OSINFO - Open Sources Information

WASHINGTON, Aug. 28 -- The U.S. Department of Defense's Defense Security Service issued the following special alert:

The Threat

We live in a shrinking world, where routine contact with people outside our traditional regional and national boundaries is becoming a simple fact of our daily life. Nowhere is this truer than in our industrial base. The increasing globalization of the world economy and the explosive growth of electronic information systems have resulted in an exponential increase in the amount of contact with persons and entities from outside of the United States. The technical, professional and social forces driving this contact are unabated, and the prospect for continued growth is certain.

Why should this be of concern? Most of this contact is the natural by-product of the modern world and innocuous or even positive in its effect. In many ways it serves as the fuel that drives the engine of the world economy and helps to break down traditional boundaries that have too often bred distrust, limited perspective and stalled technological advancements that offer all of us the prospect of a better world. We cannot shut this modern fact of life down, nor should we want to.

But, there is another side of this phenomenon that must be addressed. There are entities who exploit modern freedom of contact not to advance our common cause, but to position themselves for personal, economic, ideological, or nationalistic gain to the detriment of U.S. national interests. It is a simple reality that foreign intelligence services, non-state sponsored entities and even foreign corporations attempt to use contacts to acquire sensitive information, exploit personal or systemic vulnerabilities, disrupt our progress, or gain an illicit advantage. This exploitation undermines our national security and economic interests in general, and specifically, undermine the core mission of the Department of Defense: to provide the military force needed to deter war and to protect the security of our country and our citizens.

These attempts to acquire information can be direct, obvious, and easily recognized as something that needs to be reported, or they may be subtle and seemingly harmless, even to the practiced eye. Frequently, what begins as a seemingly innocent dialogue is developed and manipulated by foreign intelligence into an opportunity designed to collect sensitive information, identify potential agents of influence or even recruit persons willing to spy on their behalf.

Case Studies

Here are a few recent examples compiled by our Counterintelligence (CI) Office, culled from the many thousands of "Suspicious Contact Reports" made annually by our colleagues at cleared facilities in accordance with the requirements of the National Industrial Security Program Operating Manual (NISPOM):

* A defense contractor employee, working on military grade technologies for a cleared U.S. defense company, was contacted via email by a suspected representative of a foreign firm; however, it was noted that the requestor's firm's name did not match the incoming email address. The email correspondent claimed his firm had an "urgent requirement" for military-grade technology being developed at the contractor facility and wanted to establish a business relationship. Subsequent analysis revealed that the email address used by the correspondent was associated with a second foreign company having a history of end- user certificate fraud.

* A representative of a foreign research center contacted a cleared U.S. defense facility and subsequently provided product design schematics in an apparent attempt to justify obtaining export-controlled materials. A review of the schematics submitted by the foreign research center revealed that they were associated with a military critical technology program. At first, the foreign research center denied that the product in the schematics had any military applications, but when challenged, eventually recanted, admitting that the product design presented could indeed be used for military purposes. Despite this exposed deception, the foreign firm's representatives continued to maintain they had no intention of utilizing the final product for such purposes.

* A cleared U.S. defense company reported receiving multiple deceptive emails that (when opened) resulted in malicious software being automatically installed on the company's internal computer system. Numerous employees within this cleared defense company were victims of this ruse. Following the extraction and analysis of one of the malicious payloads, cleared U.S. defense analysts discovered additional malicious codes embedded in .gif and .jpg image files in the software.

* Over several months, a foreign firm repeatedly contacted an employee of a U.S. cleared defense company, cultivating his assistance in procuring components for the foreign firm's use. Although the contact had begun with a seemingly innocuous request for components that were not controlled, the foreign firm subsequently amended its list to include dual-use export controlled items. The foreign firm eventually shared the contractor employee's contact information with multiple sections inside the foreign firm, resulting in a flood of additional requests to the same contractor employee. Within a month, this same foreign firm shifted focus to a second employee within the defense company, requesting new technology known to be of interest to the military research and development efforts of the foreign firm's country of origin.

* An individual apparently posing as a foreign student contacted an employee working for a cleared U.S. defense company performing aerodynamics research, asking for what amounted to classified information on the cleared defense company's UAV applications. The foreign student, supposedly an aerodynamics major at a major foreign university, also inquired about the possibility of an intern position in the company's aerodynamics research branch. The "student's" requested information and research interests related to classified and export restricted technology known to be actively sought by the student's country of origin.

* An engineering team from a U.S. defense contractor participated in an approved exchange with a foreign counterpart team during which approved, unclassified technical information was commonly shared between participants. Following the exchange program?s completion, representatives of the U.S. company discovered several "export restricted" documents among a large volume of printed material left on-site by the foreign engineer team. Upon further review of the printed materials left by the foreign engineers, the U.S. company representatives discovered the foreign team had acquired a large amount of open source information on military programs clearly outside the scope of the unclassified contract with the cleared U.S. defense company.

Counterintelligence at DSS

Cleared defense contractors submit suspicious contact reports (SCRs) to the Industrial Security Representatives (ISRs). ISRs, after initial review, provide those SCRs to the DSS CI Office. The DSS CI Office is charged with the responsibility for receiving, analyzing and referring information on these suspicious contacts. Suspicious contacts include, but are not limited to, any efforts to gain illegal or unauthorized access to classified information or to compromise a cleared employee. In addition, all contacts by cleared contractor employees with known or suspected intelligence officers from any country, or any contact which suggests that an employee may be the target of an attempted exploitation by the intelligence services of another country shall be reported to DSS, and to the FBI if actual, probable or possible espionage, sabotage, terrorism or subversive activities at any of its locations.

The DSS CI Office, in coordination with the applicable ISR, is also responsible for providing training, awareness and information regarding appropriate countermeasures to be applied to neutralize the potential threats represented by suspicious contacts. Many of you may be familiar with an annual report prepared by our CI Office entitled "Technology Collection Trends in U.S Defense Industry." These recurring products have been published to better inform people about the threat, and to encourage reporting of suspicious contacts that may represent hostile intent. Historically, we have found the "Technology Trends" publication to be a valuable tool for increasing security awareness and a useful ready reference on how to best exercise our individual responsibility to protect against the constant threat to our national security posed by the types of collections efforts reported in the "Technology Trends" publication. But since DSS is always looking to improve the services it provides, we are re-tooling our approach to the report this year with the intent of making it a more meaningful, comprehensive and useful product for security awareness and response. We are excited about the prospect this revised publication offers, and we expect to have it delivered to you this December.

In the meantime, please remain vigilant. As employees of cleared contractors you represent our first line of CI defense against the efforts of elements which seek to deny us the competitive advantage we have all worked for, whether in the economic or defense arena. Not every suspicious contact necessarily represents a distinct threat to our national security, but even one contact or suspicious incident, when combined with reports from other sources, may provide us with the information needed to reach the "tipping point" in our on-going battle against a very real, if sometimes deceptive and surreptitious enemy. You can make the difference, and your help is essential if we are to prevail. I thank you for your continued support for the National Industrial Security Program, and I ask you to keep the reports of suspicious contacts coming.