Your awareness is key to protecting our national security.
Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.
You may search these case studies by various criteria including gender, type of crime, and military affiliation. Individual case studies contain information such as plea, court (Court Martial, US District Court, and Federal), year convicted, age at time of conviction, job, employer, country of concern, method of operation, method of contact, technology, indicators, and sentencing.
Edor Igorevich Kriuchkov
Crime: Cyber Crimes
Fred C. Arena
Crime: Fraud
Victor Manuel Rocha
Crime: Foreign Espionage
Study analyzed accounts of real-world security activities, events, or threats to build awareness and help identify the impacts of adverse behavior on National Security.
Knowingly providing, or conspiring to provide, material support or resources to a foreign terrorist organization is punishable by up to 20 years and, if anyone is killed as a result, up to life in prison.
Any attempted or successful access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, security, or availability of data, an application.
Up until the passage of the Economic Espionage Act of 1996, many people used the phrases “Economic Espionage” and “Trade Secret Theft” interchangeably. Many people actually still do, but there is a difference. Economic Espionage is defined under §1831 of the Act and comprises behavior that denies the rightful owner of the economic benefit of property that the owner has gone to reasonable means to protect and does so with the intent to benefit a foreign entity. Economic Espionage also involves the loss of U.S. information to a foreign entity.
Intelligence activity directed towards the acquisition of information through clandestine means.
Fraud is defined as the wrongful or criminal deception intended to result in financial or personal gain. Fraud includes false representation of fact, making false statements, or by concealment of information.
US export laws and regulations restrict the export of controlled information, goods, and technology for reasons of national security or protection of trade.
Improper handling of classified documents can happen. Sometimes the mishandling is unwitting, but it can also be a potential risk indicator for Insider Threat. Knowing how to handle these situations is crucial to protecting our nation's secrets.
An act or acts with intent to injure, interfere with, or obstruct the national defense of a country by willfully injuring or destroying, or attempting to injure or destroy, any national defense or war materiel, premises, or utilities, to include human and natural resources.
Targeted violence incidents are tragic, often unpredictable and evolve quickly. There are a number of targeted violence resources, and this toolkit tab is one of them—to help organizations and their workforces understand targeted violence, what to look for and report with regard to indicators and behaviors, and how to respond in the event of an active shooter incident or other workplace violence event.
Unauthorized disclosure is the communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. An unauthorized recipient can be anyone. They can be your friends or family members, acquaintances, coworkers, or even superiors within your agency, command, or company who may be appropriately cleared but don’t have a need-to- know. They can be potential employers who see what you post on social network sites such as LinkedIn and Facebook. They can even be media outlets and foreign intelligence services. You never know whose hands such information will fall into. Unauthorized Disclosure of classified information is a type of security incident that can be characterized as an infraction or violation depending on the seriousness of the incident. Unauthorized disclosure of classified Information can happen in various ways. It can be disclosed either intentionally or accidentally and can occur through leaks, spills, espionage, or not following proper safeguarding procedures.
Most insider threats exhibit risky behavior prior to committing negative workplace events. Not all of these potential risk indicators will be evident in every insider threat and not everyone who exhibits these behaviors is doing something wrong. However, most of insider threats have displayed at least some of the potential risk indicators. If identified early, many risks can be mitigated before harm to the organization occurs. Select an indicator to explore some examples.
Security clearance and information access (Confidential, Secret, TS, SCI, SAP, etc.), access to physical facilities (secret-cleared spaces, SCIF, SAP, etc.), access to systems and applications (SIPR and other Secret, JWICS or other SCI, SAP, etc.), DOD system(s) privileged user, explosives access or training, CBRN access or training
Criminal violent behavior, to include sexual assault and domestic violence or other criminal behavior (voluntary admission, included during polygraph examination or investigation, substantiated report or arrest, criminal proceedings), exhibiting violence at work (directed against property or persons), threatening violence, possessing unauthorized weapon, authorized weapon at an unauthorized time or location, weapon mishandling, criminal behavior involving weapons, failure to follow court order, parole or probation or violation thereof, criminal affiliations, delf-harm, suicidal ideation, or attempting suicide
Financial crime (voluntary admission, including during polygraph or investigation, substantiated report or arrest, criminal proceeding), filing for bankruptcy (adverse changes to financial status, foreclosure or repossession, loan default, involuntary lien or unfavorable judgement), delinquent debts, high debt-to-income ratio, failure to file tax returns, pay garnishment, displaying signs of unexplained affluence, experienced gambling problem
Citizenship (threat or non-threat country – past/present), foreign travel to countries of concern (official or non-official), frequent foreign travel (excluding official travel), other foreign travel, service in foreign military or government, possessing foreign passport, voting in foreign election, possession of foreign assets, foreign residency, foreign business or political interest, receiving benefits from a foreign nation, foreign citizenship - spouse or cohabitant, foreign citizenship - immediate family member, living with foreign national, foreign national contact, unauthorized contact with an officer or agent of a foreign intelligence entity (FIE), enabling or facilitating an officer, agent, or member of a FIE
Declining performance ratings, poor performance ratings, reprimand/non-judicial punishment, Human Resources (HR) complaints, demotion, separation status (pending voluntary separation, pending involuntary separation), suspension, involuntary administrative leave, leave of absence, unauthorized absence/AWOL, negative characterization of previous employment or service
Falsifying hiring information, falsifying data at place of work, subject to judgement in civil litigation, Expressing ill-will towards USG or employing organization, communicating extremist views, associating with extremist or terrorist groups, enabling or facilitating an extremist or terrorist group, admission to inpatient mental health facility (voluntary, involuntary), insanity plea in a criminal case, anti-social or compulsive behavior, mental instability, past untruthfulness (including voluntary admission, including during polygraph or investigation), failure to successfully complete a polygraph, communicating endorsement of workplace violence, other psychiatric or psychological condition
Compliance violation, security infraction, security violation, non-compliance with training requirements, delinquent Government Travel Charge Card (GTCC), misuse of DOD purchase card or expense violations, time entry violations, security clearance denial, suspension, or revocation
Illegal substance use or trafficking (voluntary admission, including during polygraph or investigation, drug test failure, substantiated report or arrest, criminal proceeding, incident at work involving an illegal substance), legal substance abuse or trafficking—alcohol or prescription drugs (voluntary admission, including during a polygraph or investigation, substantiated report or arrest, criminal proceeding, incident at work involving alcohol abuse or legal substance abuse), voluntary or involuntary treatment for abuse of drugs, alcohol, or controlled substances
Violating acceptable user or other automated information system policies, suspicious or unauthorized email or browsing activity, attempting to introduce unapproved USB device, anomalous volume of data transferred to removable media inserted in USB port, attempting to burn discs without authorization, transfer data to personal or suspicious account, erasing, modifying, or tampering with any record-keeping data, introduction of unauthorized software, attempted modification to registry or system settings, disabling anti-virus or firewall settings, introducing malicious code, technical violations admitted during investigation or polygraph
Engaging in, or conspiring to engage in violent extremist activities, such as conducting an attack or traveling overseas to join a foreign terrorist organization.