Clandestine human intelligence explained

Clandestine human intelligence is intelligence collected from human sources using clandestine espionage methods. These sources consist of people working in a variety of roles within the intelligence community. Examples include the quintessential spy (known by professionals as an asset or agent), who collects intelligence; couriers and related personnel, who handle an intelligence organization's (ideally) secure communications; and support personnel, such as access agents, who may arrange the contact between the potential spy and the case officer who recruits them. The recruiter and supervising agent may not necessarily be the same individual. Large espionage networks may be composed of multiple levels of spies, support personnel, and supervisors. Espionage networks are typically organized as a cell system, in which each clandestine operator knows only the people in his own cell, perhaps the external case officer, and an emergency method (which may not necessarily involve another person) to contact higher levels if the case officer or cell leader is captured, but has no knowledge of people in other cells. This cellular organization is a form of compartmentalisation, which is an important tactic for controlling access to information, used in order to diminish the risk of discovery of the network or the release of sensitive information.

Espionage is the act of obtaining (typically via covert methods) information that an adversary would not want the entity conducting the espionage to have. Espionage is inherently clandestine, and the legitimate holder of the information may change plans or take other countermeasures once it is known that the information is in unauthorized hands. See the articles Clandestine HUMINT operational techniques and Clandestine HUMINT asset recruiting for discussions of the "tradecraft" used to collect this information.

HUMINT is in a constant battle with counterintelligence, and the relationship can become very blurry, as one side tries to "turn" agents of the other into reporting to the other side. Recruiters can run false flag operations, where a citizen of country A believes they are providing intelligence to country B when they are actually providing it to country C.

Unlike other forms of intelligence collection disciplines, espionage usually involves accessing the place where the desired information is stored, or accessing the people who know the information and will divulge it through some kind of subterfuge. There are exceptions to physical meetings, such as the Oslo Report, or the insistence of Robert Hanssen in never meeting the people to whom he was selling information.

This article does not cover military units that penetrate deep between enemy lines, but generally in uniform, to conduct special reconnaissance. Such military units can be on the border of the line, in international law, which defines them as spies, if they conduct information in civilian clothes. In some circumstances, the uniformed personnel may act in support to the actual agents, providing communications, transportation, financial, and other support. Yet another discipline is covert operations, where personnel, uniformed or not, may conduct raids, sabotage, assassinations, propaganda (i.e., Psychological warfare), etc.

Legal aspects

Black's Law Dictionary (1990) defines espionage as: "gathering, transmitting, or losing ... information related to the national defense."

In the UK, "Under the 1911 Act, a person commits the offence of 'spying' if he, for any purpose prejudicial to the safety or interests of the State;

(a) approaches, inspects, passes over or is in the neighbourhood of, or enters any prohibited place,

(b) makes any sketch, plan, model, or note which is calculated to be or might be or is intended to be directly or indirectly useful to an enemy; or

(c) obtains, collects, records, or publishes, or communicates to any other person any secret official code word, or pass word, or any sketch, plan, model, article, or note, or other document which is calculated to be or might be or is intended to be directly or indirectly useful to an enemy. [Note: "an enemy" apparently means a potential enemy, so could theoretically include all foreign governments]

"The offence of spying covers all such acts committed by any person within Her Majesty's dominions, and such acts committed elsewhere by British Officers or subjects. It is not necessary for the person concerned to have been warned beforehand that they were subject to the Official Secrets Act. The 1920 Act creates further offences of doing any "act preparatory" to spying, or of soliciting, inciting, seeking to persuade, or aiding and abetting any other person to commit spying.[1]

The US defines espionage towards itself as "The act of obtaining, delivering, transmitting, communicating, or receiving information about the national defense with an intent, or reason to believe, that the information may be used to the injury of the United States or to the advantage of any foreign nation. Espionage is a violation of 18 United States Code 792–798 and Article 106, Uniform Code of Military Justice.[2] "

Major HUMINT organizations (a list of intelligence agencies)

See List of intelligence agencies for a more complete list

CountryEspionage organization
AustraliaAustralian Secret Intelligence Service (ASIS)
BrazilAgência Brasileira de Inteligência (ABIN)
CanadaCanadian Security Intelligence Service (CSIS) or (French: Service canadien du renseignement de sécurité, SCRS)
ChinaMinistry of State Security of the People's Republic of China or (Simplified Chinese: 国家安全部; Pinyin: Guojia Anquan Bu, or Guoanbu)
CubaIntelligence Directorate, formerly Dirección General de Inteligencia (DGI)
Korea, Democratic People's Republic ofCabinet General Intelligence Bureau
FranceDirection générale de la sécurité extérieure (DGSE) or Directorate-General for External Security
IndiaResearch and Analysis Wing (RAW) Intelligence Bureau (IB)
IsraelMossad (HaMossad leModi'in uleTafkidim Meyuhadim (Hebrew: המוסד למודיעין ולתפקידים מיוחדים) or Institute for Intelligence and Special Operations)
GermanyBundesnachrichtendienst (BND) or Federal Intelligence Service
PakistanInter-Services Intelligence (ISI) Intelligence Bureau (IB)
Korea, Republic ofNational Intelligence Service (South Korea)
RomaniaForeign Intelligence Service (Romania)
Foreign Intelligence Service (Russian: Служба Внешней Разведки or SVR); Main Intelligence Directorate (Russian: Главное Разведывательное Управление or GRU)
South AfricaSouth African Secret Service (SASS)
MexicoNational Intelligence Centre (México) (CNI), former CISEN
United KingdomSecret Intelligence Service (SIS), commonly known as MI6; Defence HUMINT Organisation (DHO), part of the Defence Intelligence, Joint Support Group; Special Reconnaissance Regiment
United StatesDirectorate of Operations (DO), Special Activities Center, Central Intelligence Agency; Defense Clandestine Service (DCS), part of the Defense Intelligence Agency; United States Army Intelligence Support Activity (USAISA), part of the Joint Special Operations Command (JSOC); Federal Bureau of Investigation (FBI)

Espionage is usually part of an institutional effort (i.e., governmental or corporate espionage), and the term is most readily associated with state spying on potential or actual enemies, primarily for military purposes, but this has been extended to spying involving corporations, known specifically as industrial espionage. Many nations routinely spy on both their enemies and allies, although they maintain a policy of not making comment on this. In addition to utilizing agencies within a government many also employ private companies to collect information on their behalf such as SCG International Risk and others.

Penetrations of foreign targets by people loyal to their own country

Not all clandestine human sources change their loyalties to the country to which they were born, or owed their first allegiance. In this section we are talking of the classical and actually rare "spy", who really is a loyal citizen of country A but obtains information from country B, either through informal means (e.g., fake news reporting) or actually going to work for country B.

A special case is of the Country B loyalist who controls agents or provides other supporting or managerial functions against Country A.

Clandestine reporting

Richard Sorge was a Soviet citizen (i.e., country A), who posed as a German (country C) journalist in Tokyo, to report on Japan (country B) back to the Soviet Union. Sorge was eventually caught and executed by the Japanese, who generally honored his bravery. Especially in wartime, while a country may need to execute an agent, they sometimes respect them.

It is a truism that a live captured spy has more potential value than a dead one, since a live one can still be interrogated, or perhaps turned into a double agent. There have been cases where countries have announced the execution of people who are actually alive.

Dangled mole

Dangled moles start out being loyal to one country B, but go to work for another service A, reporting back to their original service. Such operations can become "infinities of mirrors"[3] as the mole may be detected and the service by which they are employed tries to double them, which may or may not work.

One of the best-known, and apparently most successful, was the early Soviet recruitment of Kim Philby (i.e., service B), who was then dangled to the British Secret Intelligence Service (i.e., service A), for whom Philby went to work and rose to high rank. Philby is discussed further below.

As far as is known from public sources, the only mole, already loyal to a foreign service, who went to work for the CIA (i.e., in the service A role) was Karl Koecher, who actually was loyal to the Czechoslovakian intelligence service (service B1), while Czechoslovakia was a Soviet (i.e., service B) satellite state. Koecher became a CIA translator and a good source of information to the Czechs and Soviets. While, as far as is known in public sources, still loyal to his original agency, Koecher was ordered to report to Moscow by Oleg Kalugin, longtime legal resident of the USSR in the US. Kalugin accused Koecher of being a US double agent. Koecher retired from the CIA and went to work in academia, but was subsequently reactivated by the KGB and went to work, part-time, for the CIA. During this period, he was discovered by the FBI, who attempted to double him against the KGB, but the FBI considered him unreliable and eventually arrested him. The arrest was legally tainted, and Koecher was eventually exchanged for Soviet prisoners, both sides apparently not wanting the affair to be in a public court.

The US used Katrina Leung as a dangled mole to the PRC, although the true loyalty of Leung, who came to the US on a Taiwanese passport, is not known with certainty. She may have had a long-term allegiance to the PRC, been loyal to the US and then been turned by the PRC, or primarily been loyal to herself.

Human sources who changed allegiance

With the exception of penetration moles, other human sources start out as highly trusted by their services. What causes an individual to betray service A, typically his country of birth? The most common shorthand for changing allegiance is MICE, an acronym for:

Sometimes more than one factor applies, as with Robert Hanssen, an FBI counterintelligence agent who was a "write-in" to the KGB. While he received large amounts of money, he apparently felt unappreciated in his own service and spying on it satisfied his ego.

Psychological factors can apply to people changing allegiance for reasons other than coercion or ideology. To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of Project Slammer, an Intelligence Community sponsored study of espionage.

It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage.[4]

AttitudeManifestations
His basic belief structureSpecial, even unique.Deserving.

His situation is not satisfactory.

No other (easier) option (than to engage in espionage).

Only doing what others frequently do.

Not a bad person.

His performance in his government job (if presently employed) is separate from espionage; espionage does not (really) discount his contribution in the workplace.

Security procedures do not (really) apply to him.

Security programs (e.g., briefings) have no meaning for him, unless they connect with something with which he can personally identify.

He feels isolated from the consequences of his actions:He sees his situation in a context in which he faces continually narrowing options, until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.

He sees espionage as a "Victimless" crime.

Once he considers espionage, he figures out how he might do it. These are mutually reinforcing, often simultaneous events.

He finds that it is easy to go around security safeguards (he is able to solve that problem). He belittles the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces his resolve.

Attempts to cope with espionage activityHe is anxious on initial hostile intelligence service contact (some also feel thrill and excitement).

After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).

In the course of long term activity subjects may reconsider their involvement.-- Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves, or both.

-- Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.

-- Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.

According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed.[5] In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.

By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board.[6] While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the "essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage."

According to a 2008 Defense Department study, financial incentives and external coercion have played diminishing roles in motivating Americans to spy against the United States, but divided loyalties are increasingly evident in recent espionage cases. The study said, "Two thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well: 80% of spies received no payment for espionage, and since 2000 it appears no one was paid. ... Offenders since 1990 are more likely to be naturalized citizens, and to have foreign attachments, connections, and ties, and therefore they are more likely to be motivated to spy from divided loyalties." Despite this trend, the report says that the majority (65%) of American spies are still native born.[7] [8]

Recruitment through money

Ames seems to have been motivated primarily by money.

Recruitment through ideology

Among the most important moles, a senior officer already in place when he started reporting, for ideological reasons, to service B (actually two B's, SIS and CIA), was Col. Oleg Penkovsky.[9]

Recruitment through compromise

Recruitment can be done through personal relationships, from casual sex and blackmail to friendship or romance

Recruitment through ego

Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer, Kampiles suggested that if someone had noted his "problem"—constant conflicts with supervisors and co-workers—and brought in outside counseling, he might not have stolen the KH-11 manual.

Recruit types

Mole

Other than the dangled moles described above, moles start out as loyal to their own country A. They may or may not be a trained intelligence officer.

Note that some intelligence professionals reserve the term mole to refer to enemy personnel that personally know important things about enemy intelligence operations, technology, or military plans. A person such as a clerk or courier (e.g., Jack Dunlap, who photographed many documents but was not really in a position to explore enemy thinking), is more generically an asset. To be clear, all moles are assets, but not all assets are moles.

Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at a young age, but definitely not reporting or doing anything that would attract suspicion, until reaching a senior position. Kim Philby is an example of an agent actively recruited by the British Secret Intelligence Service while he was already committed to Communism. Philby, at first, concentrated on doing a good job for the British, so he could rise in trust and authority.[10] Philby was motivated by ideology before he joined SIS.

Defector

An individual may want to leave their service at once, perhaps from high-level disgust, or low-level risk of having been discovered in financial irregularities and is just ahead of arrest. Even so, the defector certainly brings knowledge with him, and may be able to bring documents or other materials of value.

Starts in A

Leaves and goes to B

Philip Agee is an example of a US CIA officer who came to the belief that he was working on behalf of an ideology he had come to hate. Eventually, he resigned, and clandestinely went to Cuba, telling their intelligence service everything he knew, with the stated goal[11] of damaging the CIA. Agee claims the CIA was satisfied with his work and did not want him to leave, although the author, John Barron, claims that he was close to being discharged for improper personal conduct.[12]

In Russian intelligence gathering, initially Soviet, the term "defector" is rejected due to its negative connotations. Instead they use the Russian word dobrozhelatel, or "well-wisher," in this context essentially functioning as a synonym for "walk-in." This term has a positive connotation, and may reflect how the service views such people, as described by Ivan Serov,[13] former chief of GRU (Soviet military intelligence)

While the term "well-wisher" may be positive, in Serov's view, he does not assume a well-wisher has value to offer. The majority actually turn out to be offering material of no significant value. The first task is to determine if they are random sympathizers who fail to understand the subject they propose to discuss, or are active provocations being run by foreign counterintelligence.

Provocateurs obtain some value if they can simply identify the intelligence officers in an embassy, so the initial interviews are, unless there is a strong reason to the contrary, conducted by low-level staff. Serov points out that even if some walk-ins have no material of value, "Some are ideologically close to us and genuinely and unselfishly anxious to help us; some are in sympathy with the Soviet Union but want at the same time to supplement their income; and some, though not in accord with our ideas and views, are still ready to collaborate honestly with us for financial reasons." A genuine sympathizer without useful material still may become useful as an access agent, courier, or support agent.

Other walk-ins simply are trying to get money, either for nonsense information or for real information with which they have been entrusted. Physical walk-ins are not the only kind of volunteer "well-wisher," who may communicate through the mail, by telephone, or direct contact. If, for example, contact is made with someone who really is an intelligence officer, there is immediate reason to believe the person does have intelligence contacts—but further investigation is necessary to see if they are real or if they are provocateurs from counterintelligence. A provocateur can be from the local agency, or even from a third country false-flag provocation.

"Persons wanting to make money usually produce a large quantity of documents and talk much and willingly about themselves, trying to make a favorable impression. Extortioners and blackmailers usually act impudent, making their offer in the form of an ultimatum and even resorting to open threats."

Defector in place

Another method is to directly recruit an intelligence officer or terrorist organization member from within the ranks of the adversary service or group, and having them maintain their normal duties while spying on their parent service or organization; this is also referred to as recruiting an "agent" or defector in place.

Starts in A

Stays working in A but reporting to B

As mentioned, Oleg Penkovsky was a key US-British agent, apparently detected through Soviet counterintelligence work. Adolf Tolkachev, an electronic engineer working on Soviet radar, was another defector in place for the US, who was exposed by the CIA defector, Edward Lee Howard, who fled to the KGB before being arrested. Penkovsky and Tolkachev, both motivated by ideology, were executed by the Soviets.

To give a sense of the "infinity of mirrors" involved in agent work, Howard was exposed by an apparent Soviet walk-in defector, Vitaly Yurchenko, who walked into the US Embassy in Rome and defected to the United States. While Yurchenko also identified Ronald Pelton as a Soviet defector-in-place working in the NSA, Yurchenko himself re-defected back to the USSR within a few months. It is possible that Yurchenko was acting as a double agent, sent by the Soviets to sacrifice less important Soviet assets in order to protect the more important CIA defectors in place, e.g. Aldrich Ames.

False flag penetrator

A special case of a mole is a false flag recruitment of a penetrator:

Starts in C

Believes being recruited by A

Actually is recruited by B and sends false information to C

False flag recruitments, admittedly for covert action rather than pure HUMINT, were reported[14] as a technique used by Edwin P. Wilson, who left CIA in 1971, and then went to work for a Navy HUMINT unit, Task Force 157 until 1976, when he went private. During his time working for CIA, he was both officially and unofficially involved in arms sales. "His assignments sometimes required him to establish and use 'front' companies to gain access to information and to support CIA operations here and abroad commercially." Three men, found dead under mysterious circumstances, had believed they had been recruited by Wilson, "under the pretense that he was still a CIA executive." According to Epstein, "Wilson maintained a close association with two of the agency's top executives—Thomas G. Clines, the director of training for the clandestine services, and Theodore G. Shackley, who held the No. 2 position in the espionage branch. Both of these men sat in on meetings that Wilson held with his operatives and weapon suppliers and, by doing so, helped further the illusion that his activities had the sanction of the CIA—an illusion crucial to keeping his false flag attractive." Wilson was involved in then-banned arms sales to Libya, and it is unclear who actually sponsored these sales.

In 1982, while based in Libya, he traveled to the Dominican Republic where he was arrested for illegal arms sales. In 1984, at age 55, he was sentenced to 52 years in prison.

Continuing Freedom of Information Act and other research by his attorney caused a federal judge to throw out the conviction,[15] on the basis that prosecutors "deliberately deceived the court", in the words of the judge, "America will not defeat Libyan terrorism by double-crossing a part-time, informal government agent."

Double agent

A double agent is, from the start, a trained intelligence asset. They may be a low level agent with only the most basic amount of training, not a full case officer, but their original agency places some degree of trust in them.

Double agent cases, like all intelligence operations, are run to serve the interests of national security. Principally, they do so by providing current counterintelligence about hostile intelligence and security services, and about clandestine subversive activities. A service must weigh the risks and benefits of maintaining what is essentially a condoned channel of communication with a hostile foreign government or organization.[16]

Managing a double agent requires skill and sophistication at both the local/case officer level and central levels. A service may keep physical controls on its double agents, such as those in the Double-Cross System during WWII (few of whom were highly trained intelligence officers, but rather opportunists) who were coerced by threat of execution. In the absence of any such controls, managing double agents becomes much complex. The interpersonal dynamic between an agent and case officer can also be complex, with some officers developing concern for the agent's overall wellbeing.

When making predictions, the most important factor is the nature of a double agent's original or primary affiliation: its duration, intensity, and whether it was voluntary. Years of clandestine association with the adversary can have deep but subtle effects. Ethnic or religious ties in particular can run deep, even if the agent hates the government or organization they are turning against.

Another result of lengthy prior clandestine service is that the agent may be hard to control. In most operations the case officer's superior training and experience give him so decided an edge over the agent that recognition of this superiority makes the agent more tractable. However, added to the fact that the experienced double agent may have been in the business longer than his case officer, his further advantage in having gained a first-hand comparative knowledge of the workings of at least two disparate services, and it is obvious that the case officer's margin of superiority diminishes, vanishes, or even reverses.

One facet of the efforts to control a double agent operation is to ensure that the double agent is protected from discovery by the parent intelligence service; this is especially true in circumstances where the double agent is a defector-in-place.

Double agent operations must be carefully planned, executed, and above all, reported. One of the problems with double agent operations in the US, run by the FBI, is that the FBI culture has been very decentralized to the field office level. This is, perhaps, an overreaction to the extremely centralized culture under J. Edgar Hoover. Prior to 9/11, information in one field office, which might reveal problems in a HUMINT operation, is not necessarily shared with other offices. FBI Director Robert Mueller cited the changes since 9/11: "We then centralized coordination of our counterterrorism program. Unlike before, when investigations were managed primarily by individual field offices, the Counterterrorism Division at Headquarters now has the authority and the responsibility to direct and coordinate counterterrorism investigations throughout the country. This fundamental change has improved our ability to coordinate our operations here and abroad, and it has clearly established accountability at Headquarters for the development and success of our Counterterrorism Program."[17]

"The amount of detail and administrative backstopping seems unbearable at times in such matters. But since penetrations are always in short supply, and defectors can tell less and less of what we need to know as time goes on, because of their cut-off dates, double agents will continue to be part of the scene.[18] "

Services functioning abroad-and particularly those operating in areas where the police powers are in neutral or hostile hands—need professional subtlety as well. The agent handlers must have full knowledge of [the agent's] past (and especially of any prior intelligence associations), a solid grasp of his behavior pattern (both as an individual and as a member of a national grouping), and rapport in the relationship with him. Case officers must know the agent's area and have a nuanced understanding of his language; this is an extremely unwise situation for using interpreters, since the case officer needs to sense the emotional content of the agent's communication and match it with the details of the information flowing in both directions. Depending on whether the operation is being run in one's own country, an allied country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly territory, the case officer needs both liaison with, and knowledge of, the routine law enforcement and security units in the area, so the operation is not blown because an ordinary policeman gets suspicious and brings the agent in for questioning.

If at all possible, the service running the double agent have complete control of communications, which, in practice, need to be by electronic means or dead drop. Meetings between the double and his Service A handler are extremely risky. Even text communication can have patterns of grammar or word choice, known to the agent and his original service, that can hide a warning of capture, by the use of a seemingly ordinary word. Some controlling services may paraphrase the double's text to hide such warnings, but run into the possibility of being detected by sophisticated analysis of the double's normal choice of words.

Basic double agent

Starts in A

Recruited by B

Defects and tells B all he knows (defector)

operates in place (Agent doubled in place) and continues to tell B about A

Redoubled agent

A service discovering an adversary agent, who entered one's own service either as a penetrator or an asset in place may offer him employment as a double. His agreement, obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another service has been detected by his original sponsor and who has been persuaded to reverse his affections again also belongs to this dubious class. Many detected and doubled agents degenerate into what are sometimes called "piston agents" or "mailmen," who change their attitudes with their visas as they shunt from side to side.

Operations based on them are little more than unauthorized liaison with the enemy, and usually time-wasting exercises in futility. A notable exception is the detected and unwillingly doubled agent who is relieved to be found out in his enforced service to the adversary.

False flag double agent

Starts in A

Assigned to C

B creates a situation where agent believes he is talking to C, when actually receiving B disinformation

Active provocateur

There can be active and passive provocation agents. A double agent may serve as a means through which a provocation can be mounted against a person, an organization, an intelligence or security service, or any affiliated group to induce action to its own disadvantage. The provocation might be aimed at identifying members of the other service, at diverting it to less important objectives, at tying up or wasting its assets and facilities, at sowing dissension within its ranks, at inserting false data into its files to mislead it, at building up in it a tainted file for a specific purpose, at forcing it to surface an activity it wanted to keep hidden, or at bringing public discredit on it, making it look like an organization of idiots. The Soviets and some of the Satellite services, the Poles in particular, are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have been used to mount provocation operations; the double agent is only one of them.

An active provocateur is sent by Service A to Service B to tell B that he works' for A but wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the significant information that he is withholding, in compliance with A's orders, is the fact that his offer is being made at A's instigation. He is also very likely to conceal one channel of communication with A-for example, a second secret writing system. Such "side-commo" enables A to keep in full touch while sending through the divulged communications channel only messages meant for adversary eyes. The provocateur may also conceal his true sponsor, claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from us.

Starts in A and is actually loyal to A

Goes to B, says he works for A, but wants to switch sides. Gives B access to his communications channel with A (channel Y)

Keeps second communications channel, X with A, about which B knows nothing

Reports operational techniques of B to A via X

Provides disinformation from A, via X, which he disseminates to B (A may also send disinformation directly through Y, since B should assume A doesn't know line of communication Y is compromised)

Passive provocateur

Passive provocations are variants involving false-flag recruiting.

In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a species of mirror-reading) and selects those citizens whose access to sources and other qualifications make them most attractive to B. Service A officers, posing as service B officers, recruit the citizens of country C. At some point, service A then exposes these individuals, and complains to country C that country B is subverting its citizens.

The stake-out has a far better chance of success in areas like Africa, where intelligence exploitation of local resources is far less intensive, than in Europe, where persons with valuable access are likely to have been approached repeatedly by recruiting services during the postwar years.

A does an analysis of C and determines what targets would be attractive to B

A then recruits citizens of C, which A believes will be more loyal to B

The A recruit, a citizen of C, volunteers to B

A can then expose B's penetration of C, hurting B–C relations.

This may be extremely difficult to accomplish, and even if accomplished the real difficulty is maintaining control of this "turned asset". Controlling an enemy agent who has been turned is a many-faceted and complex exercise that essentially boils down to making certain that the agent's new-found loyalty remains consistent, which means determining whether the "doubled" agent's turning is genuine or false. However, this process can be quite convoluted and fraught with uncertainty and suspicion.

Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of and run as a double-agent against the terrorist's "parent" organization in much the same fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of ease, wherever double-agents are discussed the methodologies generally apply to activities conducted against terrorist groups as well.

Fake double agent

Peddlers, fabricators, and others who work for themselves rather than a service are not double agents because they are not agents. Almost certainly motivated by money, it is unlikely they can maintain the deception for very long.

They may be uncovered by a headquarters check, as they may well have tried the same game elsewhere.

Unwitting double agent

"Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information, but also aware of its connection to intelligence activities. An unwitting double agent thinks that he is still working for his own Service A, but Service B has somehow managed what, in communications security, is called a man-in-the-middle attack. Service A believes it is in contact with its own agent, and the agent believes he is communicating with his true control. This is extremely difficult to continue for more than a very brief period of time.

Creating an unwitting double agent is extremely rare. The manipulative skill required to deceive an agent into thinking that he is serving his team when in fact he is damaging its interests is plainly of the highest order.

Multiply turned agent

A triple agent can be a double agent that decides his true loyalty is to his original service, or could always have been loyal to his service but is part of an active provocation of your service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another time after that are far more difficult, but in some rare cases, worthwhile.

Any service B controlling, or believing it controls, a double agent, must constantly evaluate the information that agent is providing on service A. While service A may have been willing to sacrifice meaningful information, or even other human assets, to help an intended penetration agent establish his bona fides, at some point, service A may start providing useless or misleading information as part of the goal of service A. In the WWII Double-Cross System,[19] another way the British controllers (i.e., service B in this example) kept the Nazis believing in their agent, was that the British let true information flow, but too late for the Germans to act on it. The double agent might send information indicating that a lucrative target was in range of a German submarine, but, by the time the information reaches the Germans, they confirm the report was true because the ship is now docked in a safe port that would have been a logical destination on the course reported by the agent.[20] While the Double-Cross System actively handled the double agent, the information sent to the Germans was part of the overall Operation Bodyguard deception program of the London Controlling Section. Bodyguard was meant to convince the Germans that the Allies planned their main invasion at one of several places, none of which were Normandy. As long as the Germans found those deceptions credible, which they did, they reinforced the other locations. Even when the large landings came at Normandy, deception operations continued, convincing the Germans that Operation Neptune at Normandy was a feint, so that they held back their strategic reserves. By the time it became apparent that Normandy was indeed the main invasions, the strategic reserves had been under heavy air attack, and the lodgment was sufficiently strong that the reduced reserves could not push it back.

There are other benefits to analyzing the exchange of information between the double agent and his original service, such as learning the priorities of service A through the information requests they are sending to an individual they believe is working for them. If the requests all turn out to be for information that service A could not use against B, and this becomes a pattern, service A may have realized their agent has been turned.

Since maintaining control over double agents is tricky at best, it is not hard to see how problematic this methodology can become. The potential for multiple turnings of agents and perhaps worse, the turning of one's own intelligence officers (especially those working within counterintelligence itself), poses a serious risk to any intelligence service wishing to employ these techniques. This may be the reason that triple-agent operations appear not to have been undertaken by U.S. counterintelligence in some espionage cases that have come to light in recent years, particularly among those involving high-level penetrations. Although the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both of whom were senior counterintelligence officers in their respective agencies who volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent operations were not attempted throughout the community writ large, these two cases suggest that neutralization operations may be the preferred method of handling adversary double agent operations vice the more aggressive exploitation of these potential triple-agent sources.

Triple agent

Starts out working for B

Volunteers to be a defector-in-place for A

Discovered by B

Offers his communications with A to B, so B may gain operational data about A and send disinformation to A

A concern with triple agents, of course, is if they have changed loyalties twice, why not a third or even more times? Consider a variant where the agent remains fundamentally loyal to B:

Quadruple agent

Starts out working for B

Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that B has discovered and is controlling him

Discovered by B

Offers his communications with A to B.

B actually gets disinformation about A's operational techniques

A learns what B wants to know, such as potential vulnerabilities of A, which A will then correct

Successes such as the British Double-Cross System or the German Operation North Pole show that these types of operations are indeed feasible. Therefore, despite the obviously very risky and extremely complex nature of double agent operations, the potentially quite lucrative intelligence windfall – the disruption or deception of an adversary service – makes them an inseparable component of exploitation operations.[21]

If a double agent wants to come home to Service A, how can he offer a better way to redeem himself than recruiting the Service B case officer that was running his double agent case, essentially redoubling the direction of the operation? If the case officer refuses, that is apt to be the end of the operation. If the attempt fails, of course, the whole operation has to be terminated. A creative agent can tell his case office, even if he had not been tripled, that he had been loyal all along, and the case officer would, at best, be revealed as a fool.

"Occasionally a service runs a double agent whom it knows to be under the control of the other service and therefore has little ability to manipulate or even one who it knows has been successfully redoubled. The question why a service sometimes does this is a valid one. One reason for us is humanitarian: when the other service has gained physical control of the agent by apprehending him in a denied area, we often continue the operation even though we know that he has been doubled back because we want to keep him alive if we can.

"Another reason might be a desire to determine how the other service conducts its double agent operations or what it uses for operational build-up or deception material and from what level it is disseminated. There might be other advantages, such as deceiving the opposition as to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to continue running the known redoubled agent in order to conceal other operations. It might want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in a provocation being run against the opposition elsewhere. Running a known redoubled agent is like playing poker against a professional who has marked the cards but who presumably is unaware that you can read the backs as well as he can.

Support services

Couriers

A courier has no responsibilities other than clandestine communications. Any involvement of the courier in activities that may draw attention from counterintelligence is unwise. For example, if there is a political party, friendship society, or other organization that would be considered favorable to Service B, couriers, under no circumstances, should be identified with them.

Courier work is among those things that consist of hours of boredom punctuated with moments of sheer terror. Keeping a courier, who is not a member of your service and/or has diplomatic cover, is challenging.

Occasionally, it may be practical to transfer a courier to other, more challenging duties. Once that transfer is made, however, the individual should never be reassigned to courier duty, as the probability of that person having become known to counterintelligence is much higher.

There may be occasions where diplomats, or even members of diplomats' families who have diplomatic immunity, may serve as couriers. Their value in the diplomatic service must be weighed against the near certainty that if discovered, they will be expelled as persona non grata.

Drivers, especially those trained to receive car tosses, are a variant of couriers, and to which the same constraints apply. Using persons with diplomatic immunity may be slightly more sensible in the case of drivers, since their cars are usually immune to search. On the other hand, a diplomatic car will have distinctive license plates and may be under surveillance whenever it leaves diplomatic premises. Counterintelligence services may take the risk, given the potential reward, of putting electronic tracking devices on diplomatic vehicles.

Safehouses and other meeting places

Safehouses may not be literal stand-alone houses. Indeed, in an urban area, the anonymity of an apartment house or office building may give greater security.

In more rural areas, houses may indeed be needed. This is especially the case if the country team needs storage of bulky supplies (e.g., weapons, sabotage materials, propaganda), printing presses, etc.

In general, communications, as well as equipment clearly associated with clandestine operations, should be portable and not fixed in a safehouse used for meetings. If this is done, there is a chance that a counterintelligence search of the premises might not turn up anything incriminating. On the other hand, things that must be carried around may be discovered if a person or vehicle is searched. The safehouse should have emergency communications so that it can be reached to call off a meeting or to warn of surveillance or an impending raid, preferably with a wrong-number dialogue or other deniable communications method.

It is a difficult call as to whether a safehouse should have destruction facilities. Modern forensic laboratories can reconstruct papers that are merely burned or shredded, although shredders are no longer exotic items, especially if the safehouse serves a mundane office function. More definitive destruction capabilities will confirm the clandestine use of the premises, but they may be a reasonable protection if the safehouse is being overrun and critical communications or other security material is in jeopardy.

Finance

Industrialized nations, with complex financial systems, have a variety of reporting systems about money transfer, from which counterintelligence potentially can derive patterns of operations and warnings of operations in progress. Money laundering refers to methods for getting cash in and out of the financial system without it being noticed by financial counterintelligence.

The need for money, and challenge of concealing its transfer, will vary with the purpose of the clandestine system. If it is operated by a case officer under diplomatic cover, and the money is for small payments to agent(s), the embassy can easily get cash, and the amounts paid may not draw suspicion. If, however, there will be large payments to an agent, getting the money still is not a problem for the embassy, but there starts to be a concern that the agent may draw attention to himself by extensive spending.

US security systems, about which the most public information is known, usually include a credit check as part of a security clearance, and excessive debt is a matter of concern. It may be the case that refusing to clear people with known financial problems has stopped a potential penetration, but, in reality, the problem may well be at the other side. Aldrich Ames, Robert Hanssen, and John Walker all spent more money than could be explained by their salaries, but their conspicuous spending did not draw attention; they were detected because variously through investigations of leaks that threw suspicion on their access to information. Suspicion did fall on Jack Dunlap, who had his security clearance revoked and committed suicide. Perhaps Dunlap was more obvious as a low-level courier and driver than the others, while the others were officers in more responsible positions.

The question remains if sudden wealth is likely to be detected. More extensive bank reporting, partially as a result of the US PATRIOT Act and other reporting requirements of the Financial Crimes Enforcement Network (FinCEN), the latter established before 9/11, may make receiving payments easier to catch.

Additional requirements for bank reporting were in the PATRIOT act, and intended to help catch terrorists preparing for operations. It is not clear, however, if terrorist operations will involve highly visible cash transactions. The 9/11 operations cells were reported to have required somewhere between $400,000 and $500,000 in operating funds, and there were indeed wire transfers in the $100,000 range. Still, the question remains if a relatively small expenditure, compared with the enormous amounts in the illegal drug trade, will draw counterintelligence/counterterrorist attention.

Wire transfers and bank deposits go through formal value transfer systems where there is reporting to government. Especially terrorist groups, however, have access to informal value transfer systems (IVTS), where there is no reporting, although FinCEN has been suggesting indirect means of detecting the operation of IVTS.

For clandestine networks where the case officers are under non-official cover, handling large sums of cash is more difficult and may justify resorting to IVTS. When the cover is under a proprietary (owned by the intelligence agency) aviation company, it can be relatively simple to hide large bundles of cash, and make direct payments.

Formal value transfer systems

In the US, financial transactions begin with mutual identification between the customer and the financial institution. Although there are many Internet frauds involving fake financial institutions or criminals masquerading as a financial institution (i.e., phishing), the more difficult requirement is for the prospective customer to show acceptable identification to the bank. For basic relationships, a government-issued identification document, such as a passport or driver's license, usually suffices. For foreign nationals, their country's equivalent may be accepted, although it may be harder to verify.

Going beyond the basics becomes much more difficult. Were the relationship one that involved classified information, there would be an extensive personal history questionnaire, fingerprint check, name search with law enforcement and intelligence, and, depending on the clearance level, additional investigations.

Credit bureaus and other financial information services may be helpful, although the accuracy of some of these is questionable. There are Federal requirements to check names against lists of possible terrorists, financial criminals and money launderers, etc. In many respects, we have a problem where financial institution employees, without law enforcement training, are being asked to be detectives. There is a conflict of interest and lack of law enforcement training when bank employees are asked to monitor the legality of their customers' acts. Stay aware of the status of court tests of legislation and regulation in this area, as well as new legislation. While it is possible to teach many investigative skills, every experienced and successful investigator speaks of instinct, which takes years to develop.

Money laundering and subverting formal value transfer systems

Money laundering is more associated with domestic crime than with clandestine operations, and is less likely to be involved in clandestine operations. Nevertheless, a brief mention of its potential benefits are in order. The basic principle of money laundering is that someone is in a business that has large cash income, such as drug sales or gambling. The receiving organization needs to find a way that these get into usable bank accounts, so they can be accessed for large purchases.

The most common way to do money laundering is to find a legal business that naturally receives much of its income in cash. These could include hair and beauty shops, small groceries, and, ironically, laundries and dry cleaners. The legal business, or more likely multiple businesses, receive the illegal cash as well as normal receipts, and draw amounts that do not attract suspicion. Periodically, the launderer may have the cash-receiving firm buy something for him, or, less commonly, to write a large check that goes into his legal account. Care is taken that the amounts in the legal accounts do not hit the limits that cause automatic reporting.

Informal value transfer systems

Informal value transfer systems (IVTS),[22] however, exist in a number of cultures, and bypass regular financial channels and their monitoring systems (see financial intelligence). These are known by regional and cultural names including:

While details differ by culture and specific participants, the systems work in a comparable manner. To transfer value, party 1 gives money (or other valuta) to IVTS agent 1-A. This agent calls, faxes, or otherwise communicates the amount and recipient of the funds to be transferred, to IVTS agent 2-A, who will deliver the funds to party 2. All the systems work because they are valuable to the culture, and failure to carry out the agreement can invite savage retribution.

Reconciliation can work in a number of ways. There can be physical transfer of cash or valuables. There can be wire transfers in third and fourth countries, countries without strong reporting requirements, which the IVTS agents can verify.

Another means of transferring assets is through commercial shipment of conventional goods, but with an artificially low invoice price, so the receiver can sell them and recover disbursed funds through profit on sales.

External links

Notes and References

  1. Web site: Espionage and the Law . UK Security Service (MI5) . dead . https://web.archive.org/web/20070108132604/https://www.mi5.gov.uk/output/Page570.html . January 8, 2007 .
  2. Web site: US Department of Defense . U.S. Department of Defense . Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms . 2007-07-12 . 2007-10-01 . dead . https://web.archive.org/web/20081123014953/http://www.dtic.mil/doctrine/jel/new_pubs/jp1_02.pdf . 2008-11-23 .
  3. Book: An infinity of mirrors . Condon, Richard . Richard Condon . Random House . 1964.
  4. Web site: Project Slammer Interim Progress Report . Intelligence Community Staff . 1990-04-12 . Slammer 1990 . 2007-11-04.
  5. The Mole's Manual . Stein . Jeff . 1994-07-05 . The New York Times . 2007-11-04.
  6. Web site: Security Policy Advisory Board Meeting Minutes . Security Policy Advisory Board . 1997-12-12 . SPAB 1997 . 2007-11-04.
  7. Web site: Changes in Espionage by Americans: 1947-2007. Katherine L. . Herbig. Defense Personnel Security Research Center, with Counterintelligence Field Activity. 2008-03-01. 2008-04-07.
  8. News: A Spy's Motivation: For Love of Another Country. Scott. Shane. The New York Times. 2008-04-20. 2008-04-20.
  9. Book: Schecter . Jerrold L . Deriabin . Peter S . Penkovskij . Oleg Vladimirovic . Peter Deriabin . Oleg Penkovsky . The Spy Who Saved the World: How a Soviet Colonel Changed the Course of the Cold War . 1992 . . . 978-0-684-19068-6 . English . 909016158.
    Web site: Nonfiction Book Review: The Spy Who Saved the World: How a Soviet Colonel Changed the Course of the Cold War by Jerrold L. Schecter, Author, Peter S. Deriabin, With Scribner Book Company $25 (0p) ISBN 978-0-684-19068-6 . . 22 May 2021 . en.
  10. Book: Philby , Kim . Kim Philby . My Silent War . Macgibbon & Kee Ltd . 1968.
  11. Book: Agee , Philip . Philip Agee . Inside the Company . 1975 . Agee 1975 . Penguin Books . 0-14-004007-2.
  12. Book: Barron , John . John Barron (American journalist) . 1983 . KGB Today: The Hidden Hand . Reader's Digest Assn. . 0-88349-164-8 .
  13. Work with Walk-Ins . Serov, Ivan A. . Studies in Intelligence . Ivan Serov . CIA-Serov . dead . https://web.archive.org/web/20071114194418/https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/docs/v08i1a02p_0002.htm . November 14, 2007 .
  14. Edwin Wilson: The CIA's Great Gatsby . Edward Jay Epstein . Parade . September 18, 1993 . 2007-11-10.
  15. Web site: Opinion on Conviction [US District Court, Southern District of Texas] ]. Lynn N. . Hughes . Hughes 2003 . October 27, 2003 . 2007-11-10.
  16. Observations on the Double Agent . 18 September 1995 . F.M. . Begoum . Studies in Intelligence . 2007-11-03 . dead . https://web.archive.org/web/20071010194505/https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/docs/v06i1a05p_0002.htm . October 10, 2007 .
  17. Web site: Robert . Mueller . Robert Mueller . Statement of Robert S. Mueller, III, Director, FBI Before the National Commission on Terrorist Attacks upon the United States . 2004-04-14 . 2007-11-10 . dead . https://web.archive.org/web/20071010070034/http://www.fbi.gov/congress/congress04/mueller041404.htm . October 10, 2007 .
  18. Coordination and Cooperation in Counerintelligence . Austin B. . Studies in Intelligence . Matschulat . 2 July 1996 . 2007-11-03 . dead . https://web.archive.org/web/20071010091345/https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/docs/v13i2a05p_0001.htm . October 10, 2007 .
  19. Book: Masterman, J. C. . The Double-Cross System in the War of 1939–1945 . Ballantine, 1982 . John Cecil Masterman . 0-345-29743-1 . 1982.
  20. Book: Brown , Anthony Cave . Bodyguard of Lies: The Extraordinary True Story Behind D-Day . 1975 . HarperCollins . 0-06-010551-8.
  21. Gleghorn . Todd E. . Exposing the Seams: the Impetus for Reforming US Counterintelligence . September 2003 . 2007-11-02 . Naval Postgraduate School.
  22. Web site: Informal Value Transfer Systems, FinCEN Advisory Issue 33 . United States Department of the Treasury, Financial Crimes Enforcement Network . March 2003 . dead . https://web.archive.org/web/20081121142607/http://www.fincen.gov/advis33.pdf . 2008-11-21 .