[ISN] Alert Employee Thwarts Overt Intelligence Collection Attempts By A Chinese National

From: InfoSec News (isnat_private)
Date: Fri Sep 28 2001 - 05:23:43 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - September 28th 2001"

    September 2001 
    A major US aerospace corporation had a booth at the American Institute
    of Aeronautics and Astronautics (AIAA) and Ballistic Missile Defense
    Organization (BMDO) Technology Conference and Exhibit on July 23-26,
    2001 at Williamsburg, Virginia, as part of the technical exhibits.
    Part of the aerospace marketer's task at the conference was to staff
    the booth when the exhibits were open. Attendees at the conference
    were required to have a Secret level clearance. The unclassified
    exhibits were open daily from 0930-1600 hours and from 1730-1900
    hours, but included material that was SBU (sensitive but
    unclassified). Typically, attendance was low in the exhibits area
    while technical papers were being presented at the conference.
    On Tuesday, July 24, around 1030, a company employee who was manning
    the aerospace corporation booth noticed an oriental male approaching
    the booth from the area of an adjacent booth at the rear of the hall.
    The man was displaying neither a badge-the photo ID that indicated the
    required secret clearance/ conference attendance- nor the AIAA
    exhibitor badge that permitted other personnel to enter the exhibit
    hall. The man proceeded to collect a copy of each of the aerospace
    corporation's brochures without addressing the company employee. After
    greeting him, the company employee asked what organization he was with
    and whether he had a badge. The man replied that he was not attending
    the conference but was a journalist covering the conference. The
    employee then asked the man if he had an invitation to be in the
    exhibit hall, as AIAA had provided written invitations for exhibitors
    to give their customers. The man replied that he had no invitation but
    that he often attends AIAA and other organizations' technical
    exhibits. The company employee then asked the man which publication he
    represented, and, after several nonresponsive answers, he said he was
    with the Beijing Daily News. At this point, the aerospace
    corporation's representative took all the documents the man was
    carrying and asked him to follow him to the security stand outside the
    exhibit hall. Although he complied, the man obviously was not very
    At the security booth, the company employee explained the situation to
    the BMDO personnel, and they carried on a brief dialog with the man.
    Since this exhibit was not open to the general public, the aerospace
    corporation's employee told the BMDO reps that he objected to having
    persons in the exhibit hall who were not attending the conference nor
    invited by one of the exhibitors. Only after being questioned by BMDO
    security did the "visitor" show what appeared to be a press
    credential. After listening to his complaints about being removed from
    the exhibits, the BMDO security personnel directed the man to the AIAA
    booth across the lobby. The man never reappeared at the event, either
    that day or the next.
    In a subsequent discussion with the BMDO security personnel that
    afternoon, they thanked the company employee for his actions. They
    said they had placed personnel at the rear entrance of the exhibit
    hall leading from the kitchen/service area (which was evidently not
    monitored previously) to prevent anyone from entering through that
    Upon the company employee's return to his company, he notified his
    security office about the incident. Subsequently, the information was
    passed to both Defense Security Service Counterintelligence and the
    FBI. The 902nd Military Intelligence Group then became involved, and
    the agencies followed through with an investigation.
    An investigation revealed that the oriental visitor was in fact a
    Chinese national who is known to target US technical information.
    NCIX Comment: This article was received after the National
    Counterintelligence Executive's quarterly CI News and Developments
    newsletter published and placed on the NCIX unclassified Web site in
    September 2001. This article clearly demonstrates the responsibilities
    and actions of an employee who is aware of counterintelligence issues
    thwarting overt collection. We are grateful for being allowed to
    publish this article for our readers' information, and we solicit
    similar types of articles and information demonstrating the success of
    a strong counterintelligence posture and awareness.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 09:45:50 PDT