author photo
By SecureWorld News Team
Mon | May 24, 2021 | 12:11 PM PDT

She had been a long-term and trusted employee of the FBI, working out of the Bureau's Kansas City office.

However, prosecutors now say she was much more than that. She was also an insider threat, according to a newly unsealed federal indictment.

Kendra Kingsbury, a 48-year-old FBI analyst, is accused of removing "Secret" and "Classified" documents relating to a number of FBI operations. This includes details on how the agency is trying to defend the United States against cyber threats.

FBI analyst accused of being insider threat

If you are in an analyst role long-term, you likely support all kinds of efforts and teams based on where there is a need.

Over her 12-year career, Kingsbury worked for several different FBI squads, including those focused on illegal drug trafficking, violent crime, violent gangs, and counterintelligence. 

And she is accused of illegally taking home secret and classified documents for almost her entire career:

"The breadth and depth of classified national security information retained by the defendant for more than a decade is simply astonishing," said Alan E. Kohler, Jr. Assistant Director of the FBI's Counterintelligence Division.

"The defendant, who's well trained in handling classified information, put her country's sensitive secrets at risk. The FBI will go to great lengths to investigate individuals who put their own interests above U.S. national security, including when the individual is an FBI employee."

Specific accusations against the FBI insider threat

The court documents reveal two specific charges against Kingsbury. One charge relates to domestic documents she is accused of stealing:

"Count one of the federal indictment relates to numerous documents classified at the secret level that describe intelligence sources and methods related to U.S. government efforts to defend against counterterrorism, counterintelligence and cyber threats.

The documents include details on the FBI's nationwide objectives and priorities, including specific open investigations across multiple field offices. In addition, there are documents relating to sensitive human source operations in national security investigations, intelligence gaps regarding hostile foreign intelligence services and terrorist organizations, and the technical capabilities of the FBI against counterintelligence and counterterrorism targets."

The second charge relates to international operations and foreign intelligence:

"Count two of the federal indictment relates to numerous documents classified at the secret level that describe intelligence sources and methods related to U.S. government efforts to collect intelligence on terrorist groups. The documents include information about al Qaeda members on the African continent, including a suspected associate of Usama bin Laden.

In addition, there are documents regarding the activities of emerging terrorists and their efforts to establish themselves in support of al Qaeda in Africa."

Ponemon on why insider threats are so challenging to stop

We asked Dr. Larry Ponemon, founder of the Ponemon Institute, why insider threats tend to be so damaging to an organization or agency and why rogue employees sometimes get away with their violations for years.

He says part of the problem with malicious insiders is that no one wants to believe the worst.

"We found that companies err on the side of goodness. They don't want to accuse somebody without full evidence of a crime, so they write it off as negligence," Ponemon tells SecureWorld. 

"And we discovered insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."

In this most recent case of the FBI insider threat, it took 12 years for the Bureau to uncover what was happening and put a stop to it.

"As an intelligence analyst for the FBI, the defendant was entrusted with access to sensitive government materials," said Assistant Attorney General John C. Demers for the Justice Department's National Security Division. "Kingsbury is alleged to have violated our nation's trust by stealing and retaining classified documents in her home for years. Insider threats are a significant danger to our national security, and we will continue to work relentlessly to identify, pursue and prosecute individuals who pose such a threat."

But saying you will stop an insider threat and actually doing it are two entirely different thing—especially if a rogue employee knows what they are doing is wrong.

The U.S. Department of Justice says that was definitely the case here:

"Kingsbury knew the unauthorized removal of classified materials and transportation and storage of those materials in unauthorized locations risked disclosure and transmission of those materials, and therefore could endanger the national security of the United States and the safety of its citizens. She also knew that violating the rules governing the handling of classified information could result in criminal prosecution."

Insider threat detection strategy for organizations

If you are working on an insider threat detection strategy or want to benchmark your current program, register now for the SecureWorld Remote Session, Mitigate Insider Risk in Financial Firms, which is available live and on-demand.

The webcast will feature SecureWorld, FINRA, and Proofpoint experts for a panel discussion about insider-led breaches at financial services organizations and will tackle these topics:

•  The main insider threat profiles and how to address each
•  Why insider threats are unique and require more context than other threats
•  How to reduce response time and costs by speeding up investigation

Comments