Dec 21, 2021
75 Views
0 0

Insider Threat Case: FBI Busts a Test Engineer

Written by

John Rowe worked for multiple U.S. defense contractors for 40 years.
He had a “Top Secret” clearance and played a crucial part in testing radar jamming systems on U.S. Air Force jets.
But on December 15, 2021, the FBI arrested him in Lead, South Dakota on espionage charges.
And according to court documents, Rowe was trying to move to Russia, held conversations through a WiFi phone disguised as footwear, and sent hundreds of emails to an FBI agent that he thought was a Russian spy.
He was an alleged insider, whose career was going down in flames, and he would get revenge:
“If I can’t get a job here then I’ll go work for the other team,” he wrote to an undercover agent. The other team? Russia.
Let’s look at what happened during an FBI sting operation to catch him and how he got onto the FBI’s radar in the first place.
It was 2017 when John Rowe first popped onto the FBI’s radar.
He was a test engineer with a defense contractor and a behavioral red flag suddenly appeared.
The company’s Facility Security Officer (FSO) notified the FBI about something unusual.
Roe had posted on social media that “he had revealed information regarding U.S. military fighter jets, which he knew he was prohibited from disclosing to a woman he thought might be a Russian spy.”
According to his indictment, investigators tried to catch him then and he knew it. But he didn’t take the bait from those ‘dirt bags’ as he called them.
However, later on, he shared that story in emails with another woman he thought was a Russian spy. Turns out he was actually writing to an undercover FBI agent. And he was having trouble trusting her:
“You have to understand that after what happened to me with the Dept. of Defense stalking me on [WEBSITE-1] back in 2017, I have to be real careful on who I talk too. That why I was asking about your passport. I don’t know if your one of those
[members of a political party] trying to lure me back to Philly. Get me in stink [sting] operation with the FBI, talking in a hotel room about trade secrets. Those people are real dirt bags.”

Back to our timeline now. Roe popped onto FBI radar in 2017 but did not get busted. And he went on to work for another defense contractor with “Secret” level security clearance. 
It was in 2018 then, when a co-worker at that company caught him bringing a thumb drive into a classified area, which is against the rules. Court documents say he admitted what he was doing:
“When questioned by the employee, ROWE stated that he was attempting to install software from the thumb drive onto a computer in the classified space, which would violate security measures.”
Eight days after that incident, Rowe did something else suspicious: he actually asked the company’s Information Security Officer (ISO) if it was possible for him to hold a U.S. security clearance and a Russian security clearance at the same time.
It was not. Insider threat alarm bells were going off.
The next month, the company fired him based on ‘multiple security violations.’
Time passed. Then it was 2020 and the FBI initiated a sting operation with John Rowe as the target.
The FBI was concerned that Rowe might actually sell classified or secret documents about U.S. defense systems to a Russian operative.
So in March 2020, a female FBI agent posed as an agent of the Russian government and met Rowe at a hotel in South Dakota. The “agent” said she was looking to acquire U.S. military information from him. 
During a conversation at a hotel, court documents say Rowe was ready to seize this moment.
Undercover Agent: [Based on] “what you are telling me, . . . I can already see that we will be definitely interested in [your] services and consultancy.”
Rowe’s response: “Okay, yeah. . . . I’d be interested too, but, you know, it’s kind of like … we gotta do this over time and the thing is, is I’ve gotta distance myself. Like for example, . . . my clearance will . . . become inactive … the end of this month. Now . . . I don’t have to answer to the [U.S.] government. [I] can go where I want. [A]fter that I can . . . For . . .my whole life I . . . wasn’t even allowed to go to Canada without first getting permission. . . . I had to ask permission because I had a . . . security clearance. And definitely Russia’s off [the table], right?”
Undercover Agent: “So, Russian government, us–we can take you, no clearance, and we can definitely compensate you
for your time and experience.”

Rowe’s response: Yeah. . . . It sounds, it sounds like a plan. Okay. [laughs] I’ve been saying this to people. I said, ‘I’m gonna go work for the Russians.’ I’ve been saying that for the last two years.”
Undercover Agent: “And we—we’ve heard you…”
That in-person meeting set the trap. And then John Rowe allegedly emailed his way right into it.
Rowe and the undercover FBI agent, who he thought was a Russian spy, exchanged more than 300 emails in the coming months.
Court documents say Rowe confirmed his understanding of classified documents and related restrictions—and his willingness to sell them. 
And Rowe had a lot to write, including emails like this one from April 2020, that sound like a rant:
I deleted the [prior] E-mails [with another undercover agent] to protect myself in case these E-mails got into the wrong hands…I figure this virus things is going be around for a very long time and politically something else is going to happen.
Everyone here is talking about a new world order and I believe this so much that I even been asking my granddaughters to learn the Russian language , it a hard language to learn.
I saw that Putin sign into law in which a foreigner can become Russian citizen without giving up their own citizenship. This is important to me because I can live on my social security that I received here while living in Moscow.
I been seeing how much it cost to live there and that the place to be. Once this travel ban is over, I’m going to be heading to Moscow…my phone number is [] if you don’t have it. I been pretty open telling people about moving to Russia BUT I have never told anyone about you!!!!
The indictment says the very next month, Rowe disclosed some “Secret” data related to his previous work. And he was planning on more. He asked for help opening a bank account in Russia.
And he explained how he was trying to leave South Dakota and temporarily move to Philadelphia while at the same time covering his tracks. This covert effort included an unusual looking device:
“When I leave the Black hills, I won’t have access to my E-mail. The only source of communication will be thru my WIFI phone. I gave you that number !!!! I disguise the phone so it doesn’t look like a phone, it kind of looks like some type of foot wear,” Rowe wrote to the undercover FBI agent.
Then in the fall of 2020, Rowe was carrying out tasks from the FBI agent he believe to be a Russian spy. He wrote:
“I did find those classified documents that I
took from [U.S. COMPANY-2] and [a U.S. Agency] that you requested[.]”
Rowe was admitting he had been an insider threat, several jobs ago. 
Today, John Rowe is behind bars and facing up to life in prison. What if he had really been talking to a foreign government? And how many more insiders are just like him?
Situations like these raise interesting questions for every organization: are you taking the necessary steps to track how employees may be exfiltrating your data or the data of your clients?
It’s something to consider. And so is a recent SecureWorld podcast on the insider threat.
In this true cybercrime podcast episode, we uncover the case of an insider threat scheme at an AT&T Wireless call center. Court documents reveal how rogue employees collected approximately $1 million in bribes.

source

Article Categories:
Cybersecurity News

Comments are closed.