When Insider Threats Backfire: The Case of Jareh Dalke, Russia, and the NSA
By Rennie Westcott, Beatrice Titus, Anne Griffin
Even when cyber threats are thwarted, narrative attacks that cause financial and reputational damage are a risk for all organizations.
Protecting sensitive information from insider threats has never been more critical for governments and companies. Organizations must safeguard troves of data from compromise by employees and contractors with access. However, a high-profile espionage case demonstrates significant reputational risks exist, even when cyber threats are thwarted.
In August 2022, Nevada resident Jareh Dalke began communicating with an individual he believed to be a Russian agent interested in purchasing classified documents. Unbeknownst to Dalke, he was corresponding with an undercover FBI agent. Over the next few months, Dalke provided samples of sensitive information he had collected as a contract specialist for the National Security Agency.
Dalke’s motivations appeared complex: he sought financial gain to pay down nearly a quarter million dollars in student loan debt and ideological change driven by his opposition to US foreign policy. He wrote to the purported Russian agent, “There is an opportunity to help balance the scales of the world while also tending to my own needs.”
The FBI monitored Dalke’s activities closely through encrypted chat apps and payment in untraceable Monero cryptocurrency. In October, he was arrested for attempting to physically transfer additional classified materials, believing he had secured a $85,000 payoff.
Earlier this month, Dalke was sentenced to over six years for his attempted espionage. While the investigation concluded without any sensitive information falling into foreign hands, the case still damaged public perception and trust in institutions.
Mainstream social media reaction to the story sparked discordant narratives that undermined confidence in handling insider threats. Some narratives discussed the length of Dalke’s prison sentence. Other narratives framed his actions amid the ongoing Russia-Ukraine war, debating the ethics of aiding an adversary engaged in violent conflict.
On fringe platforms, the response was even more extreme. Some called for Dalke’s execution for treason despite not officially being in wartime. Meanwhile, conspiracy theorists suggested unethical FBI tactics entrapped Dale. While the confidential information never left US hands, the subsequent firestorm highlights the unintended consequences of insider threat cases.
The Blackbird.AI RAV3N team surveyed hundreds of platforms for narratives about Jareh Dalke’s sentencing and crimes more broadly, searching everything from popular front-of-house social media websites to fringe alternative social media platforms to deep web forums. What turned up was a wide range of perspectives, from simple objection to Dalke’s actions on clearnet sites to martyring calls to free him on TOR-hosted forums.
The case sparked varied narratives online:
- Dalke’s Sentence was Deserved – Many condemned Dalke’s actions given the context of the Russia-Ukraine war. They emphasized the potential to aid in harming Ukrainians. Dalke’s language expressing excitement at the opportunity to ‘balance scales of the world’ via the intelligence leak inspired many users to reassert that Russia is the aggressing force in Ukraine.
- Poverty and Student Debt are Bigger Threats – On forum sites, some argue economic issues are more significant security threats. They cited Dalke’s student loans and for-profit colleges as factors, stating that debt is a security risk amid Dalke’s intentions to ‘tend to his own needs.’ This prompted users to use Dalke as an example of why student loan forgiveness is necessary, stating that not even espionage can pay off student loans.
- Cryptocurrency Facilitates Crime – The FBI likely used Monero to pay Dalke. This highlighted concerns about crypto enabling criminal activity, while crypto enthusiasts had mixed views. Some expressed excitement at the simple fact that this case might elevate attention around the cryptocurrency, therefore increasing the price. Others offered trepidation that the news might inspire crypto trading platforms to remove the coin altogether amid concerns that it was used both by criminals and law enforcement.
- Call for Harsher Punishment – On alternative platforms. Some said Dalke deserved the death penalty for treason. Many expressed Dalke’s crime as reprehensible and should, therefore, be treated as such, with some believing that the government is weak and is not punishing Dalke adequately. However, this punishment is uncommon when the US is not at war.
- Distrust in the FBI – Others were skeptical of the FBI’s case handling. Some alleged the FBI entrapped Dalke or should have caught him sooner due to his debts. Many criticized the FBI for allowing Dalke to gain a security clearance in the first place and questioned the government’s screening processes.
While the FBI prevented intelligence leaks, the case exacerbated public distrust in government and concerns about cryptocurrency and national security threats. Monitoring public perception across various online platforms is vital for organizations to mitigate reputational risks.
The lessons of this case apply to government security agencies and private sector companies and should be a wake-up call for all organizations worried about insider threats. Stringent IT security and insider threat programs are crucial – but so is messaging. Especially with the distortive power of social media, getting ahead of the story quickly is vital when insider risk events occur.
Transparency, responsiveness, and framing of the context will determine whether an organization is seen as unjustly persecuting a well-meaning whistleblower or appropriately prosecuting an insider threat. This nuance will only grow in importance as information security and narratives across the open, deep and dark web continue to dominate the spotlight.
To learn more about how Blackbird.AI can help in these situations, contact us here.