ASSESSMENT: Industrial & Nation State Espionage
Espionage & Industrial Espionage:
This case has been spinning up in the news since it hit the net yesterday but this post begs the questions over nation state espionage versus opportunistic theft of data to sell. Clearly this case has yet to be fleshed out completely by the FBI and others but it seems at the first blush though, that this guy decided to steal information with a motive of selling or trading it for money or other forms of remuneration. In either case though, this is a form of both industrial and nation state espionage by the mere fact that the end location of the data was going to be Iran, a nation state that currently is on many lists for boycott. The major issue here that has yet to be worked out though in this particular case is whether or not Mr. Khazaee in fact hand a MISRI handler or not.
When looking at espionage of any kind one has to look at the motivations of the players involved to understand how to classify it. In this case as I said above we do not have a lot of data on the actions of Khazaee save for that he worked for Pratt for a certain number of years and that he was recently laid off by them in August. Here though are the important questions I am asking in light of this arrest:
- Was Khazaee motvated by need for money? (he filed for bankruptcy)
- Was Khazaee stealing as revenge for being laid off? As I remember this round I think they knew they were going to be at a certain date.
- Was Khazaee acting out of an allegiance to Iran?
- Was Khazaee working for SAVAK at all?
- Was Khazaee working for SAVAK for fear of his family still in Iran?
All of these questions being answered will give a good idea of how long he had in fact been taking the documents from Pratt as well as lend an understanding of why exactly he did it. All of these scenarios are possibly reasons that in fact caused Mr. Khazaee to perpetrate the crime. I will say though, that given the circumstances around his history and the slips in OPSEC here that led to his capture (as serendipitous as they may seem) I am thinking that this was more an opportunistic crime than anything else.
ASSESSMENT of Pratt & Whitney Case:
My overall assessment given the information we have to date is the following:
- Khazaee was more than likely acting alone hoping that he could exfil the data to Iran and gain money/job in Iran
- I don’t think Khazaee had a handler here in the US just from the failure of the plan due to his not really hiding the documents very well
- I think notionally he had contacted people in Iran to say he had documents and that he’d like to deal
- Khazaee had MANY signs of being recruit-able and if he was it was missed completely by US security (Pratt/DOD) with regard to clearances
- IF this data was taken from the NON DOD/ITAR areas of the company then there is an access/classification issue on the data
- Physical security needs to start inspecting all bags, boxes, etc at the facilities
- Why didn’t Khazaee take the data electronically on a stick? (mitigation’s are in place)
Overall I am interested in seeing where this all leads. It is not like the Chinese already haven’t stolen the JSF lock stock and barrel basically from hacks in the past (Lockheed) but I guess if Iran had a hand in Khazaee’s actions at the start then they did not want to pay China for it. My sense of this though is that Khazaee not only fell into poor credit and financial ruin but also may have had negative feelings for UTC/Pratt with his being laid off as well and that motivated him to attempt to make some easy money. I seriously doubt from everything I have seen online so far concerning Mr. Khazaee’s personal life that he was a patriot to Iran to start. As time goes by I am sure we will have more revelations in the news cycle to chew on.
I will say though, with this being the second incident of late for Pratt regarding escapes of data like this that they will be in the hot seat a bit with the government….