Schneier on Security
A blog covering security and security technology.
« Thoughts on the Security of qmail |
| Dan Egerstad Arrested »
November 16, 2007
Possible Hizbullah Mole Inside the FBI and CIA
The case is clearly a major embarrassment for both the FBI and CIA and has already raised a host of questions. Chief among them: how did an illegal alien from Lebanon who was working as a waitress at a shish kabob restaurant in Detroit manage to slip through extensive security background checks, including polygraphs, to land highly sensitive positions with the nation's top law enforcement and intelligence agencies?
Here's another article.
Posted on November 16, 2007 at 12:12 PM
• 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Glad to see it is not jsut us here in th UK, http++//www.guardian.co.uk/immigration/story/0,,2210521,00.html?gusrc=rss&feed=networkfront, that like to take bck ground security checks to another level!
Be afraid. Be very afraid. If Hizbollah managed to sneak in a mole, so did the Scientologists.
She was apparently trying to get information about people in her family that have ties to the Hezbollah (and yes guys, this is how its spelled), not necessarily a terrorist trying to gain information to hurt us. The feds got to be flippin some big rocks now, if this chick was able to infiltrate the intelligence communities; that probably means that many other countries have been successful in getting their own moles inside, and the feds know this.
I think I'd pay more attention to your preferred transliteration of an Arabic word if you could spell "woman" properly.
@ J Roca
Actually, it's spelt:
In English the stress is most commonly placed on the final syllable, as suggested in the Shorter Oxford English Dictionary (this is in accord with the Persian pronunciation, of Iran); in the Arabic of Hezbollah's theatre of operations it is most commonly placed on the second syllable. Hizb (party) is the Modern Standard Arabic pronunciation, and hezb is closer to Persian and Lebanese dialect.
"The next year, Prouty's sister, Elfat El Aouar, married Chahine. And less than a month later, Prouty accessed the FBI case management system "without authorization, and beyond her authorized access" to query her own name and that of her sister and Chahine. She also began taking "an unknown quantity" of classified information home with her, against FBI policy, the court records state."
... I think one thing this story highlights is that when the government (or a corporation, for that matter) collects a database of information, it's not just "the government" or "the police" or "a big corporation" that has that information; it's also a lot of individuals with their own agendas. If the police know your bank account information and your abusive ex-husband's old friend's wife works for the police in a position to find it out... etc.
"an illegal alien from Lebanon"
We're not that spooky :)
"Including polygraphs"? That's a joke, right? Please tell me that's a joke.
One of the reasons she was able to get as far as she did was precisely because DoD is jammed full to the rafters with people who spell the word "woman" all KINDS of wrong. ;-7
"If the police know your bank account information and your abusive ex-husband's old friend's wife works for the police in a position to find it out... etc."
Exactly. Whether it is "the government" or "the police" or whatever ... it is just a LOT of people. And in order for your information to be safe, each of those people with access must be trusted.
If the system was set up correctly, the instant she accessed that file she would have been flagged.
".... how did an illegal alien from Lebanon .. manage to slip .... highly sensitive positions with the nation's top law enforcement and intelligence agencies?"
Me thinks she used the same door that that East German Spy used into JFk's bedroom .. or the fat one into Bill Clinton's
Do you think our security agencies ought to be fashioned after the eunuchs guarding a Turkish harem.
I'm sure that's still no good reason to rethink their overgrown and ever increasing powers though, eh?
The CIA and FBI have been p0wned by a shish kebab waitress, and the men with the black glasses look like a bunch of tools.
You've got to respect the lady.
I thought polygraph operation was mostly a bluff -- that it's not terribly accurate by itself, but it does fairly well if subjects are thoroughly convinced that its application means that they will be harshly confronted with any lie they tell during a session. Under those conditions, a stage prop would also be reasonably effective, but if someone grew up outside the U.S. and wasn't brought up to believe in polygraphs, would they work?
To my mind, the inclusion of the polygraph so prominently in the description of a standard background check casts the whole procedure into doubt. Are they also consulting astrologers and casting bones? But perhaps the polygraph test isn't a particularly significant part of the check, and it was only listed because the journalist picked it out as familiar.
I sympathise with the intelligence community on this one. There is a critical need for Arabic speakers and native speakers are the best option. There is always a risk associated with this course of action but until enough 'home-grown' intelligence ops can read and understand Arabic fluently it is a risk that has to be taken. Only one question remains: is it a tolerable risk?
I guess the government's surveillance of shish kebab sales (http://cqpolitics.com/wmspage.cfm?parm1=5&docID=hsnews-000002620892) didn't have the intended results.
Gosh, she got past a polygraph.
I wonder how well she rated on the ouija board, psionic crystals and tarot cards.
It's disappointing to see this kind of mumbo-jumbo getting any mention on Bruce's site.
Geez, can these spooks mess up their image as a bunch of keystone-cops anymore than they have?
There are several classifications within TS that require polygraphs, and a few systems that use them more actively than others.
But as a general rule, even to get to the point where that is even an issue though you have to have already been minimally through a SSBI (Single Scope Background Investigation) which goes back 10 years. Possibly with multiple additional tiers of screening based on their level of security clearance.
It has helped to catch spies before, but I think it's mostly there to provide a disincentive.
Nothing new. On "24", the Central Terrorism Unit has a mole EVERY SEASON.
There is a significant difference between screening people by polygraph and by crystal ball or ouija board. The difference is that the US Goverment used the polygraph, but not (say) tarot cards. I am unaware of any significant demonstrated difference in reliability between polygraph tests and horoscopes, but for some reason the US Government has picked polygraphs rather than numerology or palm reading.
I believe that US Government security procedures are relevant to Bruce's blog, which is why the polygraph is mentioned, but summoning dead spirits to testify is not.
While it seems likely the FBI has faults in their screening procedures, they may also have an issue with social engineering - in that the subject managed to exceed her authorization level and not trip any access alarms ... which suggest she used someone else's password, and everything looked normal.
@Llywelyn: "It has helped to catch spies before, but I think it's mostly there to provide a disincentive."
Such background checks are mostly there to filter out people who would be good candidates for suborning: people who habitually need money or who have secrets they could be blackmailed with. I doubt there's any way of measuring its effectiveness.
Anybody ever had to sit through a full scope poly for a TS/SCI ?? It sucks, even if you know it's bogus. These guys are from the government, they know everywhere you've lived and they're not afraid to call you a damn liar. I failed like infinity times. It doesn't get easier with practice. I still cry.
Clenching the butt cheeks? Honkey, please.
I love eating at La Shish (actually, there's a small chain of them in the Detroit area) and it's my wife's favorite place. Can't recall whether I have ever dined there with Bruce, but I might have. I wasn't expecting La Shish to come up in this sort of context, though...
Thanks for funding terrorism, Bill!
Just kidding, though I did stop going to La Shish and Talal's after Talal Chahine was charged and he fled the country. I miss that bread and hummus.
Link bait and unsubstantiated. Claims are not substantiation.
In spite of the claim about all the questions this question raises there is only one real question.
Apparently it concerns spelling Hezbollah.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.