2 November 2015

The Growing Difficulty of Maintaining the Covers of Clandestine Agents in the Cyber Era

Scott Stewart
October 30, 2015

The Risk to Undercover Operatives in the Digital Age

On Sept. 29, the Washington Post reported that the CIA had pulled an undisclosed number of officers out of the U.S. Embassy in Beijing following the hack on the U.S. Office of Personnel Management (OPM) computer system, which exposed data on some 22.1 million government employees. The U.S. government blames China for the hack, and the withdrawal of agency personnel from Beijing based on fears their identities could be exposed would seem to indicate Washington is confident in its charge.

But beyond politics, the case is a good example of how digital advancements are making it increasingly difficult for intelligence officers to operate undercover.

Intelligence Cover

CIA officers with “official cover” work at U.S. embassies while posing as employees of another agency such as the State Department or the U.S. Agency for International Development. Sometimes this cover is quite superficial and is intended only for the public. In these cases, the CIA officer is formally declared to be an intelligence officer to the host intelligence service and serves a very important liaison role between the intelligence service of the host country and the CIA headquarters. He or she can also help provide training and resources to the local service or even work to coordinate joint projects against targets of mutual interest.

But other CIA officers under official cover are not declared to the host government, and their cover must therefore be more robust. Instead of openly liaising with the local intelligence service, their purpose is to conduct operations without the knowledge of the host government. Such missions could include recruiting or tending sources within the host country or attempting to recruit third-party nationals living in or visiting the country. These undeclared officers are the type of operative the CIA presumably moved out of Beijing, since the Chinese would have already known of the declared officers serving there.

Though the OPM files do not explicitly name CIA operatives, they could help a service such as the Chinese Ministry of State Security (MSS) identify officers under official cover through all the administrative differences between the CIA and cover agencies such as the State Department. In a perfect world, the process for recruiting, hiring, training and then deploying CIA case officers would be identical to that of a State Department foreign service officer, but in reality the two agencies have different bureaucratic cultures and use different methods to clear, hire, train and assign employees. Because of this, the personnel record of a CIA case officer will appear discernably different from that of a State Department political or economics officer.

Non-Tech Giveaways

Of course there are other ways that a service such as the MSS could identify CIA officers under official cover. The first is by simply recruiting a source within the embassy or even the CIA itself. The KGB did this with spectacular success in the Aldrich Ames case. Because of his position at CIA headquarters, Ames knew the identity of every CIA officer at the U.S. Embassy in Moscow and even many of the agents the CIA had recruited inside Russia. But it might be even easier than that. It is normally pretty widely known among embassy staff who the official cover CIA operatives are despite the best efforts to establish and maintain cover, so recruiting an officer who is not CIA could be helpful.

Even the foreign service nationals (FSNs) who work at an embassy often can tell the difference between the “normal” embassy officers and the undercover CIA officers. Sometimes this is because of the particular office an agent occupies in the embassy, the type of car they drive, the house they live in (have the last three official cover agents lived there?), their length of assignment and assignment history, and many other subtle signs. Official cover officers are supposed to live their cover, but some officers are better at it than others — even in high-threat counterintelligence environments.

In many cases, such indicators are picked up on by observant members of the local intelligence service without an inside source, and the official cover officer is placed under surveillance by the host country service. Because of this problem, the CIA and other intelligence agencies have had to develop a host of ingenious methods for official cover officers to avoid hostile surveillance.

Despite the obvious drawbacks of official cover, it does have some benefits. For one, the officers have a (hopefully) secure base to work from in the embassy with encrypted communications to headquarters. They are also usually provided with some level of diplomatic immunity, meaning that if they are caught red-handed in an operational act they will not be imprisoned or executed.

But the problems with official cover – and it is not just the CIA that has these problems — mean that for really sensitive tasks, intelligence agencies often use officers who are not under official cover. The CIA parlance for such an officer is a NOC (non-official cover); Russians refer to such an officer as an “illegal.” A NOC will sometimes pose as a tourist or businessman, and in some cases will even pretend to be of another nationality.

The idea is that a NOC will not have all the “tells” of an official cover officer, and will therefore be able to conduct operational activities without receiving the same amount of host-country scrutiny that an official cover officer may receive. Of course, if a NOC is caught they can be arrested and imprisoned, usually to be traded at a later date for an opposition officer of equal value.

Technological Threats to Cover

While hacks pose a threat to the integrity of an intelligence officer’s cover, there are many other threats to officers working undercover in the information age. Though intelligence agencies employ some of the best counterfeiters in the world, the changes countries have made to their travel documents are proving challenging. The best counterfeit artists can copy almost any document, including passports, but as I’ve discussed elsewhere, technology is making it increasingly difficult to use counterfeit documents because of security measures and the linking of documents to biometric data. This not only impacts criminals but also intelligence agencies. It is now impossible to completely counterfeit a passport or visa from whole cloth because such a document would not appear in the official database and would quickly be flagged as a counterfeit by a simple database query. Cloning passports (making an exact duplicate of an existing passport that bears a different photo) or altering an authentic passport by changing the photo has also become more difficult as documents have become tied to biometrics stored in national databases.

There are ways to obtain genuine documents to use as false identities for intelligence work, such as bribing or recruiting a passport agent or consular officer, but the practice is frowned upon and risks causing embarrassment if exposed.

But even with genuine documents, biometrics at border crossings is another problem now facing intelligence officers working under alias identities. Many countries now collect photographs and fingerprints from each traveler entering their country, and these photographs are often run through facial recognition software and the fingerprints compared to others on file. There are ways to fool these systems using high-end disguises and fake fingerprints, but such measures take time and resources. Thus, traveling under an alias is now more complicated, even for those with authentic travel documents in an alias identity.

Another digital age problem for intelligence officers is the increasing ubiquity of closed-circuit television cameras. In traditional intelligence tradecraft, an intelligence officer would leave an operational signal by using operational sleight of hand to leave a chalk mark on a wall or some similar surreptitious sign – even if they were under hostile surveillance. However, with the extensive CCTV coverage in some cities, suspected intelligence officers can be followed by cameras, even when a human surveillance team following them loses sight, meaning that intelligence officers have to make accounting for surveillance cameras a prime part of their operational planning.

On the positive side, technology does enable clandestine signals by allowing intelligence officers to place innocuous messages in innocent-looking chat rooms, websites or social media streams instead of having to leave old school signals like chalk marks or chewing gum.

Social media and the digital footprint it leaves also complicates life for intelligence officers working undercover, especially younger officers who are part of the social media generation and who have not been very careful with what they post. Additionally, in many cases counterintelligence officers can simply Google search an officer’s alias name to see what is out there on the alias identity. Most normal people today have a digital footprint that goes back years and is consistent with who and what they are. Anyone who is a digital ghost without such an electronic trail is automatically suspect. Creating such a trail is possible, but again, it takes time and effort and adds additional complexity to creating and maintaining cover.

Public data can be another problem area. As a criminal investigator working passport and visa fraud cases, I frequently used public data and credit check database searches to help identify criminal imposters attempting to fraudulently obtain passports or visas. By typing in a person’s name and a numerical identifier such as a date of birth or social security number, these public records database searches can compile an incredibly detailed profile of a person including addresses used, others who have used that same address, vehicle ownership and registration, marriages, divorces, corporate records, arrest records, etc. While the use of some of the more powerful databases is limited by legal restrictions, foreign governments can use many of the commercially available ones simply by paying for them and can access the more sensitive ones by paying a private investigator, lawyer or some other party with access.

Years ago, American intelligence officers frequently used mail drops when listing their cover addresses, but today, it is easy to identify such places from any computer. Simply by a running an address through Google Maps or Google Earth, one can quickly tell if an address is a commercial establishment, rather than a residence, and the business listed at that address. This means that addresses used for cover, whether business or residential, must be much more carefully considered than they were in the past.

Technology will not by any means bring an end to intelligence gathering. It will however, make some actions more difficult and force intelligence agencies to adapt to this new reality by making their covers more robust. If they don’t adapt, they will get caught.

No comments: