Recent reporting by the Defense Investigative Service (DIS) indicates that "foreign entities" (e.g., intelligence and security services and corporate competitors) are increasingly utilizing unsolicited electronic correspondence via the Internet to elicit information from cleared US Government contractor companies and their employees.

According to the DIS, the Internet offers foreign information collectors a variety of advantages. It is a simple, low cost, non-threatening, and a relatively risk free medium through which to attempt to collect classified, proprietary, or sensitive information. Collectors can remain safe within their own borders while sending out hundreds of requests for assistance to targeted US companies and their employees. Internet correspondence is the most frequently used modus operandi employed by "closed countries." Correspondence also may be worded to appeal to cultural commonalities.

Recent incidents reported to the DIS include the following:

* Cleared US contractor personnel received unsolicited foreign requests containing references to military projects which use software tools for networked real-time operating systems for airborne, space, missile, tactical, and intelligence systems. The foreign entity's request included an acknowledgment that much of the information would probably be classified, and that it was operating at the request of a foreign military customer.

* A cleared US Government contracting company received a request to market a software program with intelligence applications to intelligence and security organizations in an Eastern European country. The software program in question enables the rapid integration of multiple data sources and millions of documents with great speed and can be used as an investigative tool to search World Wide Web sites. Access to sophisticated Internet search software could assist foreign country intelligence and security services with monitoring Internet traffic for intelligence collection purposes. At a minimum, it could be used to acquire competitive business information off the Internet.

* In some foreign countries, Internet access runs through a government-controlled host. As a result, any electronic contact through the Internet with these countries is subject to intelligence and security service monitoring.

Elicitation has long been utilized as an effective tool for intelligence and other types of information collection by traditionally friendly and adversarial states. All unsolicited electronic requests for information received via the Internet should be viewed with suspicion, according to the DIS. They suggest responding only to requests from people who are personally known to the user, and only then after verifying the requestor's address. DIS also notes the possibility that foreign entities might present themselves as imposters. All unsolicited electronic correspondence from unknown parties, or those that seem to be out of character with the nature of requests normally made by a known source, should be referred to the appropriate security point of contact.

To help counter growing concerns associated with electronic elicitation efforts emanating from overseas, the DIS has provided the following list of suspicious indicators:

* The sender's address is from a foreign country.
* The recipient has never met the sender.
* The sender identifies his/her status as a student or consultant.
* The sender identifies his/her employer as a foreign government, or their work is being done for a foreign government or program.The sender asks about technology related to a defense-related program, project, or contract.
* The sender asks questions about defense-related programs using acronyms specific to the program.
* The sender insinuates the third party he/she is working for is "classified" or otherwise sensitive.
* The sender admits he/she could not get the information elsewhere because it was classified or controlled.
* The sender advises the recipient to disregard the request if it causes a security problem, or if the recipient cannot provide the information due to security classification, export controls, etc.
* The sender advises the recipient not to be concerned about security concerns.
* The sender assures the recipient that export licenses are not required or are not a problem.

DOE and contractor personnel should remain cognizant that a corresponding threat exists for the Department relating to defense and other national security type information, as well as critical and commercially viable technologies under development across the DOE Complex.

Security and Privacy Notice
To contact send email to ISRC
Last Updated October 2001