A former National Security Agency (NSA) employee has been sent to jail for trying to send confidential National Defense Information (NDI) documents to Russia.
Jareh Sebastian Dalke, a former U.S. National Security Agency (NSA) employee, has been sentenced to 262 months in prison for attempting to transfer classified documents to Russia. Despite only working for the agency for a short period (June 6 to July 21, 2022), Dalke made contact with someone he thought was a Russian agent but was actually an undercover FBI agent.
Dalke sent snippets of top-secret National Defense Information (NDI) documents obtained during his tenure, demonstrating his willingness to share information, and demanded $85,000 in return. Dalke was arrested (September 2022) after transferring files to the undercover agent at Union Station in Denver. In October 2023, he pleaded guilty to the crime, admitting that he intended to injure the United States and benefit Russia by sharing the information. FBI Director Christopher Wray emphasized that this case serves as a warning to those entrusted with national defense information.
The disclosure of confidential (and sensitive) information to a rival or enemy by someone from the opposition organization is an example of an insider threat. An insider threat refers to the risk posed to an organization's security, data, or assets by individuals within the organization, such as employees, contractors, or business partners. These individuals have authorized access to the organization's systems, facilities, or information, but may misuse or abuse their privileges for malicious purposes. Insider threats can manifest in various forms, including theft of sensitive data, sabotage, espionage, fraud, or unintentional disclosure of confidential information.
Insiders with access to sensitive information can cause significant harm to organizations, resulting in financial losses, reputational damage, legal consequences, and disruption to operations. In this scenario, this could result in political disruptions and possibly a war.
See also: 3 insider threats you need to plan for
Following the arrest of Dalke, Christopher Wray, director of the FBI, said that "this sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust."
Dalke pleaded guilty to the crime, and "as part of his plea agreement, Dalke admitted that he willfully transmitted files to the FBI online covert employee with the intent and reason to believe the information would be used to injure the United States and to benefit Russia," the U.S. Justice Department said.
Insider threats pose a significant threat to the security of an organization across various dimensions. One of the foremost risks is the potential for data breaches, wherein insiders with access to sensitive information may intentionally or inadvertently leak or steal data, leading to the exposure of confidential information, trade secrets, or personal data.
Data breaches may result in sensitive information being exposed. The exposure of such sensitive information could potentially jeopardize ongoing operations, compromise intelligence sources and methods, and undermine the country's defense capabilities. Additionally, there is a broader impact on trust and confidence in the intelligence community, both domestically and internationally. The breach may erode trust among allies and partners who rely on the U.S. for intelligence sharing and cooperation. Domestically, there may be concerns about the effectiveness of security protocols and vetting processes within the NSA and other government agencies.
The NSA, or National Security Agency, is a United States government intelligence agency responsible for collecting, processing, and analyzing foreign communications and intelligence information.
A data breach refers to an incident in which sensitive, confidential, or protected information is accessed, disclosed, or stolen by an unauthorized individual or entity.
Preventing insider threats requires a multifaceted approach that combines technological solutions, policy frameworks, and organizational culture. Here are several strategies that organizations can implement to mitigate the risk of insider threats: