Job Interviews - A Tool For Espionage
Security Issue: Employees interviewing with outside firms are enticed and often pressured into disclosing sensitive, confidential and in some cases possibly classified information. Sometimes disclosure of even high level information about projects becomes the basis of derivative intelligence.
The war on information assets now has a new tool and one that is hard to detect and guard against. The new tool is recruiting. Using false job postings and targeting specific individuals for bogus job interviews have become a tool for spying. The potential target is wooed by the position, salary, benefits or other enticements and, in the interviewing process, becomes comfortable and less guarded when discussing the details of the work they are doing. Answering seemingly harmless questions about strategies, plans, programs, practices, people or even technologies can lead to derivative intelligence. Derivative Intelligence (DI) is synthesized out of the lower level data, facts, timelines and events that may be disclosed during a job interview or on a professionals resume. Defense Security Services did not list this method in their latest Technology Collection Trends 2005 report. For more information contact Spy-Ops about our security training programs covering this and many more areas.
Two events that occurred in November 2007, one at the Oak Ridge National Labs and the second at the online job board ClearanceJobs. com could indicate just this type of espionage. The ORNL attack is believed to originate in China and the attack on ClearanceJobs in Russia, two countries well known for computer espionage activities. We may never know the extent of damage caused by these events nor what sensitive technology programs may have been compromised if any. What we do know is that in the past two years there have been over 650 data breaches reported and possibly hundreds unreported.
Human Resources and Security Departments should immediately inform employees to be on the lookout for these activities and report any aggressive information gathering attempts immediately.
With new threats looming in 2008, business, government and the security industry need a wake-up call. While most incidents show our technology vulnerabilities, people remain the weakest link in the security chain. In a study conducted by the Technolytics Institute, the training of employees on security and counter-solicitation is virtually non-existent. Education, training and regular security reminders and advisories are critical to strengthen this weakest of links.
Tactic: An organization identifies a technical resource that is on a project or may have information about a project, product or program of interest. The organization, cloaked in anonymity through the use of a front person (recruiter) or organization posing as a recruiting firm, establishes contact with the targeted source for information.
“I have the perfect job for you and the salary is over $250,000 with great benefits. It seems to fit with the work you are currently doing.” This was the line used by one such recruiter on a Science and Technology Advisor to a major defense R&D center.
Quote: Currently, highly skilled workers with active security clearances are a very hot commodity and in great demand. As such, “Employers and HR professionals must educate their employees about these practices and create a work environment that is so pleasing, employees will not even think of interviewing elsewhere.” -- Cheryl Veirheilig HR Professional
Statistics: Clearancejobs.com boasts about 3,000 job postings per month and about 85,000 resumes for cleared job seekers.
Clearedjobs.net posts just under 60,000 openings annually.