The Dangers of Monday-Morning Quarterbacks: A Contractor’s Flawed “Ana Montes Case Study” Reply

Ana Montes and the Cuban Flag (Credit: FBI/CSO staff illustration)

By Chris Simmons

Earlier this week, the cyber-security firm Haystax published a misleading and self-serving article called “Finding Ana Montes: A Haystax Use Case.”

This is an extract from their “assessment:”

{QUOTE} Below is a list of events taken from the DoD report that could have been paired with conventional computer and network monitoring systems data:

  • Montes’ nickname at the office translated to “The Outsider,” and she had few social relationships.
  • She found reasons to travel to Cuba for work.
  • She requested the results of her clearance, to send back to her Cuban handlers.
  • She was compassionate, empathetic and sympathetic to Cuba, but very quiet about it.
  • Prior to her post-graduate education she was politically inactive, became politically active at Johns Hopkins and then went quiet after graduating.
  • She was involved with academic groups, including CDI, that supported Cuba.

With the Haystax for Insider Threat solution, we would have captured all the normal indicators that alert DIA analysts, but we additionally could have given top analysts and investigators (with the appropriate permissions) the ability to capture more qualitative events like those listed above and feed them back as structured data into the probabilistic model that underlies our analytics platform. {ENDQUOTE}

The DoD Inspector General Report they cite was written years AFTER the Montes investigation ended and benefitted from tens of thousands of hours of investigative work.

But let’s take a deeper look:

Bullet #1: Point of fact, most analysts are introverts and thus have fewer relationships than extroverts. Bullet is irrelevant.

Bullet #2: Montes’s DIA work trips to Cuba were few and more importantly, almost every DIA analyst travels to the country or countries in their portfolio. Bullet is irrelevant.

Bullet #3: For a government employee to request a copy of their clearance investigation is only marginally different than a person requesting their credit report. You do it to ensure no erroneous information is in it. Bullet is irrelevant.

Bullet #4: Some Americans sympathize with Cuba’s dictatorship. This point alone is inadequate to open an investigation.

Bullet #5: Montes was politically active during her undergraduate years, a fact well documented during her summer in Madrid. The Haystax comment is incorrect.

Bullet #6:  Montes had been active in the Cuba Study Group, as were other analysts, until ordered to stop attending by DIA Security. Furthermore, she only attended one meeting hosted by the Center for Defense Information (CDI). The Haystax comment is partially correct.

Most importantly, Haystax’s conclusion that the Haystax for Insider Threat solution “would have been the only way the DIA could have caught Montes sooner” is false.

For example, Montes’ cited behavior on the Brothers to the Rescue Task Force was investigated and the allegations refuted or otherwise explained. The inquiry was closed by DIA because there was no credible information to open a case. Montes’ behavior in this episode had no bearing whatsoever on the investigation. This myth lives on largely due to a “based on actual events” DIA training video scripted to protect key aspects of the investigation.

Databases fed incorrect information by inexperienced analysts result in the proverbial “garbage in, garbage out” solution. Investigative tools, like databases, do aid professional, experienced intelligence officers. That said, these personnel must be qualified, respected and sufficiently trusted that other agencies are willing to share those diverse bits of intelligence that ultimately lead to the creation of an Unidentified Subject (“UNSUB”) case. That is precisely what happened with the Montes investigation as the DoD Inspector General found, calling it a model of interagency cooperation. The right people in the right place at the right time with the right information always generate amazing results.