Secret information oncounter-terrorism shared by foreign governments may have beencompromised by a massive data theft by a senior IT technicianfor the NDB, Switzerland's intelligence service, Europeannational security sources said.
Intelligence agencies in the United States and Britain areamong those who were warned by Swiss authorities that their datacould have been put in jeopardy, said one of the sources, whoasked for anonymity when discussing sensitive information.
Swiss authorities arrested the technician suspected in thedata theft last summer amid signs he was acting suspiciously. Helater was released from prison while a criminal investigation bythe office of Switzerland's Federal Attorney General continues,according to two sources familiar with the case.
The suspect's name was not made public. Swiss authoritiesbelieve he intended to sell the stolen data to foreign officialsor commercial buyers.
A European security source said investigators now believethe suspect became disgruntled because he felt he was beingignored and his advice on operating the data systems was notbeing taken seriously.
Swiss news reports and the sources close to theinvestigation said that investigators believe the techniciandownloaded terrabytes, running into hundreds of thousands oreven millions of printed pages, of classified material from theSwiss intelligence service's servers onto portable hard drives.He then carried them out of government buildings in a backpack.
One of the sources familiar with the investigation said thatintelligence services like the U.S. Central Intelligence Agencyand Britain's Secret Intelligence Service, also known as MI6,routinely shared data on counter-terrorism and other issues withthe NDB. Swiss authorities informed U.S. and British agenciesthat such data could have been compromised, the source said.
News of the theft of intelligence data surfaced withSwitzerland's reputation for secrecy and discretion ingovernment and financial affairs already under assault.
Swiss authorities have been investigating, and in some caseshave charged, whistleblowers and some European governmentofficials for using criminal methods to acquire confidentialfinancial data about suspected tax evaders from Switzerland'straditionally secretive banks.
The suspect in the spy data theft worked for the NDB, orFederal Intelligence Service, which is part of Switzerland'sDefense Ministry, for about eight years.
He was described by a source close to the investigation as a"very talented" technician and senior enough to have"administrator rights," giving him unrestricted access to mostor all of the NDB's networks, including those holding vastcaches of secret data.
Swiss investigators seized portable storage devicescontaining the stolen data after they arrested the suspect,according to the sources. At this point, they said, Swissauthorities believe that the suspect was arrested and the stolendata was impounded before he had an opportunity to sell it.
However, one source said that Swiss investigators could notbe positive the suspect did not sell or pass on any of theinformation before his arrest, which is why Swiss authoritiesfelt obliged to notify foreign intelligence partners theirinformation may have been compromised.
Representatives of U.S. and British intelligence agencieshad no immediate response to detailed queries about the casesubmitted by Reuters, although one U.S. official said he wasunaware of the case.
Security Procedures Questioned
Swiss Attorney General Michael Lauber and a seniorprosecutor, Carolo Bulletti, announced in September that theywere investigating the data theft and its alleged perpetrator. Aspokeswoman for the attorney general said she was prohibited bylaw from disclosing the suspect's identity.
A spokesman for the NDB said he could not comment on theinvestigation.
At their September press conference, Swiss officialsindicated that they believed the suspect intended to sell thedata he stole to foreign countries. They did not talk about thepossible compromise of information shared with the NDB by U.S.and British intelligence.
A European source familiar with the case said it raisedserious questions about security procedures and structures atthe NDB, a relatively new agency which combined the functions ofpredecessor agencies that separately conducted foreign anddomestic intelligence activities for the Swiss government.
The source said that under the NDB's present structure, itshuman resources staff - responsible for, among other things,ensuring the reliability and trustworthiness of the agency'spersonnel - is lumped together organisationally with theagency's information technology division. This potentially madeit difficult or confusing for the subdivision's personnel toinvestigate themselves, the source said.
According to the source, investigators now believe that inthe months before his arrest, the data theft suspect displayedwarning signs that should have been spotted by his bosses or bysecurity officials.
The source said that the suspect became so disgruntledearlier this year that he stopped showing up for work.
However, according to Swiss news reports, the NDB did notrealise that something was amiss until the largest Swiss bank,UBS, expressed concern to authorities about a potentiallysuspicious attempt to set up a new numbered bank account, whichthen was traced to the NDB technician.
A Swiss parliamentary committee is now conducting its owninvestigation into the data theft and is expected to report nextspring. Investigators are known to be concerned that the NDBlacks investigative powers, such as to search premises orconduct wiretaps, which are widely used by counter-intelligenceinvestigators in other countries.