More FBI whistleblowers have stepped forward to Congress and accused high-ranking bureau officials of bringing unauthorized smartphones into top-secret facilities, a security breach that can expose classified materials.
This time, the FBI said it is investigating the complaints and “takes all security matters seriously.”
The alleged security violations occurred in a sensitive compartmented information facility or SCIF set up for the executive offices on the 7th floor of the FBI’s J. Edgar Hoover Building, according to the whistleblower.
The new complaint follows The Washington Times’ exclusive report last week detailing an FBI agent disclosing to Congress that FBI Deputy Director Paul Abatte, among other top agents, broke security rules and jeopardized classified material by using a smartphone inside of SCIFs.
The FBI denied the whistleblowers’ accusations about Mr. Abatte but said the bureau was looking into the new allegations.
FBI agent told The Times that this kind of behavior among the bureau’s executives is prevalent at field offices across the country.
The new disclosure sent to House Judiciary Committee Republicans came from a former program manager of the FBI’s Defensive Electronic Group who was responsible for technical surveillance countermeasures on the 7th floor of the FBI’s Washington headquarters. It is on the 7th floor where the highest ranking FBI officials have offices.
The former FBI employee said several violations were detected during a security sweep of the 7th floor SCIF.
“During the exam, I observed dozens of strong Bluetooth signals. As I began looking for possible sources, I observed several phones on desks and in use inside the SCIF,” the former FBI employee said in the disclosure to lawmakers. “I had just begun looking for them when the Chief Security Officer responsible for the area shut me down. He specifically directed me not to pursue it or take any action.”
“Cell phones are not permitted inside. Based on the readings I observed, I believe every employee there was violating the cell phone policy,” he said in the whistleblower disclosure.
The FBI said in a statement to The Times:
“The FBI takes all security matters seriously. Recently, we were made aware of these allegations of security violations in FBI space, and we have referred this information to the Inspection Division, Security Division, and the Department of Justice’s Office of the Inspector General for review. The FBI has also taken considerable steps to ensure that employees are aware of their rights when making protected disclosures under the regulations.”
SCIFs have the most highly classified and potentially sensitive records collected by the U.S. government, including documents summarizing threats to homeland security, surveillance records on suspected terrorists and the names of informants.
The U.S. intelligence community has rules governing how SCIFs are built and managed, which include restrictions on the use of portable electronic devices and those with recording capabilities and embedded technologies.
Managers must approve such devices to enter a SCIF, and the officials must conduct a risk assessment before giving a greenlight, according to technical specifications published by the Office of the Director of National Intelligence last year. Medical devices are similarly subject to reviews and approvals.
SCIFs are not only located in government buildings or only inside the U.S., and managers of SCIFs outside the U.S. have different rules.
Former President Donald Trump’s Mar-a-Lago residence housed a SCIF during his presidency. The FBI also used a SCIF at the law firm Perkins Coie, representing prominent Democratic clients.
Bringing a cellphone into a SCIF presents security challenges that are not limited to a hacker accessing a microphone or camera.
Mordechai Guri, head of research and development at the Cyber Security Research Center at Ben Gurion University in Israel, recently published a study showing how unconnected smartphones may be used to steal data from computers separated from the internet, which is how sensitive material is examined in SCIFs.
One method involved using the gyroscope sensor in a smartphone, which is the mechanism that determines the phone’s rotation, such as whether someone is viewing the device horizontally or vertically.
Mr. Guri’s “GAIROSCOPE” method creates a covert communications channel between the smartphone and air-gapped computers through malicious software that creates ultrasonic frequencies on the computers. The computers are not connected to the internet, and the unconnected smartphones can detect the frequencies from a few meters away.
Another method disclosed by Mr. Guri changes a computer’s blinking LED lights into morse code to transmit data from the secure computers.