Professional Documents
Culture Documents
https://en.wikipedia.org/wiki/Clandestine_HUMINT
Espionage is the act of obtaining (typically via covert methods) information which an
adversary would not want the entity conducting the espionage to have. Espionage is
inherently clandestine, and the legitimate holder of the information may change plans or take
other countermeasures once it is known that the information is in unauthorized hands. See the
articles such Clandestine HUMINT operational techniques and Clandestine HUMINT asset
recruiting for discussions of the "tradecraft" used to collect this information.
HUMINT is in a constant battle with counterintelligence, and the relationship can become
very blurry, as one side tries to "turn" agents of the other into reporting to the other side.
Recruiters can run false flag operations, where a citizen of country A believes they are
providing intelligence to country B, when they are actually providing it to country C.
This article does not cover military units that penetrate deep between enemy lines, but
generally in uniform, to conduct special reconnaissance. Such military units can be on the
border of the line, in international law, which defines them as spies, if they conduct
information in civilian clothes. In some circumstances, the uniformed personnel may act in
support to the actual agents, providing communications, transportation, financial, and other
support. Yet another discipline is covert operations, where personnel, uniformed or not, may
conduct raids, sabotage, assassinations, propaganda (i.e., psychological operations), etc.
Legal aspects
Black's Law Dictionary (1990) defines espionage as: "gathering, transmitting, or losing ...
information related to the national defense."
In the UK, "Under the 1911 Act, a person commits the offence of 'spying' if he, for any
purpose prejudicial to the safety or interests of the State;
(a) approaches, inspects, passes over or is in the neighbourhood of, or enters any prohibited
place,
(b) makes any sketch, plan, model, or note which is calculated to be or might be or is
intended to be directly or indirectly useful to an enemy; or
(c) obtains, collects, records, or publishes, or communicates to any other person any secret
official code word, or pass word, or any sketch, plan, model, article, or note, or other
document which is calculated to be or might be or is intended to be directly or indirectly
useful to an enemy. [Note: "an enemy" apparently means a potential enemy, so could
theoretically include all foreign governments]
"The offence of spying covers all such acts committed by any person within Her Majesty's
dominions, and such acts committed elsewhere by British Officers or subjects. It is not
necessary for the person concerned to have been warned beforehand that they were subject to
the Official Secrets Act. The 1920 Act creates further offences of doing any "act preparatory"
to spying, or of soliciting, inciting, seeking to persuade, or aiding and abetting any other
person to commit spying.[1]
The US defines espionage towards itself as "The act of obtaining, delivering, transmitting,
communicating, or receiving information about the national defense with an intent, or reason
to believe, that the information may be used to the injury of the United States or to the
advantage of any foreign nation. Espionage is a violation of 18 United States Code 792798
and Article 106, Uniform Code of Military Justice.
Not all clandestine human sources change their loyalties to the country to which they were
born, or owed their first allegiance. In this section we are talking of the classical and actually
rare "spy", who really is a loyal citizen of country A but obtains information from country B,
either through informal means (e.g., fake news reporting) or actually going to work for
country B.
A special case is of the Country B loyalist who controls agents or provides other supporting
or managerial functions against Country A.
Clandestine reporting
Richard Sorge was a Soviet citizen (i.e., country A), who posed as a German (country C)
journalist in Tokyo, to report on Japan (country B) back to the Soviet Union. Sorge was
eventually caught and executed by the Japanese, who generally honored his bravery.
Especially in wartime, while a country may need to execute an agent, they sometimes respect
them.
It is a truism that a live captured spy has more potential value than a dead one, since a live
one can still be interrogated, or perhaps turned into a double agent. There have been cases
where countries have announced the execution of people who are actually alive.
Dangled mole
Dangled moles start out being loyal to one country B, but go to work for another service A,
reporting back to their original service. Such operations can become "infinities of mirrors"[3]
as the mole may be detected and the service by which they are employed tries to double them,
which may or may not work.
One of the best-known, and apparently most successful, was the early Soviet recruitment of
Kim Philby (i.e., service B), who was then dangled to the British Secret Intelligence Service
(i.e., service A), for whom Philby went to work and rose to high rank. Philby is discussed
further below.
As far as is known from public sources, the only mole, already loyal to a foreign service, who
went to work for the CIA (i.e., in the service A role) was Karl Koecher, who actually was
loyal to the Czechoslovakian intelligence service (service B1), while Czechoslovakia was a
Soviet (i.e., service B) satellite state. Koecher became a CIA translator and a good source of
information to the Czechs and Soviets. While, as far as is known in public sources, still loyal
to his original agency, Koecher was ordered to report to Moscow by Oleg Kalugin, longtime
legal resident of the USSR in the US. Kalugin accused Koecher of being a US double agent.
Koecher retired from the CIA and went to work in academia, but was subsequently
reactivated by the KGB and went to work, part-time, for the CIA. During this period, he was
discovered by the FBI, who attempted to double him against the KGB, but the FBI
considered him unreliable and eventually arrested him. The arrest was legally tainted, and
Koecher was eventually exchanged for Soviet prisoners, both sides apparently not wanting
the affair to be in a public court.
The US used Katrina Leung as a dangled mole to the PRC, although the true loyalty of
Leung, who came to the US on a Taiwanese passport, is not known with certainty. She may
have had a long-term allegiance to the PRC, been loyal to the US and then been turned by the
PRC, or primarily been loyal to herself.
With the exception of penetration moles, other human sources start out as highly trusted by
their services. What causes an individual to betray service A, typically his country of birth?
The most common shorthand for changing allegiance is MICE, an acronym for:
Money: Low salary? Greedy? Needs money for family crisis? In debt?
Ideology: Hates his system, admires ours?
Compromise (or coercion): Vulnerable to blackmail? Emotional relationship with an
access agent?
Ego (or excitement): Lonely? Looking for a friend? Passed over for a promotion? Not
appreciated by peers and superiors? Seeking praise and recognition? Adventurous?
Looking for personal challenge? Wants to be James Bond? Egomaniac? Wants to
prove he can get away with it?
Sometimes more than one factor applies, as with Robert Hanssen, an FBI counterintelligence
agent who was a "write-in" to the KGB. While he received large amounts of money, he
apparently felt unappreciated in his own service and spying on it satisfied his ego.
Psychological factors can apply to people changing allegiance for reasons other than coercion
or ideology. To go beyond slogans, Project Slammer was an effort of the Intelligence
Community Staff, under the Director of Central Intelligence, to come up with characteristics
of Project Slammer, an Intelligence Community sponsored study of espionage.
By 1997, the Project Slammer work was being presented at public meetings of the Security
Policy Advisory Board.[6] While a funding cut caused the loss of impetus in the mid-nineties,
there are research data used throughout the security community. They emphasize the
"essential and multi-faceted motivational patterns underlying espionage. Future Slammer
analyses will focus on newly developing issues in espionage such as the role of money, the
new dimensions of loyalty and what seems to be a developing trend toward economic
espionage."
According to a 2008 Defense Department study, financial incentives and external coercion
have played diminishing roles in motivating Americans to spy against the United States, but
divided loyalties are increasingly evident in recent espionage cases. The study said, "Two
thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well:
80% of spies received no payment for espionage, and since 2000 it appears no one was paid.
... Offenders since 1990 are more likely to be naturalized citizens, and to have foreign
attachments, connections, and ties, and therefore they are more likely to be motivated to spy
from divided loyalties." Despite this trend, the report says that the majority (65%) of
American spies are still native born.[7][8]
Among the most important moles, a senior officer already in place when he started reporting,
for ideological reasons, to service B (actually two B's, SIS and CIA), was Col. Oleg
Penkovsky.[9]
Recruitment can be done through personal relationships, from casual sex and blackmail to
friendship or romance
Personnel in sensitive positions, who have difficulty getting along with peers, may become
risks for being compromised with an approach based on ego. William Kampiles, a low-level
worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the
KH-11 reconnaissance satellite. To an interviewer, Kampiles suggested that if someone had
noted his "problem"constant conflicts with supervisors and co-workersand brought in
outside counseling, he might not have stolen the KH-11 manual.[5]
Recruit types
Mole
Other than the dangled moles described above, moles start out as loyal to their own country
A. They may or may not be a trained intelligence officer.
Note that some intelligence professionals reserve the term mole to refer to enemy personnel
that personally know important things about enemy intelligence operations, technology, or
military plans. A person such as a clerk or courier (e.g., Jack Dunlap, who photographed
many documents but was not really in a position to explore enemy thinking), is more
generically an asset. To be clear, all moles are assets, but not all assets are moles.
Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at
a young age, but definitely not reporting or doing anything that would attract suspicion, until
reaching a senior position. Kim Philby is an example of an agent actively recruited by the
British Secret Intelligence Service while he was already committed to Communism. Philby,
at first, concentrated on doing a good job for the British, so he could rise in trust and
authority.[10] Philby was motivated by ideology before he joined SIS.
Defector
An individual may want to leave their service at once, perhaps from high-level disgust, or
low-level risk of having been discovered in financial irregularities and is just ahead of arrest.
Even so, the defector certainly brings knowledge with him, and may be able to bring
documents or other materials of value.
Starts in A
Leaves and goes to B
Philip Agee is an example of a US CIA officer who came to the belief that he was working
on behalf of an ideology he had come to hate. Eventually, he resigned, and clandestinely went
to Cuba, telling their intelligence service everything he knew, with the stated goal[11] of
damaging the CIA. Agee claims the CIA was satisfied with his work and did not want him to
leave, although the author, John Barrow, claims that he was close to being discharged for
improper personal conduct.[12]
Soviet, and now Russian, doctrine has some interesting insights that might well be useful to
the West. For example, rather than use the term "defector", which has a negative connotation,
they use the Russian word dobrozhelatel, "well-wisher," as used here virtually the equivalent
of "walk-in." This term has a positive connotation, and may reflect how the service views
such people, as described by Ivan Serov,[13] former chief of GRU (Soviet military
intelligence)
While the term "well-wisher" may be positive, in Serov's view, he does not assume a well-
wisher has value to offer. The majority actually turn out to be offering material of no
significant value. The first task is to determine if they are random sympathizers who fail to
understand the subject they propose to discuss, or are active provocations being run by
foreign counterintelligence.
Provocateurs obtain some value if they can simply identify the intelligence officers in an
embassy, so the initial interviews are, unless there is a strong reason to the contrary,
conducted by low-level staff. Serov points out that even if some walk-ins have no material of
value, "Some are ideologically close to us and genuinely and unselfishly anxious to help us;
some are in sympathy with the Soviet Union but want at the same time to supplement their
income; and some, though not in accord with our ideas and views, are still ready to
collaborate honestly with us for financial reasons." A genuine sympathizer without useful
material still may become useful as an access agent, courier, or support agent.
Other walk-ins simply are trying to get money, either for nonsense information or for real
information with which they have been entrusted. Physical walk-ins are not the only kind of
volunteer "well-wisher," who may communicate through the mail, by telephone, or direct
contact. If, for example, contact is made with someone who really is an intelligence officer,
there is immediate reason to believe the person does have intelligence contactsbut further
investigation is necessary to see if they are real or if they are provocateurs from
counterintelligence. A provocateur can be from the local agency, or even from a third country
false-flag provocation.
"Persons wanting to make money usually produce a large quantity of documents and talk
much and willingly about themselves, trying to make a favorable impression. Extortioners
and blackmailers usually act impudent, making their offer in the form of an ultimatum and
even resorting to open threats."
Defector in place
Another method is to directly recruit an intelligence officer (or terrorist member) from within
the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain
their normal duties while spying on their parent service (organization); this is also referred to
as recruiting an agent or defector in place.[14]
Starts in A
Stays working in A but reporting to B
As mentioned, Oleg Penkovsky was a key US-British agent, apparently detected through
Soviet counterintelligence work. Adolf Tolkachev, an electronic engineer working on Soviet
radar, was another defector in place for the US, who was exposed by the CIA defector,
Edward Lee Howard, who fled to the KGB before being arrested. Penkovsky and Tolkachev,
both motivated by ideology, were executed by the Soviets.
To give a sense of the "infinity of mirrors" involved in agent work, Howard was exposed by
an apparent Soviet walk-in defector, Vitaly Yurchenko, who walked into the US Embassy in
Rome and defected to the United States. While Yurchenko also identified Ronald Pelton as a
Soviet defector-in-place working in the NSA, Yurchenko himself re-defected back to the
USSR within a few months. It is possible that Yurchenko was acting as a double agent, sent
by the Soviets to sacrifice less important Soviet assets in order to protect the more important
CIA defectors in place, e.g. Aldrich Ames.
False flag recruitments, admittedly for covert action rather than pure HUMINT, were
reported[15] as a technique used by Edwin P. Wilson, who left CIA in 1971, and then went to
work for a Navy HUMINT unit, Task Force 157 until 1976, when he went private.[16] During
his time working for CIA, he was both officially and unofficially involved in arms sales. "His
assignments sometimes required him to establish and use 'front' companies to gain access to
information and to support CIA operations here and abroad commercially."[16] Three men,
found dead under mysterious circumstances, had believed they had been recruited by Wilson,
"under the pretense that he was still a CIA executive." According to Epstein, "Wilson
maintained a close association with two of the agency's top executivesThomas G. Clines,
the director of training for the clandestine services, and Theodore G. Shackley, who held the
No. 2 position in the espionage branch. Both of these men sat in on meetings that Wilson held
with his operatives and weapon suppliers and, by doing so, helped further the illusion that his
activities had the sanction of the CIAan illusion crucial to keeping his false flag
attractive."[15] Wilson was involved in then-banned arms sales to Libya, and it is unclear who
actually sponsored these sales.
He was in Libya in 1982, but came to the Dominican Republic in 1982, where he was
arrested for illegal arms sales, and sentenced, in 1984, to 52 years in prison. He was 55 years
old at the time.
Continuing Freedom of Information Act and other research by his attorney caused a federal
judge to throw out the conviction,[16] on the basis that prosecutors "deliberately deceived the
court", in the words of the judge, "America will not defeat Libyan terrorism by double-
crossing a part-time, informal government agent."
Double agent
The first thing to consider about a double agent is that he is, at least minimally, a trained
intelligence asset. He may not be a full case officer of the other side, but he may, at least,
have been an agent of theirs. They had some reason to trust him. Like all other intelligence
operations, double agent cases are run to protect and enhance the national security. They
serve this purpose principally by providing current counterintelligence about hostile
intelligence and security services and about clandestine subversive activities. The service and
officer considering a double agent possibility must weigh net national advantage
thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of
communication with the enemy.[17]
Before even considering double agent operations, a service has to consider its own resources.
Managing that agent will take skill and sophistication, both at the local/case officer and
central levels. Complexity goes up astronomically when the service cannot put physical
controls on its doubles, as did the Double Cross System in WWII. In the Double Cross
System, the double agents were motivated by coercion: they knew they would be executed if
they did not cooperate. Few of them were highly trained intelligence officers, but
opportunists to start.
For predictive purposes the most important clue imbedded in the origins of an operation is the
agent's original or primary affiliation, whether it was formed voluntarily or not, the length of
its duration, and its intensity. The effects of years of clandestine association with the
adversary are deep and subtle; the Service B case officer working with a double agent of
service A is characterized by an ethnicity or religion may find those bonds run deep, even if
the agent hates the government of A. The service B officer may care deeply for the double.
Another result of lengthy prior clandestine service is that the agent may be hard to control in
most operations the case officer's superior training and experience give him so decided an
edge over the agent that recognition of this superiority makes the agent more tractable. But
add to the fact that the experienced double agent may have been in the business longer than
his U.S. control his further advantage in having gained a first-hand comparative knowledge
of the workings of at least two disparate services, and it is obvious that the case officer's
margin of superiority diminishes, vanishes, or even is reversed.
One facet of the efforts to control a double agent operation is to ensure that the double agent
is protected from discovery by the parent intelligence service; this is especially true in
circumstances where the double agent is a defector-in-place.
Double agent operations must be carefully planned, executed, and above all, reported. One of
the problems with double agent operations in the US, run by the FBI, is that the FBI culture
has been very decentralized to the field office level. This is, perhaps, an overreaction to the
extremely centralized culture under J. Edgar Hoover. Prior to 9/11, information in one field
office, which might reveal problems in a HUMINT operation, is not necessarily shared with
other offices. FBI Director Robert Mueller cited the changes since 9/11: "We then centralized
coordination of our counterterrorism program. Unlike before, when investigations were
managed primarily by individual field offices, the Counterterrorism Division at Headquarters
now has the authority and the responsibility to direct and coordinate counterterrorism
investigations throughout the country. This fundamental change has improved our ability to
coordinate our operations here and abroad, and it has clearly established accountability at
Headquarters for the development and success of our Counterterrorism Program."[18]
"The amount of detail and administrative backstopping seems unbearable at times in such
matters. But since penetrations are always in short supply, and defectors can tell less and less
of what we need to know as time goes on, because of their cut-off dates, double agents will
continue to be part of the scene.[19]"
Services functioning abroad-and particularly those operating in areas where the police powers
are in neutral or hostile handsneed professional subtlety as well. The agent handlers must
have full knowledge of [the agent's] past (and especially of any prior intelligence
associations), a solid grasp of his behavior pattern (both as an individual and as a member of
a national grouping), and rapport in the relationship with him.[17] Case officers must know the
agent's area and have a nuanced understanding of his language; this is an extremely unwise
situation for using interpreters, since the case officer needs to sense the emotional content of
the agent's communication and match it with the details of the information flowing in both
directions. Depending on whether the operation is being run in one's own country, an allied
country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly
territory, the case officer needs both liaison with, and knowledge of, the routine law
enforcement and security units in the area, so the operation is not blown because an ordinary
policeman gets suspicious and brings the agent in for questioning.
If at all possible, the service running the double agent have complete control of
communications, which, in practice, need to be by electronic means or dead drop. Meetings
between the double and his Service A handler are extremely risky. Even text communication
can have patterns of grammar or word choice, known to the agent and his original service,
that can hide a warning of capture, by the use of a seemingly ordinary word. Some
controlling services may paraphrase the double's text to hide such warnings, but run into the
possibility of being detected by sophisticated analysis of the double's normal choice of words.
Starts in A
Recruited by B
Defects and tells B all he knows (defector)
operates in place (Agent doubled in place) and continues to tell B about A
Redoubled agent
A service discovering an adversary agent, who entered one's own service either as a
penetrator or an asset in place may offer him employment as a double. His agreement,
obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine
switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another
service has been detected by his original sponsor and who has been persuaded to reverse his
affections again also belongs to this dubious class. Many detected and doubled agents
degenerate into what are sometimes called "piston agents" or "mailmen," who change their
attitudes with their visas as they shunt from side to side.[17]
Operations based on them are little more than unauthorized liaison with the enemy, and
usually time-wasting exercises in futility. A notable exception is the detected and unwillingly
doubled agent who is relieved to be found out in his enforced service to the adversary.[17]
Starts in A
Assigned to C
B creates a situation where agent believes he is talking to C, when actually receiving B
disinformation
Active provocateur
There can be active and passive provocation agents. A double agent may serve as a means
through which a provocation can be mounted against a person, an organization, an
intelligence or security service, or any affiliated group to induce action to its own
disadvantage. The provocation might be aimed at identifying members of the other service, at
diverting it to less important objectives, at tying up or wasting its assets and facilities, at
sowing dissension within its ranks, at inserting false data into its files to mislead it, at
building up in it a tainted file for a specific purpose, at forcing it to surface an activity it
wanted to keep hidden, or at bringing public discredit on it, making it look like an
organization of idiots. The Soviets and some of the Satellite services, the Poles in particular,
are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have
been used to mount provocation operations; the double agent is only one of them.[17]
An active provocateur is sent by Service A to Service B to tell B that he works' for A but
wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the
significant information that he is withholding, in compliance with A's orders, is the fact that
his offer is being made at A's instigation. He is also very likely to conceal one channel of
communication with A-for example, a second secret writing system. Such "side-commo"
enables A to keep in full touch while sending through the divulged communications channel
only messages meant for adversary eyes. The provocateur may also conceal his true sponsor,
claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his
actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from
us.[17]
Passive provocateur
In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a
species of mirror-reading) and selects those citizens whose access to sources and other
qualifications make them most attractive to B. Service A officers, posing as service B
officers, recruit the citizens of country C. At some point, service A then exposes these
individuals, and complains to country C that country B is subverting its citizens.
The stake-out has a far better chance of success in areas like Africa, where intelligence
exploitation of local resources is far less intensive, than in Europe, where persons with
valuable access are likely to have been approached repeatedly by recruiting services during
the postwar years.[17]
This may be extremely difficult to accomplish, and even if accomplished the real difficulty is
maintaining control of this "turned asset". Controlling an enemy agent who has been turned is
a many-faceted and complex exercise that essentially boils down to making certain that the
agent's new-found loyalty remains consistent, which means determining whether the
"doubled" agent's turning is genuine or false. However, this process can be quite convoluted
and fraught with uncertainty and suspicion.[14]
Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of
and run as a double-agent against the terrorist's "parent" organization in much the same
fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of
ease, wherever double-agents are discussed the methodologies generally apply to activities
conducted against terrorist groups as well.[14]
Peddlers, fabricators, and others who work for themselves rather than a service are not double
agents because they are not agents. Almost certainly motivated by money, it is unlikely they
can maintain the deception for very long.
They may be uncovered by a headquarters check, as they may well have tried the same game
elsewhere.
"Witting" is a term of intelligence art that indicates that one is not only aware of a fact or
piece of information, but also aware of its connection to intelligence activities. An unwitting
double agent thinks that he is still working for his own Service A, but Service B has
somehow managed what, in communications security, is called a man-in-the-middle attack.
Service A believes it is in contact with its own agent, and the agent believes he is
communicating with his true control. This is extremely difficult to continue for more than a
very brief period of time.
Creating an unwitting double agent is extremely rare. The manipulative skill required to
deceive an agent into thinking that he is serving his team when in fact he is damaging its
interests is plainly of the highest order.
A triple agent can be a double agent that decides his true loyalty is to his original service, or
could always have been loyal to his service but is part of an active provocation of your
service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another
time after that are far more difficult, but in some rare cases, worthwhile.
Any service B controlling, or believing it controls, a double agent, must constantly evaluate
the information that agent is providing on service A. While service A may have been willing
to sacrifice meaningful information, or even other human assets, to help an intended
penetration agent establish his bona fides, at some point, service A may start providing
useless or misleading information as part of the goal of service A. In the WWII Double Cross
System,[20] another way the British controllers (i.e., service B in this example) kept the Nazis
believing in their agent, was that the British let true information flow, but too late for the
Germans to act on it. The double agent might send information indicating that a lucrative
target was in range of a German submarine, but, by the time the information reaches the
Germans, they confirm the report was true because the ship is now docked in a safe port that
would have been a logical destination on the course reported by the agent.[21] While the
Double Cross System actively handled the double agent, the information sent to the Germans
was part of the overall Operation Bodyguard deception program of the London Controlling
Section. Bodyguard was meant to convince the Germans that the Allies planned their main
invasion at one of several places, none of which were Normandy. As long as the Germans
found those deceptions credible, which they did, they reinforced the other locations. Even
when the large landings came at Normandy, deception operations continued, convincing the
Germans that Operation Neptune at Normandy was a feint, so that they held back their
strategic reserves. By the time it became apparent that Normandy was indeed the main
invasions, the strategic reserves had been under heavy air attack, and the lodgment was
sufficiently strong that the reduced reserves could not push it back.
There are other benefits to analyzing the exchange of information between the double agent
and his original service, such as learning the priorities of service A through the information
requests they are sending to an individual they believe is working for them. If the requests all
turn out to be for information that service A could not use against B, and this becomes a
pattern, service A may have realized their agent has been turned.
Since maintaining control over double agents is tricky at best, it is not hard to see how
problematic this methodology can become. The potential for multiple turnings of agents and
perhaps worse, the turning of ones own intelligence officers (especially those working
within counterintelligence itself), poses a serious risk to any intelligence service wishing to
employ these techniques. This may be the reason that triple-agent operations appear not to
have been undertaken by U.S. counterintelligence in some espionage cases that have come to
light in recent years, particularly among those involving high-level penetrations. Although
the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both
of whom were senior counterintelligence officers in their respective agencies who
volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent
operations were not attempted throughout the community writ large, these two cases suggest
that neutralization operations may be the preferred method of handling adversary double
agent operations vice the more aggressive exploitation of these potential triple-agent
sources.[14]
Triple agent
Offers his communications with A to B, so B may gain operational data about A and send
disinformation to A
A concern with triple agents, of course, is if they have changed loyalties twice, why not a
third or even more times? Consider a variant where the agent remains fundamentally loyal to
B:
Quadruple agent
Successes such as the British Double Cross System or the German Operation North Pole
show that these types of operations are indeed feasible. Therefore, despite the obviously very
risky and extremely complex nature of double agent operations, the potentially quite lucrative
intelligence windfall the disruption or deception of an adversary service makes them an
inseparable component of exploitation operations.[14]
If a double agent wants to come home to Service A, how can he offer a better way to redeem
himself than recruiting the Service B case officer that was running his double agent case,
essentially redoubling the direction of the operation? If the case officer refuses, that is apt to
be the end of the operation. If the attempt fails, of course, the whole operation has to be
terminated. A creative agent can tell his case office, even if he had not been tripled, that he
had been loyal all along, and the case officer would, at best, be revealed as a fool.
"Occasionally a service runs a double agent whom it knows to be under the control of the
other service and therefore has little ability to manipulate or even one who it knows has been
successfully redoubled. The question why a service sometimes does this is a valid one. One
reason for us is humanitarian: when the other service has gained physical control of the agent
by apprehending him in a denied area, we often continue the operation even though we know
that he has been doubled back because we want to keep him alive if we can.
"Another reason might be a desire to determine how the other service conducts its double
agent operations or what it uses for operational build-up or deception material and from what
level it is disseminated. There might be other advantages, such as deceiving the opposition as
to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to
continue running the known redoubled agent in order to conceal other operations. It might
want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in
a provocation being run against the opposition elsewhere. Running a known redoubled agent
is like playing poker against a professional who has marked the cards but who presumably is
unaware that you can read the backs as well as he can.[17]
Support services
Couriers
Courier work is among those things that consist of hours of boredom punctuated with
moments of sheer terror. Keeping a courier, who is not a member of your service and/or has
diplomatic cover, is challenging.
Occasionally, it may be practical to transfer a courier to other, more challenging duties. Once
that transfer is made, however, the individual should never be reassigned to courier duty, as
the probability of that person having become known to counterintelligence is much higher.
There may be occasions where diplomats, or even members of diplomats' families who have
diplomatic immunity, may serve as couriers. Their value in the diplomatic service must be
weighed against the near certainty that if discovered, they will be expelled as persona non
grata.
Drivers, especially those trained to receive car tosses, are a variant of couriers, and to which
the same constraints apply. Using persons with diplomatic immunity may be slightly more
sensible in the case of drivers, since their cars are usually immune to search. On the other
hand, a diplomatic car will have distinctive license plates and may be under surveillance
whenever it leaves diplomatic premises. Counterintelligence services may take the risk, given
the potential reward, of putting electronic tracking devices on diplomatic vehicles.
Safehouses may not be literal stand-alone houses. Indeed, in an urban area, the anonymity of
an apartment house or office building may give greater security.
In more rural areas, houses may indeed be needed. This is especially the case if the country
team needs storage of bulky supplies (e.g., weapons, sabotage materials, propaganda),
printing presses, etc.
Finance
Industrialized nations, with complex financial systems, have a variety of reporting systems
about money transfer, from which counterintelligence potentially can derive patterns of
operations and warnings of operations in progress. Money laundering refers to methods for
getting cash in and out of the financial system without it being noticed by financial
counterintelligence.
The need for money, and challenge of concealing its transfer, will vary with the purpose of
the clandestine system. If it is operated by a case officer under diplomatic cover, and the
money is for small payments to agent(s), the embassy can easily get cash, and the amounts
paid may not draw suspicion. If, however, there will be large payments to an agent, getting
the money still is not a problem for the embassy, but there starts to be a concern that the agent
may draw attention to himself by extensive spending.
US security systems, about which the most public information is known, usually include a
credit check as part of a security clearance, and excessive debt is a matter of concern. It may
be the case that refusing to clear people with known financial problems has stopped a
potential penetration, but, in reality, the problem may well be at the other side. Aldrich Ames,
Robert Hanssen, and John Walker all spent more money than could be explained by their
salaries, but their conspicuous spending did not draw attention; they were detected because
variously through investigations of leaks that threw suspicion on their access to information.
Suspicion did fall on Jack Dunlap, who had his security clearance revoked and committed
suicide. Perhaps Dunlap was more obvious as a low-level courier and driver than the others,
while the others were officers in more responsible positions.
The question remains if sudden wealth is likely to be detected. More extensive bank
reporting, partially as a result of the US PATRIOT Act and other reporting requirements of
the Financial Crimes Enforcement Network (FinCEN), the latter established before 9/11, may
make receiving payments easier to catch.
Additional requirements for bank reporting were in the PATRIOT act, and intended to help
catch terrorists preparing for operations. It is not clear, however, if terrorist operations will
involve highly visible cash transactions. The 9/11 operations cells were reported to have
required somewhere between $400,000 and $500,000 in operating funds, and there were
indeed wire transfers in the $100,000 range. Still, the question remains if a relatively small
expenditure, compared with the enormous amounts in the illegal drug trade, will draw
counterintelligence/counterterrorist attention.
Wire transfers and bank deposits go through formal value transfer systems where there is
reporting to government. Especially terrorist groups, however, have access to informal value
transfer systems (IVTS), where there is no reporting, although FinCEN has been suggesting
indirect means of detecting the operation of IVTS.[22]
For clandestine networks where the case officers are under non-official cover, handling large
sums of cash is more difficult and may justify resorting to IVTS. When the cover is under a
proprietary (owned by the intelligence agency) aviation company, it can be relatively simple
to hide large bundles of cash, and make direct payments.
In the US, financial transactions begin with mutual identification between the customer and
the financial institution. Although there are many Internet frauds involving fake financial
institutions or criminals masquerading as a financial institution (i.e., phishing), the more
difficult requirement is for the prospective customer to show acceptable identification to the
bank. For basic relationships, a government-issued identification document, such as a
passport or driver's license, usually suffices. For foreign nationals, their country's equivalent
may be accepted, although it may be harder to verify.
Going beyond the basics becomes much more difficult. Were the relationship one that
involved classified information, there would be an extensive personal history questionnaire,
fingerprint check, name search with law enforcement and intelligence, and, depending on the
clearance level, additional investigations.
Credit bureaus and other financial information services may be helpful, although the accuracy
of some of these is questionable. There are Federal requirements to check names against lists
of possible terrorists, financial criminals and money launderers, etc. In many respects, we
have a problem where financial institution employees, without law enforcement training, are
being asked to be detectives. There is a conflict of interest and lack of law enforcement
training when bank employees are asked to monitor the legality of their customers' acts. Stay
aware of the status of court tests of legislation and regulation in this area, as well as new
legislation. While it is possible to teach many investigative skills, every experienced and
successful investigator speaks of instinct, which takes years to develop.
Money laundering is more associated with domestic crime than with clandestine operations,
and is less likely to be involved in clandestine operations. Nevertheless, a brief mention of its
potential benefits are in order. The basic principle of money laundering is that someone is in
a business that has large cash income, such as drug sales or gambling. The receiving
organization needs to find a way that these get into usable bank accounts, so they can be
accessed for large purchases.
The most common way to do money laundering is to find a legal business that naturally
receives much of its income in cash. These could include hair and beauty shops, small
groceries, and, ironically, laundries and dry cleaners. The legal business, or more likely
multiple businesses, receive the illegal cash as well as normal receipts, and draw amounts that
do not attract suspicion. Periodically, the launderer may have the cash-receiving firm buy
something for him, or, less commonly, to write a large check that goes into his legal account.
Care is taken that the amounts in the legal accounts do not hit the limits that cause automatic
reporting.
Informal value transfer systems (IVTS),[22] however, exist in a number of cultures, and
bypass regular financial channels and their monitoring systems (see financial intelligence).
These are known by regional and cultural names including:
hawala (Middle East, Afghanistan, Pakistan)
hundi (India)
While details differ by culture and specific participants, the systems work in a comparable
manner. To transfer value, party 1 gives money (or other valuta) to IVTS agent 1-A. This
agent calls, faxes, or otherwise communicates the amount and recipient of the funds to be
transferred, to IVTS agent 2-A, who will deliver the funds to party 2. All the systems work
because they are valuable to the culture, and failure to carry out the agreement can invite
savage retribution.
Reconciliation can work in a number of ways. There can be physical transfer of cash or
valuables. There can be wire transfers in third and fourth countries, countries without strong
reporting requirements, which the IVTS agents can verify.