• United States




Leaked Mitch McConnell/Ashley Judd recording highlights potential for insider threat

Apr 09, 20133 mins
CareersData and Information SecurityIT Leadership

Mitch McConnell's campaign staff claims they have no idea how a private strategy session was recorded and leaked. But they ought to take a hard look at everyone close to them and consider if this may be an inside job

Leaked recordings from a private strategy session involving Republican U.S. Senator Mitch McConnell is making headlines today and has officials from the campaign crying foul.

The recordings, which many analysts are calling much ado about nothing, contain remarks McConnell and others in his camp made in February about would-be Democratic challengers – and mainly focuses on actress and activist Ashley Judd, who at the time was considering a run for the Kentucky Senate seat McConnell has held since 1985.

McConnell’s campaign all adamantly deny any involvement in the recording of the sessions (and its consequential leaking). They are working with the FBI on an investigation into how it happened. But my gut tells me they need to look inward again and evaluate the people they consider allies and consider who may be a potential insider threat.

Somehow the room was bugged, and the recording obtained and published by David Corn of Mother Jones. Someone close to the campaign with knowledge of schedules, location and the content of the discussion scheduled for that meeting had to be involved in some way in putting the pieces in place.

The insider threat or rogue employee is not new. There is plenty of research into the issues and lots of recommendations and tools for security managers to use to mitigate the insider threat.

Malicious insiders have varying motivations. Some are disgruntled and seeking revenge of some kind. Others are swayed by financial gain and are willing to access an organization’s assets or information, and pass over valuable information, in exchange for money.

Sometimes dangerous insiders are simply motivated by curiosity. As CSO noted in Embarrassing insider jobs, curiosity may explain what happened to “Joe The Plumber.” In October 2008, the nation was introduced to the Ohio man when John McCain mentioned him in one of the presidential debates. But Joe, whose real name is Joseph Wurzelbacher, soon learned publicity can lead to prying eyes. Officials in Ohio launched an investigation after it was revealed that someone used an old test account created by the state attorney general’s IT team to access Wurzelbacher’s records in a government database.

It is unclear if the records were being accessed to dig up dirt on Joe that would later make its way onto the campaign trail, or simply because some curious state workers wanted to know more.

Who knows what the potential insider motivation might have been in this case of the McConnell strategy tapes? But political campaigns, where strategy discussed at private meetings is considered some of the most sensitive information produced, need to be run like a businesses – with intellectual property that needs vigilant guarding at all times. Every attempt to mitigate the potential for an insider threat must be considered, and staff needs to be painstakingly vetted.

My guess is the McConnell campaign staff will be looking at one another with a slightly- more suspicious eye in the coming weeks.