DOD EMPLOYEE CHARGED WITH ESPIONAGE

A Department of Defense (DoD) official has been charged this week with conspiracy to communicate classified information to an agent of a foreign government. A criminal complaint unsealed in the Eastern District of Virginia alleges that, from November 2004 to February 11 of 2008, James Wilbur Fondren, Jr., conspired with others to hand over information to The People’s Republic of China. According to an affidavit filed with the complaint, Fondren retired from active duty as a Lieutenant Colonel in the U.S. Air Force in May 1996. In 1998, he began providing consulting services from his Virginia home. Fondren’s sole client for his business was a friend by the name of Tai Shen Kuo. Kuo was a naturalized U.S. citizen from Taiwan who lived primarily in Louisiana and maintained business interests in the United States and China. Kuo also maintained an office in China. Unbeknownst to Fondren, Kuo worked under the direction of a Chinese government official. This official provided Kuo with detailed instructions to collect certain documents and information from Fondren and other U.S. government officials, paying him approximately $50,000 USD for completing these tasks. Fondren allegedly provided Kuo with a variety of sensitive data, including classified information from a State Department cable, classified information about the U.S. visit of a Chinese military official, classified information about a joint American and Chinese naval exercise, and classified information regarding military meetings between the U.S. and China. In one instance, Fondren provided Kuo with a draft Defense Department report on China's military and stated to Kuo: "This is the report I didn’t want you to talk about over the phone... Let people find out I did that, it will cost me my job." Fondren (62) worked at the Pentagon and was the deputy director for the Washington Liaison Office of U.S. Pacific Command (PACOM). Fondren had his initial appearance yesterday in U.S. District Court in Alexandria, Va. If convicted, he faces a maximum five years imprisonment and a $250,000 USD fine. "We are seeing the tip of the iceberg with insider threats. In fact, over half of the tried cases on the Department of Justice Web site involve insiders. One wonders how many insider incidents are not being reported or remain undetected. This is a big problem and the facts remain that it is not going away by itself -- it is only getting larger and far more visible," commented Rob Grapes, chief technologist of Cloakware in a brief chat with The Tech Herald. Grapes stressed that, while in this case Fondren had access privileges, "clearly even those trusted insiders need to be scrutinized. Monitoring and preventing insider attacks requires both technology and policy to circumvent incidents." "Technology can be leveraged to implement lowest level of privilege, delegated access, strong authentication, rights management, security event management monitoring, reporting, and more," he added. "Policies need to be in place to control the behavior of the organization, perform the hiring diligence, enforce the recertification of permissions, process the exits, and respond to incidents to make sure reduce the consequences of insider attacks and espionage."