After hackers breached its internal network in late October, the White House got the help of a Google security engineer, Parisa Tabriz, the company’s self-proclaimed “security princess.”
Tabriz was tapped by the newly founded U.S. Digital Service, a tech task force for the government which launched in August, as a consultant for a “Top Secret / Classified project” to improve the network of the White House and the Executive Office of the President, according to an earlier version of her own resume, which has since been edited.
Tabriz’s work for the White House on computer security has not been publicly reported before. Her resume entry was spotted on Monday by American Civil Liberties Union Principal Technologist Christopher Soghoian, who in the past exposed the FBI hacking techniques scouring the LinkedIn profiles of government contractors.
Hours after Soghoian’s tweet, and after Mashable reached out for comment, Tabriz edited her resume removing the reference to the “Top Secret / Classified project.”
The White House downplayed the intrusion at the time, denying it was a “destructive” cyberattack.
Very few details about the hack have emerged since then, other than that the attack was on the White House’s unclassified computer network and that it led to a temporary outage and loss of connectivity. Russian hackers were the number one suspect, according to The Washington Post.
While the attack was on the less sensitive unclassified network, two former White House officials told Mashable that that network still holds sensitive information such as the President’s schedule, emails between staff members, and the President’s call logs. The officials spoke on condition of anonymity, with one adding: “There’s probably no nation state on the planet that would not like to have insight into who the President is meting with and what the thinking of his closest advisors is.”
It’s unclear exactly what kind of work Tabriz did for the U.S. government.
The White House confirmed that Tabriz “advised the Executive Office of the President on industry best practices and procedures,” but declined to elaborate on the nature of her work, whether she really worked on a top secret or classified project, or whether she held a security clearance.
Tabriz did not respond to multiple requests for comment. In the past, however, she did tweet about being involved with the U.S. Digital Service, and she even tweeted about receiving some “schwag” from the Executive Office of the President on Nov. 3, which seems to suggest she was indeed working at the White House.
It’s also unclear whether it’s appropriate for Tabriz to openly list her work on a “Top Secret / Classified project” project for the U.S. government on her resume, since that might be seen as revealing classified information.
Steven Aftergood, a secrecy expert and researcher for the Federation of American Scientists, doesn’t think there’s anything wrong here.
“Of course, one is not supposed to disclose classified information on a resume,” he toldMashable. “But the fact that one has a security clearance or has worked on a classified project is not normally something that is considered sensitive.”
“The only exception would be if the existence of the classified project was itself a secret, or if the description of it somehow revealed classified information,” he added, explaining that in any case, it’s relatively common for government workers or contractors to list the fact that they have a security clearance or have worked on a classified government project on their resumes or LinkedIn profiles.
Assuming Tabriz had a security clearance to work on the project, Aftergood explained, the key question is whether she “described” the project in such a way as to disclose classified information.
“And as far as I can see, the answer is no,” he concluded.
But not everyone agrees.