The FBI has arrested an alleged leaker of sensitive and highly classified U.S. military documents on the Ukraine-Russia conflict, arresting a 21-year-old Massachusetts Air National Guardsman and accusing him of posting the documents on a Discord server.
That individual, Jack Teixeira, was an IT worker for the Air National Guard, working as a Cyber Defense Operations Journeyman, according to an affidavit that was unsealed Friday. That role, essentially a junior security system administrator tasked with supporting IT systems, included access to sensitive compartmented access and other highly classified programs.
The information disclosed in the leaked documents included details on the U.S.’s ability to deeply spy on both adversaries and allies, as well as detailed information about ground movements of troops in Ukraine.
With the help of a Discord user, the FBI was able to identify the Discord account and discover Teixeira’s identity, including his address. They easily discovered that Teixeira was employed by the U.S. military.
U.S. agencies were able to access logs of documents accessed by Teixeira and compare them with what was being posted on Discord and when. In addition, U.S. agencies that monitor searches conducted on classified networks discovered that Teixeira used his government computer to search classified intelligent reporting for the word “leak” as the story began to make headlines.
Insider Risk Management
This is a perfect example of why organizations need to take insider threats and securing highly privileged accounts very seriously.
According to a recent Microsoft report, the average organization has about 12 insider risk events each year, with about one-third of organizations reporting an increase in their insider risk event occurrence in the past year.
Microsoft’s report, “Building a Holistic Insider Risk Management Program,” also identified IT professionals as the most associated with being at risk for abusing or leaking data. IT was far and away the most identified with 60% seeing IT as highly at risk. Second was finance and accounting at just 48%.
“This makes it all the more important to ensure that the security and IT teams investigating insider risks have strong auditing and approval controls in place, to make sure that their actions are in the best interest of the organization,” the company said in the report.
Another recent report from insider risk management provider Code42 finds that companies with an insider risk management program in place saw a 32% increase in data loss incidents, and 71% expect data loss from insider events to increase over the next 12 months.
The report, the culmination of a survey of chief information security officers (CISOs), found that 82% of CISOs say data loss from insiders is a problem for their organization.
Insider events have devastating effects on organizations, with 79% of cybersecurity executives saying they could lose their job from an unaddressed insider breach. In addition, security leaders said insider risk was the most difficult type of threat to detect, according to the report.
In this case, it’s more than just jobs and a company’s reputation at stake–it could be someone’s life.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!