The news of the arrest of an IT administrator at the US Department of State’s Bureau of Intelligence and Research for allegedly stealing classified defense documents and delivering them to a foreign power is sending shock waves across government departments. There are also indications that China, currently known to be conducting a long-standing cyber-espionage campaign against the US, may be involved behind the scenes.
Top secret intelligence reports accessed and shared
It appears that the arrested man, Abraham Teklu Lemma, is not a staffer at the State Department but a U.S. Government contractor who has worked with various U.S. Government agencies since at least July 2021 and has had a TOP SECRET security clearance since at least 2020. Prior to working as a government contractor, Lemma claims to have worked at a bank in Maryland. Whatever his real resume is, Lemma systematically and ruthlessly betrayed his adopted country. He is a naturalized citizen of the United States who was previously a citizen of an African country that the Federal Bureau of Investigation (FBI), which uncovered the case, mysteriously refers to as the “Relevant Country.” However, the country in question is believed to be Ethiopia, Lemma’s country of birth.
According to the Affidavit for his arrest warrant: “Between on or about December 19, 2022, and August 7, 2023, Lemma copied and pasted information from at least 85 Intelligence Reports regarding many topics—the majority of which relate to the Relevant Country. Lemma accessed these Intelligence Reports without a need to know the classified information contained therein. During the same period, Lemma accessed at least an additional 48 Intelligence Reports without a need-to-know. According to DOS records, Lemma has, on multiple occasions, also printed and downloaded SECRET and TOP SECRET classified information from the Intelligence Reports.”
China may be being fed vital US defense intelligence
Ethiopia has yet to be seen as a significant cyber-espionage threat. China and Russia top the list of potentially hostile nations states known to be conducting a cyber campaign against the US, followed by countries including North Korea and Iran. However, sources close to the situation are already hinting the Chinese Communist Party may be being fed vital US defense intelligence by the Ethiopian government.
China and the US compete for influence in Ethiopia, which has major geopolitical significance as the seat of the African Union, in addition to the country’s strategic location in the Horn of Africa. Civil war erupted in Ethiopia in November 2020 after the leftist Tigray People’s Liberation Front (TPLF) was accused of attacking a military base. Although a peace treaty was signed, the US has suspended aid until certain criteria, such as full implementation of the peace process, are met. However, China regards the US sanctions as unwarranted interference in Ethiopia’s internal affairs.
But whichever power is eventually identified as being behind the theft of classified US defense documents, the case of Abraham Teklu Lemma also highlights two key aspects of cybersecurity that are often overlooked. One is the insider threat of someone within the organization stealing information, and the other is the danger of a supply-chain attack, where a contractor or supplier is identified at the weak spot in the target organization’s defenses.
