Naval Engineer Insider Threat Case Study

Questions and Answers

What methodology did the suspect allegedly employ to gather sensitive information at work?

He hacked into secure databases to retrieve information.

He bribed other employees for sensitive information.

He openly discussed sensitive data with colleagues.

He collected files secretly over time within his job's regular routine. (correct)

What was Jonathan Toebbe's profession?

Cybersecurity analyst

Nuclear engineer for the U.S. Navy (correct)

Military strategist

Database administrator

What types of technology did the insider threat case involve?

Social media platforms and cloud storage

Telecommunication networks and surveillance systems

Digital media, encrypted communication, and cryptocurrency (correct)

Open-source intelligence and public records

How much cryptocurrency was Toebbe allegedly attempting to earn from his activities?

$5 million

What was the primary goal of Jonathan Toebbe's insider threat actions?

To sell restricted military intelligence to a foreign government

What warning signs were Toebbe and his colleagues trained to recognize?

Indicators of potential insider threats

What was one of the specific types of documents Toebbe was accused of stealing?

Technical schematics of Virginia class submarines

Which government department had Toebbe obtained a Top Secret security clearance from?

Department of Defense

What method did the insider threat use to encrypt the samples?

GnuPG symmetric encryption

Which cryptocurrency did the insider threat prefer for its transactions?

Monero

What assurance did the undercover FBI agent offer to build trust with the insider threat?

Payment in Monero

What was the insider threat's concern regarding the drop location suggested by the FBI?

It could easily be a trap by an adversary

What alternative to an in-person data drop did the insider threat suggest?

Electronic dead drop

What did the FBI agree to do to assure the insider threat of their identity?

Fly a signal flag in Washington D.C.

What did the insider threat agree to do after confirming the payment?

Provide the decryption passphrase

What was the final payment amount the insider threat received from the FBI?

$10,000

What unusual item was mentioned in relation to the data drop?

A peanut butter sandwich

Where was the insider threat located when he started the exchange process?

Baltimore, Maryland

What strategy did the insider threat request from the FBI for establishing trust?

A physical signal

How did the FBI respond to the insider threat's hesitation about the drop location?

They offered to change the drop site

On what date did the insider threat visit Washington D.C. for the signal?

Memorial Day weekend, 2021

Which organization did the insider threat communicate with?

Federal Bureau of Investigation

What was Jonathan Toebbe's primary reason for using an anonymous note and SD card?

To connect with a foreign government

What key was NOT included on the SD card that Toebbe sent?

John Doe — Public Key

What did Toebbe express concern about in his communication with BOB?

The risk of an in-person meeting

How did the FBI first initiate contact with Toebbe after receiving the SD card?

Using a fake identity

What was Toebbe's proposed amount for the cryptocurrency gift?

$100,000

What primary motivation did Toebbe cite for wanting to remain in the digital realm during exchanges?

To ensure his personal safety

What did Toebbe fear about using a dead drop location?

The possibility of being observed

What was Toebbe's concern regarding the bills he might handle during a transaction?

They could be tracked through serial numbers

Which communication platform did Toebbe choose for his conversations with the FBI?

ProtonMail

What marked the beginning of the investigation into Toebbe's activities?

The analysis of the SD card's encryption keys

What was the role of the person referred to as 'ALICE' in the exchange?

Jonathan Toebbe

What mechanism did Toebbe use to hide his IP address?

Public Wi-Fi with Tor

What did the FBI hope to achieve by using a neutral drop location for the exchange?

To establish long-term communication

What method did the rogue employee propose for exchanging information to maintain operational security?

Weekend exchanges at suitable parks and trails

What did Toebbe imply about the physical gift he'd receive?

It would be hard to explain to authorities

How much was the FBI willing to pay ALICE for the information exchanged?

$100,000 Monero for major transactions

What type of sensitive information was found on the SD card?

Militarily sensitive design elements of submarines

What was the cover method used by ALICE to conceal the SD card?

Wrapped in plastic and hidden in a sandwich

What was the estimated duration of service for Virginia-class submarines?

Until 2060

How did the rogue employee describe U.S. security forces in his communications?

Lazy with limited budgets

What was ALICE's mistaken belief regarding the foreign government?

They would not pay as much as the FBI.

What type of documents did U.S. Navy experts identify on the SD card?

Restricted data related to submarines

What payment format did the rogue employee suggest for sending files?

100,000 USD Monero for each package

What was the nature of the relationship ALICE sought to build?

A successful and careful cooperation

How did the FBI ultimately apprehend the rogue employee?

After he made another SD card drop

What did the rogue employee fail to recognize about his own actions?

He was unwittingly gathering evidence against himself

What was the proposition made for gathering more military data?

Create packages of information to sell

Study Notes

Naval Engineer Insider Threat Case

• Jonathan Toebbe, a 42-year-old nuclear engineer in the US Navy, is accused of selling restricted military intelligence to a foreign government.
• Toebbe, who had two active Top Secret security clearances, aimed to gain $5 million in cryptocurrency.
• The engineer stole data about the Virginia class of submarines, which are crucial to US military operations.
• Toebbe’s scheme involved selling thousands of documents, schematics, and charts to a foreign government.

The Scheme

• Toebbe sent an anonymous note and SD card to a foreign government address in April 2020.
• The SD card contained encrypted data that required a digital key to unlock.
• The FBI intercepted the SD card and initiated communication with Toebbe using a ProtonMail account under the pseudonym "BOB."
• Toebbe used the pseudonym "ALICE" and was cautious about face-to-face meetings.

The FBI’s Social Engineering Tactics

• The FBI used social engineering tactics to convince Toebbe to meet in person.
• Toebbe was hesitant due to security concerns and proposed an electronic exchange of data for Monero cryptocurrency.
• The FBI agreed to the electronic transfer and continued to push for an in-person data drop, ultimately proposing a secret signal in Washington D.C. over Memorial Day weekend.
• Toebbe, believing the signal was a sign of good faith from the foreign government, agreed to the in-person drop.

The Data Drops

• Toebbe and the FBI agent planned to communicate using weekend exchanges at parks and trails.
• Toebbe was increasingly comfortable with the in-person exchanges, even suggesting plausible deniability for his actions.
• Toebbe made several data drops, hiding SD cards in various locations, including between slices of bread inside a plastic bag and inside a chewing gum wrapper.

Toebbe’s Arrest

• After a final data drop on October 9, 2021, Toebbe was arrested in West Virginia along with his wife, who was aware of the scheme.
• The final SD card contained restricted data related to submarine nuclear reactors.

The Incident’s Implications

• The case raises concerns about insider threats and the need for robust security measures.
• Organizations should implement safeguards to prevent and detect insider threats.
• The case highlights the use of social engineering tactics by cybercriminals and the importance of security awareness training for employees.

Description

Explore the intriguing case of Jonathan Toebbe, a nuclear engineer accused of selling sensitive military intelligence. This quiz delves into the details of his scheme, the stolen data, and the FBI's strategies for investigation. Test your knowledge on the implications of insider threats in national security. https://www.secureworld.io/industry-news/navy-insider-threat-case-court-documents