外包保洁员主动投靠境外情报机关，造成重大失泄密！

                



随着经济社会的快速发展，服务外包成为众多单位优化资源配置、提升运营效率的重要手段。对于涉密机关、单位而言，服务外包在带来便利的同时，也暗藏着失泄密隐患。

外包泄密需警惕

▌疏于管理酿大案
某重要涉密单位长期将办公楼物业管理外包给某物业服务公司运营，并未对该公司开展必要的保密监管。该公司保洁人员段某为满足个人私欲主动联系境外间谍情报机关，后经指使借从事保洁服务之机，通过盗取、偷拍等方式为境外间谍情报机关提供1项机密级、2项秘密级国家秘密及其他6项情报，造成重大失泄密，危害我国家安全。
A key secret-related unit outsourced its office building management to a property service company without necessary security oversight. 
The cleaning staff member surnamed Duan employed by the property service company, in order to satisfy personal desires, actively contacted foreign espionage intelligence agencies. Under the spies' instructions, Duan stole and secretly photographed documents, providing one classified-level and two confidential-level state secrets, along with six other intelligence items, to the foreign intelligence agencies. This resulted in a significant leak of confidential information, posing a serious threat to national security, according to China's Ministry of State Security (MSS).

▌审查不严有隐患
有关部门在工作中发现，有网民在文库类网站出售5份涉密文件。经查，某公司不具备涉密档案数字化资质，骗取多个机关单位档案管理部门信任后，承包档案资料数字化业务。该公司员工蒋某利用工作便利，先后窃取、复制档案资料中几十份涉密文件并带回家中，为谋取私利，又将其中几份放在互联网上出售，致使国家秘密泄露。
In another case, authorities found that a netizen was selling five classified documents on a document-sharing website. Upon investigation, it was found that the company involved did not possess the qualifications for the digitization of classified archives. But the company deceived multiple government agencies' archive management departments and contracted to handle the digitization of archive materials, according to the MSS. 
An employee from the company, surnamed Jiang, stole and copied dozens of classified documents from the archives and brought them home. In pursuit of personal gain, Jiang then posted several of these documents online for sale, leaking state secrets, said the MSS.

▌合围拉拢遭攻陷
小李是某邮件系统厂家运维人员，具备远程管理账号和系统管理员账号权限，负责为客户的邮件系统提供技术支持。为图方便，小李经常在个人电脑上记录甲方客户的账号密码和系统管理员账号密码。
境外间谍情报机关利用开源情报信息锁定了小李运维人员身份，并对小李的电脑进行了网络攻击，窃取了其电脑中的客户账号密码信息，进而通过网络跳板，对上千家重点要害部门邮件系统实施窃密，获取了大量重点要害部门内部邮件数据，造成了严重的现实危害。
Li is an operations and maintenance staff member at an e-mail system manufacturer, who has remote management and system administrator account privileges and is responsible for providing technical support for clients' e-mail systems, said the MSS. Li often records client account passwords and system administrator passwords on a personal computer for convenience. 
The overseas espionage intelligence agencies targeted Li and launched a cyberattack on Li's computer, stealing the clients' account password information stored on it. They then used the information to conduct espionage on the e-mail systems of more than 1,000 key departments through network pivots, obtaining a large amount of internal e-mail data from these critical departments, according to the MSS.

国家安全机关提示

服务外包中的失泄密隐患不容忽视，涉密机关、单位必须时刻保持警惕，加强管理和防范，确保国家秘密安全。
The MSS warned that potential leaks in service outsourcing must not be overlooked. Confidential agencies and institutions must maintain constant vigilance, strengthen management and preventive measures to ensure the security of state secrets.
▪ 夯实责任防风险。涉密机关、单位应夯实保密管理主体责任，明确“发包”部门监管责任，签署协议时应在外包协议中明确自身的保密监管权力和承包方的保密管理义务。
▪ 强化监督堵漏洞。涉密机关、单位应会同承包方建立健全各项规章制度和安全操作规范，并采取切实有效的措施确保落实到位。应积极构建人防、物防、技防“三位一体”安全防护体系，多措并举，筑牢安全保密防线。
▪ 加强教育保安全。涉密机关、单位应落实上岗审查要求，加强对服务外包人员的背景审查，确保其具备相应的专业技能和从业资格。