, and as the senior ranking security

specialist my job is to coordinate, investigate and use every tool at my disposal, to include other

federal agencies, to see this investigation through and to conclusion.

**NOTE** Names, locations, implied associations between federal agencies, and technologies

used herein are fictitious and used in an academic context to fulfill course requirements. This

paper in no way represents past, current or future military operations, or actual tactics/techniques

or procedures or equipment employed by the U.S. Military.

Basis of the Investigation

1


Approximately seven months ago USSOCOM CSO, Kimberly Shea (SHEA) contacted

the Program Manager – Communications and Intelligence Communication Systems (PM-CISS)

security manager, Brian Disorbo (DISORBO) with information received from other government

agencies (OGA), regarding PM-CISS employee Paul Simmons (SIMMONS). SIMMONS is

currently employed as an Acquisition Program Manager (APM), whose duties are directly

related to the procurement, testing and fielding of ground signals intelligence (SIGINT) systems.

The systems SIMMONS is responsible for, once tested, are put into use throughout the

special operations community to include all four DoD service component special operations

commands (SOCs). Special operations forces use the equipment to capture and prosecute signals

being produced in combat operational theaters and use those signals to produce intelligence used

to identify target sets of interest to the United States government. As the description implies, the

SIGINT equipment is of extreme importance to the U.S. war fighting capability and, if placed in

the wrong hands, would tilt the field of combat to the advantage of the adversary.

OGA related that approximately five months ago, while conducting a sweep and clear

operation of a small insurgent village in the Falkland Islands, members of the U.S. Navy/SEAL

Team 2, found a piece of kit that bore an striking resemblance and capabilities similar to the TA-

312 signal interrogator recently fielded by SIMMONS program. In and of itself this would not

present much cause for concern because technologies generally advance at the same rate

throughout the world. In this particular case the Army Research Labs (ARL) in Adelphia,

Maryland recently developed the technology used to create the TA-312, completely “in-house”,

no more than eight months ago. The fact that an adversary was found using that technology

against U.S. troops points to the strong possibility that an “insider” may have compromised the

information for personal, financial, or other gains.

2


As the Lead Security Specialist for PM-CISS, my task is to lead the investigative effort

and learn whether or not the technology was sold, stolen or otherwise given to the enemy.

Investigative Objectives

The main objectives of this investigation are to learn how the TA-312 fell into the hands

of an adversarial nation. The technology “born” at ARL and was not a joint/coalition effort. The

goal is to collect as much information and evidence as possible regarding how the TA-312 fell

into the hands of the Government of the Falkland Islands. Throughout the investigation, every

attempt will be made to gather evidence of various forms to include working with the Federal

Bureau of Investigation (FBI) for wiretaps of work of SIMMONS’ home and cell phones,

working with our internal Information Assurance Security Officer (IASO) and network engineers

for e-mail monitoring of SIMMONS’ account, the organizational Physical Security Officer for

collection of video germane to SIMMONS’ actions while in the workplace and the FBI for

surveillance of the SIMMONS as he comes and goes from work as well as observing his

activities while away from the office. The goal will be to build a complete catalogue of

SIMMONS’ associates both while at work and away from work, and to see with whom he is

close.

In order to minimize disruption to the entire organization the main players of this

investigation will sign non-disclosure forms. This serves as a form of controlling RUMINT

(“rumor intelligence”) and employee distractions by keeping only those with a need to know

witting to the investigation. Further, interviews will be conducted at an OGA to ensure those

unwitting to the investigation remain unwitting.

In order to get a return on the investment from this investigation, finding out how the TA-

312 fell out of U.S. government control is paramount. Learning how the TA-312 was

3


compromised will allow the government to get a rough order of magnitude with regard to the

damage done to national security. Once this assessment is complete the government will assess

the feasibility of continued use of the technology or whether the kit will need to be scrapped and

recreated in a new way. If it is shown that the adversary has reverse engineered and learned the

intimate details of the TA-312 there will be no choice but to abandon the TA-312 interrogator

and begin development from the ground up. As such, the Government could face a bill in excess

of $40M dollars to start development over.

Physical Surveillance

Physical surveillance will be used to enhance this investigation and will be conducted by

members of the FBI. In order to keep a low profile, physical surveillance will only be used once

probable cause has been established through other means, i.e. wiretaps, e-mail, or video evidence

points to the fact SIMMONS has an accomplice or is seen cavorting with an agent of a foreign

government.

The surveillance will take the form of plain-clothes agents working themselves into the

ambient background of a chosen location and observing SIMMONS’ actions, companions and

habits. As/if evidence is uncovered that shows SIMMONS is involved in espionage activities

physical surveillance will become an around the clock operation, using both stationary and

moving surveillance. If the history of espionage has taught the U.S. anything, it’s that those

committing espionage can make a drop anytime, day or night, at almost any location. Not

having surveillance on SIMMONS and missing a potential drop can set the investigation back

weeks, if not months, until the next drop is made. As for jurisdictional considerations, as the FBI

is the lead agency for surveillance jurisdictional problems are not anticipated at this time. Out of

due diligence the appropriate town/city/county and township law enforcement agencies will be

4


made aware of the fact the FBI has an ongoing case that has the potential to cross into their

jurisdiction, but will not be made aware of the 5Ws of the case.

Electronic surveillance will also be used to maintain situational awareness of

SIMMONS’ movements. As/if evidence is uncovered that shows SIMMONS is involved in

espionage activities the FBI will move forward with requesting permission to install a GPS

tracking device on SIMMONS’ vehicles. This will aid the physical surveillance team in

maintaining positive control of SIMMONS’ whereabouts and will also serve to confirm or

disprove any alibi’s SIMMONS may attempt to use. It will also serve as irrefutable evidence

that SIMMONS did in fact take meetings with agents of a foreign government.

As cameras are prohibited in Sensitive Compartmented Information Facility (SCIF -

Pronounced Skiff), as the investigation begins to bear fruit, DISORBO will also seek the

permission from the SOCOM CSO to install video cameras into the immediate area in which

SIMMONS works. The goal of the video surveillance is to only observe SIMMONS’ office

space, not to capture the happenings of other employees. The lead physical security officer will

conduct the installation with the concurrence of the CSO.

In an attempt to bolster any case being made on the Government’s behalf, SIMMONS’

personal residence may also be used as a potential target for surveillance. If this turns out to be a

viable means of collecting intelligence, agents will be posted in the immediate area of the

residence on 24-hour basis. As SIMMONS lives in an apartment, placing agents on the rooftops

of adjacent buildings with voice/video/still electronic recording equipment should be lifted for

consideration.

Electronic Surveillance

5


Electronic surveillance will be used from the onset of this investigation. Keeping track of

the times/dates SIMMONS is entering the facility will be accomplished by utilizing the badge

tracker software inherent to the LENEL 5200 security system currently installed within the

facility. Also, during off-peak hours the cameras are set to pan/tilt/zoom and record any door

being accessed during off-duty hours. If SIMMONS is taking advantage of periods of time in

which the facility is minimally manned the system will capture, time stamp and record it.

Also, the IASO and network engineer’s have installed keyword tracker software on

SIMMONS’ government issued computer system. In addition, the IASO and network engineers

are logging and checking every document SIMMONS scans onto the network. This is made

possible by the “Consent to Monitoring” agreement every government employee agrees to each

and every time they log on to a government system.

Research and Audit

Particularly germane to this case is SIMMONS financial state. Approximately two

months ago employees began noticing SIMMONS coming to work in “flashy”, expensively

branded clothing as well as driving a brand new Audi A8, valued in excess of $170,000. When

asked where all of the money was coming from he gingerly laughed and mentioned a high stakes

weekend in Atlantic City. Approximately a month and a half prior to this “high stakes

weekend”, SIMMONS came to DISORBO to discuss an impending financial derailment that was

going to affect his eligibility to the program he was working. At that time DISORBO put

SIMMONS in touch with a certified financial counselor who was able to help SIMMONS avoid

financial ruin, get his bills paid on time and help him mitigate the financial concerns tied to his

continuing security eligibility/access.

6


Gaining access to SIMMONS’ financial and banking records will give the investigative

body a good history of SIMMONS’ financial state and will also show if he was actually in

Atlantic City on the weekend in question (withdraws/deposits should be evident), as well pulling

passenger manifests from the airlines. Further, it will show any large money deposits, or a series

of smaller deposits leading up to and immediately after the TA-312 was discovered in Falkland

Islands. It will also serve to show if SIMMONS is still receiving payment or has offshore

accounts holding large sums of money. If off shore accounts are found, the investigative body

will capitalize on the opportunity to trace any electronic deposits back to the sender’s account, or

at a minimum reveal the country of origin.

Forensic Analysis

One method of forensic analysis that will be employed, should wrongdoing be

discovered, is the polygraph. Using an in-house polygrapher, a polygraph will be utilized to see

whether or not SIMMONS is being dishonest regarding the answers he is giving. A good

polygrapher can place certain amounts of stress on a Subject that helps differentiate between

when the Subject is being honest and dishonest. While the polygraph is not 100% accurate, it

does give a good indication whether or not someone is being, or trying to be deceitful and if the

test meets certain criteria, it can be admissible in a federal court.

The investigative body will also incorporate organizational computer forensics experts to

see if SIMMONS’ computer terminals were compromised by foreign entities attempting

phishing/spear phishing attacks or if SIMMONS intentionally gave his government computer

login information to an outside source. As recently reported by several news outlets the

Department of Defense has confirmed and identified several foreign actors actively hacking DoD

computer systems. A possible outcome of this investigation could uncover the fact that TA-312

7


technology was a specific data point targeted by a foreign government for exploitation. As the

information is classified and “lives” on a classified server the only sure way to know how/if the

information was extracted will be through a complete forensic analysis of SIMMONS’ computer

terminal and a complete scrub of the classified servers.

Undercover

This case may present a good opportunity for undercover work. If information is

uncovered that points to the fact SIMMONS was/is actively seeking to sell U.S. defense

information the U.S. government may capitalize on the situation and place federal agents

undercover in an attempt to elicit information from SIMMONS for payment. Undercover work

will be sanctioned and carried out by the FBI as our organization has no charter to perform such

operations. If undercover work is approved, DISORBO will work closely with the agency tasked

to carry out the mission and develop key milestones in the investigative process. The end state

of the investigation, should SIMMONS willingly agree to exchange national defense information

for money or other valuables, will be to capture the transaction via electronic means and arrest

SIMMONS. From that point forward the investigation will shift focus to extracting as much

information from SIMMONS as possible.

Interview and Interrogation

Once arrested, the Government will seek key information from SIMMONS to include the

types of technology (overarching), the specific technologies compromised, the overall

classification of the documents, and most importantly what foreign governments SIMMONS was

working for/with. Using the investigative interview method, DISORBO will work closely with

those directly involved in the evidence/information gathering process, undercover work,

computer forensics teams, and surveillance team members to compile a strategy based on

8


information and evidence collected throughout the investigation. The information will be used to

create a master list of information needed by the government to solidify the case as well as

learning of any accomplices not uncovered throughout the course of the investigation. At the

end of each of the eight phases the team will reconvene and discuss how to best proceed with the

next phase of the investigation and what information will be presented to SIMMONS.

As a contingency plan, if Investigative interview process fails to illicit the information

needed, or if SIMMONS refuses to speak with investigators the full weight of the investigation

and evidence will be shown to SIMMONS in an effort to convince him to relinquish information.

Project Management

As outlined above, DISORBO will be the key management member representing

SOCOM and will report findings directly to SHEA. DISORBO is also the organization point

man for interagency cooperative efforts. DISORBO will be intimately involved in each facet of

the investigation and lend guidance and methodologies to be followed, and milestones marking

the success of each phase of the investigation. Should inter-agency decisions need to be made,

DISORBO will consult with SHEA to decide the best course forward and work with interagency

partners to ensure goals are met.

As this case involves national defense information, SOCOM is relying on the FBI as well

as OGA for resources and to carry out missions SOCOM is not chartered to carry out. Things

like detection and surveillance, undercover work, wire taps and banking information will all be

accomplished by the FBI, while working closely with and consulting with SOCOM personnel

(DISORBO). As other agencies are brought into fold they are to designate one person as the

central point of contact, and one alternate. Again, this will minimize the number of people with

knowledge of the case and as such will minimize the chances of compromise.

9


Mission management will begin as a SOCOM endeavor and as the investigation begins

working with other agencies developing goals and milestones will become a group effort. If it

becomes apparent that SIMMONS worked in concert with multiple actors from multiple

agencies each agency representative will determine their agency’s stakes and coordinate efforts

of the collective group. Having the ability to leverage the resources, technology and manpower

of OGA will work to the advantage of everyone involved in this investigation.

Communication systems will vary depending on the type of activities being undertaken.

All field agents will utilize the Motorola MTX Mission Critical 2-way radios with a base station

located at the primary operating facility. The radios will be used to communicate the

time/location, what is being observed and accomplices SIMMONS may meet with. The base

station operator will annotate that information in a “blotter” style format, which arranges the

time/date and what is observed in each entry. The blotter will serve as an official chronological

record of what the surveillance crew is witnessed in “real-time”, and will be coupled with any

documentary evidence collected. Other means of communication will include both classified

and unclassified telephones and classified and unclassified e-mail.

All information germane to SIMMONS’ case will be coordinated through DISORBO to

SHEA. As such, DISORBO is charged with completing all reports regarding SIMMMONS

action. Reports will encompass ALL pertinent information relating to SIMMONS action and

weekly status updates will be provided to SHEA each Friday, no later than 1430hrs. As

appropriate, SHEA will brief up the chain of command as needed and relay any relevant

information or actions back to DISORBO for action or status.

Finally, any agency with a stake in this investigation is prohibited from releasing

information regarding any phase of the investigation, information collected, volunteered or

10


otherwise obtained without the express written permission of lead agency (SOCOM).

Unsanctioned disclosure outside of official channels will not only compromise the investigation,

it also has the potential to compromise agents actively engaged in the investigation through

undercover work.

Ethical behavior is a hallmark of any profession, that said no one agency involved in this

investigation has more on the “line” than another. Each agency representative will honor

promises made, collect only information relevant to the case and never place themselves into a

position where the integrity of the investigation can be called into questions. There are specific

laws and regulations that need to be adhered to and USSOCOM fully expects each agency to

carry out its duties and responsibilities well within the guidelines established by U.S. laws.

Further, all personnel/Subjects involved with this investigation will be treated fairly, it is

imperative to remember that SIMMONS is innocent until evidence to the contrary is

discovered/revealed, not vice versa. Lastly, if there is a decision that needs to be made, but the

person is not completely sure it is the right one, that person will bring the issue to the group for

discussion/resolution, and if necessary, the group will take the question to the legal team for

guidance. It cannot be stressed enough that if/when this case goes to trial, the defense will do

everything in its power to show ethical standards failed in some aspect during the investigation.

Do it right, do it clean, and leave no room for interpretation or doubt.

Assessment

The strategy being employed for this investigation falls under the theft of Proprietary

Information and Trade Secrets. While DoD classified information is controlled in a more

restrictive manner, the importance of the information is roughly the same. The first step in this

process is completing an assessment. During the assessment we will attempt to find out how the

11


TA-312 fell into the hands of an adversarial nation. During this period the investigation will

focus on whether or not SIMMONS intentionally provided classified information and equipment

to the government of the Falkland Islands. The alternate focus of the investigation will pinpoint

whether or not SIMMONS’ government computer was unintentionally compromised causing the

data loss. Preliminary reports from network engineering have noted there is less than a 1%

chance the information was gained through a phishing/spear phishing campaign due to the fact

the local area network containing the contractual/operational TA-312 data is considered a,

“closed network”. In essence the system does not touch or ride a civilian Internet provider.

Regardless, that avenue will be explored until it’s exhausted.

The assessment will be conducted as a joint effort and will leverage information gathered

by each OGA involved in the case. OGA have a multitude of resources at their disposal and it

would be counterproductive, if not negligent, to disregard the information and resources they can

provide. The decision of contacting the government of the Falkland Islands directly will be

coordinated through OGA with the U.S. Department of State taking the lead should that option

be considered viable. History has shown us that espionage, especially when technology is

involved, is typically never admitted to by a foreign government for variety of reasons. One,

they will not willingly tell the U.S. that they in fact have the very technology it just spent $25

million dollars to produce. Two, they don’t want to lose the technological edge they just gained.

Lastly, that nation doesn’t want to suffer in the court of public opinion. A good example of that

would be the CIA agent recently exposed by the Russian government actively trying to recruit

Russian diplomats to spy. The fact he was caught and exposed in the public eye ruined the

agent’s career and any chance he had of working undercover again. He will more than likely

spend the rest of his career driving a desk at CIA Headquarters in Langley, VA.

12


Preparation and Planning

Due to the joint nature of this investigation every effort will be made to have each

stakeholder represented equally, to mean, no one agency has a greater overall position in the

pecking order. As such, each agency will provide one (plus one alternate) main point of contact

that will act as that agency’s project manager. As SIMMOMS is a core SOCOM employee,

DISORBO holds the charge of being the overall responsible agent for the investigation, but will

work in concert with each participating agency to form an environment that fosters teamwork

and inter-agency cooperation to the highest degree possible.

A holistic strategy will be used to gather, analyze and disseminate all information

germane to the case. Information sharing is strongly encouraged and will be facilitated through

bi-weekly meetings, classified SharePoint’s® and video-teleconferencing where appropriate.

The overall objective is to ascertain whether SIMMONS deliberately compromised classified

information or was a victim of a malicious computer attack. As such, the majority of the

investigative team’s resources will be directed in those areas, leaving the door open for tertiary

considerations. In line with the primary objective a parallel assessment will be conducted to

judge the overall effect the compromise will have on the national intelligence collection

apparatus.

The budget for this investigation will be determined by the amount of resources being

utilized by each agency, to wit no one agency will bear the full financial burden. Each agency

participating holds a stake in the investigation and its outcome therefore no agency is solely

responsible for the resources and employee’s they dedicate to the investigation. The only

budgetary restriction put in place by the lead agency, SOCOM, is that SOCOM employees

participating in the investigation will be limited to 24 hours of overtime/compensatory time per

13


pay period, and will not exceed 24 hours of travel compensation time per pay period. Overages

will require preapproval at the Major Command (MAJCOM/MACOM) level prior to exceeding

the current authorization.

As DoD classified information and equipment is involved, every effort will be made to

reach an accurate and valid conclusion as quickly as possible based on solid evidence and

professional investigation techniques. This is a multi-agency effort and as such duplicating

efforts must be avoided. For example, no need is served by two agencies running concurrent

video/audio surveillance. Therefore the bi-weekly meetings will also serve as platform for

agencies to deconflict any upcoming initiatives.

It is imperative that this case be executed upon good evidence and thorough investigative

techniques. Agencies must come together, sans ulterior motives, to solve this case expeditiously

and with clear foresight of the overall objective. National security is involved; as such egos,

interagency rivalries, and personal feelings will be checked at the door. There is already

downward pressure on the team for quick resolution, that pressure should not be compounded by

bad team dynamics. The standards of proof required to prosecute this case will involve quality

documentary evidence to include all video, still and audio surveillance collected as well as any

government documents collected outside of SIMMONS’ personal workspace.

Information Gathering

Given the fact several OGA are involved in this investigation, and each brings unique

capabilities to the proverbial table, a robust combination of investigative techniques will be used.

They will range from physical and electronic surveillance to forensic analysis and undercover

work. These methods of investigation have evolved over time into an art form, and having each

14


respective expert working within their province of expertise should serve this investigation well

and, if warranted, bring SIMMONS to justice.

There are two possible scenarios being considered for this case. The first is that

SIMMONS has acted in a manner in which he purposefully exposed classified information to

agents of a foreign government for financial, ingratiatory, or personal gains. The TA-312 was

SIMMONS’ project alone to work on and network engineering has confirmed that the

information regarding the system was accessible only to SIMMONS. Further, SIMMONS stored

the information in a safe, which only he had access to. As no other APMs or engineers worked

on this project the initial hypothesis will remain in place until evidence to the contrary comes to

light. The facts are that SIMMONS managed this program solely, had sole access to all digital

files and had sole access to the GSA storage container in his office.

The second hypothesis is that SIMMONS computer was some how compromised by an

outside source, whether an actor from the Falkland Islands, or other government. There have

been several articles in the media recently highlighting sets of foreign government sponsored

computer experts being paid to break DoD servers in an effort to steal information for the

furthering of their nation’s war fighting capabilities. As mentioned earlier, this possibility is

losing some credibility due to the fact SIMMONS computer does not touch or ride a civilian

Internet provider. If the network engineers confirm there is a zero chance of SIMMONS

computer being compromised the investigation will shift all of its energy back to the initial

hypothesis and work it through to completion.

Through the use of undercover work any/all associates of SIMMONS will be brought in

for interviewing. In this particular case, although we are fairly confident SIMMONS, is acting

15


solely, we will not interview him first. Initial interviews will be conducted with those

SIMMONS works with, the PM-CISS office.

The objective is to observe his actions over a long period of time and coordinate our

efforts in concert with SIMMONS’ actions. Through wiretaps, direct observation and

undercover work we will observe whom SIMMONS is taking meetings with and where those

meetings are taking place. We will work to identify the people SIMMONS is meeting with and

bring them in for questioning. A delicate balance must be struck because if word of the

investigation gets back to SIMMONS the possibility exists that he may flee the country.

This investigative body believes that this is SIMMONS’ first attempt at espionage as

there is no evidence pointing to the contrary. If the investigation uncovers the fact that

SIMMONS is attempting to pedal information to several countries, an attempt may be made by

an undercover agent to purchase classified information from SIMMONS. That decision will be

made once the investigation begins bearing fruit, and only after consultation with SOCOM/OGA

leadership and the Department of Justice.

Verification and Analysis

The results of the investigation have been completed. As initially thought, SIMMONS

did in fact successfully sell DoD classified to the government of the Falkland Islands. Electronic

surveillance coupled with successful wiretaps uncovered several calls to a trunked phone system

running from Argentina to Falkland Ministry of Defence (purposefully spelled with a “c”).

While confirmation could not be made as to the person on the opposite end of the phone, it is

believed the voice belonged to Armand Swire (SWIRE). While SWIRE never appeared in

person, FBI voice experts cross referenced the voice on the phone with a 2012 public speech

16


given by SWIRE. Voice experts give 96.5% surety that the voices are a match and will testify as

subject matter experts on behalf of the U.S. government.

Interviews were conducted by a panel of SOCOM and OGA investigators with

SIMMONS’ coworkers and revealed that approximately four months ago, SIMMOMS was

observed making an unusually large amount of copies of classified documents. When asked,

SIMMONS’ most common explanation was that he wanted to keep, “hard copy” documents

because the computer screen hurt his eyes. Most employees dismissed it while one employee,

Mr. Theodore Griffin (GRIFFIN), took copious notes on everything SIMMONS was making

copies of. He turned over a sworn affidavit that documented the title, number of pages and

time/date of the occurrences. GRIFFIN has agreed to testify on behalf of the government.

SIMMONS was brought in to interview immediately following a meeting he took with

Falkland Ministry of Defence agent Whitford Hillary (HILLARY). HILLARY was recently

identified as a Falkland counterintelligence agent whose sole purpose is to operate in the U.S.

under diplomatic protections and “flip”, U.S. government employees. Video, still, and voice

evidence was captured during that meeting of SIMMONS discussing the “SUBTLE FURY”,

project, the specifics of which are classified. Video footage clearly shows SIMMONS handing

an opaque, 4” thick envelope to HILLARY, discussing the contents, and receiving a 2” inch

thick opaque envelope in return. Once taken into custody HILLARY’s envelope revealed some

2,000 pages of classified documents relating to 13 ongoing classified programs. The contents of

SIMMOMS envelope revealed $121,000 in U.S. currency along with two maps. SIMMONS

confirmed during his interview that the maps led to primary and alternate “dead-drop” locations.

SIMMONS further related that the function of the dead drop was for SIMMOMS to retrieve cash

17


payments from HILLARY in exchange for classified documents. SIMMONS stated he used the

dead drop method approximately four times, each time at a different place.

SIMMONS agreed to plead guilty and signed a full confession once he was shown a

portion of the evidence against him, specifically his last meeting with HILLARY. He stated he

was tired of constantly worrying about whether he would be caught and admitted he didn’t like

dealing with HILLARY due to the fact HILLARY was becoming overly aggressive regarding

the information SIMMONS was passing to him. While SIMMONS didn’t show immediate

remorse for betraying his country, it is this investigators opinion that once the Justice

Department begins working with him, and reveals the damage he’s caused to the Unites States,

he will begin to understand what he did.

Decision Making

All evidence will be handed over to the U.S. Department of Justice and the U.S.

Attorney’s office for prosecution. All members involved in the investigation will remain

available to answer any questions and will stand ready to testify once the case goes to court. A

briefing will be held en masse for the leadership of each agency holding a stake in the outcome

of the investigation. The time/date/location will be selected to ensure maximum participation.

Disbursement of Disciplinary and/or Corrective Action

Disciplinary action will be decided by the U.S. legal system.

Prevention and Education

Prevention and education will be handled in-house by each agency. On behalf of

SOCOM, once the trial has concluded, the investigation results will be redacted and presented to

the entire Command at large, as a lesson learned. GRIFFIN’s actions will also be commended

because without his direct observation and diligent notes there would have been a significant

18


hole in the case. Along with the case notes, the legal outcome of the case will be delivered to the

command by the commanding officer of USSOCOM, ADM. William McCraven.

Barring a significant change to policy on a national level, espionage will continue to

hamper the U.S. government. The handling, processing and storing of classified material has

inherent dangers that security managers at all levels can only hope to mitigate through proper

vetting procedures, sound security doctrine and frequent security training covering a myriad of

topics. In this particular case DISORBO knew SIMMONS was having financial difficulties, and

even though DISORBO kept a watchful eye over SIMMONS, he was still able to beat the

system. This is due in large part to SIMMONS coming to the office in the middle of the night

when the facility was minimally manned. With that said, the initial security training must have

stuck with GRIFFIN because he had the foresight to accurately record exactly what he saw but

decided to save it for a “rainy day”. The only thing DISORBO would have had GRIFFIN do

differently is report the incident as hit witnessed it instead of during the interview. Still, his

documents provided a much-needed link in the evidentiary chain and he will serve as a key

government witness.

Conclusion

The aim of this investigation was to focus on whether or not PM-CISS employee

SIMMONS was witting to the TA-312 falling outside of U.S. government control and ending up

in the hands of a foreign government. Two hypotheses were drawn and one was followed to

complete fruition. The inter-agency cooperation and willingness to share information ultimately

led to confirming SIMMONS was willingly engaging in espionage by selling national defense

information for profit. Using several different investigative methods SIMMONS was caught in

the act of selling classified documents to an agent of a foreign government and when presented

19


with a portion of the evidence against him, SIMMONS gave a full, signed confession. The case

now rests in the hands if the U.S. Department of Justice/U.S. Attorney who will seek a life

sentence for SIMMONS.

Ultimately, the government does not have the manpower to dedicate these types of

resources to each and every allegation of espionage. In this particular case tracing the TA-312

back to the APM that was responsible for the procurement, testing and fielding of the kit, in

conjunction with the fact it was not a joint/coalition effort led investigators to only two possible

explanations. Fortunately, the team that was assembled was able to work together to catch

SIMMONS in the act, making prosecution that much easier.

20


References

Ames, A. (n.d.). Thoughtful Mind. Retrieved from Interactive database of famous inspirational and motivational quotes: http://www.thoughtful-mind.com/quote.php/Aldrich_Ames

Ferraro, E. F. (2012). Investigations in the workplace (2nd ed.). Boca Raton, FL,: CRC Press.

21

Web viewelectronic surveillance, research and audit, forensic analysis, undercover work and bringing...

Documents

Transcript of Web viewelectronic surveillance, research and audit, forensic analysis, undercover work and bringing...