What the Pentagon Leaks can Teach About Protecting Classified Information

What the Pentagon Leaks can Teach About Protecting Classified Information

The US Government spends huge amounts of money and time to vet people with access to military and diplomatic secrets. So why did it take over a year for officials to learn that Jack Teixeira, a Massachusetts Air National guardsman, was posting classified information on the social media platform Discord? How did this troubled young man of twenty one with an arsenal of weapons at his home get hired to serve in such a sensitive position?

This question was further compounded when court documents revealed Teixeira was suspended from his high school when a classmate overheard him make remarks about Molotov cocktails, guns, and racial threats. His firearm identification card applications in 2018 and 2019 were denied over concerns by his local police department about comments he had made at his school. Yet, this fact never came to light during top secret clearance due diligence investigation prior to his hiring.

As officials rush to deal with the fallout of the leaks, they are being forced to answer questions related to how staff are hired and vetted and how employee activity is monitored over time.

To best understand this issue, we need to look at the critical nature of the information Teixeira posted.

What the leaked Pentagon documents revealed

A Discord user profile matching Jack Teixeira’s started sharing secret intelligence about the war in Ukraine less than 48 hours after Russia began its invasion, according to The New York Times. Claiming to be posting information from intelligence agencies, the poster mentioned casualties on both sides, Russia’s spy agencies’ activities, and details about aid to Ukraine. When questioned by another user, he boasted: “I have a little more than open-source info. Perks of being in a USAF intel unit.”

Among these revelations, he posted proof of the presence of a small number of Western special forces operating inside Ukraine, a detail that could potentially create conflict with Moscow, which has argued that it is not just confronting Ukraine, but NATO as well.

In addition, some of the other leaks include:

-The US believed that UN secretary general Antonio Guterres was too willing to accommodate Russian interests, according to files which suggest Washington has been closely monitoring him.

-China’s cyber-attack abilities were designed to exploit and hijack satellite links and networks as part of its strategy to control information.

-South Korea was torn between US pressure to send ammunition to Ukraine and their policy not to arm countries at war. They have been reluctant to arm Ukraine for fear of antagonizing Russia.

 How did such a major breach of security happen?

Teixeira had to fill out an extensive questionnaire and be vetted by the Defense Counterintelligence and Security Agency to be granted clearance. The fact that he was suspended three years prior for making threats and talking about guns was somehow not known or seen as relevant. 

Furthermore, questions have arisen as to why his online postings were not caught sooner. Experts have weighed in to say it is likely that the Pentagon does not bother monitoring social media accounts unless they are given a specific reason. Some Pentagon officials said that the Teixeira incident shows the importance of colleagues reporting any suspicious behavior, as they may be better at spotting problems than commanders, who only see the employee on their best behavior.

Carrie Wibben, the DCSA’s former deputy director, has said that background checks include high-level reviews of social media posts but that more invasive searches are off-limits because of privacy safeguards. One major component of the government security clearance is interviews. Special investigators speak to family members, references, and other contacts within the subjects network in order to gain a clearer understanding of the individuals. For top secret clearances, the interview portion has add layers, often speaking to contacts mentioned in first round interviews. If Teixeira’s clearance investigation included these interviews – and there is no reason they should not have – then based on his evident antisocial and anti-authority tendencies, it means the respondents omitted crucial information.

What can a company do to protect itself from leaks by employees?

Recent events show how crucial it is that employees with access to classified information are vetted properly. It also underscores the importance of monitoring for red flags that might come up, as well as making sure that sensitive information is compartmentalized and that only the need-to-know have access to it.

Companies can leverage technology to monitor employee web activity, including the dark web. This is often accomplished using specially designed platforms deploying a blend of Artificial Intelligence, Machine Learning and Big Data Analytics. These tools allow for the critical monitoring of deep web sources like chan sites and message boards that searches on traditional sites like Facebook would overlook. 

It makes sense to use professionals to perform comprehensive due diligence. This process should include contact with law enforcement, personnel, government, and industry sources. 

How Interfor can help

Our field investigators all over the world are well equipped to do the due diligence required to fully vet new employees. They are supported by a research division, drawing information from more than 3,000 databases and a network of relationships with law enforcement agencies and special sources developed over 40 years of business.

We also use cutting-edge artificial intelligence that scours open source media and the Dark Web to make sure critical information that could be utilized by bad actors is not overlooked. We make use of relationships available at the local level. This includes verification of physical assets and contact with local law enforcement personnel, government, and industry sources.