Clandestine HUMINT

https://en.wikipedia.org/wiki/Clandestine_HUMINT

Clandestine HUMINT (HUMan INTelligence) is intelligence collected from human sources

using clandestine espionage methods. These sources consist of people working in a variety of
roles within the intelligence community. Examples include the quintessential spy (known by
professionals as an asset or agent), who collects intelligence, couriers and related personnel,
who handle an intelligence organization's (ideally) secure communications, and support
personnel, such as access agents, who may arrange the contact between the potential spy and
the case officer who recruits them. The recruiter and supervising agent may not necessarily
be the same individual. Large espionage networks may be composed of multiple levels of
spies, support personnel, and supervisors. Espionage networks are typically organized as a
cell system, in which each clandestine operator knows only the people in his own cell,
perhaps the external case officer, and an emergency method (which may not necessarily
involve another person) to contact higher levels if the case officer or cell leader is captured,
but has no knowledge of people in other cells. This cellular organization is a form of
compartmentalisation, which is an important tactic for controlling access to information, used
in order to diminish the risk of discovery of the network or the release of sensitive
information.

Espionage is the act of obtaining (typically via covert methods) information which an
adversary would not want the entity conducting the espionage to have. Espionage is
inherently clandestine, and the legitimate holder of the information may change plans or take
other countermeasures once it is known that the information is in unauthorized hands. See the
articles such Clandestine HUMINT operational techniques and Clandestine HUMINT asset
recruiting for discussions of the "tradecraft" used to collect this information.

HUMINT is in a constant battle with counterintelligence, and the relationship can become
very blurry, as one side tries to "turn" agents of the other into reporting to the other side.
Recruiters can run false flag operations, where a citizen of country A believes they are
providing intelligence to country B, when they are actually providing it to country C.

Unlike other forms of intelligence collection disciplines, espionage usually involves

accessing the place where the desired information is stored, or accessing the people who
know the information and will divulge it through some kind of subterfuge. There are
exceptions to physical meetings, such as the Oslo Report, or the insistence of Robert Hanssen
in never meeting the people to whom he was selling information.

This article does not cover military units that penetrate deep between enemy lines, but
generally in uniform, to conduct special reconnaissance. Such military units can be on the
border of the line, in international law, which defines them as spies, if they conduct
information in civilian clothes. In some circumstances, the uniformed personnel may act in
support to the actual agents, providing communications, transportation, financial, and other
support. Yet another discipline is covert operations, where personnel, uniformed or not, may
conduct raids, sabotage, assassinations, propaganda (i.e., psychological operations), etc.

Legal aspects

Black's Law Dictionary (1990) defines espionage as: "gathering, transmitting, or losing ...
information related to the national defense."
In the UK, "Under the 1911 Act, a person commits the offence of 'spying' if he, for any
purpose prejudicial to the safety or interests of the State;
(a) approaches, inspects, passes over or is in the neighbourhood of, or enters any prohibited
place,
(b) makes any sketch, plan, model, or note which is calculated to be or might be or is
intended to be directly or indirectly useful to an enemy; or
(c) obtains, collects, records, or publishes, or communicates to any other person any secret
official code word, or pass word, or any sketch, plan, model, article, or note, or other
document which is calculated to be or might be or is intended to be directly or indirectly
useful to an enemy. [Note: "an enemy" apparently means a potential enemy, so could
theoretically include all foreign governments]

"The offence of spying covers all such acts committed by any person within Her Majesty's
dominions, and such acts committed elsewhere by British Officers or subjects. It is not
necessary for the person concerned to have been warned beforehand that they were subject to
the Official Secrets Act. The 1920 Act creates further offences of doing any "act preparatory"
to spying, or of soliciting, inciting, seeking to persuade, or aiding and abetting any other
person to commit spying.[1]

The US defines espionage towards itself as "The act of obtaining, delivering, transmitting,
communicating, or receiving information about the national defense with an intent, or reason
to believe, that the information may be used to the injury of the United States or to the
advantage of any foreign nation. Espionage is a violation of 18 United States Code 792798
and Article 106, Uniform Code of Military Justice.

Penetrations of foreign targets by people loyal to their own country

Not all clandestine human sources change their loyalties to the country to which they were
born, or owed their first allegiance. In this section we are talking of the classical and actually
rare "spy", who really is a loyal citizen of country A but obtains information from country B,
either through informal means (e.g., fake news reporting) or actually going to work for
country B.

A special case is of the Country B loyalist who controls agents or provides other supporting
or managerial functions against Country A.

Clandestine reporting

Richard Sorge was a Soviet citizen (i.e., country A), who posed as a German (country C)
journalist in Tokyo, to report on Japan (country B) back to the Soviet Union. Sorge was
eventually caught and executed by the Japanese, who generally honored his bravery.
Especially in wartime, while a country may need to execute an agent, they sometimes respect
them.

It is a truism that a live captured spy has more potential value than a dead one, since a live
one can still be interrogated, or perhaps turned into a double agent. There have been cases
where countries have announced the execution of people who are actually alive.

Dangled mole
Dangled moles start out being loyal to one country B, but go to work for another service A,
reporting back to their original service. Such operations can become "infinities of mirrors"[3]
as the mole may be detected and the service by which they are employed tries to double them,
which may or may not work.

One of the best-known, and apparently most successful, was the early Soviet recruitment of
Kim Philby (i.e., service B), who was then dangled to the British Secret Intelligence Service
(i.e., service A), for whom Philby went to work and rose to high rank. Philby is discussed
further below.

As far as is known from public sources, the only mole, already loyal to a foreign service, who
went to work for the CIA (i.e., in the service A role) was Karl Koecher, who actually was
loyal to the Czechoslovakian intelligence service (service B1), while Czechoslovakia was a
Soviet (i.e., service B) satellite state. Koecher became a CIA translator and a good source of
information to the Czechs and Soviets. While, as far as is known in public sources, still loyal
to his original agency, Koecher was ordered to report to Moscow by Oleg Kalugin, longtime
legal resident of the USSR in the US. Kalugin accused Koecher of being a US double agent.
Koecher retired from the CIA and went to work in academia, but was subsequently
reactivated by the KGB and went to work, part-time, for the CIA. During this period, he was
discovered by the FBI, who attempted to double him against the KGB, but the FBI
considered him unreliable and eventually arrested him. The arrest was legally tainted, and
Koecher was eventually exchanged for Soviet prisoners, both sides apparently not wanting
the affair to be in a public court.

The US used Katrina Leung as a dangled mole to the PRC, although the true loyalty of
Leung, who came to the US on a Taiwanese passport, is not known with certainty. She may
have had a long-term allegiance to the PRC, been loyal to the US and then been turned by the
PRC, or primarily been loyal to herself.

Human sources who changed allegiance

With the exception of penetration moles, other human sources start out as highly trusted by
their services. What causes an individual to betray service A, typically his country of birth?
The most common shorthand for changing allegiance is MICE, an acronym for:
Money: Low salary? Greedy? Needs money for family crisis? In debt?
Ideology: Hates his system, admires ours?
Compromise (or coercion): Vulnerable to blackmail? Emotional relationship with an
access agent?
Ego (or excitement): Lonely? Looking for a friend? Passed over for a promotion? Not
appreciated by peers and superiors? Seeking praise and recognition? Adventurous?
Looking for personal challenge? Wants to be James Bond? Egomaniac? Wants to
prove he can get away with it?

Sometimes more than one factor applies, as with Robert Hanssen, an FBI counterintelligence
agent who was a "write-in" to the KGB. While he received large amounts of money, he
apparently felt unappreciated in his own service and spying on it satisfied his ego.

Psychological factors can apply to people changing allegiance for reasons other than coercion
or ideology. To go beyond slogans, Project Slammer was an effort of the Intelligence
Community Staff, under the Director of Central Intelligence, to come up with characteristics
of Project Slammer, an Intelligence Community sponsored study of espionage.

It "examines espionage by interviewing and psychologically assessing actual espionage

subjects. Additionally, persons knowledgeable of subjects are contacted to better understand
the subjects' private lives and how they are perceived by others while conducting
espionage.[4]

How an espionage subject sees himself (at the time of espionage)

Attitude Manifestations
Special, even unique.
Deserving.
His situation is not satisfactory.
No other (easier) option (than to engage in espionage).
Only doing what others frequently do.
His basic belief Not a bad person.
structure His performance in his government job (if presently employed) is
separate from espionage; espionage does not (really) discount his
contribution in the workplace.
Security procedures do not (really) apply to him.
Security programs (e.g., briefings) have no meaning for him, unless
they connect with something with which he can personally identify.
He sees his situation in a context in which he faces continually
narrowing options, until espionage seems reasonable. The process that
evolves into espionage reduces barriers, making it essentially "Okay"
to initiate the crime.
He feels isolated He sees espionage as a "Victimless" crime.
from the Once he considers espionage, he figures out how he might do it. These
consequences of his are mutually reinforcing, often simultaneous events.
actions: He finds that it is easy to go around security safeguards (he is able to
solve that problem). He belittles the security system, feeling that if the
information was really important espionage would be hard to do (the
information would really be better protected). This "Ease of
accomplishment" further reinforces his resolve.
He is anxious on initial hostile intelligence service contact (some also
feel thrill and excitement).
After a relationship with espionage activity and HOIS develops, the
process becomes much more bearable, espionage continues (even
flourishes).
In the course of long term activity subjects may reconsider their
Attempts to cope involvement. -- Some consider breaking their role to become an
with espionage operative for the government. This occurs when access to classified
activity information is lost or there is a perceived need to prove themselves, or
both.
-- Others find that espionage activity becomes stressful, they no longer
want it. Glamour (if present earlier) subsides. They are reluctant to
continue. They may even break contact.
-- Sometimes they consider telling authorities what they have done.
Those wanting to reverse their role aren't confessing, they're
 negotiating. Those who are "Stressed out" want to confess. Neither
wants punishment. Both attempt to minimize or avoid punishment.

According to a press report about Project Slammer and Congressional oversight of

counterespionage, one fairly basic function is observing one's own personnel for behavior
that either suggests that they could be targets for foreign HUMINT, or may already have been
subverted. News reports indicate that in hindsight, red flags were flying but not noticed.[5] In
several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert
Hanssen, the individual showed patterns of spending inconsistent with their salary. Some
people with changed spending may have a perfectly good reason, such as an inheritance or
even winning the lottery, but such patterns should not be ignored.

By 1997, the Project Slammer work was being presented at public meetings of the Security
Policy Advisory Board.[6] While a funding cut caused the loss of impetus in the mid-nineties,
there are research data used throughout the security community. They emphasize the
"essential and multi-faceted motivational patterns underlying espionage. Future Slammer
analyses will focus on newly developing issues in espionage such as the role of money, the
new dimensions of loyalty and what seems to be a developing trend toward economic
espionage."

According to a 2008 Defense Department study, financial incentives and external coercion
have played diminishing roles in motivating Americans to spy against the United States, but
divided loyalties are increasingly evident in recent espionage cases. The study said, "Two
thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well:
80% of spies received no payment for espionage, and since 2000 it appears no one was paid.
... Offenders since 1990 are more likely to be naturalized citizens, and to have foreign
attachments, connections, and ties, and therefore they are more likely to be motivated to spy
from divided loyalties." Despite this trend, the report says that the majority (65%) of
American spies are still native born.[7][8]

Recruitment through money

Ames seems to have been motivated primarily by money.

Recruitment through ideology

Among the most important moles, a senior officer already in place when he started reporting,
for ideological reasons, to service B (actually two B's, SIS and CIA), was Col. Oleg
Penkovsky.[9]

Recruitment through compromise

Recruitment can be done through personal relationships, from casual sex and blackmail to
friendship or romance

Recruitment through ego

Personnel in sensitive positions, who have difficulty getting along with peers, may become
risks for being compromised with an approach based on ego. William Kampiles, a low-level
worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the
KH-11 reconnaissance satellite. To an interviewer, Kampiles suggested that if someone had
noted his "problem"constant conflicts with supervisors and co-workersand brought in
outside counseling, he might not have stolen the KH-11 manual.[5]

Recruit types

Mole

Other than the dangled moles described above, moles start out as loyal to their own country
A. They may or may not be a trained intelligence officer.

Note that some intelligence professionals reserve the term mole to refer to enemy personnel
that personally know important things about enemy intelligence operations, technology, or
military plans. A person such as a clerk or courier (e.g., Jack Dunlap, who photographed
many documents but was not really in a position to explore enemy thinking), is more
generically an asset. To be clear, all moles are assets, but not all assets are moles.

Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at
a young age, but definitely not reporting or doing anything that would attract suspicion, until
reaching a senior position. Kim Philby is an example of an agent actively recruited by the
British Secret Intelligence Service while he was already committed to Communism. Philby,
at first, concentrated on doing a good job for the British, so he could rise in trust and
authority.[10] Philby was motivated by ideology before he joined SIS.

Defector

An individual may want to leave their service at once, perhaps from high-level disgust, or
low-level risk of having been discovered in financial irregularities and is just ahead of arrest.
Even so, the defector certainly brings knowledge with him, and may be able to bring
documents or other materials of value.
Starts in A
Leaves and goes to B

Philip Agee is an example of a US CIA officer who came to the belief that he was working
on behalf of an ideology he had come to hate. Eventually, he resigned, and clandestinely went
to Cuba, telling their intelligence service everything he knew, with the stated goal[11] of
damaging the CIA. Agee claims the CIA was satisfied with his work and did not want him to
leave, although the author, John Barrow, claims that he was close to being discharged for
improper personal conduct.[12]

Soviet, and now Russian, doctrine has some interesting insights that might well be useful to
the West. For example, rather than use the term "defector", which has a negative connotation,
they use the Russian word dobrozhelatel, "well-wisher," as used here virtually the equivalent
of "walk-in." This term has a positive connotation, and may reflect how the service views
such people, as described by Ivan Serov,[13] former chief of GRU (Soviet military
intelligence)

While the term "well-wisher" may be positive, in Serov's view, he does not assume a well-
wisher has value to offer. The majority actually turn out to be offering material of no
significant value. The first task is to determine if they are random sympathizers who fail to
understand the subject they propose to discuss, or are active provocations being run by
foreign counterintelligence.

Provocateurs obtain some value if they can simply identify the intelligence officers in an
embassy, so the initial interviews are, unless there is a strong reason to the contrary,
conducted by low-level staff. Serov points out that even if some walk-ins have no material of
value, "Some are ideologically close to us and genuinely and unselfishly anxious to help us;
some are in sympathy with the Soviet Union but want at the same time to supplement their
income; and some, though not in accord with our ideas and views, are still ready to
collaborate honestly with us for financial reasons." A genuine sympathizer without useful
material still may become useful as an access agent, courier, or support agent.

Other walk-ins simply are trying to get money, either for nonsense information or for real
information with which they have been entrusted. Physical walk-ins are not the only kind of
volunteer "well-wisher," who may communicate through the mail, by telephone, or direct
contact. If, for example, contact is made with someone who really is an intelligence officer,
there is immediate reason to believe the person does have intelligence contactsbut further
investigation is necessary to see if they are real or if they are provocateurs from
counterintelligence. A provocateur can be from the local agency, or even from a third country
false-flag provocation.

"Persons wanting to make money usually produce a large quantity of documents and talk
much and willingly about themselves, trying to make a favorable impression. Extortioners
and blackmailers usually act impudent, making their offer in the form of an ultimatum and
even resorting to open threats."

Defector in place

Another method is to directly recruit an intelligence officer (or terrorist member) from within
the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain
their normal duties while spying on their parent service (organization); this is also referred to
as recruiting an agent or defector in place.[14]
Starts in A
Stays working in A but reporting to B

As mentioned, Oleg Penkovsky was a key US-British agent, apparently detected through
Soviet counterintelligence work. Adolf Tolkachev, an electronic engineer working on Soviet
radar, was another defector in place for the US, who was exposed by the CIA defector,
Edward Lee Howard, who fled to the KGB before being arrested. Penkovsky and Tolkachev,
both motivated by ideology, were executed by the Soviets.

To give a sense of the "infinity of mirrors" involved in agent work, Howard was exposed by
an apparent Soviet walk-in defector, Vitaly Yurchenko, who walked into the US Embassy in
Rome and defected to the United States. While Yurchenko also identified Ronald Pelton as a
Soviet defector-in-place working in the NSA, Yurchenko himself re-defected back to the
USSR within a few months. It is possible that Yurchenko was acting as a double agent, sent
by the Soviets to sacrifice less important Soviet assets in order to protect the more important
CIA defectors in place, e.g. Aldrich Ames.

False flag penetrator

A special case of a mole is a false flag recruitment of a penetrator:
Starts in C
Believes being recruited by A
Actually is recruited by B and sends false information to C

False flag recruitments, admittedly for covert action rather than pure HUMINT, were
reported[15] as a technique used by Edwin P. Wilson, who left CIA in 1971, and then went to
work for a Navy HUMINT unit, Task Force 157 until 1976, when he went private.[16] During
his time working for CIA, he was both officially and unofficially involved in arms sales. "His
assignments sometimes required him to establish and use 'front' companies to gain access to
information and to support CIA operations here and abroad commercially."[16] Three men,
found dead under mysterious circumstances, had believed they had been recruited by Wilson,
"under the pretense that he was still a CIA executive." According to Epstein, "Wilson
maintained a close association with two of the agency's top executivesThomas G. Clines,
the director of training for the clandestine services, and Theodore G. Shackley, who held the
No. 2 position in the espionage branch. Both of these men sat in on meetings that Wilson held
with his operatives and weapon suppliers and, by doing so, helped further the illusion that his
activities had the sanction of the CIAan illusion crucial to keeping his false flag
attractive."[15] Wilson was involved in then-banned arms sales to Libya, and it is unclear who
actually sponsored these sales.

He was in Libya in 1982, but came to the Dominican Republic in 1982, where he was
arrested for illegal arms sales, and sentenced, in 1984, to 52 years in prison. He was 55 years
old at the time.

Continuing Freedom of Information Act and other research by his attorney caused a federal
judge to throw out the conviction,[16] on the basis that prosecutors "deliberately deceived the
court", in the words of the judge, "America will not defeat Libyan terrorism by double-
crossing a part-time, informal government agent."

Double agent

The first thing to consider about a double agent is that he is, at least minimally, a trained
intelligence asset. He may not be a full case officer of the other side, but he may, at least,
have been an agent of theirs. They had some reason to trust him. Like all other intelligence
operations, double agent cases are run to protect and enhance the national security. They
serve this purpose principally by providing current counterintelligence about hostile
intelligence and security services and about clandestine subversive activities. The service and
officer considering a double agent possibility must weigh net national advantage
thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of
communication with the enemy.[17]

Before even considering double agent operations, a service has to consider its own resources.
Managing that agent will take skill and sophistication, both at the local/case officer and
central levels. Complexity goes up astronomically when the service cannot put physical
controls on its doubles, as did the Double Cross System in WWII. In the Double Cross
System, the double agents were motivated by coercion: they knew they would be executed if
they did not cooperate. Few of them were highly trained intelligence officers, but
opportunists to start.
For predictive purposes the most important clue imbedded in the origins of an operation is the
agent's original or primary affiliation, whether it was formed voluntarily or not, the length of
its duration, and its intensity. The effects of years of clandestine association with the
adversary are deep and subtle; the Service B case officer working with a double agent of
service A is characterized by an ethnicity or religion may find those bonds run deep, even if
the agent hates the government of A. The service B officer may care deeply for the double.

Another result of lengthy prior clandestine service is that the agent may be hard to control in
most operations the case officer's superior training and experience give him so decided an
edge over the agent that recognition of this superiority makes the agent more tractable. But
add to the fact that the experienced double agent may have been in the business longer than
his U.S. control his further advantage in having gained a first-hand comparative knowledge
of the workings of at least two disparate services, and it is obvious that the case officer's
margin of superiority diminishes, vanishes, or even is reversed.

One facet of the efforts to control a double agent operation is to ensure that the double agent
is protected from discovery by the parent intelligence service; this is especially true in
circumstances where the double agent is a defector-in-place.

Double agent operations must be carefully planned, executed, and above all, reported. One of
the problems with double agent operations in the US, run by the FBI, is that the FBI culture
has been very decentralized to the field office level. This is, perhaps, an overreaction to the
extremely centralized culture under J. Edgar Hoover. Prior to 9/11, information in one field
office, which might reveal problems in a HUMINT operation, is not necessarily shared with
other offices. FBI Director Robert Mueller cited the changes since 9/11: "We then centralized
coordination of our counterterrorism program. Unlike before, when investigations were
managed primarily by individual field offices, the Counterterrorism Division at Headquarters
now has the authority and the responsibility to direct and coordinate counterterrorism
investigations throughout the country. This fundamental change has improved our ability to
coordinate our operations here and abroad, and it has clearly established accountability at
Headquarters for the development and success of our Counterterrorism Program."[18]

"The amount of detail and administrative backstopping seems unbearable at times in such
matters. But since penetrations are always in short supply, and defectors can tell less and less
of what we need to know as time goes on, because of their cut-off dates, double agents will
continue to be part of the scene.[19]"

Services functioning abroad-and particularly those operating in areas where the police powers
are in neutral or hostile handsneed professional subtlety as well. The agent handlers must
have full knowledge of [the agent's] past (and especially of any prior intelligence
associations), a solid grasp of his behavior pattern (both as an individual and as a member of
a national grouping), and rapport in the relationship with him.[17] Case officers must know the
agent's area and have a nuanced understanding of his language; this is an extremely unwise
situation for using interpreters, since the case officer needs to sense the emotional content of
the agent's communication and match it with the details of the information flowing in both
directions. Depending on whether the operation is being run in one's own country, an allied
country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly
territory, the case officer needs both liaison with, and knowledge of, the routine law
enforcement and security units in the area, so the operation is not blown because an ordinary
policeman gets suspicious and brings the agent in for questioning.

If at all possible, the service running the double agent have complete control of
communications, which, in practice, need to be by electronic means or dead drop. Meetings
between the double and his Service A handler are extremely risky. Even text communication
can have patterns of grammar or word choice, known to the agent and his original service,
that can hide a warning of capture, by the use of a seemingly ordinary word. Some
controlling services may paraphrase the double's text to hide such warnings, but run into the
possibility of being detected by sophisticated analysis of the double's normal choice of words.

Basic double agent

Starts in A
Recruited by B
Defects and tells B all he knows (defector)
operates in place (Agent doubled in place) and continues to tell B about A

Redoubled agent

A service discovering an adversary agent, who entered one's own service either as a
penetrator or an asset in place may offer him employment as a double. His agreement,
obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine
switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another
service has been detected by his original sponsor and who has been persuaded to reverse his
affections again also belongs to this dubious class. Many detected and doubled agents
degenerate into what are sometimes called "piston agents" or "mailmen," who change their
attitudes with their visas as they shunt from side to side.[17]

Operations based on them are little more than unauthorized liaison with the enemy, and
usually time-wasting exercises in futility. A notable exception is the detected and unwillingly
doubled agent who is relieved to be found out in his enforced service to the adversary.[17]

False flag double agent

Starts in A
Assigned to C
B creates a situation where agent believes he is talking to C, when actually receiving B
disinformation

Active provocateur

There can be active and passive provocation agents. A double agent may serve as a means
through which a provocation can be mounted against a person, an organization, an
intelligence or security service, or any affiliated group to induce action to its own
disadvantage. The provocation might be aimed at identifying members of the other service, at
diverting it to less important objectives, at tying up or wasting its assets and facilities, at
sowing dissension within its ranks, at inserting false data into its files to mislead it, at
building up in it a tainted file for a specific purpose, at forcing it to surface an activity it
wanted to keep hidden, or at bringing public discredit on it, making it look like an
organization of idiots. The Soviets and some of the Satellite services, the Poles in particular,
are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have
been used to mount provocation operations; the double agent is only one of them.[17]

An active provocateur is sent by Service A to Service B to tell B that he works' for A but
wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the
significant information that he is withholding, in compliance with A's orders, is the fact that
his offer is being made at A's instigation. He is also very likely to conceal one channel of
communication with A-for example, a second secret writing system. Such "side-commo"
enables A to keep in full touch while sending through the divulged communications channel
only messages meant for adversary eyes. The provocateur may also conceal his true sponsor,
claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his
actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from
us.[17]

Starts in A and is actually loyal to A

Goes to B, says he works for A, but wants to switch sides. Gives B access to his
communications channel with A (channel Y)
Keeps second communications channel, X with A, about which B knows nothing
Reports operational techniques of B to A via X

Provides disinformation from A, via X, which he disseminates to B (A may also send

disinformation directly through Y, since B should assume A doesn't know line of
communication Y is compromised)

Passive provocateur

Passive provocations are variants involving false-flag recruiting.

In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a
species of mirror-reading) and selects those citizens whose access to sources and other
qualifications make them most attractive to B. Service A officers, posing as service B
officers, recruit the citizens of country C. At some point, service A then exposes these
individuals, and complains to country C that country B is subverting its citizens.

The stake-out has a far better chance of success in areas like Africa, where intelligence
exploitation of local resources is far less intensive, than in Europe, where persons with
valuable access are likely to have been approached repeatedly by recruiting services during
the postwar years.[17]

A does an analysis of C and determines what targets would be attractive to B

A then recruits citizens of C, which A believes will be more loyal to B
The A recruit, a citizen of C, volunteers to B
A can then expose B's penetration of C, hurting BC relations.

This may be extremely difficult to accomplish, and even if accomplished the real difficulty is
maintaining control of this "turned asset". Controlling an enemy agent who has been turned is
a many-faceted and complex exercise that essentially boils down to making certain that the
agent's new-found loyalty remains consistent, which means determining whether the
"doubled" agent's turning is genuine or false. However, this process can be quite convoluted
and fraught with uncertainty and suspicion.[14]

Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of
and run as a double-agent against the terrorist's "parent" organization in much the same
fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of
ease, wherever double-agents are discussed the methodologies generally apply to activities
conducted against terrorist groups as well.[14]

Fake double agent

Peddlers, fabricators, and others who work for themselves rather than a service are not double
agents because they are not agents. Almost certainly motivated by money, it is unlikely they
can maintain the deception for very long.

They may be uncovered by a headquarters check, as they may well have tried the same game
elsewhere.

Unwitting double agent

"Witting" is a term of intelligence art that indicates that one is not only aware of a fact or
piece of information, but also aware of its connection to intelligence activities. An unwitting
double agent thinks that he is still working for his own Service A, but Service B has
somehow managed what, in communications security, is called a man-in-the-middle attack.
Service A believes it is in contact with its own agent, and the agent believes he is
communicating with his true control. This is extremely difficult to continue for more than a
very brief period of time.

Creating an unwitting double agent is extremely rare. The manipulative skill required to
deceive an agent into thinking that he is serving his team when in fact he is damaging its
interests is plainly of the highest order.

Multiply turned agent

A triple agent can be a double agent that decides his true loyalty is to his original service, or
could always have been loyal to his service but is part of an active provocation of your
service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another
time after that are far more difficult, but in some rare cases, worthwhile.

Any service B controlling, or believing it controls, a double agent, must constantly evaluate
the information that agent is providing on service A. While service A may have been willing
to sacrifice meaningful information, or even other human assets, to help an intended
penetration agent establish his bona fides, at some point, service A may start providing
useless or misleading information as part of the goal of service A. In the WWII Double Cross
System,[20] another way the British controllers (i.e., service B in this example) kept the Nazis
believing in their agent, was that the British let true information flow, but too late for the
Germans to act on it. The double agent might send information indicating that a lucrative
target was in range of a German submarine, but, by the time the information reaches the
Germans, they confirm the report was true because the ship is now docked in a safe port that
would have been a logical destination on the course reported by the agent.[21] While the
Double Cross System actively handled the double agent, the information sent to the Germans
was part of the overall Operation Bodyguard deception program of the London Controlling
Section. Bodyguard was meant to convince the Germans that the Allies planned their main
invasion at one of several places, none of which were Normandy. As long as the Germans
found those deceptions credible, which they did, they reinforced the other locations. Even
when the large landings came at Normandy, deception operations continued, convincing the
Germans that Operation Neptune at Normandy was a feint, so that they held back their
strategic reserves. By the time it became apparent that Normandy was indeed the main
invasions, the strategic reserves had been under heavy air attack, and the lodgment was
sufficiently strong that the reduced reserves could not push it back.

There are other benefits to analyzing the exchange of information between the double agent
and his original service, such as learning the priorities of service A through the information
requests they are sending to an individual they believe is working for them. If the requests all
turn out to be for information that service A could not use against B, and this becomes a
pattern, service A may have realized their agent has been turned.

Since maintaining control over double agents is tricky at best, it is not hard to see how
problematic this methodology can become. The potential for multiple turnings of agents and
perhaps worse, the turning of ones own intelligence officers (especially those working
within counterintelligence itself), poses a serious risk to any intelligence service wishing to
employ these techniques. This may be the reason that triple-agent operations appear not to
have been undertaken by U.S. counterintelligence in some espionage cases that have come to
light in recent years, particularly among those involving high-level penetrations. Although
the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both
of whom were senior counterintelligence officers in their respective agencies who
volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent
operations were not attempted throughout the community writ large, these two cases suggest
that neutralization operations may be the preferred method of handling adversary double
agent operations vice the more aggressive exploitation of these potential triple-agent
sources.[14]

Triple agent

Starts out working for B

Volunteers to be a defector-in-place for A
Discovered by B

Offers his communications with A to B, so B may gain operational data about A and send
disinformation to A

A concern with triple agents, of course, is if they have changed loyalties twice, why not a
third or even more times? Consider a variant where the agent remains fundamentally loyal to
B:

Quadruple agent

Starts out working for B

Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that
B has discovered and is controlling him
Discovered by B
Offers his communications with A to B.
B actually gets disinformation about A's operational techniques
A learns what B wants to know, such as potential vulnerabilities of A, which A will then
correct

Successes such as the British Double Cross System or the German Operation North Pole
show that these types of operations are indeed feasible. Therefore, despite the obviously very
risky and extremely complex nature of double agent operations, the potentially quite lucrative
intelligence windfall the disruption or deception of an adversary service makes them an
inseparable component of exploitation operations.[14]

If a double agent wants to come home to Service A, how can he offer a better way to redeem
himself than recruiting the Service B case officer that was running his double agent case,
essentially redoubling the direction of the operation? If the case officer refuses, that is apt to
be the end of the operation. If the attempt fails, of course, the whole operation has to be
terminated. A creative agent can tell his case office, even if he had not been tripled, that he
had been loyal all along, and the case officer would, at best, be revealed as a fool.

"Occasionally a service runs a double agent whom it knows to be under the control of the
other service and therefore has little ability to manipulate or even one who it knows has been
successfully redoubled. The question why a service sometimes does this is a valid one. One
reason for us is humanitarian: when the other service has gained physical control of the agent
by apprehending him in a denied area, we often continue the operation even though we know
that he has been doubled back because we want to keep him alive if we can.

"Another reason might be a desire to determine how the other service conducts its double
agent operations or what it uses for operational build-up or deception material and from what
level it is disseminated. There might be other advantages, such as deceiving the opposition as
to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to
continue running the known redoubled agent in order to conceal other operations. It might
want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in
a provocation being run against the opposition elsewhere. Running a known redoubled agent
is like playing poker against a professional who has marked the cards but who presumably is
unaware that you can read the backs as well as he can.[17]

Support services

Couriers

A courier has no responsibilities other than clandestine communications. Any involvement of

the courier in activities that may draw attention from counterintelligence is unwise. For
example, if there is a political party, friendship society, or other organization that would be
considered favorable to Service B, couriers, under no circumstances, should be identified
with them.

Courier work is among those things that consist of hours of boredom punctuated with
moments of sheer terror. Keeping a courier, who is not a member of your service and/or has
diplomatic cover, is challenging.
Occasionally, it may be practical to transfer a courier to other, more challenging duties. Once
that transfer is made, however, the individual should never be reassigned to courier duty, as
the probability of that person having become known to counterintelligence is much higher.

There may be occasions where diplomats, or even members of diplomats' families who have
diplomatic immunity, may serve as couriers. Their value in the diplomatic service must be
weighed against the near certainty that if discovered, they will be expelled as persona non
grata.

Drivers, especially those trained to receive car tosses, are a variant of couriers, and to which
the same constraints apply. Using persons with diplomatic immunity may be slightly more
sensible in the case of drivers, since their cars are usually immune to search. On the other
hand, a diplomatic car will have distinctive license plates and may be under surveillance
whenever it leaves diplomatic premises. Counterintelligence services may take the risk, given
the potential reward, of putting electronic tracking devices on diplomatic vehicles.

Safehouses and other meeting places

Safehouses may not be literal stand-alone houses. Indeed, in an urban area, the anonymity of
an apartment house or office building may give greater security.

In more rural areas, houses may indeed be needed. This is especially the case if the country
team needs storage of bulky supplies (e.g., weapons, sabotage materials, propaganda),
printing presses, etc.

In general, communications, as well as equipment clearly associated with clandestine

operations, should be portable and not fixed in a safehouse used for meetings. If this is done,
there is a chance that a counterintelligence search of the premises might not turn up anything
incriminating. On the other hand, things that must be carried around may be discovered if a
person or vehicle is searched. The safehouse should have emergency communications so that
it can be reached to call off a meeting or to warn of surveillance or an impending raid,
preferably with a wrong-number dialogue or other deniable communications method.

It is a difficult call as to whether a safehouse should have destruction facilities. Modern

forensic laboratories can reconstruct papers that are merely burned or shredded, although
shredders are no longer exotic items, especially if the safehouse serves a mundane office
function. More definitive destruction capabilities will confirm the clandestine use of the
premises, but they may be a reasonable protection if the safehouse is being overrun and
critical communications or other security material is in jeopardy.

Finance

Industrialized nations, with complex financial systems, have a variety of reporting systems
about money transfer, from which counterintelligence potentially can derive patterns of
operations and warnings of operations in progress. Money laundering refers to methods for
getting cash in and out of the financial system without it being noticed by financial
counterintelligence.

The need for money, and challenge of concealing its transfer, will vary with the purpose of
the clandestine system. If it is operated by a case officer under diplomatic cover, and the
money is for small payments to agent(s), the embassy can easily get cash, and the amounts
paid may not draw suspicion. If, however, there will be large payments to an agent, getting
the money still is not a problem for the embassy, but there starts to be a concern that the agent
may draw attention to himself by extensive spending.

US security systems, about which the most public information is known, usually include a
credit check as part of a security clearance, and excessive debt is a matter of concern. It may
be the case that refusing to clear people with known financial problems has stopped a
potential penetration, but, in reality, the problem may well be at the other side. Aldrich Ames,
Robert Hanssen, and John Walker all spent more money than could be explained by their
salaries, but their conspicuous spending did not draw attention; they were detected because
variously through investigations of leaks that threw suspicion on their access to information.
Suspicion did fall on Jack Dunlap, who had his security clearance revoked and committed
suicide. Perhaps Dunlap was more obvious as a low-level courier and driver than the others,
while the others were officers in more responsible positions.

The question remains if sudden wealth is likely to be detected. More extensive bank
reporting, partially as a result of the US PATRIOT Act and other reporting requirements of
the Financial Crimes Enforcement Network (FinCEN), the latter established before 9/11, may
make receiving payments easier to catch.

Additional requirements for bank reporting were in the PATRIOT act, and intended to help
catch terrorists preparing for operations. It is not clear, however, if terrorist operations will
involve highly visible cash transactions. The 9/11 operations cells were reported to have
required somewhere between $400,000 and $500,000 in operating funds, and there were
indeed wire transfers in the $100,000 range. Still, the question remains if a relatively small
expenditure, compared with the enormous amounts in the illegal drug trade, will draw
counterintelligence/counterterrorist attention.

Wire transfers and bank deposits go through formal value transfer systems where there is
reporting to government. Especially terrorist groups, however, have access to informal value
transfer systems (IVTS), where there is no reporting, although FinCEN has been suggesting
indirect means of detecting the operation of IVTS.[22]

For clandestine networks where the case officers are under non-official cover, handling large
sums of cash is more difficult and may justify resorting to IVTS. When the cover is under a
proprietary (owned by the intelligence agency) aviation company, it can be relatively simple
to hide large bundles of cash, and make direct payments.

Formal value transfer systems

In the US, financial transactions begin with mutual identification between the customer and
the financial institution. Although there are many Internet frauds involving fake financial
institutions or criminals masquerading as a financial institution (i.e., phishing), the more
difficult requirement is for the prospective customer to show acceptable identification to the
bank. For basic relationships, a government-issued identification document, such as a
passport or driver's license, usually suffices. For foreign nationals, their country's equivalent
may be accepted, although it may be harder to verify.
Going beyond the basics becomes much more difficult. Were the relationship one that
involved classified information, there would be an extensive personal history questionnaire,
fingerprint check, name search with law enforcement and intelligence, and, depending on the
clearance level, additional investigations.

Credit bureaus and other financial information services may be helpful, although the accuracy
of some of these is questionable. There are Federal requirements to check names against lists
of possible terrorists, financial criminals and money launderers, etc. In many respects, we
have a problem where financial institution employees, without law enforcement training, are
being asked to be detectives. There is a conflict of interest and lack of law enforcement
training when bank employees are asked to monitor the legality of their customers' acts. Stay
aware of the status of court tests of legislation and regulation in this area, as well as new
legislation. While it is possible to teach many investigative skills, every experienced and
successful investigator speaks of instinct, which takes years to develop.

Money laundering and subverting formal value transfer systems

Money laundering is more associated with domestic crime than with clandestine operations,
and is less likely to be involved in clandestine operations. Nevertheless, a brief mention of its
potential benefits are in order. The basic principle of money laundering is that someone is in
a business that has large cash income, such as drug sales or gambling. The receiving
organization needs to find a way that these get into usable bank accounts, so they can be
accessed for large purchases.

The most common way to do money laundering is to find a legal business that naturally
receives much of its income in cash. These could include hair and beauty shops, small
groceries, and, ironically, laundries and dry cleaners. The legal business, or more likely
multiple businesses, receive the illegal cash as well as normal receipts, and draw amounts that
do not attract suspicion. Periodically, the launderer may have the cash-receiving firm buy
something for him, or, less commonly, to write a large check that goes into his legal account.
Care is taken that the amounts in the legal accounts do not hit the limits that cause automatic
reporting.

Informal value transfer systems

Informal value transfer systems (IVTS),[22] however, exist in a number of cultures, and
bypass regular financial channels and their monitoring systems (see financial intelligence).
These are known by regional and cultural names including:
hawala (Middle East, Afghanistan, Pakistan)
hundi (India)

While details differ by culture and specific participants, the systems work in a comparable
manner. To transfer value, party 1 gives money (or other valuta) to IVTS agent 1-A. This
agent calls, faxes, or otherwise communicates the amount and recipient of the funds to be
transferred, to IVTS agent 2-A, who will deliver the funds to party 2. All the systems work
because they are valuable to the culture, and failure to carry out the agreement can invite
savage retribution.
Reconciliation can work in a number of ways. There can be physical transfer of cash or
valuables. There can be wire transfers in third and fourth countries, countries without strong
reporting requirements, which the IVTS agents can verify.

Another means of transferring assets is through commercial shipment of conventional goods,

but with an artificially low invoice price, so the receiver can sell them and recover disbursed
funds through profit on sales.