This affidavit is a laugh riot so far. Guy has a background in infosec, an holds a CISSP cert, among others. The FBI sends him crypto and what does he do?!
(1) immediately opens a KYC custodial account
(2) xfers the crypto there
(3) converts it to USD and sends it to his KYC bank in Colorado.
You can't make this stuff up. Also I love how (ostensibly either proton or tutanota) is referred to "Foreign Email Provider". They should buy ForeignEmailProvider.com and make it another email domain for their users. I would love hackerman69420@foreignemailprovider.com
One of my deep background worries is how many criminals aren't caught because they don't make amateur mistakes. You always read these indictments and the perpetrator served themselves up on a silver platter. But what about all of those unsolved crimes that might simply be unsolvable!
This is FUD, but don't discount the fact that the 'easy' path to catching this criminal could be fabricated in order to hide the real, more intense, methods used by the authorities to uncover Jareh.
Well this takes the testing of compliance with regulations to a new level though. And here I am, doing my daily and weekly chores with HoxHunt and two other Q&A websites on our compliance procedures. And these aren't intellectual questions or anything - rote memorization is what they are striving for. I wish they would just send me crypto and be done with it.
The FBI got lucky that one of their honeypot email addresses was the inbox. And then obtained records corroborating everything, such as from Kraken.
and the access logs of the top secret material from the agency's systems.
The access logs said Dalke accessed. Kraken's logs said "there were deposits of Monero in Dalke's accounts that are the exact amounts you sent Dalke, accounting for exchange rate fluctuations". Kraken's KYC records said "here's Dalke and his addresses". The UPS store he was using for an address said "Yep, Dalke keeps a drop here". The bank account connected to Kraken said "Yep, its Dalke". The setup at Union Station in Denver was for Dalke to come there between 11:30am and 3:30pm on September 28th, the affidavit ends 1 day before that, and Dalke was arrested in that exact location the next day.
okay, explain the parallel construction possibility?
he would have been emailing anyone and the compromised wires picked it up for the FBI to then begin their sting operation?
The FBI still had to do the work, but I think its also plausible that they have a bunch of honeypot email inboxes around. I think since they had to do all the communication as well as the transferring of funds that it's not really parallel construction, at least in any controversial way for evidence collection. They got additional evidence that doesn't need creating a rationale retroactively.
I'm more worried about all the criminals that are out there not being caught because we won't crack down on what they're doing, not really because they're some kind of masterminds.
> Notwithstanding these measures, MTIC fraud remains a problem for the EU. As at November 2018, calculations estimating the annual costs of the fraud range from €20 billion up to more than €100 billion (depending on methodology adopted).[21] An EU Parliament study in October 2018 found that MTIC/carousel fraud is the most damaging type of cross-border VAT fraud with an estimated €50 billion losses on average per year.
France is also hemorrhaging billions through social benefits fraud, they don't even attempt to recover most of it as they don't have the manpower
I would be extra careful about the "billions" of social fraud in France.
Wikipedia make a difference between the shortfall due to unpaid contribution (undeclared work for example) and the loss due to benefit fraud.
Different figures are given but it looks that most those "billions" are in fact shortfall and not benefit fraud.
Most criminals are never caught. There is lots more crime going on than you might think. A lot of academics and journalists present crime as 100% captured by official statistics. Prosecutors do a lot of prioritizing.
Drug crime gets a lot of attention because the statutes are written in a way that makes the crimes very easy to prove. It’s far easier to prove the elements of a drug possession charge than it is to prosecute something like fraud.
Authorities go after the lowest hanging fruit or the most visible. Targeting the most visible feeds back into peoples perception that if they commit a crime they will get caught.
The authorities are strategic in their approach but at the end of the day they are operating on finite resources.
The advantage the authorities have though is that they are playing offence. They can make plenty of mistakes and still achieve their objective.
Criminals just have to make one mistake and it can undo all the she effort they have made to mitigate risk.
This reminds me of a thought I had a few years ago. A Sheriff in my state was arresting for buying IT equipment using department funds (I think it was Cisco gear) and selling it on eBay and pocketing the cash. He had done this a bunch of times. As someone who works in local government and knows how things work here, my thought was instantly the following:
-> some gear get purchased bet never used/installed for a few years. Sits around gathering dust.
-> Sheriff sees this, takes it home sells it on eBay. Nobody notices or cares. It wasn't being used after all.
-> Sheriff finds other unused gear, takes home and sells it.
-> No valuable unused gear left, so Sheriff starts buying stuff simply so he could take it home and sell it.
-> At this point it is noticed. Seriff gets found out and arrested.
If it was just the first step, nobody would have noticed and the guy would have pocketed $20k or whatever, and no one in the world would have been the wiser. The auditors may have eventually discovered the piece missing, but long after any video recordings expired, and the original purchase was perfectly legit. But greed combined with stupidity got the guy arrested.
Only explanation I can think of is dude planned to leave the country shortly and figured he'd be gone by the time he got caught so there was no point in covering it up.
Also based on the value the crypto was Monero (and he use Kraken, which is only big US exchange that converts XMR/USD pair), so he probably didn't realize even though it is difficult to directly trace where it came via the blockchain the exact unique amount deposited on KYC exchange fucked him. A naive Monero user would probably think "impossible to find where monero came or went from, so I'm safe" not realizing they're leaking out the side-channel by depositing a unique amount on a centralized exchange.
"His resume also states that
he has specialized training with federal law enforcement related to digital forensics and incident
response, dark web investigations..."
Lol, I suppose he's guilty of lying on his resume too!
Yeah openssl CLI is so incomprehensible. And some parameters have to be configured using .conf files, ewww. The C API is hardly any better.
When I read the RFCs behind the stuff to write what I needed in Rust, suddenly it dawned on me: wow this stuff isn't nearly as complicated and horrible as openssl's interface makes it seem like.
I didn't expect the knowledge of the cli to do it immediately, this person didn't even know they could do it. "openssl dgst -sha256 filename". An answer that they'd need to check the man page would've been sufficient...
Does anyone have a tutorial on using the openssl cli? It seems to barf on some inputs if it's not exactly perfect or you miss a step in the stack overflow answer.
Honestly I would expect some to be more familiar with the hashXsum tools.
I'm guessing he fell for some internal honeypot, and that led to his immediate termination and subsequent monitoring. Then he also transmitted the honeydocs and the rest.
Sure they traced the crypto but that's not how they got him.
I find it hilarious that he got hired to a security oversight position, started trying to sell his employers' property off the back of a truck, and became the target of a FBI sting operation all in the space of 3 weeks. How naive do you have to be to think that you're not being closely scrutinized, both because it's the freaking NSA and because you're within the normal probation period for a new job?
Perhaps a worse punishment than the inevitable long prison term is the fact that this guys entire trip through the alimentary canal of our criminal justice system is going to have a continuous laugh track.
Damn, this guy speedrunned getting fired with maximal consequences.
I don't even know if any of us could ever pull this off unless one works for a defense contractor. Even if I did something horrendously malicious like selling trade secrets from my current company to some foreign competitor (e.g. Huawei, Tencent, or whatever Chinese cloud companies are these days?), I don't know if I could wrack up 3 counts of violating a law with the death penalty as consequences in as many weeks.
not true. prior convictions and prior drug use need to be declared on the SF86 during interview by your agency. most agencies deprioritize cannabis entirely. these factors along with mitigating factors will determine your adjudication and clearance level
Does FBI catch actual criminals anymore? It seems that every success of theirs consists of finding a weak minded individual, talking him into doing something illegal, maybe even supplying him with weapons or some other incriminating evidence, then arresting him a couple of weeks later.
Do they have some sort of quota of how many terrorist they need to catch a year in order to get a bonus?
"Ray Epps became the unwitting face of an attempt by pro-Trump forces to promote the baseless idea that the F.B.I. was behind the attack on the Capitol."
That's exactly it. I wouldn't be surprised if EVERY NSA employee - especially new hires - frequently get their integrity tested like this.
I mean a lot of corporates hire companies to send fake phishing mails to employees - I got caught out a few times by that because I clicked a link on emails thinking "wtf is this about". The issue there of course is that the enterprise I'm working for at the moment sends tons of "wtf is this about" emails. Currently I've got about two dozen emails from some guy updating all 100+ people in the IT organization on their deployment process, every hitch they run into, plus fixed timed updates.
The guy only worked there for three months, and there was an FBI sting operation against him. Is this something they routinely do to new employees, or maybe they found out something right after his hiring? It isn't strange that an employee was doing something wrong, they got wind, and set up a sting, but the timetable is crazy short.
Let me put it to you another way. New guy turns up, starts printing off a whole bunch of highly classified docs that don’t relate to his actual job and then suddenly has to leave due to a vague “family illness”.
He is basically a walking profile of insider threat behaviour modeling.
I don’t think it was anything other than his stupidity that put him on the radar so quickly. Reading the indictment it’s clear he was a bit of an idiot.
Yeah, but... why does a new guy even have access to a bunch of highly classified docs that don't relate to his actual job? That's an epic fail by the NSA. I mean, good job catching him. Now close the door that he walked through when he found it open.
The affidavit says that he had access to more documents than he was supposed to because of a "misconfiguration". Or at least, that's what he told the undercover agent.
Given that his access of the documents was logged anyway, it wouldn't surprise me if the misconfiguration was itself a honeypot, using documents that are relatively low-value but still classified.
Wonder what the content of the documents is if they indeed are a honeypot? Presumably one wouldn’t put any actual secrets but that presents the problem that one would need to know the real secrets to plant fake ones. Additionally the fake ones would implicate some real person, presumably which is problematic if a sophisticated hacker exfiltrated successfully without detection.
I could never get anything done in espionage. I’m far too paranoid.
The article mentions it contains information on how the US performs cyberattacks. I'm sure it's fairly easy to make that look very convincing if you're new at the organization. I mean if it just mentions there's an SSL tunnel into an energy company somewhere, are you going to test if it works or consider it juicy enough to sell?
this type of material is known as 'chicken feed' and it is curated in order to look valuable while not disclosing anything more damaging than necessary.
Thought the same myself. There was a skunkworks documentary a long time ago with engineers who worked on the program. Their cover was TV technicians or something else bland. He said one time he was approached by a women at a bar who was way out of his league. She was pushy and questioned about his work for a while. The engineer always thought it was a test by the government.
Sounds like a pretty reasonable test. I've heard from multiple people who worked in the nuclear weapons industry that said that the random, way out of their league women stopped hitting on them once their clearances expired.
If you were married, this would likely be blackmail material.
Occasionally, though, it does work like you say. I think there was some Asian(?) politician that they tried to blackmail after something like this, and he basically said: "Hey, could you send me a copy of the sex tape? She was smokin' hot, and I'd love to have the video."
John McAfee (a known liar, so take it with a grain of salt) claimed in one of his interviews he gained and kept a clearance despite adultery and drug use by being brutally honest publicly about it all, so he was utterly unable to be blackmailed.
It's strange that they would give a security clearance to someone in a bad financial situation. I would think it's quite rare for the FBI to run a sting against an NSA employee... perhaps he wasn't targeted at all, but went out looking for someone to sell information to.
Agencies are well known to not pay competitively, even in IT roles, but when I think about the obvious solution which is to pay more, I immediately think of the uproar and accusations that would come with a government official getting what some might consider a 'lavish' wage even if it is industry standard for the skillset.
I'm looking at this to be possible more like when you have company wide phishing tests going through the emails, and it catches Brenda the new person in accounting who's still on their probationary period.
That's what contractors are for. Snowden was making something like $150k for a fairly basic sysadmin role, and I'd imagine he was nowhere near the top of the contractor pay scale. That is a whole separate issue though, with contracting companies acting as middlemen taking a fat cut, often just for knowing the right people. Not to mention the issue of having a revolving door between the private and government parts of the military industrial complex, like with the SecDef being a former Raytheon board member (and before that, a general).
If the Snowden personal W-2 gross was 150k, booz was almost certainly charging the nsa $285k for him. Pretty standard federal contacting markup for a "body shop" agency.
And just like every other case in US government contracting, the american people overpay for pretty standard functionality because half of the citizens think it's unconscionable for the government to do anything.
When going through the security clearance background check for NSA, it's the FBI who investigates. It used to be the previous 7 years, neighbors and pretty much all acquaintances. It's extremely tedious figuring all that out when just out of grad school, for example.
Yeah I found this a little confusing as well. They surely knew about the previous bankruptcy mentioned, and the current debt during their security clearance check. That'd surely be a big red flag for high level clearance.
If I was going to work in that sector I would kind of assume that any delightful surprises or exciting new people I met outside of work had strings attached for at least the first year or two.
It sounds like the FBI has an website/email account set up like "I_AM_A_RUSSIAN_SPY@gmail.com".
People email that account with offers of providing information to the russian government, and then the FBI goes and sees who had access to the documents which get sent over. In this case, only one person accessed all the documents, so even if he doesn't identify himself to I_AM_A_RUSSIAN_SPY@gmail.com, they still get him.
It doesn't seem like this person was specifically targeted or had an operation against him. He just fell into the honey pot.
It was the other way around. They reached out to him using a foreign email service provider and mentioning something vague about mutual benefits. He took the bait.
Everyone subject to a background investigation in this sphere has their 4A rights suspended by executive order. They can and will apply all forms of domestic surveillance on such people.
I interned at a NSA contractor in college and applied for a clearance. They called me 3 years later to tell me it was approved after I was working somewhere else, in a totally different industry.
Say you are the CTO or engineering security staff of say Google.
What is the first 3 months of employment called behind the scenes?
Probation.
It's not just a nickname, as one would track all accesses to anything and
higher access rights would obvious follow proven trust. And one might even set up
honey pot traps to weed out the bad actors even.
How does this persons name have no google footprint before today? I searched "Jareh Dalke" and limited searches to before September 22nd, and the only thing that popped up were stories from today that bypass Google's date feature. Not even the endless spam personal information sites popped up for the name. Nothing else pops up.
Has there ever been a case where two undercover agents are trying to play the other one? Not knowing each other are agents.
Or a situation where the guy who an undercover agent approaches tells his superiors? Who then want him to go undercover to find out who the suspected foreign agent works for.
I want to see a movie where a major criminal organization is completely overrun by undercover agents of various governments/agencies, but none of them know it so they keep the organization running for fear of being found out. The true criminals have long since retired.
There is a real example when a government spy actually led a terrorist organization: "Azef, a double-agent in the employ of the Tsarist secret police Okhrana, changed the Terrorist Brigade's mode of attack from firearms to dynamite" https://en.wikipedia.org/wiki/SR_Combat_Organization
Part of the reason they never tried Ross Ulbricht for the hit jobs is because a rogue FBI office in Baltimore was staging the hits in a studio (the evidence to show Ross, to get the rest of the payment), and the FBI office in Chicago also investigating Silk Road was like "why are you guys roleplaying, this can't be as cringy as it looks, what is going on in Maryland", and the Secret Service and DEA agents were roleplaying as moderators on Silk Road and creating fake controversy to both Ross Ulbricht and the FBI offices investigating, just so the Secret Service and DEA could extort Ross (for the fake hits) and ride off into the sunset with the money, landing a movie deal with Fox. They're in jail now. And the hitman stuff was dropped under equally fake pretexts just to save face.
The Secret Service and DEA agent were being tried at the same time as Ross Ulbricht was, this information and evidence was kept from Ross and his trial and only came to light afterwards. Wasn't accepted in the appeal. Sentencing didn't factor any of this in either. Embarrassing case.
I recall a news story from a few years ago (can't find it now)...
There was once a bank that looked the other way when lots of shady cash came in, allowed transfers of those amounts to to foreign banks, basically ignored KYC rules, etc. Word got around, and lots of criminals all over started using this bank for all of their money laundering purposes.
Some banking authority started noticing a lot of suspicious transactions, and was preparing to shut the whole thing down, disconnect the bank from all transfers, raid offices, arrest employees, trumpet press releases about how they're protecting the American financial system, etc... (ie, exactly what they are supposed to do).
The bank was, of course, a honeypot run by some other 3-letter agency, who was actively facilitating money laundering in order to collect enormous amounts of info about who was involved.
(basically the banking version of that 'encrypted phone' scheme).
The raids were mere hours away when someone put two and two together, and managed to get it called off.
Happens with attempted infiltration of activists groups. I recall one case where undercover agents from two separate agencies started showing up at meetings of some local environmental or anti-nuclear group and they started writing profiles about each other noting how the other person didn’t really seem to fit.
Interesting to think that, with a little information, you could pull up the cryptocurrency transaction (assuming it's not a secret ledger like zcash) and trace how the FBI funded the wallet.
I tried that exercise after reading the affidavit, and determined they were using Monero (XMR) which makes this task much more difficult if not impossible.
You can find some pretty interesting improperly redacted documents all over PACER. Usually it's defense attorneys who don't realize that blacking out text in Adobe doesn't remove it rather than the government though.
There's one about a Colombian paramilitary leader/drug trafficker turned informant which improperly redacted all the people he informed on: https://storage.courtlistener.com/recap/gov.uscourts.dcd.184.... This is from like a decade ago but goes to show how this kind of thing can literally put people's lives at risk.
That's not a redaction (these kind of pseudonyms in court filings are different from redactions and are often more about avoiding formal direct statements associating an entity than about secrecy, and are often easily penetrated—e.g., "Individual-1" in the Michael Cohen case), and while one might infer from the interaction of the subject with an SVR TOR server that Foreign Country-1 is likely to be Russia, there is nothing in the affidavit that asserts that the TOR server in question was operated by Foreign Country-1.
Yeah, it was fairly apparent earlier in the complaint what country they're talking about, but that was funny to find. I'm sure it's not the first time footnotes accidently leak info that is supposed to be redacted!
The affidavit indicates that the target selected the cryptocurrency - presumably, he thought he knew what he was doing, but the amounts and times were still cross-correlated after the fact.
What’s always amazing to me is how cheap espionage is. You want the blueprints for nuclear subs that effectively remove an entire class of deterrents that protect hundreds of millions of people? Sure just give me 5/6 figures. This has happened at this price magnitude many times before. At least charge significant money if you’re going to sell out your entire country!
A funny aspect of these stories is “secret” and “top secret” designations.
There was another story about a memo with “top secret” or “secret “ stamps on pages, that an agency had distributed internally. The information was like, use AES-256 for important data, or key length 3072 with RSA. It was all well known material, nothing secret. I was like, WTF!
> There was another story about a memo with “top secret” or “secret “ stamps on pages, that an agency had distributed internally. The information was like, use AES-256 for important data, or key length 3072 with RSA. It was all well known material, nothing secret. I was like, WTF!
Just because there are public recommendations now days does not make the information not classified.
There’s a chance that in the past the recommendation was set out because of attacks that the NSA thought only they are knew about.
Interestingly enough I’ve seen the recommendations change depending on the classification of the document in some leaked secret document there was a recommendation to use some algorithm (RC4?). In the top secret document the recommendation was the same but to discard the first 3072 bytes to avoid a key stream bias vulnerability.
Is the NSA even able to attract quality talent? How desperate must someone be to sell state secrets for just 85k. Most smart kids usually end up doing research or chasing money. Never heard anyone from elite colleges do a stint in government agencies. And given their hiring page it seems they have a lot of openings as well:
I would think so. If you are highly talented you’re set and probably get promoted quickly. After your stint you can do the contractor thing as well. Govt needs a lot of software so you could start a company on just their needs. The key issue is identifying the needs which is easier if you’ve worked there.
It shocks me how little $$ people are corruptible for. Like $85k? You mean like maybe a year of earnings (likely a lot less time). What are you gonna do, take 1 year off and then go back to work? And compared to what risk? Basically forever in a shit hole prison in a country you betrayed? Seems like a crap deal 1 year for 40...
Why did they try and entice him to travel to DC? Since it's on federal charges, what would it matter which state he got arrested in? Of course there are plenty of FBI agents in Colorado on hand at any time, so I'm just slightly confused why they did that, when it could have resulted in him backing out.
as with other stings where an FBI counterintel agent has been pretending to be an employee of a foreign government, probably he thought he was leaving material at some super secret sneaky spycraft dead drop in WA DC for a non-official-cover employee of (russia, china, whatever) to pick up.
Dammit Jareh, now I have to sit through another security briefing because of your dumb ass.
I literally just did my latest training last week, now we're probably all gonna have to go through it all over again.
There are many legal systems in the world (and I'm talking about developed countries), where charges like this would not stack up, since the individual was pretty much enticed into committing a crime, by the FBI, rather than on his own.
Do please share your expertise from working in security about how this guy having access to secrets is a positive indicator of competence. I'm more than willing to change my views given a good argument based on strong evidence.
The competence identified is how well the agency was able to rapidly determine trust in a new employee; there's no good way to determine trust before the person is cleared, and after they are cleared access to confidential information is assumed (otherwise you have a dead agency incapable of hiring new people).
The NSA has a responsibility to remove weaknesses from their ranks, mission accomplished. If the problem you see is "Well agencies ought never give new people access to state secrets" then you can't have any changes ever - it's a dead organization.
The other competency I see is that none of the documents, which are of course going to be used in court, are available to the general public. They proved a weakness without leaking any information to parties outside the intel community. They essentially demonstrated that even if they hire a complete moron, state secrets will not leave protected facilities.
Hiring this guy to serve beer seems to me like it's not a super-competent move. But they did, then they stung him and he's likely going to jail and they get to talk up their success on thwarting "the baddies." Until you read the details and laugh at the idiocy of it. According to you it's because they can't determine who to trust before giving them security clearance. No way to do it. Can't even take a reasonable guess.
Do they still use totally discredited and shown to be utterly ineffective witch-doctor bullshit like "polygraph" machines? Or have they stepped up from throwing bones and reading tea-leaves? Or they've stopped and just give anyone clearance because there's no other way to do it as you seem to be claiming.
Is that your experience of working in security? Please share.
Now we wait for the FBI to get involved, take custody of the evidence, and for one of them to start stealing They do it far more often, or at least get caught more often, than the NSA.
Fundamentally, if you work for the NSA, you either have very different morals to what the US is meant to be about, or none at all. This introduces a simple problem for the NSA (and similar groups). The people working for you are inherently disloyal.
You can rely on a member of (say) the military to be at least somewhat resistant to bribes, threats and flattery, because they generally do honestly believe in the ideals of the country they're defending. The same applied to intelligence services in the west during the later cold war after the USSR became hopelessly corrupt. That's why the west won so many intelligence victories. And the vast majority of the losses where when the opposite applied: people who honestly believed in communism in the early cold war.
But in today's NSA, you cannot support freedom, democracy, the rule of law, basic honesty, or really anything except for "they pay well so I don't think about it". And when that's the case, there is always someone else willing to pay better...
(1) immediately opens a KYC custodial account (2) xfers the crypto there (3) converts it to USD and sends it to his KYC bank in Colorado.
You can't make this stuff up. Also I love how (ostensibly either proton or tutanota) is referred to "Foreign Email Provider". They should buy ForeignEmailProvider.com and make it another email domain for their users. I would love hackerman69420@foreignemailprovider.com