Cyber Security Threats Offer New Legal Challenge to Holding Spies Responsible for Espionage

In December 2014, naturalized US citizen Mostafa Ahmed Awwad was arrested by the FBI for attempting to sell blueprints of the US Navy’s brand-new nuclear-powered aircraft carrier, the USS Gerald R. Ford.[1] Awwad, a former Egyptian citizen and engineer in the Nuclear Engineering and Planning Department of the massive Norfolk Naval Shipyard, had a Secret security clearance and access to sensitive blueprints of the most advanced ship ever designed.[2] The case against Awwad is pretty cut-and-dry. Believing he was corresponding with an Egyptian Intelligence officer, Awwad turned over computer-aided drawings of the aircraft carrier, wore a pinhole camera in sensitive areas of the shipyard to record restricted information, and acknowledged that the information he provided would be sent to Egypt for use.[3] With the details of this case reading like a Cold War spy thriller, complete with dead-drops, spy gadgets, and a discreet payment left in a hole under a park bench in Southeast Virginia, the “Egyptian Intelligence officer” that Awwad was corresponding with was actually an undercover FBI agent.[4] Awwad was arrested, charged with attempted espionage, and recently sentenced to eleven years in federal prison.[5]

Modern-day espionage cases have all resulted in similar responses from the FBI and Department of Justice: arrest, try, and sentence. From Robert Hanssen to John Walker and Mostafa Ahmed Awwad, when suspected spies are caught, they’re tried and held responsible for their acts.[6] But how does our justice system’s response to espionage change when the actors are not physically within our country when they’re spying? What about when the secrets that are stolen are taken over the internet?

US defense contractors spend billions of dollars every year on research and development to design and build the most sophisticated and advanced military equipment in the world. The USS Gerald R. Ford, for instance, will cost nearly $13 billion to design and build once complete.[7] Similarly, the US military’s brand new F-35 Joint Strike Fighter has taken nearly twenty years and $400 billion to design and build, and its state of the art technology is more advanced than any other fighter jet ever built.[8] Coincidentally, shortly after its debut, China unveiled its new J-31 fighter jet, which strikingly resembles the F-35 in its design and performance characteristics.[9] The similarities, revealed to be from a 2007 data breach of US defense contractor Lockheed Martin’s computer servers by Chinese hackers, represent, “the greatest transfer of wealth in history,” and extend to include over fifty-terabytes of sensitive military weapon systems data—including the AEGIS Ballistic Missile Defense Radar System, and the Navy’s Littoral Combat Ship.[10]

This new form of digital-espionage leaves the US in unchartered territory. Can the US treat these breaches the same way as traditional espionage cases? Is it even possible to hold faceless hackers halfway across the globe accountable under the US criminal justice system? Furthermore, how is the dynamic changed when the hacker is an individual activist (or hacktivist) versus a nation?

Judging by the Department of Defense’s initially tacit response to the massive hacks, and only fully revealed to the public after documents released by Edward Snowden detailed the theft, policy-makers, defense leaders, and the law enforcement community do not want to publicly define these acts because doing so would tie their hands in their response. While on the surface these two different forms of espionage yield similar results (i.e. sensitive military and intelligence information in the hands of our adversaries), the complexities of holding the perpetrators responsible are worlds apart.

Furthermore, the question remains of where the line is drawn between espionage or something more. The 2014 Chinese hacks on the personnel and security clearance databases of the Office of Personnel Management went beyond the previous breaches of military technology.[11] Exposing over 22 million Americans’ social security numbers and personal life details, the hacks could have a very real, though likely not kinetic, effect on the lives of the US citizens whose information was stolen.[12]  By not defining these hacks or drawing any clear lines, the US retains the ability to choose how to best respond, and whether or not to make these responses public. Taking a hard line would tie the country’s hand whenever a breach occurs and could escalate a situation beyond the scope of the original act.

_________

[1] Howell, Kellan. “FBI Charges Saudi-born Naval Engineer over Plans to Sink Aircraft Carrier.” The Washington Times 06 Dec. 2014. Web. 13 Nov. 2015.

[2] Zapotosky, Matt. “Navy Engineer Admits Trying to Leak Plans for New Aircraft Carrier to Egypt.” The Washington Post 15 June 2015. Web. 13 Nov. 2015.

[3] Cavas, Christopher P. “Navy Engineer Indicted for Trying to Sell Secrets.” Navy Times 05 Dec. 2014. Web. 13 Nov. 2015.

[4] Id.

[5] FBI. “Navy Civilian Engineer Sentenced to 11 Years for Attempted Espionage.” FBI 2015. Web. 13 Nov. 2015.

[6] FBI. “Counterintelligence Cases Past and Present.” FBI 2013. Web. 13 Nov. 2015.

[7] Harper, Jon. “Funding Restricted for Ford-Class Carriers.” National Defense Magazine Sept. 2015. Web. 13 Nov. 2015.

[8] Wall Street Journal. “China’s Cyber-Theft Jet Fighter.” The Wall Street Journal 12 Nov. 2014. Web. 13 Nov. 2015.

[9] Goldstein, Sarah. “Snowden: Chinese Hackers Stole F-35 Fighter Jet Blueprints.” New York Daily News 20 Jan. 2015. Web. 13 Nov. 2015.

[10] Russian Today. “50 Terabytes! Snowden Leak Reveals Massive Size of F-35 Blueprints Hack by China.” Russian Today 19 Jan. 2015. Web. 13 Nov. 2015.

[11] Nakashima, Ellen. “Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say.” The Washington Post 09 Jul. 2015. Web. 14 Nov. 2015.

[12] Id.

Son of Hamas Founder Was a Spy for Israel

The Israeli newspaper Haaretz reported Wednesday that Mosab Yousef, the 32-year-old son of Sheik Hassan Yousef, a Hamas founder serving a six-year term in an Israeli prison, was a spy for Shin Bet, Israel’s security service. They say Yousef provided intelligence to Israel for more than a decade, which prevented dozens of Hamas attacks against Israelis, including suicide bombings, and saved hundreds of lives. The paper said he also helped put several senior Palestinian operatives behind bars.

The spy affair comes after Hamas is still reeling from suspicions that Hamas informants helped Israel assassinate a top Hamas operative in a Dubai.

Hamas dismissed Yousef’s claims as a lie and said they were part of an Israeli attempt to weaken the movement. However, the Yousef’s father did not rule out that his son was an informer, saying he was blackmailed by Israeli agents when he was a teenager.

Yousef’s memoir, “Son of Hamas,” is being published in the United States next week. His publicist confirmed that the information presented by Haaretz is described in the book. The author wrote on his Facebook page that his memoir “will blow your minds away, it is going to be like a tsunami in the Middle East.”

Mosab Yousef was thought of as one of Shin Bet’s most valuable assets and was called “The Green Prince,” a reference to his Hamas pedigree and the group’s signature green color, Haaretz said.

The newspaper said it confirmed Yousef’s account with Shin Bet agents, including his handler, “Captain Loai”. The report said he converted to Christianity, despised Hamas and acted out of ideological conviction.

Analysts said the revelations hurt Hamas’ image and were sure to trigger new security concerns in the movement.

See NPR for more.

Report to Congress Details Increasingly Aggressive Cyber-Spying By China

Cyber-espionage from China is rapidly increasing in quantity and quality, the BBC reported today. The US-China Economic and Security Review Commission released a report to Congress this week that detailed a major increase in the sophistication and prevalence of Chinese online intelligence gathering. According to the report, the United States and Chinese dissidents living abroad were the targets of much of the espionage, and the spying is linked by direct and circumstantial evidence to the Chinese government.

The Department of Justice reported a 20 percent increase in malicious online attacks in 2008, and expects that number to increase by 60 percent in 2009. The report also asserted that China is building naval assets capable of  denying US access to the region in the event of a conflict between the mainland and the Republic of China.

Chinese officials denied both allegations. According to the BBC, the spokesmen for the Chinese embassy in the US denied that the Chinese government supported cyber-espionage, and called the Taiwan conflict scenario a “Cold War fantasy.”