Hello once again,
The following
post contains some basic information
about Counter-Espionage and Counter-Intelligence operations.
I will try to cover a few basics and hopefully this will be useful to
players whose characters have experience within this
arena. Tradecraft will be covered in detail in a later
post.
First of all, a
little bit of background using the UK Security Service (MI5) as an
example...
Current Focus of Intelligence Resources (Post-Cold War)
UK Security
Service (MI5) Resources in Main Intelligence Areas (%)
Year
|
90/1
|
95/6
|
98/9
|
02/3
|
04/5
|
Main
Intelligence Area
|
|||||
Counter-Espionage
|
50
|
-
|
24.4
|
14.6
|
11.5
|
Counter-Proliferation
|
-
|
25
|
4.2
|
4.5
|
2.3
|
Counter-Terrorism
|
37.5
|
72
|
63.1
|
68.5
|
77
|
- of which
International
|
20
|
33
|
26.8
|
37.1
|
50.6
|
- of which
Irish & Other Domestic
|
17.5
|
39
|
36.3
|
31.5
|
26.4
|
Counter-Subversion
|
12.5
|
3
|
-
|
-
|
-
|
Serious Crime
|
-
|
-
|
8.3
|
9.0
|
4.6
|
Emerging
Threats
|
-
|
-
|
-
|
3.4
|
4.6
|
(Sources: MI5,
The Security Service (London, HMSO, 1996) and www.mi5.gov.uk)
This pattern of
funding shows the change in focus of Western Intelligence Agencies in
the post Cold-War era; from preventing Soviet-era spying through to
terrorism and organised/serious crime in more recent times. As the
Cold War wound down and the Troubles in Northern Ireland came to a
conclusion, the available funding dropped. With the events of 9/11
and 7/7 overall intelligence funding has generally increased to a
level higher than during the Cold War. This reflects the
costs of an increased reliance on high technology (for Signals Intelligence or SIGINT
collection) as well as the difficulty in securing inroads into
terrorist and criminal organisations.
Modern Human Intelligence (HUMINT) C-I
work still concentrates on the same Main Intelligence Areas as shown
above but “non-state actors” are now a primary target for these
activities. Counter-Intelligence officers may be expected to carry
out the same operations as before but against organised criminal
groups and terrorist organisations rather than enemy intelligence
agencies.
Counter-Intelligence
operations are carried out with the intent to prevent opposition
forces from carrying out subversive activity, acts of sabotage,
irregular warfare or intelligence gathering within the agency's home
nation. Wikipedia’s List of National Counter-Intelligence
Agencies here is comprehensive and shows who is
responsible for what and where.
C-I work is often
subject to political and economic restrictions. It is not possible to
watch everyone constantly and the sliding scale between security
and openness often wavers from one side to the other. Even the
East German Stasi who ran the most well-resourced and
efficient counter-intelligence network in history could not cover
every base. In more recent news the Snowden-NSA revelations while
shocking to many prove that you can only cover a very small
percentage of the global population.
C-I activities
that take place within the home nation must be legally authorised to
take place. Clearly, this is not always the case and laws are broken
and bent both with official knowledge and without. Individuals
working for the NSA have been caught out looking up SIGINT on current and previous romantic partners (so
called LOVEINT). This is clearly not something that senior
officers condone but in certain instances it is not unknown for rules
to be circumvented if they impede ongoing activities.
Agencies must
report to government ministers about ongoing operations (e.g.
the United States House Permanent Select Committee on
Intelligence or the Joint Intelligence Committee in
the UK). There are often instances where intelligence agencies have
revealed operations after the fact to these government
bodies, usually with the explanation that the speed or secrecy of the
operation would have been compromised by reporting it to the
committee. This is allowable so long as the operations are reported
within a reasonable period afterwards.
Defensive and Offensive Counter-Intelligence
C-I work has two
different focuses: protecting classified intelligence
(Defensive) and detecting, identifying and neutralising opposition
intelligence gathering (Offensive).
Defensive
operations primarily involve ensuring that appropriate security
measures are in place and that they are used consistently. Ensuring
the use of secure communications, protecting secure locations and
deception are the hallmarks of Defensive C-I.
Offensive C-I is
arguably more involved as rather than using passive means the
C-I agency must actively pursue the enemy to reduce or remove
threats. Offensive SIGINT C-I may involve locating and identifying
agents through the use of Direction Finding (DF) or interception of
communications. Ana Montes, the DIA agent arrested for spying on
behalf of Cuba was identified through encrypted short wave
transmissions she sent in response to the numbers station which
issued her orders.
Offensive HUMINT Counter-Intelligence techniques focus on trying
to identify enemy agents and their motivations with the end target of
either turning them to one's own cause or removing them as a threat.
This can be done by making them persona non grata and
forcing a return to their country of origin (normally the case
with Official Cover agents e.g. embassy staff) or arresting them
for what is essentially criminal activity (recruited assets or
Non-Official Cover agents - NOCs). In some more extreme cases,
rendition or assassination are options that may be considered.
Defensive Counter Intelligence Techniques
Signals
Intelligence (SIGINT) Defensive C-I is primarily concerned with
maintaining Communications Security (COMSEC). This revolves around
making sure that forms of communication involving restricted
materials are kept secure from physical or electronic interception,
maintenance of hardware and software relating to communications,
cryptography, Emissions Security (EMSEC) e.g. making sure that
hardware does not radiate information that can be picked up
by TEMPEST gear etc. The Wikileaks and Snowden cases
indicate that the weakest part of SIGINT C-I work is always the human
element (see HUMINT below).
Image
Intelligence (IMINT) Defensive C-I involves camouflaging military or
secure civilian installations so that they appear to be something
else. It may also involve using mocked up vehicles to indicate a
military build up to draw attention away from genuine operations.
Human
Intelligence (HUMINT) Defensive C-I is the act of monitoring your own
agents for signs of subversion allowing preventative measures to be
employed. If the agent’s motivation for turning can be established
then these motivations can be nullified and allow for false
information to be passed on to the enemy.
Offensive Counter Intelligence Techniques
Offensive HUMINT
CI involves identifying and subverting enemy agents allowing the C-I
operative to funnel back false information to the enemy. This work
also includes surveillance, wire-tapping, infiltration of
subversive organisations, psychological operations and turning
opposition agents into double agents. Less scrupulous C-I activities
include interrogation and torture, using agent provocateurs, breaking
and entering and planting evidence.
One of the
techniques used to identify enemy recruits within one's own
organisation is known as the "canary trap". This is
where information is passed on to suspected leakers but with each
intelligence package containing different data. On release of the
leak, the specific data will identify which party has breached
security.
The old adage of
“the best defence is a good offence” is also applicable when
looking at Offensive C-I operations. By infiltrating your own agents within
the enemy organisation you can find out what they know about your own
operations. Some of the highest value recruits in espionage history
have been agents within the enemy’s own C-I infrastructure.
Falsely planting
evidence that you have penetrated this structure is another way to
impact the enemy’s abilities to function efficiently. The CIA
Chief of Counter-Intelligence from 1954-1975, James Jesus Angleton,
was obsessed with the idea of there being a mole within the CIA and
his single-minded hunt for this infiltrator sowed mistrust
and confusion within the organisation for many years.
Criminal Counter Espionage
The David Cronenberg film “Eastern Promises” shows
the method by which criminal groups carry out their own unique counter-espionage activities. Vory V Zakone (“Thieves in Law”)
are tattooed with their prison history including the terms they have
served, where they have served. In the film it is mentioned that he
has dual cross tattoos - these show he served a term
at Kresty ("Cross") Prison in St. Petersburg.
Giving an agent a
“passport” of tattoos is not something intelligence agencies (or
their recruits) are willing to do and therefore criminal groups like
the Russian Bratvas, Japanese Yakuza, and Neo-Nazi
gangs often use this to prevent infiltrators. Very few spies would be
willing to have a swastika tattooed on their neck which significantly
reduces the threat of investigators gaining access to the group.
Criminal gangs which require recruits to be “blooded” are also difficult to break into. The expectation
that gang recruits actually commit criminal acts is also a difficult
sell to intelligence agencies. It might be easy for an agency to
authorise an agent to take part in a theft or act of non-lethal
sabotage but murder would be an impossible hurdle to cross (with the
small possibility in the even of targeting a known criminal or enemy
of the state). Criminal gangs in the US have been known to use this
technique in the knowledge that infiltrators will not be able to
carry out the request and remain untarnished.
As a result of
these criminal counter-espionage techniques, agent handlers will try
to recruit targets within the enemy organisation using the MICE technique (see below) to identify potential operatives. This
is particularly the case with ethnically homogenous groups which may
otherwise prove extremely difficult to infiltrate. Informers and
recruited agents alike may be given more leeway than a direct
employee of the agency with a promise of immunity for acts committed
during the course of investigations.
Agent
Motivation and Viability
HUMINT agent
handlers are known as Case Officers (COs) and their role is a combination of psychologist,
actor, confessor, interrogator, and Human Resources manager. They
must identify assets that can be turned to the CO's benefit and use the
acronym "MICE" as a simplistic way to describe agent
motivation -
(M)oney
- the target simply works for financial gain.
(I)deology
- the target identifies with different objectives than those of the group they are supposedly loyal to.
(C)oercion
- the target is forced into working for the enemy by threats to
themselves or those around them.
(E)go
- the target believes themselves to be superior to those around them and chooses to work for the enemy to prove how much smarter
they are.
Historically
most US double agents have been lured initially by
either Ego or Money. Once hooked, the agent may become
a victim of Coercion. If you have given the enemy information in
exchange for money they can turn a trickle into a stream by
threatening to inform on the agent to their home agency. This
technique can often backfire as a threatened agent may decide to own
up to their actions and become a triple agent, feeding disinformation
to his handler.
In
the UK, the most famous group of double agents, the Cambridge Five,
were motivated primarily by Ego and Ideology. Sharing
distrust and hatred of right-wing fascism, the group decided that
their best way to fight encroaching fascism within and without the UK
and Europe would be to approach the Russians. Ego was certainly a
part of it as well. These elite intellectuals saw themselves as above
those around them and the Soviets pandered to this ably.
Both
the SVR, Russia's external intelligence agency, and Mossad, the
Israeli intelligence service, are well known for using attractive
women to bait targets in "Honey Trap" operations. Once the
target has taken the bait they may use Coercion, either
threatening to reveal the relationship to damage the standing of the
recruit or pretending to hold the "loved one" until the
agent cooperates. Coercion can involve more direct threats to a
person's wellbeing or other loved ones or the revelation of
information about the individual’s personal life which may
be embarrassing. Until fairly recently this was often the reason
why homosexuals were considered security risks (see Security Vetting below).
Agent viability is based on the answers to a few simple questions -
- What information has the recruit volunteered about themselves and what have they withheld?
- Can the recruit remain stable under a high degree of stress?
- What intelligence value can be gained by recruiting this agent?
- Are they currently trusted by their own group?
- Can the CO maintain strict control over all communications with the recruit?
The perfect agent will be honest and up-front with the CO as to the reasons they are turning against their employers, is currently trusted by their own group, has strength of mind sufficient to deal with stress, has continued access high value intelligence and is willing to send or receive information only under the strictest circumstances as established by their CO.
Few agents are perfect and in certain situations negative or imperfect answers to these questions would not prevent the agent's recruitment. A good example would be a potential recruit with low current trust amongst their peers or a reduced ability to cope with stress. If they had access to extremely high value intelligence they might be offered the option of extraction. Their value as an agent in place would be low, but the payoff of immediate access to high value data before the opposition remove their access would easily outweigh this.
Once the recruits viability has been established the CO will contact them, usually through a "cut-out" offering financial support, basic training in tradecraft, extraction options (where appropriate) etc.
It should be noted that counter intelligence agents do not normally infiltrate groups themselves. The idea of handing over a trained professional with knowledge of one’s own tactics and capabilities to an enemy is too high a risk. More detailed information around Case Officers and agent handling will be shown within the Tradecraft post.
Security Vetting
Baseline/Positive/Negative
Vetting
Baseline,
Positive and Negative Vetting are the processes whereby agencies
establish the security bona fides of recruits and those who will have access to TOP SECRET (TS) or TOP
SECRET/SPECIAL ACCESS PROGRAM (TS/SAP) AKA “Codeword”
information.
Baseline Vetting
(BV) is required for any role which requires access to PROTECTED
information and involves a very basic 5-year background check,
psychological interview, providing certified copies of birth
certificate, passport etc. Applicants may be expected to provide
relationship information, whether they have used recreational drugs
etc.
Negative Vetting
(NV) involves a higher degree of detail and is required for
access to PROTECTED, CONFIDENTIAL and SECRET information. Applicants
may be required to provide personal information going back up to 10
years along with a psychological interview and certified
documentation (birth certificate, passport, driving licence etc.).
You may also be required to provide at least 10 years of evidence
that you are who you say you are as well as 3 years of banking
records. Any foreign internationals you have had contact with will
also be noted. With NV the information is taken at face value i.e. it
is assumed that the applicant is telling the truth.
Positive Vetting
(PV) is the more detailed level and can take anything from 2 to
12 months (average is 10 months) to complete. Clearing PV
allows access to PROTECTED, CONFIDENTIAL, SECRET, TOP SECRET and
TS/SAP. During this period the recruit will not be allowed alone
within the agency building, even during bathroom breaks. PV requires
the same level of detail as NV but in addition may include interviews
with friends and family, school records and previous employment
records. Nothing is left to chance and all provided information is
verified.
The main
difference between Negative and Positive Vetting is that in Positive
Vetting, everything you provide is assumed to be invalid until
proven otherwise.
Cheers,
Paul
No comments:
Post a Comment