When Trust is Broken: High-Profile Recent Insider Espionage Cases in the U.S. Military

When we think about national security threats, images of hostile foreign actors or cyber-attacks often come to mind. But what happens when the threat comes from within? This question was dramatically highlighted on June 24, 2022, when Ethan Phelan Melzer, also known as Etil Reggad, pleaded guilty to charges of attempting to murder U.S. service members, providing and attempting to provide material support to terrorists, and illegally transmitting national defense information.

The Case of Ethan Phelan Melzer

Ethan Phelan Melzer, a 24-year-old former U.S. Army private, was arrested in June 2020. Melzer’s disturbing plans were laid bare when it was revealed that he had been actively plotting an attack on his own unit. As a member of a neo-Nazi and white supremacist group known as the Order of Nine Angles (O9A), Melzer was driven by extremist ideologies. His objective was to orchestrate a “jihadi attack” against his fellow soldiers by leaking sensitive information about their deployment to a supposed al-Qaeda operative.

Melzer's plot was disrupted before it could come to fruition, but the incident underscored a grim reality: the potential for insider threats within the military and other national defense institutions. This case serves as a stark reminder that the enemy can sometimes be one of our own, undermining trust and compromising security from the inside.

The Case of the US Navy Serviceman

In another alarming incident, a US Navy serviceman was recently caught selling classified military radio documents to China. Jinchao Wei, also known as Patrick Wei, a sailor on the USS Essex, was charged with espionage after allegedly receiving thousands of dollars for providing sensitive information to an intelligence officer from the People’s Republic of China (PRC).

According to court documents, Wei began communicating with the Chinese officer in February 2022. He supplied detailed information about the ship’s radio systems, including diagrams and specifications that could potentially be used to exploit or counter US military communications. This breach of trust not only jeopardized national security but also highlighted the significant risks posed by insider threats within the military.

Wei's case is a stark reminder that insider threats are not confined to ideological extremism. Financial incentives can also motivate individuals to betray their country, showcasing the diverse motivations behind such acts of treachery.

Understanding Insider Threats

Insider threats are posed by individuals who exploit their legitimate access to inflict harm on an organization or its members. These threats can come from current or former employees, contractors, or associates, and can manifest in various forms, including espionage, sabotage, theft, or violence.

The main issue with insider threats are that the organization has already vetted, given access and otherwise trusts the individual. Most security measures are not setup to monitor and prevent insider threats, instead they were what I call front heavy security, where all security is focused at a few external choke points and anyone beyond them is assumed to have authorized access.

The second, and possibly more damaging threat from insiders, is that our physical layout often involves a relatively flat and trusting network. Meaning that most organizations have setup a building such that anyone with access to the building from the CEO to the intern has access to 95% of the building and as such anyone who turns on the organization already has full access.

Making this more complicated, it can be difficult, if not impossible to decipher normal behavior and work from espionage. If an employee copies sensitive files onto a flash drive, can your organization detect this? If so, would you prevent it? It’s entirely possible that this is a harmless and even necessary action on the employees part … then again, its possible this is the first step of an employee becoming a threat actor.

If an employee goes into a board room, even for only 5-10 min should you call a sweeper team, or is this harmless or normal employee behavior?

Insider threats are arguably the most difficult threat to combat, because we are dealing with individuals who have already been vetted, given access and have a real job to do.

Frequency of Insider Threat Incidents

Insider threats within the national security sector occur with alarming frequency, highlighting the need for continuous vigilance and robust security measures. According to the FBI, insider threats are a persistent issue, with multiple high-profile cases reported annually across various government and military branches​ (Federal Bureau of Investigation)​​ (Federal Bureau of Investigation)​. The rise in such incidents can be attributed to various motivations, including financial gain, ideological beliefs, or personal grievances.

For instance, the FBI has documented numerous cases where individuals with access to sensitive information have exploited their positions for personal gain or to benefit foreign entities. These incidents often involve the unauthorized disclosure of classified information or trade secrets, which can have severe implications for national security and economic competitiveness​ (Federal Bureau of Investigation)​​ (FBI Archives)​.

A 2020 report by the Ponemon Institute further underscores this issue, noting a 47% increase in insider threat incidents over two years, with the average annual cost to organizations being approximately $11.45 million​ (Ponemon Institute Report)​. This data illustrates the widespread and costly nature of insider threats, necessitating comprehensive detection and prevention strategies.

Conclusion

While traditional security measures focus on external threats, it is imperative to remain equally vigilant about those within our own ranks. Strengthening our defenses against insider threats involves a comprehensive strategy that includes rigorous vetting, continuous monitoring, education, and support for at-risk individuals.

Understanding that insider threats occur more often than you might think and are the most difficult to detect and prevent is the first step in mitigation. That said, regular audits, pentesting and internal security assessments are crucial to limit both the probability of these attacks and the potential impact they pose.

Training Resources:

For individuals looking for a hands on training that includes all of the above topics, Covert Access Team (covertaccessteam.com) provides training courses focused on physical penetration testing, lockpicking, bypassing techniques, social engineering and other essential skills.

• Covert Access Training - 5 day hands on course designed to train individuals and groups to become Covert Entry Specialists

• Physical Audit Training - 2 day course on how to setup and run a physical security audit

• Elicitation Toolbox Course - 2 day course of that primarily focuses on elicitation and social engineering as critical aspects of Black Teaming

• Counter Elicitation - 2 day course on how to recognize and prevent elicitation attempts, and safegaurd your secrets.

• Cyber Bootcamp for Black Teams - 2 day course designed explicitly for physical penetration testers who need vital cyber skills to add to their toolbox.

• Private Instruction - Focused learning & training based on your needs .