His actions were discovered when a former Defence employee found the post while browsing the website. The Australian Federal Police tracked the IP address of the poster to Mr S's home. They raided the house, seizing his computer and a broken disc found in a bin, which was used to bring the file home. A forensic analysis of his computer found traces of the posted images and evidence that Mr S searched online for ways to cover his tracks.
The DIO claimed the leak risked serious harm to Australia's national security interests, and potentially undermined trust and reciprocal intelligence arrangements with other countries.
The lawyer for Mr S said his client's sole motive had been to 'big-note himself', that he had been suffering depression, had been socially isolated from family and friends, and broken up with his girlfriend in the weeks before the offending.
In November 2015 Mr S was sentenced to one year's imprisonment with three months to be served and the remainder of the sentence to be suspended.
A Defence spokesperson said that the Department had reviewed its ICT systems and added new safeguards in the wake of the incident. The spokesperson said its graduates were robustly vetted by the Australian Government Security Vetting Agency and undertook training in classified document handling, code of conduct, and security and social media awareness.
- Managers should ensure that all employees, especially new employees, are aware of potential ramifications of breaching security.
- A security clearance doesn't guarantee that employees will act properly—managers need to be on the lookout for red flags and alert to changes in behaviour.
- Training is also helpful but may not stop people from doing the wrong thing.