[iwar] [fc:Alert.Employee.Thwarts.Overt.Intelligence.Collection.Attempts.By.A.Chinese.National]

From: Fred Cohen (fc@all.net)
Date: 2001-10-01 21:15:31


Return-Path: <sentto-279987-2570-1001996133-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 01 Oct 2001 21:16:17 -0700 (PDT)
Received: (qmail 10072 invoked by uid 510); 2 Oct 2001 04:15:41 -0000
Received: from n25.groups.yahoo.com (216.115.96.75) by 204.181.12.215 with SMTP; 2 Oct 2001 04:15:41 -0000
X-eGroups-Return: sentto-279987-2570-1001996133-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by n25.groups.yahoo.com with NNFMP; 02 Oct 2001 04:15:33 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 2 Oct 2001 04:15:33 -0000
Received: (qmail 54979 invoked from network); 2 Oct 2001 04:15:32 -0000
Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 2 Oct 2001 04:15:32 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 2 Oct 2001 04:15:32 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA31157 for iwar@onelist.com; Mon, 1 Oct 2001 21:15:31 -0700
Message-Id: <200110020415.VAA31157@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 1 Oct 2001 21:15:31 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Alert.Employee.Thwarts.Overt.Intelligence.Collection.Attempts.By.A.Chinese.National]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Alert Employee Thwarts Overt Intelligence Collection Attempts By A Chinese National 
National Counterintelligence Center, 10/1/2001
<a href="http://www.ncix.gov/pubs/news/2001/sep01.html#99">http://www.ncix.gov/pubs/news/2001/sep01.html#99>

A major US aerospace corporation had a booth at the American Institute
of Aeronautics and Astronautics (AIAA) and Ballistic Missile Defense
Organization (BMDO) Technology Conference and Exhibit on July 23-26,
2001 at Williamsburg, Virginia, as part of the technical exhibits.  Part
of the aerospace marketer's task at the conference was to staff the
booth when the exhibits were open.  Attendees at the conference were
required to have a Secret level clearance.  The unclassified exhibits
were open daily from 0930-1600 hours and from 1730-1900 hours, but
included material that was SBU (sensitive but unclassified).  Typically,
attendance was low in the exhibits area while technical papers were
being presented at the conference. 

On Tuesday, July 24, around 1030, a company employee who was manning the
aerospace corporation booth noticed an oriental male approaching the
booth from the area of an adjacent booth at the rear of the hall.  The
man was displaying neither a badge-the photo ID that indicated the
required secret clearance/ conference attendance- nor the AIAA exhibitor
badge that permitted other personnel to enter the exhibit hall.  The man
proceeded to collect a copy of each of the aerospace corporation's
brochures without addressing the company employee.  After greeting him,
the company employee asked what organization he was with and whether he
had a badge.  The man replied that he was not attending the conference
but was a journalist covering the conference.  The employee then asked
the man if he had an invitation to be in the exhibit hall, as AIAA had
provided written invitations for exhibitors to give their customers. 
The man replied that he had no invitation but that he often attends AIAA
and other organizations' technical exhibits.  The company employee then
asked the man which publication he represented, and, after several
nonresponsive answers, he said he was with the Beijing Daily News.  At
this point, the aerospace corporation's representative took all the
documents the man was carrying and asked him to follow him to the
security stand outside the exhibit hall.  Although he complied, the man
obviously was not very happy. 

At the security booth, the company employee explained the situation to
the BMDO personnel, and they carried on a brief dialog with the man. 
Since this exhibit was not open to the general public, the aerospace
corporation's employee told the BMDO reps that he objected to having
persons in the exhibit hall who were not attending the conference nor
invited by one of the exhibitors.  Only after being questioned by BMDO
security did the "visitor" show what appeared to be a press credential. 
After listening to his complaints about being removed from the exhibits,
the BMDO security personnel directed the man to the AIAA booth across
the lobby.  The man never reappeared at the event, either that day or
the next. 

In a subsequent discussion with the BMDO security personnel that
afternoon, they thanked the company employee for his actions.  They said
they had placed personnel at the rear entrance of the exhibit hall
leading from the kitchen/service area (which was evidently not monitored
previously) to prevent anyone from entering through that route. 

Upon the company employee's return to his company, he notified his
security office about the incident.  Subsequently, the information was
passed to both Defense Security Service Counterintelligence and the FBI. 
The 902nd Military Intelligence Group then became involved, and the
agencies followed through with an investigation. 

An investigation revealed that the oriental visitor was in fact a
Chinese national who is known to target US technical information. 

NCIX Comment: This article was received after the National
Counterintelligence Executive's quarterly CI News and Developments
newsletter published and placed on the NCIX unclassified Web site in
September 2001.  This article clearly demonstrates the responsibilities
and actions of an employee who is aware of counterintelligence issues
thwarting overt collection.  We are grateful for being allowed to
publish this article for our readers' information, and we solicit
similar types of articles and information demonstrating the success of a
strong counterintelligence posture and awareness. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST