Counterespionage

From Citizendium
Jump to navigation Jump to search
This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


In Peter Ustinov's rarely performed but unforgotten comedy "Romanoff and Juliet," the leader of a fictional European nation alerts the Soviet Ambassador that the U.S. knows about a certain Soviet intelligence operation. "We know they know," says the Russian. The intermediary tells the U.S. Ambassador, "They know you know," to which the diplomat replies, "We know they know we know."



Back goes the go-between to Moscow's envoy, who expands: "We know they know we know they know." To which the American, after counting the knows, gasps in astonishment, "They know that!"[1]

Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an foreign intelligence service (FIS) or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary’s normal operations.

Not infrequently, offensive counterespionage is in a different organization than general counterintelligence. In the U.S., for example, domestic counterintelligence is the responsibility of the Federal Bureau of Investigation, while the principal counterespionage service is in the Central Intelligence Agency. In Britain, the division is less clear, although domestic operations are clearly restricted to the Security Service (MI5), which, further, has no powers of arrest, in contrast to the FBI. When arrests are needed, the police Special Branch (UK) must be called.

Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.

Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.

Refining mission statements

The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its [2] National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:

  1. "Counterintelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
  2. " Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added)correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
  3. The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity;identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.

DND further makes the useful clarification [3], "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."

Recruiting

Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.

Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members “often mistrust and fight among each other, disagree, and vary in conviction.”, are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.

A person willing to take on an offensive counterintelligence role, especially when not starting as a professional member of a service, can present in many ways. A person may be attracted by careful nurturing of a sense that someone may want to act against service A, or may be opportunistic: a walk-in or write-in.

Opportunistic acquisition, as of a walk-in, has the disadvantage of being unexpected and therefore unplanned for: the decision to run a double agent should be made only after a great deal of thought, assessment, and evaluation, and if the candidate comes as a volunteer, the service may have to act without sufficient time for reflection. In this situation the necessity of assessing the candidate conflicts also with the preservation of security, particularly if the officer approached is in covert status. Volunteers and walk-ins are tricky customers, and the possibility of provocation is always present. On the other hand, some of our best operations have been made possible by volunteers. The test of the professional skill of an intelligence organization is its ability to handle situations of this type.[4]

Evaluating

When an agent candidate appears, judgments are needed on four essential questions to decide if a potential operation makes sense, if the candidate is the right person for the operation, and if one's own service can support the operation.

Deciding if a candidate is viable
Question Answer
Has he told you everything? Enough information can ordinarily be obtained in one or two sessions with the candidate to permit testing by polygraph, investigation of leads, and file checks. These steps must be taken very quickly because it is not possible to un-recruit a man. The two areas of possible concealment which are especially dangerous are prior intelligence ties and side-commo.
Does he have stayability? This term combines two concepts-his ability to maintain access to the counterintelligence target for the foreseeable future, and his psychological stamina under the constant (and sometimes steadily increasing) pressure of the double agent's role. If he lacks stayability he may still be useful, but the operation must then be planned for short range.
Does the adversary trust him? Indications of adversary trust can be found in the level of the communications system given him, his length of service, the seniority of the adversary case officer, the nature and level of requirements, and the kind and extent of training provided. If the opposition keeps the agent at arm's length, there is little prospect that doubling him will yield significant returns.
Can you control his communications both ways? Control of communications on your own side can be difficult enough, especially if the agent lives in hostile territory. But control of adversary channels is hard under even the best of circumstances. It requires a great deal of time, technical skill, and - as a rulemanpower.

Negative answers on one or even two of these questions are not ground for immediate rejection of the possible operation. But they are ground for requiring some unusually high entries on the credit side of the ledger.

The initial assessment comes from friendly debriefing or interview. The interviewing officer may be relaxed and casual, but underneath the surface his attitude is one of deliberate purpose: he is trying to find out enough to make an initial judgment of the man sensing the subject's motivations, emotional state and mental processes.

For instance, if an agent walks in, says he is a member of another service, and reveals information so sensitive that the other service would surely not give it away just to establish the informant's bona fides, there are two possibilities:

  • either the agent is telling the truth
  • he is attempting a provocation.

Sometimes, the manner in which the man conducts himself will suggest which of the two it is. In addition to establishing the individual's true identity and examining his documents, there is also a need to gain information on the walk-in's service.

It is harder to understaand why the individual presented himself or herself presented himself than to establish who he is and what service he represents. Motivation is hard to understand in daily life, much less in the shadowy world of espionage and counterespionage

  • the agent's professed reasons
  • the officer's own inferences from his story and behavior.

Rarely is there a single explanation for the agent's action. Some speak highly of democracy or the West, but, on discussing the subject, the case officer may discover the agent's understanding of these systems is very shallow. Why, then, might the agent be saying this? Possible reasons include telling the case officer what the agent thinks the officer wants to hear, or that the agent has created a desirable fantasy.

If the comments are made as an enticement to the officer, he must investigate whether there are more basic motivations. Money is often a motivation; one method of tradecraft is to leave luxury goods catalogs where they can be read, and judge if the reaction is one of surprise, desire, or indignation. Some psychopathic agents have "a masochistic desire for punishment by both services. Others have financial, religious, political, or vindictive motives. The last are often the best double agents: they get pleasure out of deceiving their comrades by their every act day after day. [4]

Making the judgment about the agent's psychological and physical suitability is also difficult. Sometimes a psychologist or psychiatrist can be called in under some pretext. Such professionals, or a well-trained CI officer, may recognize signs of sociopathic personality disorder in potential double agents. From the point of view of the double agent operation, here are their key traits:

Characteristics of sociopaths
They are unusually calm and stable under stress but cannot tolerate routine or boredom They do not form lasting and adult emotional relationships with other people because their attitude toward others is exploitative
They have above-average intelligence. They are good verbalizers-sometimes in two or more languages They are skeptical and even cynical about the motives and abilities of others but have exaggerated notions about their own competence.
Their reliability as agents is largely determined by the extent to which the case officer's instructions coincide with what they consider their own best interests. They are ambitious only in a short range sense: they want much and they want it now. They do not have the patience to plod toward a distant reward.
They are naturally clandestine and enjoy secrecy and deception for its own sake.

The candidate must be considered as a person and the operation as a potential. Possibilities which would otherwise be rejected out of hand can be accepted if the counterintelligence service is or will be in a position to obtain and maintain an independent view of both the double agent and the case.

The estimate of the potential value of the operation must take into consideration whether his service has the requisite personnel, facilities, and technical support; whether running the operation will prejudice other activities of his government; whether it will be necessary or desirable, at the outset or later, to share the case with foreign liaison; and whether the case has political implications.

Types of Offensive Counterespionage Operations

A subject of offensive counterintelligence starts with a loyalty to one service. In these examples:

  • Service A: Foreign Intelligence Service (FIS) or non-national group
  • Service A1: a client, supporting organization, or ally of A
  • Service B: One's own or an allied service
  • Service B1: a client, supporting organization, or ally of B
  • Service C: A third country's service, which, in this context, should be assumed to be neutral.

Double agents and defectors start out being loyal to service B, which immediately creates the potential for emotional conflict. False flag operations also have the potential for conflict, as these operations recruit people who believe they are working for service C, but they have not been told the truth: they are actually working for service A or B, depending on the nature of the operation.

Mole

Moles start out as loyal to service B, but may or may not be a trained intelligence officer of that service. Indeed, those that are not trained, but volunteer to penetrate a FIS, may either not understand the risk, or are tremendously brave individuals, highly motivated against Country A and willing to risk its retaliation if their limited preparation reveals their true affiliation.

Starts in B
Joins A
Transmits to B or disrupts operations until leaves or disrupted

Note that some intelligence professionals reserve mole to refer to enemy personnel that personally know important things about enemy intelligence operations, technology, or military plans. A person such as a clerk or courier, who photographs many documents but is not really in a position to explore enemy thinking, is more generically an asset. To be clear, all moles are assets, but not all assets are moles.

One of the more difficult methods involves having the would-be-mole “dangled” – that is luring the adversary intelligence service (or terrorist group) to recruit the opposition’s clandestine intelligence officer who is posing as a “walk-in” (someone who voluntarily offers information) – in the hopes that the adversary will unknowingly take the bait.

Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at a young age, but definitely not reporting or doing anything that would attract suspicion, until reaching a senior position. Kim Philby is an example of an agent actively recruited by Britain while he was already committed to Communism.

False Flag Penetrator

A special case is a false flag recruitment of a penetrator:

Starts in C
Believes being recruited by A
Actually is recruited by B and sends false information to C

Defector

An individual may want to leave their service at once, perhaps from high-level disgust, or low-level risk of having been discovered in financial irregularities and is just ahead of arrest. Even so, the defector certainly brings knowledge with him, and may be able to bring documents or other materials of value.

Starts in A
Leaves and goes to B

Defector in place

Another method is to directly recruit an intelligence officer (or terrorist member) from within the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain their normal duties while spying on their parent service (organization); this is also referred to as recruiting an “agent” or defector in place.[5]

Starts in A
Stays working in A but reporting to B

Double Agent

Before even considering double agent operations, a service has to consider its own resources. Managing that agent will take skill and sophistication, both at the local/case officer and central levels. Complexity goes up astronomically when the service cannot put physical controls on its doubles, as did the Double Cross System in WWII. That system, under J.C. Masterman, distinguished several types of double agent, although the precise terminology was tailored to the time and not in wide use today: [6]

  • "The classic double who was in personal, physical contact with two (or more) sides during his case — like TRICYCLE or SNOW in Masterman's account.[7] One of the consequences of this predicament is that the double agent is inescapably in control of his own operation for longer or shorter periods. Thus the problem of his honesty, his bona fides, is a critical matter. The classic double is to be distinguished from
  • the double agent who is not in personal physical contact, but uses intermediary communications that are under control (w/ t — radio, s/w — secret writing). Both of these categories the British distinguished from the
  • penetration agent, a double who worked solely against other intelligence services to obtain information on their organization, personnel, methods, and operations. all of these were to be distinguished from
  • the special agent, who was a double used solely for planting information on an enemy service (feeder)." The special agent might not even be aware he was doubled

Double agent operations, due to their inherent delicacy and the possibility of compromise, require exhaustive planning, operation and , #Protecting your own service| reporting; the work of its supervisors can be near-overwhelming. "But since penetrations are always in short supply, and defectors can tell less and less of what we need to know as time goes on, because of their cut-off dates, double agents will continue to be part of the scene."[8]

Services functioning abroad-and particularly those operating in areas where the police powers are in neutral or hostile hands--need professional subtlety as well. [4] Case officers must know the agent's area and have a nuanced understanding of his language; this is an extremely unwise situation for using interpreters, since the case officer needs to sense the emotional content of the agent's communication and match it with the details of the information flowing in both directions. Depending on whether the operation is being run in one's own country, an allied country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly territory, the case officer needs both liaison with, and knowledge of, the routine law enforcement and security units in the area, so the operation is not blown because an ordinary policeman gets suspicious and brings the agent in for questioning.

The most preferable situation is that the service running the double agent have complete control of communications. When communications were by Morse code, each operator had a unique rhythm of keying, called a "fist". MASINT techniques of the time recognized individual operators, so it was impossible to substitute a different operator than the agent. The agent also could make deliberate and subtle changes in his keying, to alert his side that he had been turned. While Morse is obsolete, voices are very recognizable and resistant to substitution. Even text communication can have patterns of grammar or word choice, known to the agent and his original service, that can hide a warning of capture.

Full knowledge of [the agent's] past (and especially of any prior intelligence associations), a solid grasp of his behavior pattern (both as an individual and as a member of a national grouping), and rapport in the relationship with him.

The discovery of an adversary intelligence officer who has succeeded in penetrating one’s own organization offers the penetrated intelligence service the possibility of “turning” this officer in order use him as a “double agent”. The way a double agent case starts deeply affects the operation throughout its life. Almost all of them begin in one of the three ways following:

  • Walk-in or talk-in
  • Detected and doubled, usually under duress
  • Provocation agent

Double agent

Starts in A
Recruited by B
Defects and tells B all he knows (defector)
operates in place (Agent #Doubled in Place| doubled in place) and continues to tell B about A

False flag double agent

Starts in A
Assigned to C
B creates a situation where agent believes he is talking to C, when actually receiving B disinformation

Active penetrator

Starts in A and is actually loyal to A
Goes to B, says he works for A, but wants to switch sides. Gives B access to his communications channel with A
Keeps second communications channel, X with A, about which B knows nothing
Reports operational techniques of B to A via X
Provides disinformation from A to B via X

#Passive Provocateur| Passive Provocateur

A does an analysis of C and determines what targets would be attractive to B
A then recruits citizens of C, which A believes will be more loyal to B
The A recruit, a citizen of C, volunteers to B
A can then expose B's penetration of C, hurting B-C relations.

This may be extremely difficult to accomplish, and even if accomplished the real difficulty is maintaining control of this “turned asset”. Controlling an enemy agent who has been turned is a many-faceted and complex exercise that essentially boils down to making certain that the agent’s new-found loyalty remains consistent, which means determining whether the “doubled” agent’s turning is genuine or false. However, this process can be quite convoluted and fraught with uncertainty and suspicion.

Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of and run as a double-agent against the terrorist’s “parent” organization in much the same fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of ease, wherever double-agents are discussed the methodologies generally apply to activities conducted against terrorist groups as well.[5]

A double agent is a person who engages in clandestine activity for two intelligence or security services (or more in joint operations), who provides information about one or about each to the other, and who wittingly withholds significant information from one on the instructions of the other or is unwittingly manipulated by one so that significant facts are withheld from the adversary. Peddlers, fabricators, and others who work for themselves rather than a service are not double agents because they are not agents. The fact that doubles have an agent relationship with both sides distinguishes them from penetrations, who normally are placed with the target service in a staff or officer capacity.

The unwitting double agent is an extremely rare bird. The manipulative skill required to deceive an agent into thinking that he is serving the adversary when in fact he is damaging its interests is plainly of the highest order.

For predictive purposes the most important clue imbedded in the origins of an operation is the agent's original or primary affiliation, whether it was formed voluntarily or not, the length of its duration, and its intensity. The effects of years of clandestine association with the adversary are deep and subtle; the Service B case officer working with a double agent of service A is characterized by an ethnicity or religion may find those bonds run deep, even if the agent hates the government of A. The service B officer may care deeply for the double.

Another result of lengthy prior clandestine service is that the agent may be hard to control in most operations the case officer's superior training and experience give him so decided an edge over the agent that recognition of this superiority makes the agent more tractable. But add to the fact that the experienced double agent may have been in the business longer than his U.S. control his further advantage in having gained a first-hand comparative knowledge of the workings of at least two disparate services, and it is obvious that the case officer's margin of superiority diminishes, vanishes, or even is reversed.

One facet of the efforts to control a double agent operation is to ensure that the double agent is protected from discovery by the parent intelligence service; this is especially true in circumstances where the double agent is a defector-in-place.

Like all other intelligence operations, double agent cases are run to protect and enhance the national security. They serve this purpose principally by providing current counterintelligence about hostile intelligence and security services and about clandestine subversive activities. The service and officer considering a double agent possibility must weigh net national advantage thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of communication with the enemy.

Doubled in Place

A service discovering an adversary agent may offer him employment as a double. His agreement, obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another service has been detected by his original sponsor and who has been persuaded to reverse his affections again -also belongs to this dubious class. Many detected and doubled agents degenerate into what are sometimes called "piston agents" or "mailmen," who change their attitudes with their visas as they shunt from side to side.

Operations based on them are little more than unauthorized liaison with the enemy, and usually time-wasting exercises in futility. A notable exception is the detected and unwillingly doubled agent who is relieved to be found out in his enforced service to the adversary.

Active provocateur

There can be active and passive provocation agents. A double agent may serve as a means through which a provocation can be mounted against a person, an organization, an intelligence or security service, or any affiliated group to induce action to its own disadvantage. The provocation might be aimed at identifying members of the other service, at diverting it to less important objectives, at tying up or wasting its assets and facilities, at sowing dissension within its ranks, at inserting false data into its files to mislead it, at building up in it a tainted file for a specific purpose, at forcing it to surface an activity it wanted to keep hidden, or at bringing public discredit on it, making it look like an organization of idiots. The Soviets and some of the Satellite services, the Poles in particular, are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have been used to mount provocation operations; the double agent is only one of them.

An active one is sent by Service A to Service B to tell B that he works for A but wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the significant information that he is withholding, in compliance with A's orders, is the fact that his offer is being made at A's instigation. He is also very likely to conceal one channel of communication with A-for example, a second secret writing system. Such "side-commo" enables A to keep in full touch while sending through the divulged communications channel only messages meant for adversary eyes. The provocateur may also conceal his true sponsor, claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from us.

Some provocations, if successful, may cause massive damage to field networks, as in the Venlo Incident staged by the German Sicherheitsdienst (SD) against the British Secret Intelligence Service.[9]

Passive provocateur

Passive provocations are variants involving false-flag recruiting.

In Country C Service A surveys the intelligence terrain through the eyes of Service B (a species of mirror-reading) and selects those citizens whose access to sources and other qualifications make them most attractive to B. Service A officers, posing as service B officers, recruit the citizens of country C. At some point, service A then exposes these individuals, and complains to country C that country B is subverting its citizens.

The stake-out has a far better chance of success in areas like Africa, where intelligence exploitation of local resources is far less intensive, than in Europe, where persons with valuable access are likely to have been approached repeatedly by recruiting services during the postwar years.[4]

Multiply Turned Agent

A triple agent can be a double agent that decides his true loyalty is to his original service, or could always have been loyal to his service but is part of an active provocation of your service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another time after that are far more difficult, but in some rare cases, worthwhile.

Any service B controlling, or believing it controls, a double agent, must constantly evaluate the information that agent is providing on service A. While service A may have been willing to sacrifice meaningful information, or even other human assets, to help an intended penetration agent establish his bona fides, at some point, service A may start providing useless or misleading information as part of the goal of service A. In the WWII Double-Cross system, another way the British controllers (i.e., service B in this example) kept the Nazis believing in their agent, was that the British let true information flow, but too late for the Germans to act on it. The double agent might send information indicating that a lucrative target was in range of a German submarine, but, by the time the information reaches the Germans, they confirm the report was true because the ship is now docked in a safe port that would have been a logical destination on the course reported by the agent [10]. While the Double-Cross System actively handled the double agent, the information sent to the Germans was part of the overall Plan BODYGUARD deception program of the London Controlling Section. Bodyguard was meant to convince the Germans that the Allies planned their main invasion at one of several places, none of which were Normandy. As long as the Germans found those deceptions credible, which they did, they reinforced the other locations. Even when the large landings came at Normandy, deception operations continued, convincing the Germans that Operation NEPTUNE at Normandy was a feint, so that they held back their strategic reserves. By the time it became apparent that Normandy was indeed the main invasions, the strategic reserves had been under heavy air attack, and the lodgment was sufficiently strong that the reduced reserves could not push it back.

There are other benefits to analyzing the exchange of information between the double agent and his original service, such as learning the priorities of service A through the information requests they are sending to an individual they believe is working for them. If the requests all turn out to be for information that service B could not use against A, and this becomes a pattern, service A may have realized their agent has been turned.

Since maintaining control over double agents is tricky at best, it is not hard to see how problematic this methodology can become. The potential for multiple turnings of agents and perhaps worse, the turning of one’s own intelligence officers (especially those working within counterintelligence itself), poses a serious risk to any intelligence service wishing to employ these techniques. This may be the reason that triple-agent operations appear not to have been undertaken by U.S. counterintelligence in some espionage cases that have come to light in recent years, particularly among those involving high-level penetrations. Although the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both of whom were senior counterintelligence officers in their respective agencies who volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent operations were not attempted throughout the community writ large, these two cases suggest that neutralization operations may be the preferred method of handling adversary double agent operations vice the more aggressive exploitation of these potential triple-agent sources.[5]

Triple agent

Starts out working for B
Volunteers to be a defector-in-place for A
Discovered by B
Offers his communications with A to B, so B may gain operational data about A and send disinformation to A

A concern with triple agents, of course, is if they have changed loyalties twice, why not a third or even more times? Consider a variant where the agent remains fundamentally loyal to B

Quadruple agent

Starts out working for B
Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that B has discovered and is controlling him
Discovered by B
Offers his communications with A to B.
B actually gets disinformation about A's operational techniques
A learns what B wants to know, such as potential vulnerabilities of A, which A will then correct

Successes such as the British Double-Cross System or the German Operation North Pole show that these types of operations are indeed feasible. Therefore, despite the obviously very risky and extremely complex nature of double agent operations, the potentially quite lucrative intelligence windfall – the disruption or deception of an adversary service – makes them an inseparable component of exploitation operations.[5]

Double agent motivation may fail, and the agent choose to try to restore himself with his own service. What better incentive can he offer than than to recruit his Service B case officer? If the case officer refuses, that at least breaks the agent from foreign control, and the agent may be able to gain some redemption by denouncing the agent handler. Some agents can convince their home service that they always were loyal, and launched a creative counterespionage operation on their own.

There may be good reasons for a service to continue to run a redoubled agent.

"One reason for us is humanitarian: when the other service has gained physical control of the agent by apprehending him in a denied area, we often continue the operation even though we know that he has been doubled back because we want to keep him alive if we can." Alternatively, the service handling the redoubled agent could " how the other service conducts its double agent operations or what it uses for operational build-up or deception material and from what level it is disseminated. There might be other advantages, such as deceiving the opposition as to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to continue running the known redoubled agent in order to conceal other operations. It might want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in a provocation being run against the opposition elsewhere." This is very risky.

Running a known redoubled agent is like playing poker against a professional who has marked the cards but who presumably is unaware that you can read the backs as well as he can. [4]

Running Offensive Counterespionage Operations

"Control is the capacity of a case officer of country B to generate, alter, or halt agent behavior by using or indicating his capacity to use physical or psychological means of leverage. And a case officer working overseas does not control a double agent the way a policeman controls an informer. At best, the matter is in shades of gray. The case officer has to consider that the double from country A still has contact with country B."[4]

The case officer must carefully consider the effects of exerting control. Too much pressure may drive the agent back to his home service.

The case officer cannot control the double in all respects.

The target service (A) inevitably exercises some control over the double agent, if only in his performance of the tasks that it assigns to him. B, in fact, has to be careful not to disrupt the double's relation with his own service, warning service A of a control, Even if the positive side is being run so poorly that the misguided agent is in danger of coming to the attention of local authorities whose intervention would spoil the CI aspect too, the case officer must restrain his natural impulse to button up the adversary's operation for him. At the very most, he can suggest that the agent complain to the hostile case officer about insecure practices, and then only if the agent's sophistication and relationship with that case officer make such a complaint seem normal.[4]

An ideal situation involves physical control, or at least close surveillance, but that is likely only in war. Very close to physical control, however, is control of the agent's communications. Even with controlled communications, however, agents are trained to give subtle clues that they are under duress.

Agent-level risk and reward

The nature and value of the double agent's functions depend greatly on his personal ability as well as on his mission for the other service. He can always report on the objectives and conduct of this mission and possibly more broadly on the positive and counterintelligence targets of the other service or on its plans. If he is skillful and well trained, he can do valuable work by exploiting the weaknesses of others: all intelligence officers of any service, despite their training, have some weaknesses.

One's own side may triple an agent, or turn even more times than that. With each turn, the chances of deception increase, so in such operations, the quality of the agent's services needs to be checked constantly. If the agent no longer elicits trust, he might be offered exfiltration if in a foreign country. He might be retired and given an advisory position where he handles no secrets, but might be useful as an occasional reference.

A rare agent may actually understand the thinking of the highest levels of government policy. This may not be purely a matter of his assignment; Oleg Penkovsky had social ties to high-ranking generals.

An agent, who has been with his service any appreciable time, will be able to provide a good deal of information on the practices, and possibly resources, of his FIS. Other than for the most important of agents, a service is not apt to invent new communications techniques, either for hard-copy passed by dead drop or courier, or for electronic transmission. Information on capabilities comes indirectly, from the level of technology and manufacturing quality with the country-specific equipment with which he was provided.

Some agencies, however, make a point of providing their agents with "sterile" equipment obtained commercially from third countries. If that is their pattern, it may only become obvious if multiple agents are compared at the national CI level. A sufficiently sophisticated agency may obtain different third-country equipment for different agents, leaving the operational instructions as the only detail that may establish a pattern.

The double agent serves also as a controlled channel through which information can be passed to the other service, either to build up the agent in its estimation or for purposes of deception. In the complex matter of deception we may distinguish here between

  • operational deception, that concerning the service's own capabilities, intentions, and control of the agent, and
  • national deception, that concerning the intentions of the controlling government or other components of it.

National deception operations are usually very delicate, frequently involving the highest levels of the government, and therefore require prior coordination and approval at the national headquarters level.

The double agent channel can be used by the controlling service to insert data into the mechanisms of the other service with a number of possible objectives-for example, to detect its activities in some field. The inserted material is designed to induce certain actions on the part of the other service, which are then observed through another operation or group of operations. The material has to be designed very skillfully if it is to deceive the other service and produce the desired reactions. Such a situation might arise if a case officer handling several operations wanted to set up still another and needed to find out in advance what the pertinent operational pattern was.

Running the Operation: Do's and Don'ts

The following principles apply to the handling of all double agent operations in varying degrees. In composite they form a check-list against which going operations might be periodically reviewed-and given special examination with the appearance of danger signals.[4]

Monitoring, Testing and Managing the Double Agent

The agent handler must constantly analyze the often-changing motivation and authenticity of the agent. Psychological specialists may be available to assist. Some intelligence agencies like to use the polygraph to verify the agent's story,[11] although it may be more of an aid to interrogation than a true "lie detector".

All information received must, as far as possible, be verified. This can include forensic and content analysis of documents and equipment provided, surveillance of the agent, and "further research into verifying the agent's story (i.e., "legend" in tradecraft) While "name traces cannot be run on every person mentioned by the agent, do not be stingy with them on persons who have familial, emotional, or business ties with him" in verifying his legend".

Improve his own security and cover as a double. Do not, however, improve his intelligence collection skills. The hostile service might make use of information that he collects independently, or they may become suspicious if his skill and reporting suddenly improve. If he has been a bad speller in his reports to his service, don't volunteer to copy edit! Teaching the double too much, especially about resistance to interrogation may improve his security, but it also may make his service suspicious if his manner, to them, changes.

"Require the agent to report and, as security permits, turn over to you everything he gets from the other side: money, gifts, equipment, documents, etc." This is a delicate balance. If he thinks he doesn't have to report something to you, he can become confused about who gets what. At the same time, use judgment to keep him motivated. Rather than confiscating payments to him, deposit them in a third-country bank account of which he is aware, and that he can access on termination. Labels such as "anti-Communist", "militant jihadist", "morally offended by own side" can oversimplify and interfere with your own understanding of his thinking. Understand the person underneath the label.[4]

With due regard for security, periodically have a colleague review the case. Either alone or with help, review the operational techniques to see if they can be improved. Fresh eyes, a historical perspective, and comparison with other agents may give deep insight into the tradecraft and operational procedures of the adversary.

Counterespionage experts fear leaving a disillusioned or angry agent, in place, in his home service. Agents and agent handlers will have personality clashes, so transferring an agent to another handler in one's own, or an allied service, may solve some problems. It is better to get the in-place agent to defect when confidence in him drops. While the agencies dislike mentioning it, capturing or killing a seriously risky agent is always a possibility.

Managing Expectations of the Hostile Service

To protect the operation, the case officer must try to see the agent's performance from the perspective of the opposing service, using the style of that service. Do not assume the other side thinks as your service does. The US tends to rely more on technical collection and OSINT than many other world services; the USSR regarded espionage as the most important collection technique, even when they could have used OSINT to collect the same information.

An agent can be "too good" to the other side. If he produces material, which his service finds implausible that he could have accessed, it jeopardizes the counterespionage operation. If he collects plausible material, but tells his home case officer that he obtained it in some way that his service has not trained him, again, there is jeopardy. By letting him operate as he was trained, the counterespionage service may detect vulnerabilities that otherwise might have revealed sensitive information. If his communications are controlled, the service can prevent truly sensitive material from being sent, and perhaps send disinformation in its place.

Do not solve their problems for them. If the agent is arrested, do not immediately and visibly intervene. In such a situation, the other side may expose additional resources either to support the agent or to provide alternate means of collection. This can always be explained to the agent, with some truth, that you are not giving obvious help to protect his security to his own service.

If the agent reports a crisis with his service, do not take it at face value; always look for the plot within a plot, but keep perspective; it may be a provocation. A local ideological terror group may well be receiving direction from a distant transnational group. Consider the possibility of false-flag agents in such circumstances.

Protecting your own service

Especially when dealing with terrorists, the most basic protections for one's service are physical safety. David Ignatius, of the Washington Post, speaks of the problems caused by counterintelligence managers eager for results but averse to risks.

Agency officers traditionally meet their sources at clandestine locations -- "safe houses," as they're known, and car pickups -- outside an embassy or military base. The reason is security: The agent shouldn't see many CIA faces, and vice versa. But those standard agent-handling rules have been violated routinely, in Iraq and now Afghanistan, because senior officials have concluded it's too dangerous outside the wire. "At least 90 percent of all agent meetings are conducted on bases," estimates one CIA veteran. [12]

Allowing an agent, who turned out to be redoubled, into the base at Khost, Afghanistan, led to dead and wounded American and Jordanian personnel, when the agent detonated a suicide bomb. [13]

An established couterintelligence service can support the agent handler with information such as biographical data on known hostile individuals, provocation techniques used by other services, etc. The British Security Service pioneered the systematic Registry of such data. U.S. military counterintelligence and counterespionage have specifically defined laptops for such information.

Field operations need to track any of one's own side's classified material was "fed" to the agent. Authorizations for the release of true classified, and deceptive information, must be tracked.

"Double agents must be run within the framework of their own materials-the information which they themselves supply."[4] Skilled agent handlers will convince the agent, which may well be true, that information kept from him is done so for his own safety. This, of course, also limits exposure if he redoubles.

References

  1. "Counting Knows", New York Times, 11 March 1994
  2. Canadian Forces National Counter-Intelligence Unit, 2003-03-28, Canada-DND-DAOD 8002-2. Retrieved on 2007-11-19
  3. Security Intelligence Liaison Program, 2003-03-28, Canada-DND-DAOD 8002-3. Retrieved on 2007-11-19
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 Begoum, F.M. (18 Sept 1995), "Observations on the Double Agent", Studies in Intelligence. Retrieved on 2007-11-03 Cite error: Invalid <ref> tag; name "Begoum" defined multiple times with different content
  5. 5.0 5.1 5.2 5.3 Gleghorn, Todd E. (September 2003). Exposing the Seams: the Impetus for Reforming US Counterintelligence. Retrieved on 2007-11-02. Cite error: Invalid <ref> tag; name "Gleghorn" defined multiple times with different content
  6. "Masterman Revisited: Another look at double agent deception", Studies in Intelligence, Central Intelligence Agency, 2 July 1996
  7. J.C. Masterman, The Double-Cross System
  8. Austin B. Matschulat (2 July 1996). Coordination and Cooperation in Counerintelligence. Center for the Study of Intelligence, Central Intelligence Agency,. Retrieved on 2007-11-03.
  9. Wil Deac (January 1997), Germany's Venlo sting completely compromised an already shaky British Intelligence network in Western Europe., HistoryNet
  10. Brown, Anthony Cave (1975.). Bodyguard of Lies: The Extraordinary True Story Behind D-Day. 
  11. Chester C. Crawford (Summer 1960), "The Polygraph in Agent Interrogation", Studies in Intelligence, Central Intelligence Agency 4
  12. David Ignatius (6 January 2010), "Two attacks highlight counterterrorism's bureaucratic bog", Washington Post
  13. Joby Warrick (31 December 2009), "Suicide bomber attacks CIA base in Afghanistan, killing at least 8 Americans", Washington Post