http://www.informationweek.com/news/showArticle.jhtml?articleID=199500751 By Sharon Gaudin InformationWeek May 10, 2007 On the morning of Aug. 5, 2005, an FBI intelligence analyst sat at his desk and accessed the agency's main database. He downloaded a classified document, copied it onto a disc and dropped it into a bag beside his desk. Leandro Aragoncillo -- a career Marine who had served under two vice presidents in the White House -- was stealing information in an attempt to foster a political coup in the Philippines, his home country. He knew he had no authorization to take or pass along the information, but, so far, it had been so easy. What Aragoncillo didn't know was that on this particular morning, after nearly four years of espionage, the feds were spying on the spy. Agents were watching him at his desk via video surveillance. At the end of the workday, the man who was set up as the perfect inside threat, took the bag with the disc inside and left the office. Agents tailed him as he drove home and took the bag, with the stolen classified information, inside. A little more than a month later, federal agents would execute search warrants on the houses of Aragoncillo and his U.S.-based conspirator, Michael Ray Aquino, a resident of the Philippines who was in the country on a visa. Both men were arrested that day after agents found more than 736 classified documents between the two homes. The arrests marked the end of what prosecutors called a "criminal conspiracy against the United States that spanned the globe, involved the theft of classified national defense documents" from the White House, the FBI, the Department of Defense and the U.S. State Department. The scheme included a group of conspirators who ranged from the former Marine turned FBI analyst to an ousted Philippine president to a foreign intelligence officer on the lam from double murder charges. It is the first time in modern history that someone has been charged with spying out of the White House. As it stands today, both Aragoncillo and Aquino have pleaded guilty and are awaiting sentencing this summer in U.S. District Court in Newark, N.J. Aragoncillo faces a maximum of 15 to 20 years based on his plea agreement. Aquino faces a max of 10 years, but after he serves his time here, he's expected to be shipped back to the Philippines to face various charges there. It's still unclear what, if anything, will happen to the other conspirators, who are not U.S. residents. It's also unclear what steps the FBI and the White House have taken to shore up their information safeguards and to better vet the people working there. What is clear is that the technology -- text messages, Web-based e-mail accounts and database queries -- that fed their plot also helped the government track them down and build an air-tight case against them. The e-mails sent, the phone calls made and the stolen information that one man actually archived on a set of CDs like a catalogue of wrong-doing all left a digital trail that was their ultimate undoing. "In this particular espionage investigation, the computer forensic work, as it relates to tracking Aragoncillo's information to his co-conspirators, was critical to prosecuting and ultimately obtaining guilty pleas for Aquino and Aragoncillo," said Assistant U.S. Attorney Karl Buch, who prosecuted the case, along with Assistant U.S. Attorney Michael Buchanan. "The information we were able to derive from searches of the e-mail accounts and the home computers provided overwhelming evidence of the conspiracy." Aragoncillo, now 48, was born and raised in Manila, the capitol of the island nation long fraught with turmoil and political battles that have been waged with both words and weapons. He moved to the U.S. in the 1980s and soon joined the U.S. Marine Corps. In 1999, the military awarded Aragoncillo's years of service with a plum assignment. He became a staff assistant to the military advisers in the Office of the Vice President. He began his service under former Vice President Al Gore and remained on and served under Vice President Dick Cheney. Aragoncillo was given Top Secret clearance. According to a sentencing motion, in the summer of 2000 then-President of the Philippines Joseph Estrada visited the U.S. and the Clinton administration hosted him at a State Dinner at the White House. Aragoncillo was in attendance and was introduced to Estrada. He even handed out his business card to members of the Philippine delegation. It was the beginning of a troubled time. That same fall, Estrada was accused of corruption and he was impeached. According to the motion, to steady his newly unstable footing, the Philippine president and his cohorts thought of Aragoncillo and his proximity to what they hoped would be beneficial information about their region. A representative called Aragoncillo and asked him to provide them information. That's all it took. Aragoncillo agreed to do it. In January of 2001, court papers show that Aragoncillo traveled to the Philippines and dined with Estrada at the Malacanang Palace. When he returned, he began pilfering and transmitting documents to Estrada and other co-conspirators. The indictment and the sentencing motion both note that Aragoncillo's years as a spy was made up of clandestine meetings, an alias, code words, and computer misuse. Documents show that he stole classified information from the White House and from the famed Situation Room. He even was brazen enough to send documents he was not authorized to access to his contacts from a White House fax machine. According to court papers, Aragoncillo walked out of the White House on a fairly regular basis with classified documents in a disc in his bag. He stole information about the Philippine economy, confidential U.S. intelligence sources and even terrorist threats against U.S. military personnel stationed in the Philippines. That information well went dry for the conspirators when Aragoncillo's stint at the White House came to a natural end in 2002. He later retired from the Marine Corp. in 2004. However, Aragoncillo wasn't done yet. Over time, Aragoncillo applied for jobs at the CIA, the National Security Agency and the FBI to "maintain regular access to documents and information classified for national security," according to the indictment. In July of 2004, he began his new job as an intelligence analyst with the FBI. In September, he began searching the FBI's Automated Case System, which is the agency's main database, for classified documents relating to the Philippines and its new president Gloria Macapagal Arroyo. The sentencing motion showed that he began accessing, downloading and printing classified documents that belonged to the FBI, the Department of Defense, the CIA and the U.S. State Department. Court papers noted that many of the stolen documents held national defense information. Aragoncillo's first misstep was when his U.S.-based contact, Aquino, was arrested in March of 2005 for overstaying his tourist visa. Aquino has quite a history, himself. A trained intelligence officer in the Philippines, he was in the U.S. avoiding an investigation that implicated him in the kidnapping and murders of a publicist and his driver. The bodies had been burned and were only identifiable by their dental records. Instead of lying low, Aragoncillo actually went to the U.S. Immigration and Customs Enforcement office and vouched for Aquino, identifying himself as an FBI employee. Immigration agents thought it was odd and reported it to the FBI, which soon began to take a look at the queries Aragoncillo had been running. When they saw that he had been running searches and downloading information that had nothing to do with his job, they began to look deeper. The government reported that investigators then found a discarded e-mail on his FBI account that referred to one or two Hotmail accounts, a Yahoo account and an alias. With court orders, the government went to both Hotmail and Yahoo. Once they saw those e-mails, they automatically began collecting the e-mail addresses of his co-conspirators. That led them to IP addresses and then actual physical addresses. Aquino left three years worth of e-mails -- more than 2,000 messages -- in his account. It was a virtual treasure trove of information. At that point, investigators set up real-time monitoring, gathering a mounting pile of evidence against Aragoncillo, Aquino and the other conspirators. In September, while investigators were watching, Aragoncillo downloaded and transmitted a document regarding a political coup in another country. One of the names on the document was Condoleezza Rice. The sentencing motion noted that when Aragoncillo e-mailed out the information on the coup, he wrote, "The attached info could be used a 'guidance', if and when you intend to install a military council and later transition to a 'civilian cabinet.'" Later in a telephone call about the document, Aragoncillo called it a "blueprint on how to" execute a coup. Within a week, the feds descended on Aragoncillo's and Aquino's homes, executing search warrants and arresting both men. Documents showed that Aragoncillo hadn't even deleted many of his e-mail messages and Aquino had neatly stored information on CDs that he kept in his house. Aragoncillo pleaded guilty last spring. Aquino also cut a deal. Charges have not been brought against the other conspirators but the investigation continues. The prosecutor filed a classified brief to the court outlining what the government says is the damage done to the United States in the four years of espionage that touched two governments, several federal agencies and even the White House. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu May 10 2007 - 22:43:18 PDT