Motivation and emotion/Book/2014/Insider threat motivation
What motivates insiders to reveal classified information?
While most employees, referred to in this page as insiders, with access to classified information do not possess psychological predispositions that make them susceptible to reveal classified or protected information, however, we know historically that some insiders can become motivated to reveal classified information. This happens when the trusted insider has opportunity, the right characteristics and environmental stressors. Sarbin et al., 1994, defines motivation as an emotion or state of mind that influences an individual’s choices and actions, it often results from an interaction between personality and characteristics and situational factors. This chapter will explore known motivating factors of an individual by looking at the complex interaction between personality characteristics and environmental factors and known convicted cases of individuals that have revealed classified information.
What is considered an insider threat?
Insider threat & or attack, espionage, spying or revealing classified information is one in the same . It can be described as taking classified or proprietary information without permission that can be exchanged for money or other benefits (but not limited) to foreign entities. Greitzer et al, (2014) refers to an insider threat as a malicious act that trusted individuals may carry out, this trusted individual may be employed within the organization, such as an employee, a former employee, contractors or business associates that have access to inside information concerning the organization's security practices, data and computer systems (Colwill, 2009).
The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer system, more seriously it may include espionage, terrorism, embezzlement, extortion, bribery and corruption, Kramer et al (2007). Greitzer et al, (2014) describes that insider threat is demonstrated when individuals show total disregard for security policies of that particular organization and carry out malicious activities such as unauthorized access to sensitive information, and illicit communications with unauthorized recipient.
Shaw (2005) suggestthat by putting employees into classes based on behavior it then becomes a helpful tool for dealing with security concerns such as employees revealing classified information. Therefore for the purpose of this chapter I will use the following four classes.
|Citizens||this group of employees will typically follow policies regarding the use of the company resources. They rarely use technology resources for anything other than their work. By definition these employees are never knowingly involved in insider attacks|
|Delinquents||employees that fall into this category are aware of policies and regulations governing their computer use, these employees take liberties such as personal internet searching or checking personal email.|
|Renegades||this cohort of employees take advantages of loopholes in polices purely for their own gain, they will work on personal projects throughout the day and a careless with company data. The renegade cohort will unlikely directly attack their employer for financial gain but their loyalties generally do not align.|
|Rogues||this group can be described as malicious insiders who deliberately and regularly expose confidential corporate information, usually for financial gain.
Motivations behind revealing classified information
Motivation to reveal classified information can arise from situational factors such as experiencing a financial crisis or gambling addiction, becoming disgruntled with the employer and having emotional ties to a foreign country or a global community (Kramer, 2007). Potential gain of some kind is always motivation for insiders to reveal classified information. There are many minor categories of motives but by grouping them help clarify the security issues especially when they are coupled with the employee groups referred to earlier in the chapter.
- Information gain
Examples of information gain could be described as a police officer running records check on a new neighbor or a bank officer running a credit check on a friend. While accessing information may not directly pose a threat to the organization, the organization is responsible for the employees that have access to the entrusted information.
- Financial Gain
Of one of the many motivators for individuals to reveal classified information is financial stress, David Sheldon Boone, Jeffrey Carney, Aldrich Ames, Robert Hanssen, Richard Miller, Robert Hanssen, among many others. There are a number of factors that may contribute to the individuals need of the offer of money, it could be social power and perhaps the prestige that comes with material gain such as expensive cars, houses and luxurious holiday and the ego-gratification effect of receiving the payment and the relief that the individual has once the payment is received .an individual may be in debt due to gambling or because of poor financial decisions. Insider threat is a growing area of concern for organizations and a growing source of income for "rogue" employees with access to valuable information. Individuals that have been know to have primarily motivated for financial gain include
It is often seen that revenge is coupled with the financial gain motive. A lack of commitment to the employer resulting in real or perceived mistreatment makes it easier for the individual to rationalize their behavior, for example they cheated me so they deserve to be cheated. Disgruntled individuals that have revealed classified material include John Allen Davies, John Charleton and Edwin Earl Pitts, among others.
This remains a significant motive for individuals to reveal classified material. Patriotism, weather it is state-, individual- or self-induced.
- Ideological Motives
An ideology is simply a shared set of beliefs about how the world should be. This is less common and by far the most unpredictable attacks. The ideology of an individual can vary from an animal rights activist to a seasoned terriost
Charney (2014) explains that this motivation, in its purest form, could be deemed the most egocentric of motivations. This motivator does not include revenge or material gain, a contributing factor perhaps, but the key motivation would be because the individual feels a since of excitement and well as a sense of being superior.
Individuals who reveal classified information may have a tendency for violating rules and regulations and have an inflated view of themselves and their abilities. The individual may be compulsive and do what feels good at that point in time. They display little loyalties and lack commitment, often drifting from job to job and relationship to relationship, they see little purpose or loyalties to anyone except themselves. Studies also show that they may engage in high risk activities without considering the penalties. Research highlights the following, among others, the personality characteristics that are commonly found amid persons that reveal classified information.
Dark Triad Personality Factors
|Narcissism||A narcissistic personality is characterised by grandiosity such as unwarranted feelings of self importance or self esteem, a self of entitlement, and lack of empathy for others. Grandiose persons feel that rules and regulations do not apply to them and regulations are rejected. These people are arrogant, they act in a imperious and grandiloquent manner but their self esteem is almost always fragile (Lang and Shechter, 2011).|
|Machiavellianism||Vrij (2008) describe individuals high in machiavellianism view other cynically, show little concern for other and will confess that they will lie and manipulate to get what they want openly. These individuals exploit a range of dishonest tactics to achieve goals (Lang and Shechter, 2011).|
|Psychopathy||Manipulation of others and deceit are central features of this type of behavior. These individuals are characterised by selfishness, antisocial behaviour, manipulation, and callousness. Individuals with anti social behavior shamelessly take from others with total disregard. They manipulate to serve their own self interest or indulge their desires. They engage in stealing and persistent lying and posses a superficial charm and wit. Psychopathy has been linked to a number of other risky behaviors such as gambling failure to honor financial obligations and substance abuse (Lang and Shechter, 2011).|
Critical Pathway model to insider threat
Shaw (2005) explained that an individual characteristics alone would not predict a person’s risk to reveal classified information, but did suggest that when the individuals characteristics were combined with certain other experiences the overall risk to insider activity would increase. Shaw (2006) suggests that the critical pathway is made up of 5 interrelated components, you can see in figure 3 the passage that the individual will go down before revealing classified information. The table gives brief definitions of each critical part in the passage.
As the case study on Ames revealed a combination of personal characteristics, personal and professional stressors and interactions with other in the work place Ames was certainly going down the risk passage in insider threat.
|Personal predisposition’s||Medical or psychiatric disorder, pattern of personality issues, social skills problems, or biased decision making affecting behavior and judgment and a history of rule breaking.this group of employees will typically follow policies regarding the use of the company resources. They rarely use technology resources for anything other than their work. By definition these employees are never knowingly involved in insider attacks|
|Stressors||Personal: Death, divorce or financial strain. Professional: lack of promotion, demotion, undesirable job, loss of pay or privileges, disputes with colleagues and poor performance.|
|Concerning Behaviours||Interpersonal behavior: conflict, trouble with feedback or instructions, manipulative behavior. Information Systems: hoarding products, assessing information not needed for the role. Personnel security: failure to comply with security procedures. Physical security: Unusual work hours unrelated to work load, copying, taking documents out. Mental health and addiction: Emotional problems, excessive sick leave, violations of hygiene or dress.|
|Unhelpful organizational response||do nothing about the violations, failing to notice disgruntlement, concerning behaviors or stressors. Noticing them but not taking them seriously, inadequate assessment or investigation, failure to address possible consequences of an intervention|
|Insider Attack||Fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer system, more seriously it may include espionage, terrorism, embezzlement, extortion, bribery and corruption|
Why does an individual keep revealing classified information? In most cases the individual keeps revealing information for the thrill and the excitement it gives them. Because the individual, in most cases too arrogant to know when to stop, they think they will get away with it . According to Reeve (2009), Bandura's (1997) mini motivational theory; Self-efficacy theory can be explained by suggesting that once an individual has completed a task their self efficacy is increased. High self-efficacy when an individual believes they can achieve whatever is required because of previous success . Given the grandiose personality characteristic of the individual, it would suggest that the individual would have a high self efficacy, and would continue the quest to reveal classified information.
Because of the clandestine nature of individuals revealing classified information there is little unclassified open source research and therefore has unavoidable limitations on exact numbers of cases. The Defense Personnel Security Research Centre published a statistical overview on 150 known cases. This study is based on known unclassified cases going back to 1940. The information that was collected was biographic information, employment, clearance level and the individual’s motivation.
Gender: 93% males, 7% females. Information is available for all 150 cases.
Age when Espionage Began: 6% were under 20; 40% were 20 to 29; 27% were 30 to 39; and 27% were 40 or over. There is a significant difference in ages between civilian and military spies. For the civilians, 44% were age 40 or over at the time they began their espionage. For the military, 57% were 20 to 29 years old when they started. Information is available for 147 cases.
Marital Status when Espionage Began: 57% married, 33% single, 10% separated or divorced. Information is available for 141 cases.
Race or Ethnicity: 84% white, 6% black, 5% Hispanic, and 5% other. Information is available for 141 cases.
Sexual Preference: 95% heterosexual, 5% homosexual. Information is available for 116 cases.
Citizenship: 83% born in U.S., 17% naturalized. Most (77%) of the naturalized citizens who became spies were civilians rather than military personnel. Twenty-six percent of all the civilian spies were naturalized citizens as compared with 8% of the military spies. Information is available for 148 cases.
Education: 7% had less than high school; 39% were high school graduates; 20% had some college; 20% were college graduates; 14% had at least some work toward their Masters or PhD. Information is available for 133 cases.
Type of Employment when Espionage Began: 49% uniformed military, 18% government civilian, 24% government contractor, and 9% had already left government service or their job was unrelated to their spying. Information is available for 148 cases.
Security Clearance when Espionage Began: Fifteen percent of the spies held a Top Secret SCI clearance at the time they began committing espionage. Top Secret clearances were held by 35%, Secret by 21%, and Confidential by 3%. Twenty-six percent held no clearance at all. Those with no clearance include accomplices, witting spouses, those who provided classified information obtained during a previous job when they did have a clearance, and those who provided sensitive but unclassified information. Information is available for 141 cases.
Motivation: Information on motivation is broken down by categories commonly used when describing espionage offenders, although it is always difficult to know what was really going on in a person’s head. One individual may have more than one motivation, so the following percentages do not add up to 100%. Money (either need or greed) was a motivating factor in 69% of the cases, and it was apparently the sole motive in 56%. Disgruntlement or revenge toward employer or some other person or situation was a motive in 27%, and ideology a motive in 22%. Ideology includes beliefs and sympathies resulting from cultural affinity (common ethnic or national background). A desire to please a friend or family member was a motivating factor in 17% of cases, many of them cases in which the spy was recruited by the friend or family member. Twelve percent were attracted by what they perceived as the thrills or excitement of becoming a spy, while 4% were drawn by a compelling need to be recognized and feel important. Only 5% were coerced. Thrills or excitement and need for recognition were, in most cases, supporting rather than primary motivations. Information is available for all 150 cases.
Organizations have been plagued by insider violations since Benedict Arnold in 1778, and it remains problematic today. Although there has been a lot of research to date into the psychology and motivation of insiders (Greitezer et.al 2013) nevertheless strongly motivated insiders have revealed the capacity to effectively discern the most of stringent protective measures. Shaw and Fisher (2005) reported that research over the past decade suggested that 90% of cases studied involved serious employment crisis and nearly every case exhibited signs of disgruntlement and serious personnel concerns.
Case Study - betrayer of his employer, the CIA and his country, the United States of America.
Aldrich Ames was a CIA intelligence officer and was arrested in Feb 1994. The arrest followed a 10 month investigation, he was charged with providing highly classified material to the Soviet KGB over a nine year period.
Despite reports of repeated security violations, sexual misconduct and alcohol abuse Ames was promoted into positions that allowed Ames access to highly sensitive material. At this time Ames was facing alimony payments and financial demands of his new wife.
Over a 9 year period Ames reportedly received 2.5 million dollars from the Soviet KGB for the classified material he revealed, greed was certainly a major part of his motivation. Superficially Ames was an unlikely betrayer. He came from a middle class family, his father also a CIA staff member. Ames ideology played no significant part in his decisions to reveal classified information.
Relationships Ames appeared to care about people and although his parents were demanding they were important to him. His was close to his sister and her death was of deep sadness for Ames. Both parents and sister died before Ames starting revealing classified information. Ames failed at university and with assistance from his father Ames joined the CIA. It is reported that his CIA career was chequered, he had some good performance reports however he had unsatisfactory performance reports also.
Attitude to CIA There were some indications that Ames resented his treatment, being overlooked for promotion and acquired a reputation of being argumentative.
Beliefs Ames claims that by the time he commenced revealing classified information his respect and belief in the US and the political and intelligence institutions had gone.'
Money There is no evidence that another partly had directly persuaded Ames to reveal classified information for money, KGB did not target and groom Ames as a potential agent, they did however look after him and supported him as a source. Ames needed money, he was in debt at the time of approx. $45,000. His first payment from the KGB for the classified material was $50,000. He continued to work with the KGB and earned millions over the 9 year period.
Lets look at the study. Think about what motivated Almes. Money was of the most dominant motivation, but money on its own would not have lead him to betrayal. There was other significant factors such as disgruntlement in the work place and resentment of CIA management and their was a life stressor with both parents and sister passing away.
Quotes from convicted insiders
- "I needed money. Plus, well I was extremely angry". Former NSA employee and Russian Spy David Sheldon Boone
- "I regret very much the betrayal of the trust they put in me, and of the others that I swore, and that I did it for my own gain and then my own arrogance". Former CIA Officer and Russian Spy Aldrich Ames
- If you want to do people with problems a favor, and I m talking from experience, say something!...If somebody had said, 'I think Jeff's got a problem and I don't think he's handling it very well...supervisor do something' that would have been enough to stop the process, at least for a while." Former US Air force Intelligence specialist and East German Spy Jeffrey Carney
- “I regret the actions I took. They were wrong. They overshadowed anything good I’ve done in my life before and after”. Former NSA employee and Russian Spy David Sheldon Boone
People are fascinated by what motivates people to do the wrong thing, such as revealing classified information. Even for those that have been in the intelligence community one questions remains difficult to answer. It is evident that classified information being revealed poses a significant national threat, yet relatively little published material is available as open source information. Naturally some information is and should remain classified in order to protect the source and methods. This book chapter, however, has explored what motivates an individual to revel classified information, by utilising open source material that is freely accessible by the public.
Colwill, C. (2009). Human Factors in information security: The Insider-threat-who can you trust these days. Journal of Information Security and Applications, 14, 175-230.
Greitzer, F.L., Kangas, L.J., Noonan, C.R., Brown., & Ferryman, T. (2013). Psychosocial Modeling of Insider Threat Risk Based on Behavioral and Word Use Analysis. e-Science Journal, 9, 106-138
Herbig, K.A & Wiskoff, M.F. (2002). Espionage against United States by American Citizens 1947-2001. PERSEREC Technical Report, 02-5.
Kramer, L.A., & Heuer, R.J. (2007). America’s increased vulnerability to insider espionage. International Journal of Intelligence, 20, 50-64
Lang, E. & Shechter, O. (2011). Identifying Personality Disorders that are a security risk: Field test results. PERSEREC Technical Report, 11-05, 1-30
Sarbin, T. R, Carney, R. M, & Eoyang, C. (1994). Citizen espionage : studies in trust and betrayal. Westport, Conn.: Praeger.
Reeve, J. (2009). Understanding motivation and emotion (5th ed.): Wiley New York.
Richards J. Heuer. Espionage be the numbers: A statistical overview. PERSEREC Technical Report
Shaw, E.D & Fisher, L. F. (2005). Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders and observations. Monterey, CA: Defense Personnel Security Research Centre.
Shaw, E.D (2006). The role of behavioral research in profiling in malicious cyber insider investigations. Digital Investigations, 3, 20-31
Vrij, A. (2008). Detecting Lies and Deceit (2nd ed.): Wiley New York.