Swiss spy warning sent to CIA, MI6 after secret data theft

Swiss spy warning: A disgruntled IT technician at the Swiss intelligence service stole terabytes of secret data from computers. The Swiss spy agency sent a warning to the CIA, MI6 and other intelligence services about the breach of security. 

December 5, 2012

Secret information on counter-terrorism shared by foreign governments may have been compromised by a massive data theft by a senior IT technician for the NDB, Switzerland's intelligence service, European national security sources said.

Intelligence agencies in the United States and Britain are among those who were warned by Swiss authorities that their data could have been put in jeopardy, said one of the sources, who asked for anonymity when discussing sensitive information.

Swiss authorities arrested the technician suspected in the data theft last summer amid signs he was acting suspiciously. He later was released from prison while a criminal investigation by the office of Switzerland's Federal Attorney General continues, according to two sources familiar with the case.

RECOMMENDED: How to avoid the 12 cyber scams of Christmas

The suspect's name was not made public. Swiss authorities believe he intended to sell the stolen data to foreign officials or commercial buyers.

A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.

Swiss news reports and the sources close to the investigation said that investigators believe the technician downloaded terabytes, running into hundreds of thousands or even millions of printed pages, of classified material from the Swiss intelligence service's servers onto portable hard drives. He then carried them out of government buildings in a backpack.

One of the sources familiar with the investigation said that intelligence services like the U.S. Central Intelligence Agency and Britain's Secret Intelligence Service, also known as MI6, routinely shared data on counter-terrorism and other issues with the NDB. Swiss authorities informed U.S. and British agencies that such data could have been compromised, the source said.

Can Syria heal? For many, Step 1 is learning the difficult truth.

News of the theft of intelligence data surfaced with Switzerland's reputation for secrecy and discretion in government and financial affairs already under assault.

Swiss authorities have been investigating, and in some cases have charged, whistleblowers and some European government officials for using criminal methods to acquire confidential financial data about suspected tax evaders from Switzerland's traditionally secretive banks.

The suspect in the spy data theft worked for the NDB, or Federal Intelligence Service, which is part of Switzerland's Defense Ministry, for about eight years.
He was described by a source close to the investigation as a "very talented" technician and senior enough to have "administrator rights," giving him unrestricted access to most or all of the NDB's networks, including those holding vast caches of secret data.

Swiss investigators seized portable storage devices containing the stolen data after they arrested the suspect, according to the sources. At this point, they said, Swiss authorities believe that the suspect was arrested and the stolen data was impounded before he had an opportunity to sell it.

However, one source said that Swiss investigators could not be positive the suspect did not sell or pass on any of the information before his arrest, which is why Swiss authorities felt obliged to notify foreign intelligence partners their information may have been compromised.

Representatives of U.S. and British intelligence agencies had no immediate response to detailed queries about the case submitted by Reuters, although one U.S. official said he was unaware of the case.

SECURITY PROCEDURES QUESTIONED
Swiss Attorney General Michael Lauber and a senior prosecutor, Carolo Bulletti, announced in September that they were investigating the data theft and its alleged perpetrator. A spokeswoman for the attorney general said she was prohibited by law from disclosing the suspect's identity.

A spokesman for the NDB said he could not comment on the investigation.

At their September press conference, Swiss officials indicated that they believed the suspect intended to sell the data he stole to foreign countries. They did not talk about the possible compromise of information shared with the NDB by U.S. and British intelligence.

A European source familiar with the case said it raised serious questions about security procedures and structures at the NDB, a relatively new agency which combined the functions of predecessor agencies that separately conducted foreign and domestic intelligence activities for the Swiss government.

The source said that under the NDB's present structure, its human resources staff - responsible for, among other things, ensuring the reliability and trustworthiness of the agency's personnel - is lumped together organizationally with the agency's information technology division. This potentially made it difficult or confusing for the subdivision's personnel to investigate themselves, the source said.

According to the source, investigators now believe that in the months before his arrest, the data theft suspect displayed warning signs that should have been spotted by his bosses or by security officials.

The source said that the suspect became so disgruntled earlier this year that he stopped showing up for work.

However, according to Swiss news reports, the NDB did not realize that something was amiss until the largest Swiss bank, UBS, expressed concern to authorities about a potentially suspicious attempt to set up a new numbered bank account, which then was traced to the NDB technician.

A Swiss parliamentary committee is now conducting its own investigation into the data theft and is expected to report next spring. Investigators are known to be concerned that the NDB lacks investigative powers, such as to search premises or conduct wiretaps, which are widely used by counter-intelligence investigators in other countries.

RECOMMENDED: How to avoid the 12 cyber scams of Christmas