National Security Intelligence
Page 23
Thereafter, Angleton turned even more paranoid, a natural occupational hazard for all counterintelligence officers. He redoubled his mole-hunting efforts inside the CIA, perhaps to compensate for his humiliation over the Philby surprise. Critics claimed that Angleton began to point the finger of guilt indiscriminately at colleagues, claiming they were possible Soviet agents without sufficient evidence to substantiate his charges – a form of McCarthyism inside the CIA. Critics complained, as well, that he had been far too passive in his attempts to penetrate governments in the Warsaw Pact (the Soviet satellites in Eastern Europe), since he believed such operations were futile as a result of probable existing penetrations within the CIA by KGB agents, who would immediately tip off the Kremlin.39
Angleton supporters retorted that he was just doing his job as a determined and indefatigable counterintelligence professional, one who would have caught Ames had he been CI Chief during the Decade of the Spy. Moreover, they argue, Angleton was hardly passive – indeed, he was the most energetic CI Chief the Agency has ever had, even running penetration and disinformation operations out of the CI Staff offices in the DO that sometimes looked more like covert action than counterintelligence, all with little supervision from the seventh floor at Langley. In one widely reported example, Angleton is said to have doctored the famous “secret speech” delivered by Nikita Khrushchev following the death of Joseph Stalin. By adding deceptive paragraphs to the document and circulating it in Eastern Europe, Angleton apparently hoped to stimulate uprisings against the Soviet regime by painting an even more venal portrait of the Stalinist era than did the unadulterated speech itself.40
A British journalist has captured part of the reason for the controversy over Angleton's tenure as CI Chief at Langley. Counterintelligence is “a murky world,” he writes, “full of risks, dangers, personal jealousies and never-ceasing suspicions that the man in the office next to yours may be a Soviet agent. It is a situation that creates paranoia, corroding men's characters.”41 Adds political scientist Jervis: “There is no easy answer to the question of how much paranoia is enough.”42
In 1974, as the accusations about Angleton's excesses swirled in the hallways at Langley, DCI William Colby fired him as CI Chief. The ostensible grounds were that he had too much control over the Agency's relations with Israeli intelligence, but the real reason was the rising number of complaints about his overzealous activities as CI Chief. Some even leveled the farfetched allegation that Angleton was himself a Soviet mole. Others, recklessly, thought that of Colby. No wonder Angleton often referred to counterintelligence as a “wilderness of mirrors.”43 It was hard to know in this surreal realm who was telling the truth and who was lying.
A seasoned CI officer has written: “Except temporarily in the aftermath of spy scandals and major operational failures, the CIA historically has put less emphasis on CI.”44 The judgment of a presidential commission was more blunt in 2005: “U.S. counterintelligence efforts have remained fractured, myopic, and only marginally effective.”45 Just as with the other intelligence missions, America's counterspy operations are far too decentralized (“stovepiped”) and lacking in cohesive leadership. At least, though, the 2004 Intelligence Reform and Terrorism Prevention Act created a National Counterterrorism Center, with reporting lines to both the White House and the ODNI. The NCTC has helped to coordinate America's CT efforts against ISIS and other terrorist factions, although most observers view the Center as only partially successful in its attempts to bring “all-source fusion” into the counterintelligence domain.
In 1995, a senior Agency CI officer warned the Aspin–Brown Commission that “we're never going to stop people from ‘volunteering’ [that is, spying for the enemy]. We just have to learn how to catch them earlier, and to encourage people to report on those engaged in suspicious activities.”46 Catching spies relies on good CI tradecraft – the methods of mole-hunting.
CI tradecraft: security and counterespionage
Counterintelligence tradecraft consists of two complementary halves: security and counterespionage (CE). The former is the passive or defensive side of counterintelligence, while the latter is the offensive or aggressive side.
Security
In Renaissance Venice, a method of security used by the all-mighty Council of Ten was the Lions’ Mouths. Marble lions were placed throughout the city with their mouths agape, so “Venetians could inform the Council anonymously of their suspicions of their neighbors” by simply stuffing a hand-written note into the mouth of the beast to finger the threat to society.47 There were no public trials and no appeals. A favorite punishment was to bury the accused upside-down in the Piazzetta, legs protruding. Happily, those days are passed – although ISIS has its own medieval forms of counterintelligence. In 2016, when one of its senior leaders was killed by a U.S. drone strike in northern Syria, the ISIS counterintelligence unit conducted a witch hunt in an attempt to find informants within the ranks of the terrorist organization. The possession of a mobile phone or an Internet connection could be enough to have a suspected Western spy beheaded, burned alive, or lowered into a vat of acid.
In the more humane democratic societies, counterintelligence relies instead on the maintenance of good security at an intelligence agency, which entails putting in place static defenses against hostile operations aimed at one's country. Such defenses include the screening and clearance of personnel, along with the establishment of programs to safeguard sensitive information, such as extensive investigations into the backgrounds of job candidates.
Other security checks come into play. Polygraph examinations are administered to all new recruits at the CIA, for example, and periodically for those intelligence officers who are already employed. The polygraph is hardly foolproof, though, as the Ames example illustrates. Even before the Ames era, several traitors at the NSA underwent periodic polygraph tests, but their spying for the Soviet Union never came to light.48 The unreliability of the polygraph can sometimes ruin the reputations of individuals who are innocent but who react poorly when wired up to the machine. In the words of a three-time COS officer at Langley, “[The polygraph] has done great harm to our personnel system and agent base.”49 On occasion, however, lie-detector tests can disclose genuinely suspicious behavior. For example, one prospective Agency employee blurted out during a polygraph “flutter” (CIA slang for the test) that he had murdered his wife and buried her in the backyard – a guaranteed disqualification for a security clearance. On the whole, however, polygraph tests should be weighed with some degree of skepticism. Additional security measures include electric fences; armed guards accompanied by dogs; Jersey barriers, razor wire, and bollards; locks on vaults and doors; ID badges; education sessions on how to maintain security; a close accounting of sensitive documents by way of sign-in and sign-out systems; computer, email, fax, and telephone monitoring by internal security officers; a censorship of materials written by intelligence officers for public consumption; camouflage; and the use of encoded messages.
Security concerns extend overseas, too. Embassies must protect their personnel and classified documents, for instance. Further, U.S. intelligence officers often find themselves in hostile regions of the world. In 1983, a hashish-drugged terrorist drove a truck filled with explosives into the entrance of the American embassy in Beirut, killing hundreds of Marines and several intelligence officers. In 2000, Al Qaeda terrorists in Yemen attacked the Navy destroyer USS Cole moored in the harbor of the capital city, Aden. Seventeen American sailors died in the suicide bombing. In 2009, a double agent – a Jordanian physician by the name of Humam Khali Abu-Mulal al-Balawi, pretending to work for the CIA against Al Qaeda – detonated a bomb concealed beneath a suicide vest while standing near a cluster of Agency officers, gathered to meet with him for a strategy session in Khost, Afghanistan. Among the CIA officers who perished was the COS for Afghanistan, Jennifer Matthews. In each of these instances, tighter security could have prevented the tragedies. For example, at a minimum, prior to the Khost atta
ck, al-Balawi's bona fides should have been more completely vetted by counterintelligence specialists, and he should have been thoroughly searched (as a matter of routine) before the meeting took place.50
The Cyber Dimension of Security
Also vulnerable to hostile assault in recent years are computer systems in democratic regimes, doubly so since the 9/11 attacks and ensuing efforts by the United States and others to share information more effectively via computers that connect their intelligence services and, to some extent, foreign intelligence liaison computers. In the United States, attempts are underway to link up the computers of the seventeen major intelligence agencies, as well as the computers used by state and local counterterrorism authorities. While this improved sharing is vital, it creates a counterintelligence nightmare, with the possibility of a future Ames or Hanssen not only stealing from their own corners of the Intelligence Community but having access to the full IC computer system. “Even as we've greatly expanded information sharing since 9/11,” warns a U.S. counterterrorism official, “you still have to think about security and the sensitivity of certain data.”51 Experts in the intelligence agencies and outside IT consultants are laboring intensively to establish reliable firewalls to prevent an all-source Ames from happening. Soon after the end of the Cold War, a senior CIA/CI manager referred to this problem as the No. 1 challenge facing counterintelligence officers; and DNI James Clapper has often referred to cybersecurity as America's foremost intelligence challenge.52
As important as cybersecurity is, the efforts by the United States to organize its defenses (and offenses) in this domain remain in a preliminary state. Confusion about lines of authority and responsibility is rampant within a collection of government cyber entities characterized more by their fragmentation than by their unified efforts to protect America against hackers and even more aggressive cyberattacks. Every security agency has its own cyber capacity without sufficient integration with one another – the old “stovepipe” problem in a new setting. Progress is being made on the defensive side of the cyber equation, as stronger firewalls are erected and important steps are taken against future “inside threats” similar to the theft by government contractor and whistle-blower, Edward J. Snowden, of highly classified documents in 2013; but much more thought must go into the offensive side, especially related to the feasibility and the ethics of U.S. cyberattacks as an evolving form of covert action-electronic sabotage.
Additional aspects of computer counterintelligence are the issues of cyber-espionage and cyber-warfare. Cyber-espionage involves attempts to steal U.S. national security or commercial information from the Internet carried out by foreign governments (notoriously, Russian intelligence, as well as China's Ministry of State Security and its Peoples Liberation Army); terrorist organizations (ISIS has exhibited remarkable computer skills in its dissemination of propaganda and the recruitment of young would-be jihadists); and mischievous teenage hackers. Cyber-warfare goes a step further and seeks to disrupt or destroy computer networks – a form of cyber covert action. Corporate, stock exchange, and government computers, airport control towers, and subways, as well as American power grids, are among the potential targets for those engaged in cyber-espionage or cyber-warfare. Experts have warned, for example, that China “is in full economic attack” when it comes to cyber-espionage, although the evidence is virtually non-existent – so far – that Beijing has turned to cyber-warfare against the United States. Indeed, China is a country so heavily invested in Wall Street that it would, in a sense, be equivalent to attacking itself.
Clearly, though, China has mounted a full-court press when it comes to cyber-espionage operations, with its top U.S. targets being commercial companies (in search of technical secrets) and the military (weapons blueprints). In addition, China seeks through cyber-operations to retaliate against individuals or groups in the United States who may be placing anti-Chinese commentary on the Internet. The Chinese also manufacture and market computers for worldwide sales, and they often leave in these products a “back door” for electronic access by the government in Beijing – a practice periodically adopted as well by other nations selling computers in the world marketplace.
Despite the logic that China, Russia, and the United States would be better off improving their political and trade relations rather than spying on one another, 160 espionage agents working for China were uncovered in the United States between 1985 and 2016, as well as 161 deployed by Russia during this same period. Economic espionage cases under FBI investigation shot up 53 percent from 2014 to 2015. The targets of these foreign spies have included such companies as U.S. Steel, Alcoa, General Electric, and Westinghouse Electric, among others. The cyber-spies relentlessly search for data on such matters as the construction blueprints for U.S. fighter jet engines and drones. Chinese hacking into the personnel files held by the Office of Personnel Management in Washington, DC captured for Beijing records on 22 million U.S. government workers – valuable information for Chinese counterintelligence officers seeking to spot and recruit agents in America. In one ray of good news on the CI front, Reuters reported in 2016 that Chinese cyber-espionage had fallen by 90 percent in the wake of negotiations between Washington and Beijing over improved trade relations.53
Counterintelligence problems have arisen, too, because of the emphasis in the post-9/11 world on sharing data from agency to agency, including better cooperation between the intelligence agencies and law enforcement officials. Often, though, the two groups – spies and cops – fail to see eye-to-eye. Spy-catchers want to secretly follow suspected foreign agents to find out who else belongs in their ring, what their objectives are, and how they operate; in contrast, law enforcement officials tend to think more in terms of immediate arrests and convictions.
In 2010, law enforcement officials in Washington revealed the presence of a Russian spy ring in the United States and arrested its known members, who were deported back to their homeland (where they were greeted as heroes). Counterintelligence officials at the CIA would have much preferred to continue watching their activities for a period of time to learn more about the ring's objectives; but in this case they agreed with FBI law enforcement officials about the need to arrest these agents, because they feared that Russian intelligence officials were about to close in on an Agency mole in their midst – a “Colonel Shcherbakov” – who had tipped off the CIA about the activities of the Russian network within the United States. The Colonel and his family needed to be exfiltrated and absorbed into American society with new identities before they were captured and the Colonel executed. Despite this congruence of policy among U.S. cops and spies in this instance, much tension and only limited cooperation between the two groups remain the rule.54
Counterespionage
The identification of specific adversaries and the development of detailed knowledge about the operations they are planning, or already conducting, are the starting points for successful counterespionage (CE), which Redmond defines as “the detection and neutralization of human spies.”55 Personnel engaged in CE attempt to block these operations by infiltrating the hostile service or terrorist faction with a mole of their own, an operation known as a penetration, and (alternatively or jointly) by using sundry forms of manipulation to mislead the adversary.
The Penetration
The penetration operation transcends all other counterintelligence tradecraft in its potential value.56 Since the primary goal of CI is to contain the intelligence services and saboteurs of the enemy, it is desirable to know the enemy's intentions and capabilities in advance; the best way to achieve this objective is through a highly placed infiltrator – a mole – inside the adversary's intelligence service or government, or inside a terrorist cell. In the words of John A. McCone, a DCI from the Kennedy era: “Experience has shown penetration to be the most effective response to Soviet and Bloc [intelligence] services.”57 More recently, DNI Dennis C. Blair observed in 2009 that “the primary way” the Intelligence Community determines which terror
ist organizations pose a direct threat to the nation is “to penetrate them and learn whether they're talking about making attacks against the United States.”58 Furthermore, a well-placed mole may be better able than anyone else to determine whether one's own service has been infiltrated by an outsider. Recall, too, that Ames and Hanssen may have escaped detection far longer if the CIA had not had the benefit of an asset inside the Kremlin, unbeknownst to the two traitors, who helped pinpoint their identities.
The Agent-in-Place
The methods used for infiltrating an opposition's intelligence service take several forms. Usually the most effective and desirable penetration is the recruitment of an agent-in-place, sometimes called a defector-in-place. He or she is already in the employment of an enemy intelligence service or a terrorist organization and, therefore, close to the documents the United States would like to steal.