A woman who worked for Pluribus International, an Alexandria, Virginia-based records contractor for the U.S. government, was arrested on June 5 for allegedly turning over a secret document to an online news organization called The Intercept. Reality Winner, 25, was arrested at her Georgia home by the Federal Bureau of Investigation (FBI) for violating the Espionage Act by giving a top-secret document to the web-based news site.
According to an FBI agent’s affidavit, Reality Leigh Winner, of Augusta, Georgia, admitted giving the document to The Intercept, a left-wing news site (www.theintercept.com). She was arrested after The Intercept published a National Security Agency (NSA) analysis that concluded that Russian hackers were able to penetrate an American technology company that works with voter data.
The FBI said Winner began working at Pluribus in February at an office in Georgia. The company website says it handles confidential and secret material for several intelligence and military agencies. Winner remains in custody after being denied bail. Her lawyer, Titus Nichols, said, “My client has no history, so it’s not as if she has a pattern of having done anything like this before. She is a very good person. All this craziness has happened all of a sudden.”
The top-secret document was dated May 5, and 4 days later, Winner allegedly printed it and sent it. An audit showed that just six people printed the document, including her, and that her work computer showed she e-mailed The Intercept. The Intercept said it received the NSA report anonymously and independently verified its authenticity. The document said a cyberattack by Russian military intelligence penetrated one U.S. elections supplier and targeted more than 100 local election officials just weeks before the 2016 presidential election.
Winner’s case reminds security and cybersecurity professionals of the potential for relatively low-level employees to cause significant harm to employers, their reputation, and the work and reputation of the U.S. government and its security, countersecurity, and military agencies. This case brings some of the same national and international media attention as the classified documents stolen and leaked to WikiLeaks founder Julian Assange by U.S. Army Private Chelsea Manning in 2010 and those of NSA subcontractor Edward Snowden in 2013. Manning was recently released after serving nearly 4 years in federal prison. Her sentence was commuted by President Obama before his leaving office. Snowden fled to Russia in 2013 and is now living in a “secure undisclosed location,” per his website (www.edwardsnowden.com).
These cases illustrate how difficult it is to protect classified material if the ethics of the employees who handle it are in doubt. With so much money, hardware, and software aimed at stopping the external hacker, perhaps we miss the enemy in our midst.