The Many Security Problems of John Weed

Count them.

From the affidavit: “civilian supervisors at TASC, his military supervisors at the NRO, and his military and civilian coworkers-was that WEED felt the rules did not apply to him.”

What can I say, another person who really needed to be DICE’d.

FBI raids home of fired spy agency contractor suspected of leaking code on Facebook (CNN)

A disgruntled government contractor who worked with a US spy agency stole high-tech espionage radio equipment worth $340,000, took classified material, and is suspected of leaking sensitive computer code on his Facebook page, according to a new court filing by FBI agents who recently searched the man’s home in Virginia.

The documents reveal — for the first time — an ongoing investigation of John Glenn Weed, a 57-year-old computer systems architect who developed classified communication systems for the National Reconnaissance Office. . . .

. . . Last year, someone tipped off the NRO that a person going by the name “William Amos” on Facebook had posted a photo on January 14, 2017, that revealed extremely sensitive computer code. The code was the building blocks of a communications tool used by foreigners spying for the United States to deliver secret information back to the American government.

The code was such a closely guarded secret that the United States would only share it with select spy partners in the Australian and British governments, according to the court filings.. . . .

. . . The computer code leak investigation of Weed is only the latest development in the flameout of his career with US intelligence, starting nearly six years ago.

According to court records filed by the FBI, Weed worked at The Analytic Sciences Corporation in Chantilly, Virginia, from 1993 until 2012. During his time at TASC, a private defense contractor, Weed held a security clearance that allowed him to work on secret projects for the NRO. (Engility, a private defense contractor that acquired The Analytic Sciences Corporation in 2015, did not respond to requests for comment.)

But things came crashing down for Weed when he failed to immediately notify the government that he was arrested in May 2012 for driving under the influence. It was his third DUI arrest, according to these court documents.

The FBI claims that it wasn’t until his security clearance came up for periodic review four months later — and after he had pleaded guilty and been convicted — that Weed notified the Department of Defense investigator conducting the check.

Weed skipped one scheduled interview with the DOD investigator. When he finally showed up to a second one, he was “carrying a photograph of the officer who arrested him,” and “the officer’s photo had multiple bullet holes in it,” according to court documents filed by the FBI.

At the time, Weed told the investigator he was using the image as “target practice” and he intended to “ruin the life” of the cop who arrested him because he had been unfairly convicted, according to the documents.

Weed was fired in the fall of that year. The federal government revoked his security clearance in November, citing “criminal and personal conduct.”

His case became more dire when Weed appealed the revocation in December 2012, because, the FBI claims, the appeal letter detailed classified operations and his role helping the “global war on terror” — and was likely produced on an unclassified computer and sent via regular mail.

The downward spiral continued in 2013, when the NRO discovered that Weed had broken strict security rules during his final days at work and had been remotely logging into his computer at the intelligence agency from home, according to the court documents.

When FBI agents searched Weed’s Fredericksburg home in August 2013, they allegedly found that Weed had taken “a radio set worth over $200,000 that had been provided to the NRO by another government agency in 2005,” according to the court documents.

Agents said they also seized 11 “blue force trackers,” high-tech devices each worth approximately $6,000 that the government uses to track the movement of foreigners spying for the United States. On Weed’s computers at home, agents claimed they found source code for two classified communications programs.

It’s unclear whether federal law enforcement took action against Weed after the 2013 raid or the one last week. . . . (read all)

NRO Contractor Published Classified Information to Facebook; Stole $340,000 in Government Equipment (Chris Burgess, Clearance Jobs)

. . . Digging into the publicly available information, including the supporting affidavit to the federal court for the search warrant, we get a better picture of what has transpired. Lessons to be learned present themselves in droves as we review the curious case of John Glenn Weed and his alleged theft of both equipment and classified materials.

The affidavit tells us that Weed worked at the NRO for a defense contractor from 2003 to 2012. His work at the NRO was terminated when his security clearance was pulled for cause.

According to Weed’s LinkedIn profile, he worked as a senior systems architect for the Tactical Dissemination Network supporting the intelligence community special communications initiatives. He goes on to note that his work included “witting and unwitting asset tracking and surveillance; tagging, tracking and locating; data infiltration and exfiltration; over-the-horizon multimedia exploitation; mobile device application design and development; GLOWFIST Protection Level 5 (PL/5) controlled interface design, deployment and operations support.”

His profile goes on to enumerate numerous awards received while working with the NRO, to include the NRO’s Director’s Award.

On his way to and from NRO Headquarters in Chantilly, Va, one might assume that Weed made the one hour commute each day through Fauquier County from his residence in neighboring, rural Stafford County, Va. The affidavit tells us—and Fauquier county court records confirm—that Weed had multiple DUI offenses in 2012 in Fauquier County. These events lead to the finding that he should not be allowed access to classified materials.

All who have been granted a security clearance and enjoy the trust of the U.S. government know the requirement exists to self-report any adverse information, including arrests by local law enforcement. . . . (read the rest)

AFFIDAVIT IN SUPPORT OF AN APPLICATION FOR A SEARCH WARRANT (pdf)

From the affidavit:

From 1993 through November 2012, JOHN GLENN WEED was a computer systems architect, Level 6, for The Analytic Sciences Corporation (TASC), Chantilly, Virginia, and was briefed into multiple classified programs.

In his position as a computer systems architect, WEED developed both classified and unclassified communications systems for the United States Government. Much of WEED’s work at TASC was in support of the National Reconnaissance Office (“NRO”).

As part of his periodic reinvestigation (PR) for his security clearance, an adjudications investigator with the Department of Defense learned that WEED had received a third Driving Under the Influence (DUI) arrest in May 2012.

WEED had not promptly reported that arrest as he was required to do as a condition of maintaining his security clearance, and only reported the incident in September 2012 after he had pleaded guilty and been convicted of the offense in Fauquier County Circuit Court.

On or about September 17, 2012, the same background investigator attempted to schedule an interview with WEED regarding the unreported DUL An interview was scheduled for September 18, 2012. On that day, WEED contacted the investigator and stated that he would be unable to come in because he was working on “Iran issues.”

A review of public records has revealed that on September 18, 2012, WEED was charged with Violation of Probation in Fauquier County, Virginia.

The background investigator interviewed WEED on September 20, 2012. WEED appeared at the interview carrying a photograph of the officer who arrested him for his third DUL. The officer’s photo had multiple bullet holes in it. WEED stated that he got the picture off the Internet and used the picture of the arresting officer as “target practice.” WEED believed he was unjustly convicted and that he intended to “ruin the life” of the arresting officer for what he did.

As a result of the PR investigation, on November I, 2012, WEED’s clearance was revoked for cause based on criminal and personal conduct.

WEED appealed his termination and revocation of his security clearance. During the appeals process, WEED responded to his revocation with a letter dated December 24, 2012, titled “Double Standards, the Putrefaction of Public Trust and the Erratic Dispensing of Justice.” WEED asserted several concerns he claimed to have in an attempt to rebut his revocation and included details of work performed for the U.S. Government.

Due to security concerns with the letter (which was sent via regular mail and likely produced on an Unclassified computer), a preliminary classification review was completed by NRO personnel. WEED did not have access to a classified computer at this time. The review determined the letter contained classified information up to the level of Secret//SCI.

In this letter, WEED described his involvement in deployments around the world in support of operations in the “Global War On Terror.” In doing so, WEED revealed the names of specific organizations, the geographic location of their operations, and the nature of the activities in which they are engaged. This disclosure of the information in this letter could cause serious damage to national security.

Prior to his termination WEED had worked on multiple classified programs for the United States Government for many years. During that time he regularly received the customary security refresher training given to employees with such access, signed multiple nondisclosure agreements (“NDA”) that further discussed the proper handling of SCI information, and even wrote a security manual for one such classified program. WEED clearly knew or should have known that certain statements he wrote in his Double Standards letter involved sensitive classified information.

Even so, the strong and widely-held reputation that WEED’s colleagues had of him-which I know from first-hand interviews I’ve conducted with WEED’s civilian supervisors at TASC, his military supervisors at the NRO, and his military and civilian coworkers-was that WEED felt the rules did not apply to him.

In May 2013, NRO investigators discovered that four remote desktop protocol (RDP) sessions had been established on WEED’s NRO computer to an external IP address during a four-day period just prior to WEED’s termination on September 2012.

NRO’s network security procedures did not, and do not, permit such RDP sessions. Further investigation determined that the contents of these RDP sessions were compressed and encrypted. . . .

. . . On August 27, 2013, FBI investigators executed the above-described warrant at WEED’s residence and seized numerous items. Among items seized was a radio set worth over $200,000 that had been provided to the NRO by another government agency in 2005.

Investigators also seized 11 “friendly force trackers,” also known as “blue force trackers” (BFTs), which are carried by U.S. Government assets on operational missions and are designed to provide a secure method for operational commanders to track the movements of such assets, including both personnel and vehicles, when operating in or near hostile territory. Each of those BFTs had a value of approximately $6,000.

The total value of the U.S. government radio equipment recovered from WEED’s residence was approximately $340,000. WEED did not have permission to possess any of this equipment at his home following the termination of his employment with TASC.

Investigators also seized multiple computers and electronic media from WEED’s residence. Forensic analysis of those devices revealed the presence of source code for two communications programs classified at the SECRET /SCI level that WEED had worked on or with during his employment with TASC in support of the NRO.

Other classified electronic data was recovered from WEED’s computers, including several operational reports that included the word “SECRET” in the classification field of the messages themselves.

On or about April 17, 2017, officials at the NRO were notified about a Facebook page posted in the name of “WILLIAM AMOS (JAKE).” The Facebook page had a picture on the page, posted on January 14, 2017, that appeared to depict computer code for a government computer system that WEED had designed while employed with TASC. NRO officials conducted a review of the information depicted in the picture, and on May 1, 2017, determined that the information posted on the page was indeed classified at the SECRET level.

Subject matter experts with the NRO informed me that the computer code depicted in the Facebook post is related, to the design, construction and use of a communications intelligence device and system used by United States government assets to communicate intelligence activities.

Certain computer files related to this same communications program were found on one or more of the computers seized from WEED’s residence on August 27, 2013. I believe that “WILLIAM AMOS” is actually WEED. . . .

. . . . The search warrant returns for the WILLIAM AMOS Facebook account included the Facebook posting described above that is a photograph of what appears to be computer code. In a letter dated May 1, 2017, officials at the NRO determined that the information contained in that photograph is classified at the SECRET// REL to the USA, AUS, and GBR level, and the unauthorized disclosure of this information could reasonably be expected to cause serious damage to the national security of the United States of America. I believe this photograph shows WEED currently has classified national defense information at his residence, on a mobile device in his possession, or on his person. The computer code that was posted on Facebook is known to be a classified program WEED worked on at the NRO. . . . (read all)