The New Insider Threat is in Your Pocket

[IS] Opinions

Technology

Posted to Technology September 11, 2025 by Chris Risley

The plot of spy movies for decades turned on photographs of secret weapons or documents taken by pocket-sized spy cameras. Today, everyone carries a potential spy camera in their pocket, which is 50 times more powerful than the ones in the movies. And unlike old films, images don’t need to be smuggled out on microfilm. They can be sent instantly anywhere in the world.

This improvement in consumer spying technology has not gone unnoticed by the spies. Recently, Patrick Wei, a former U.S. Navy sailor, was convicted in San Diego of using his cell phone to photograph classified documents and Naval blueprints before sending them to his foreign handlers. His case is one of several that have come through the courts this year. Another trial is set to start in Portland, Oregon, involving Joint Base McChord and the manuals for the HIMARS Rocket System. In June, Michael Schena, a 20-year veteran State Department employee with a Top Secret clearance, pleaded guilty to using an iPhone 14, provided by his handlers, to photograph SECRET documents displayed on his computer screen.

Cases like these, where an indictment is filed, are just the tip of the iceberg. Many cases are handled outside the courts because prosecutors are concerned that defendants will reveal government secrets during their trials.

Cell phone technology has advanced rapidly, but government efforts to counter its use in espionage have lagged. Thousands of government facilities have posted signs stating, “No unauthorized electronic devices permitted.” Yet, fewer than 10% of those facilities actively monitor for unauthorized transmitters operating in those facilities.

Just as drivers often ignore a 65-mph speed limit sign if there’s no trooper with a radar gun, federal employees may disregard ‘No unauthorized electronic devices’ signs if they think no one will notice a phone in their pocket. It’s easy to understand why people bend the rules: cell phones are useful. A spouse may call, a kid might need a ride, or the plumber might finally ring back.

We all understand the utility, but most of us don’t work in facilities where a single device can put national security at risk. Taking on a job in a secure facility requires giving up some conveniences that your fellow citizens take for granted. And one of the conveniences you have to sacrifice is constant cell phone availability. It’s why the signs are there.

Employees may think they’re exempt because they don’t intend to use their phones to harm national security. “So, what’s the risk?”

Even a loyal employee can be carrying a compromised device. iPhones are made by Apple, a corporation known for its focus on customer privacy and security. But even Apple has had to patch iOS six times in recent years to stop so-called “Zero Click” vulnerabilities found in the wild.

Everyone gets texts and emails that try to trick you into clicking on a link to install malware on your phone. Some of these messages are very convincing, but they still require that you’re tricked enough to click on the bad link. A Zero Click vulnerability works the same way, except the user doesn’t need to make even one erroneous click! A Zero Click attack exploits a weakness in the software on your phone and uses that vulnerability to install spyware or RATs with zero action from the user.

Without the user ever knowing, once installed, the malware allows an attacker to do anything that a legitimate user could do on the phone, including turning on the microphone during a meeting and transmitting out everything that is said, or reading the email on the phone –encrypted or not, downloading documents, etc.

In other words, an employee may be working for the Federal Government, but their phone might be working for North Korea. The old Insider Threat was the disgruntled employee; the new Insider Threat is the loyal employee with a compromised phone.

All major Federal Departments have adopted policies requiring electronic device detection for all SCIFs (Sensitive Compartmentalized Information Facilities) and SAPF’s (Special Access Program Facilities). These policies exist in the DOD, DOE, DHS, and the Intelligence Community. The last two National Defense Authorization Acts have specifically called out the need for electronic device detection in Defense SCIFs.

The Intelligence Community has led the way in Wireless Intrusion Detection System (WIDS) adoption, but even within the Intelligence Community, the facilities protected represent only 10% of the facilities with prohibitive signs. Where wireless device detection is deployed, it is proving very effective. Facilities where it is deployed are interdicting thousands of devices per year in classified spaces. If so many devices are interdicted at facilities where most people know there is monitoring, imagine the impunity employees feel in facilities where they know no monitoring is in place

Anyone who has spent a few years going in and out of SCIFs has a story about being in a SCIF when somebody’s cell phone rang. That’s the problem. If we concentrated on stopping this threat now, we could have all the most important facilities protected over the next three years.

Author

Chris Risley

Chris Risley is Chief Executive Officer of Bastille Networks, and he has more than 25 years of software experience. He wrote this for InsideSources.com.
View all posts