The Game Is Afoot
The Justice Department said that Fondren, 62, start providing business consulting advice to a Taiwan-born US citizen called Tai Shen Kuo around February 1998, about two years after he retired from the US Air Force.
Fondren continued the arrangement with his friend even after becoming a civilian employee of the Pacific Command in August 2001, where he held a “top secret” clearance with a classified computer in his cubicle.
Unbeknownst to Fondren, Kuo was working under the direction of a Chinese government official, the affidavit said without identifying the official. Kuo had introduced Fondren to the official in about March 1999, it said.
The official instructed Kuo to mislead Fondren into believing that his information was destined for Taiwanese military officials, it said.
FBI investigating agent Robert Gibbs wrote that wherever Fondren thought the information was ending up, it was clear that he broke US law by “knowingly” handing secrets to “an agent or representative of a foreign government.”
Sure, we hear all the time about how the wiley Cinese are hacking our unprotected networks, but little of late have you heard of the old skewl HUMINT being carried out. Well, here you have it. This gambit by the Chinese is interesting in that perhaps this guy was “mislead” into believing that he was helping Taiwan in the process of committing a serious crime against the state. I am unsure that this was a motive, but, he did not make big money from the cutout, so it may well be “a” motivation.
Like I said, the game is afoot, and the Chinese are not the only players here. Don’t forget that the Bear is back too! All too many times people are too focused on the technical side of things since the advent of the firewall. It is no surprise now that many of the attacks in the hacking world actually hinge on social engineering as the human element is the weaker one. There is much to be said about HUMINT being used not only for nation state intelligence gathering but also for corporate espionage.. Which brings me to the next little gem from CICENTRE:
David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron’s rival, Texas-based AMX Corp., at the time.
“He was able to figure out what their default passwords were, which they never changed,” said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor’s Office.
On the one hand this story says “DOH!” they have DEFAULT passwords on KEY SYSTEMS! Gee, who’da thunk it huh? But, this guy really worked it from a social angle too. He inserted himself into the community and worked the folks there to get what he needed. Quite the engineer really.
Moral of the stories? Just don’t focus on the technical.. Just because you have a firewall does not mean that the insider threat is removed from the picture.