The groups cited most often were Hamas, Hezbollah, and al-Qaeda and its affiliates, but the nature of the connections was not described in the document.
So sharp is the fear of threats from within that last year the NSA planned to launch at least 4,000 probes of potentially suspicious or abnormal staff activity after scrutinizing trillions of employee keystrokes at work. The anomalous behavior that sent up red flags could include staffers downloading multiple documents or accessing classified databases they do not normally use for their work, said two people familiar with the software used to monitor employee activity.
This shrouded, multimillion-dollar hunt for insider threats has suffered from critical delays in recent years and uneven implementation across agencies, the budget records show. And the spy agencies’ detection systems never noticed that Snowden was copying highly classified documents from different parts of the NSA’s networks.
He subsequently fled to Hong Kong and then Moscow, where he remains after being granted temporary asylum.
Contractors like Snowden, an NSA spokeswoman said, were not included in the plans to reinvestigate 4,000 security clearances.
CIA officials said the number of applicants ultimately tied to terrorist networks or hostile foreign governments was “small” but declined to provide an exact number or the reasons the broader group of applicants initially raised concerns.
“Over the last several years, a small subset of CIA’s total job applicants were flagged due to various problems or issues,” one official said in response to questions. “During this period, one in five of that small subset were found to have significant connections to hostile intelligence services and or terrorist groups.” The official, like others interviewed for this article, spoke on the condition of anonymity to discuss classified material.
The intelligence community’s dramatic emphasis on insider threats came in the wake of disclosures by WikiLeaks in 2010. The anti-secrecy group received hundreds of thousands of military and diplomatic documents from Army Pfc. Bradley Manning, now known as Chelsea Manning.
Congress made security a top priority and in 2011 ordered Director of National Intelligence James R. Clapper Jr. to set up “an effective automated insider threat detection program” to guard against similar security failures. The program was supposed to flag possible abuses, identify double agents and prevent leaks.