Cybercrime and Espionage

Information in this chapter

• Espionage and Its Influence on Next-Generation Threats

• Traditional Forms of Intelligence Gathering

Introduction

State-sponsored intelligence has played an integral role in establishing, managing, and retaining dominion since human beings first banded together in large, extended families, thousands of years ago, and began implementing social and geographic boundaries for themselves and their neighbors. History has shown this to be the case, and here, in the twenty-first century, state-sponsored intelligence is no less important or necessary. It is a very real part of our world, one which is not always easily understood but nevertheless imperative to our survival. It involves myriad differing actors, philosophies, methodologies, tools, techniques, and approaches. It is an ever-evolving discipline that sees cross-pollination among contributing entities within the state as pivotal to its success or failure and not open for discussion among the citizenry.

Within the world of state-sponsored intelligence careful consideration is given, but not limited, to the following influencers:

• Intelligence types to be gathered

• Intelligence gathering process

• Intelligence analysis process

• The negative repercussions of conducting state-sponsored intelligence gathering against a target

• Mechanisms for collection and submission of intelligence

• Categorization of intelligence

• Dissemination of intelligence once collected, analyzed, and corroborated

• The sources of the intelligence being acquired

• The degree of difficulty associated with corroborating the samples

• Globalization

• Socioeconomic stability of the nation and nations of interest (friendly or unfriendly) from which the intelligence is derived and to which it is related

• Foreign and international relations policy

• The implications of the intelligence for domestic and foreign concerns

• The potential threat vectors and points of confluence associated with preexisting intelligence and new samples

Much consideration must be given to the areas of operational, tactical, and strategic intelligence. The ability to differentiate and make intelligent decisions based on the information a given organization within a state receives is not trivial. In most respects, it is the culmination of the analysis and review of an immense amount of data and scenarios, some aspects of which were cultivated within academic environments, and removed from the grit of the field while others were cultivated, tested, and noted in the field.

Espionage and Its Influence on Next-Generation Threats

Espionage, in one form or other, has existed throughout the expanse of known, documented (and likely undocumented), human history. Examples of espionage use, development, endorsement, and adoption have been identified and noted in almost every culture of the world. Archeologists and anthropologists have found detailed accounts of such activity in countries such as Egypt, Samaria, Israel, Greece, Persia, Italy, China, Japan, Korea, India, and England; all of which endorsed the use of espionage unrepentantly in order to advance and achieve their agendas. This use ultimately culminated in the achievement or loss of their goals, goods, lands, and assets or life itself.

Within these cultures, the selection and training of practitioners of clandestine crafts was and remains a process shrouded in mystery. These agent provocateurs were carefully trained, in many cases, from birth or early childhood, in furtive disciplines in order that they become prepared for deployment when called on by their ranking authorities. Their missions would include intelligence gathering activities of a varied sort. Some involved infiltration via subversive means allowing the agent in question to operate in the open while in deep cover while others might be deployed in a manner that saw them involved in the propagation, dissemination, and proliferation of propaganda designed to undermine enemy opposition. Still others were deployed with a much simpler mission: to acquire data via any means necessary (in many cases often through seduction), and if need be carry out the mission to completion, utilization, or assassination. Often these activities would see operators deployed behind enemies’ lines in the heart of danger. The clandestine activities practiced by these agents have become the stuff of legends and for good reason. The missions undertaken by these actors in the ancient world just as in the modern one were passed down generationally.

They transitioned cultures, and political and military regimes feared and revered them at the same time.

Because of the economic and tactical value of their skills (supply and demand), these individuals often saw their services sought during times of peace in addition to times leading to and during war. As a result, they became targets of acquisition, viewed as essential to the individuals as well as the organizations that they served or opposed. Fundamental to their success was their knowledge of humanity—the motives that drive the ideological, economic, or primal aspects of humankind.

All were studied, mastered, and incorporated into their methodologies in order to increase field efficacy and garrison analysis. In striving for mastery of these aspects of human psychology in order to be better equipped to exploit when the time came, these agents strove for perfection in their craft. Risk mitigation or minimization was expected of them while deception and subversion became key to their tradecraft, along with the ability to acquire voluminous amounts of data in a variety of ways. This ability to retain information gathered for real or near real-time analysis (in addition to post collection analysis) would serve these agents well in making critical decisions while in the field. The ability to debrief safely and securely—via appropriate channels—became vital in their efforts and continues to be so. Finally, there was the ability to remain—figuratively and literally—silent until safely able to debrief with respect to the intelligence gathered through appropriate, secured channels.

Over time, through conflict—both public and private—these skills were practiced, refined, and proven in real-world situations, leading to the development of modern covert organizations such as the following:

1. United States Office of Naval Investigation (ONI)—the oldest continuously operating intelligence service in the nation. While its mission has taken many different forms over its evolution, the main purpose has not changed from its inception

2. United States Office of Strategic Services (OSS)—now known as the modern Central Intelligence Agency (CIA), developed during World War II

3. United States Armed Forces Security Agency (AFSA)—now known as the National Security Agency (NSA)

4. United Kingdom Ministry of Defence (MOD)—Defence Intelligence Staff (DIS)

5. United Kingdom Government Communications Headquarters (GCHQ)

6. United Kingdom Secret Service (MI5)—responsible for counterintelligence (CI) and security

7. United Kingdom Secret Intelligence Service (SIS a.k.a. MI6) and Special Operations Executive (SOE)

8. Russian Glavnoye Razvedyvatel’noye Upravleniye (GRU) and Sluzhba Vneshney Razvedki (SVR), also known as the Foreign Intelligence Service

9. Chinese Ministry of State Security (MSS)—the Chinese government’s largest and most active foreign intelligence agency

10. Israeli Institute for Intelligence and Special Operation (Mossad or HaMossad)

11. Saudi Re’asat Al Istikhbarat Al A’amah (GIP)—now known as General Intelligence Presidency

12. North Korea Cabinet General Intelligence Bureau of the Korean Workers Party Central Committee (RDEI)—Research Department for External Intelligence and Liaison Department

These organizations and others like them (nationally or subnationally sponsored), continue in the business of data and intelligence gathering for various purposes—some sensitive, some not; some classified, some not classified—all of which are relevant to their individual charters and areas of expertise. Unfortunately, they are not alone in their recognition of the value of data, information, and intelligence on the global stage. Nor were they the only organizations adept in plying like tradecraft for the express purpose of identifying and acquiring data, information, and intelligence (Figure 6.1).

Figure 6.1 United States Intelligence Community as defined by the Federation of American Scientists.

Criminal elements—whether localized geographically or internationally in scope—thrive, proliferate, and encourage criminal ecosystems gathering data, information, and intelligence and marketing its availability to the highest bidder. In Chapter 9, we explore and discuss more about these types of organizations and their activities as they relate to state and nonstate sponsored action in more detail. Often times, they are in direct opposition to organizations such as those mentioned before or against them in field. In some cases, former military and intelligence community operatives and officers the world over have elected to engage in underground enterprise adding a level of sophistication, professionalism, and cohesion not typical of traditional criminal organizations (Figures 6.2–6.6).

Figure 6.2 United States Intelligence Community insignias.

Figure 6.3 Mapping of Intelligence Community to the United States DNI.

Figure 6.4 Intelligence Community Structure.

Figure 6.5 United States Intelligence hierarchy.

Figure 6.6 British Parliament and Intelligence community mappings.

Intelligence Types

As we have seen, the desire to procure intelligence is as old as time. That desire has seen the evolution and birthing of formalized intelligence organizations some of which we have referred to above. However, it is important that we examine and classify intelligence in three easy-to-understand categories:

1. Strategic intelligence

2. Tactical intelligence

3. Operational intelligence (OPINTEL)

Let us begin by exploring the first concept, strategic intelligence. It is important to note that this is a simplification of what is not simple by any means. As such, it is a means by which to explain in an expeditious manner the roles that information and intelligence are given, our prioritization of them, and the subsequent use of the intelligence gathered to achieve our ends.

Strategic Intelligence

The etymology of the word strategy comes from the Greek strategia (generalship) and stategos. Strategy quite simply is the art and science of employing the political, economic, psychological, and military forces of a nation, or coalition of nations, to afford the maximum support in the adoption of policies that govern peace or war. Strategic intelligence focuses on broad issues which impact and direct strategy. For example, some of these issues may include but are not limited to the following:

1. National economics

2. Global economics

3. Political assessments and assignments

4. Military capabilities and resources

5. Intentions of foreign nations

6. Intention of nonstate or subnational entities

The nature of this intelligence may be technical, scientific, diplomatic, sociological, or any combination thereof. These types of intelligence are analyzed in concert with known information pertaining to the data related to the area in question (e.g., geographic, demographic, and industrial capacities). This information provides a great deal of insight that feeds other intelligence operations and organizations serviced by them.

Tactical Intelligence

Tactical intelligence is focused on support to operations at the tactical level, and would be attached to the Battlegroup. Specialized units operating in reconnaissance capacities carry out the mission to identify, observe, and collect data that will later be delivered to command elements for dissemination to command elements and units. At the tactical level, briefings are then delivered to patrols on current threats and collection priorities; these patrols are then debriefed to elicit information for analysis and communication through the reporting chain. Those with command responsibilities and decision-making power often influence tactical intelligence initiatives, as a part of strategic intelligence agendas. This is a critical concept to grasp hold of and one that is not only ubiquitous but also crucial to the agendas set forth by nation states and their military and intelligence communities.

Operational Intelligence

Operational intelligence (OPINTEL) is a form of data acquisition considered necessary to both intelligence community and military organizations for the successful planning, execution, and accomplishment of missions (tactical and/or strategic), and operations and campaigns within geotheaters and areas of operation—sanctioned and unsanctioned. OPINTEL is focused on providing support to an expeditionary force commander and is traditionally seen attached to headquarters units. This is critical as it feeds into and supports activity associated with strategic and tactical intelligence initiatives. It should not be confused with the activities associated with business process management (sometimes referred to as OPINTEL), which focuses on providing real-time monitoring of business processes and activities as they are executed within enterprise business computer systems.

OPINTEL utilizes Electronic Intelligence (ELINT) among other forms of intelligence gathering mechanisms to identify, gather, and ensure the secure transmission of data from operators to analysts, ultimately arriving in the hands of decision-makers tasked with command responsibilities. ELINT is a form of intelligence that focuses on the interception of noncommunication signals transmitted over electromagnetic waves with the exception being those identified as originating from atomic or nuclear detonations. Nonelectromagnetic transmissions such as those originating in atomic or nuclear detonation fall into the realm of MASINT (Measurement and Signal Intelligence). ELINT saw its birth during World War II in which Allied forces monitored Axis air defense radar systems in order to neutralize them during a bombing raid via direct strikes or electronic countermeasures (Figure 6.7).

Figure 6.7 Data collected during a MASINT operation.

Over time, this practice has continued in other conflicts, in which the United States has been involved, involving the Union of Soviet Socialist Republics (USSR), and the People’s Republic of China during the Cold War, the Democratic Republic of Vietnam (also known as North Vietnam) during the war in Southeast Asia, and in conflicts the world over involving Libya, Iran, and more current conflicts in the middle east. Although it is easy to mistake ELINT for RADINT (Radar Intelligence), RADINT does not involve the interception of radar signals but rather focuses on flight path intelligence and other data specifics derived from the reflection of enemy radar signals. RADINT by virtue of categorical relation is a subset of MASINT. ELINT itself contains the following subcategories:

• FISINT (Foreign Instrumentation Signals Intelligences)

• TELINT (Telemetry Intelligence)

FISINT focuses on identifying and tracking signals transmitted by foreign entities when testing and deploying new technology in aerospace, surface, and subsurface systems such as tracking and aiming signals and video links. TELINT, which is considered a subcategory of the subcategory that is FISINT, is the process of taking measurements from a remote location and transmitting those measurements to receiving equipment. There are ample applications of telemetry in both the civilian and defense industrial base. Examples of the former may include a power company’s use of radio signals from remote power lines to relay operational information to an intelligence center within the power grid. Examples of the latter may include the use of signals to relay performance and operational information on munitions and smart weapons.

ELINT is an integral aspect of over-arching intelligence processes seen within state sponsored intelligence activity (Figure 6.8).

Figure 6.8 Rockwell Collins ELINT PULSE ANALYZER (PAU)/CS-3001.

Traditional Forms of Intelligence Gathering

Within the sphere of information and intelligence gathering, some techniques have remained unchanged. Simply stated, there was no need to fix what was not broken. Techniques and methodologies of this sort have transcended time, space, culture, and borders as we have described previously largely because of the stagnation in development seen in humanity. The who, what, where, when, how, and whys are all as important today as they were 7000 years ago although the targets and information may have changed as has the reasoning behind the activity in general. Regardless of this, the underlying theme for this type of activity is the need to know, versus the desire to know.

At its core, this is rooted in the ability to manage and control the balance of power within a given contextual model. This is a human issue, which can only be addressed by humans. As a result, field craft, or the tools and methodology of the trade, have been developed to guard against the probing activities of unauthorized parties, or perform these activities without being detected. Failure or success is often predicated on two factors being mastered with respect to this space: deception and subversion. Why are these concepts so important to these activities? For many reasons, however, depending on the context in which one finds oneself, they may mean the difference between life and death. Being able to extract or remove oneself and/or team with the target of interest in hand and without incurring notice is key in all intelligence operations, electronic or otherwise. To be caught in the act is a typically unacceptable option in most cases. Equally, valuable to the success or failure of these activities was the ability to remain silent under the most inhospitable of circumstances as well as in hospitable ones.

Divulging data to anyone other than authorized personnel is an anathema to parties actively engaged in this type of work. As we discussed earlier, we have seen the continued evolution of these two tactics and techniques in addition to the evolution of associated processes. The continued evolution, creation, execution, and implementation of these processes in practice and theory are paramount to intelligence gathering. In modern times, we have seen continued innovation; creation and implementation appear in four primary areas of information and intelligence gathering. The four major methods for information gathering are as follows:

Human Source Intelligence (HUMINT) is a method focused on the identification, compromise, and use of human beings via interpersonal contact for the purpose of gaining valuable intelligence. It is also often utilized for CI. CI refers to efforts made by intelligence, military, and subnational organizations to prevent hostile or enemy intelligence organizations from successfully identifying, gathering, collecting, and analyzing intelligence against them or their allies. It is important to understand that for HUMINT to be most effective, it is necessary to know the target from which the information is to be obtained. This requires either the exploitation of a preexistent relationship or the creation of a relationship for the express purpose of extracting information.

Though it sounds exploitative in nature, it is a vital element tool in information gathering and collecting. HUMINT is extremely effective and at times a dangerous proposition. It requires great care for the well-being of the operative and informant at all times.

This requires that, during the process of trust building, the informant feels safe and reciprocates his or her level of trust with the operative in kind. Although it sounds disagreeable, it is again, within the context of the process of information and intelligence gathering, a well-proven technique with an equally impressive record of success. There are several reasons for its success, however; the basis for the greatest degrees of success seen within this process is the establishment of trust as mentioned previously, between operator and informant.

Equally important to establishing and preserving trust is first being able to identify a target of opportunity from which to begin the building of trust in order to successfully extract information and intelligence. This requires reconnaissance or special surveillance work to be done well in advance, taking into consideration a variety of details about the subject in question and his or her social networks. In many cases, targets or subjects of interest represent and demonstrate an array of characteristics:

1. The willing, friendly, and witting participants

2. The unwilling, unfriendly, and hostile or unwitting participants

Tradition dictates that targets or subjects of opportunity may include human beings working in one or more of the following capacities:

1. Foreign Internal Defense (FID) personnel (e.g., those working with host nation forces or populations in diplomatic or official capacities)

2. Official Advisors or those working in advisory capacities within foreign service or state department roles

3. Diplomats or those holding diplomatic assignments and responsibilities

4. Espionage agents or clandestine operatives

5. Military attachés and/or embassy personnel

6. Nongovernmental organizations or subnational entities

7. Prisoners of war or officially held detainees

8. Refugees seeking asylum

9. Routine or specialized military patrols in occupied territory or behind enemy lines

10. Special operations teams operating in occupied territory or behind enemy lines

We next begin reviewing some key cases where HUMINT techniques and tactics have leveraged successfully with catastrophic ends. We focus on four cases of recent historical importance to the people and government of the United States of America. You will notice that in these cases HUMINT was paramount to the successful compromise of these operatives—all of whom betrayed their country and obligations.

Examples of Human Intelligence Gathering

The Case of Julius and Ethel Rosenberg

Perhaps one of the earliest examples of modern HUMINT in the history of the United States in the modern era would be that of Julius and Ethel Rosenberg. The Rosenberg case rocked the nation in its time and continues to reverberate in our world today. Julius Rosenberg was born on May 12, 1918 in New York City as the son of Polish immigrants. He was raised by hard-working parents—Harry, who worked in New York’s garment district and Sophie, who was a homemaker and mother to Julius and his four siblings. At age 16, Julius graduated from the Downtown Talmud Torah School to Seward Park High School; he later enrolled at the City College of New York in order to begin his studies in electrical engineering. Ethel Greenglass was born on September 28, 1915 in New York City as the daughter of Barnet and Tessie Greenglass. Barnet—a sewing machine repair shop proprietor struggled to support his wife, Ethel, and her three siblings. They were impoverished, living in a squalid tenement apartment without heat. Ethel attended the Downtown Talmud Torah School, and then the Seward Park High School where she graduated at age 15. While attending university, young Julius developed and pursued an interest in politics. Soon after, he developed a relationship with a fellow student—eventually leading him to join the Steinmetz Club, which was the campus branch of the Young Communist League. As a member of the League, he would meet other like-minded individuals including Morton Sobell, William Perl, and Joel Barr. He later became a member of the Federation of Architects, Engineers, Chemists, and Technicians (FAECT), a radical union for professionals active at that time.

Eventually, Rosenberg’s political aspirations and devotion had a negative impact on his academic ambitions and although he graduated from university, he did so a semester behind the rest of his class. Ethel, who did not share Julius’ passion for advanced education, became a clerk for a shipping company immediately after graduation. She worked in this role for four years until she was let go because of her role as the organizer of a strike of 150 women workers. Ethel shared a passion for politics not unlike Julius, which later saw her join the Young Communist League, eventually becoming a member of the American Communist Party. Ethel, a gifted singer, enjoyed participating in choir. On New Year’s Day 1939, while waiting to go onstage to sing, she met Julius Rosenberg. During the summer of 1939, the couple married. On graduating, Rosenberg began doing freelance work until the fall of 1940 when the United States Army Signal Corps hired him as a contract employee.

He received promotion in 1942 to the position of inspector. Not long thereafter, Rosenberg and his wife became full-time members of the American Communist Party. Rosenberg himself became the Chairman of Branch 16B of the Part’s Industrial Division. By 1943, something had changed. Rosenberg had dropped out of the party to enter into espionage on a full-time basis, a decision that would ultimate impact both him and his wife and cost them their lives. In 1945, he was fired from his job with the United States Army Signal Corps when his past membership in the Communist Party was discovered. He then took up a position with the Emerson Radio Corporation later forming, in 1946, the G & R Engineering Corporation. On June 17, 1950, Rosenberg was arrested on suspicion of committing espionage against the United States of America after having been named by former business partner David Greenglass (who as a sergeant in the United States Army was assigned to work on the Manhattan Project, which saw him have access to sensitive and classified information, and which would later be relayed to the Soviets). David Greenglass would be key in providing information to the Rosenbergs on the nuclear weapons program. With information in hand provided by David Greenglass (Ethel’s brother), the Rosenbergs went to Harry Gold, a Swiss-born courier for the espionage ring, who then passed it to Anatoly A. Yakovlev, the Soviet Union’s vice-consul in New York City. Rosenberg provided the Soviet Union with sketches of the cross-section of an implosion-type atom bomb (the “Fat Man” bomb dropped on Nagasaki, Japan, as opposed to a bomb with the “gun method” triggering device as used in the “Little Boy” bomb dropped on Hiroshima; Figure 6.10).

Figure 6.9 Julius and Ethel Rosenberg.

Figure 6.10 The diagram of the atomic bomb provided by David Greenglass to the Soviets.

Shortly after the arrest of British spy Klaus Fuchs, who was arrested for providing U.S. and British nuclear secrets to the Soviet Union, Rosenberg was questioned by the Federal Bureau of Investigation (FBI)—and eventually placed under arrest (Figure 6.9). On August 11, 1950, Ethel Rosenberg was also arrested. She had been implicated as being a member of the atomic spy ring along with Julius and others (in fact according to her own brother David, it was Ethel who had been charged with scribing the meetings and notes for the ring). The testimony of her brother aided in sealing her fate. She was found guilty of espionage along with her husband Julius Rosenberg on April 05, 1951 and sentenced to death. Although they both maintained innocence until the end, after a lengthy trial and appeals process, they were executed, on June 19, 1953 in Sing-Sing Prison in New York. However, in the years that followed the executions of the Rosenbergs, there was significant scrutiny and debate over their guilt. This was put to rest, however, when Nikita Khrushchev, leader of the Soviet Union from 1953 to 1964, acknowledged that he had learned of the involvement of the Rosenbergs in the development on the Soviet Union’s nuclear weaponry program from Joseph Stalin and Vyacheslav M. Molotov. Khrushchev went on to say, “…Julius and Ethel Rosenberg had provided very significant help in accelerating the production of our atomic bomb.” He further wrote that “…Let this be a worthy tribute to the memory of those people. Let my words serve as an express of gratitude to those who sacrificed their lives to a great cause of the Soviet state at a time when the United States was using its advantage over our state to blackmail our state and undermine its proletarian cause.” The case of the Rosenbergs set in motion a new era of diligence coinciding with what was being developed by other Department of Defense (DoD), and Intelligence based agencies within the United States and the world over.

It underscored the importance of the type of information that can be gained by careful observation and surveillance of targets of interests via tactics and techniques in addition to mapping out additional parties of interest that make up the social networks and frameworks of the subjects. This information would prove vital going forward in future training and investigations involving HUMINT and CI activities.

The Case of Clayton Lonetree

Several examples of Human Intelligence Gathering techniques have been witnessed and documented over the years with some resonating more deeply than others. One that is of particularly special importance to one of the authors is the case of United States Marine Corps (USMC) Sergeant Clayton Lonetree. Sgt. Lonetree was a Marine Security Guard (MSG) posted on embassy duty in Moscow, USSR during the early 1980s.¹ The primary mission of all MSGs is to provide security—particularly the protection of classified information and equipment vital to the national security of the United States of America at American diplomatic posts. MSGs also provide security for visiting foreign dignitaries and often assist the Regional Security Office (RSO) in supervising host country and/or locally employed security forces provided to ensure additional aid to the embassy. It should be noted that MSGs focus primarily on the interior security of the diplomatic post’s building, including sweeping for electronic devices and other unauthorized observation technologies.

Sgt. Lonetree was stationed as an MSG at the American diplomatic post in Moscow, USSR in the early 1980s and later in Vienna, Austria. Clayton Lonetree holds the ignominious distinction of being the first USMC Marine ever convicted of espionage against his own nation. He found himself at the core of what would later come to be known as a “sex for secrets” scandal that devastated the Marine Corps as well as the State Department. Because of the nature of his position, as an embassy guard at the U.S. Embassy in Moscow and later in Vienna, Lonetree retained access to highly sensitive material including keys to safes where sensitive materials were housed. Lonetree served 17 months in the U.S. Embassy in Moscow prior to being transferred to the U.S. Embassy in Vienna, Austria.

In November 1985, Lonetree met a Russian woman named Violetta Seina at the annual USMC Ball to celebrate the birthday of the United States Marines. Violetta Seina had worked as telephone operator and translator at the embassy (it is important to note that while working at the embassy she was a Komitet Gosudarstvennoy Bezopasnosti (KGB) operative). Lonetree, fully aware of the restrictions in governing and forbidding the fraternization between active USMC MSGs and nationals based on USMC regulations, violated an official order. Seina introduced Lonetree to her “Uncle Sascha” (another active KGB agent).

With this introduction, began a relationship that would run along the classic lines of “honey pot” scenarios. Lonetree, whose conscience eventually won out (or when Seina would not travel to Vienna to see him any longer), walked into a CIA officials’ office and admitted to providing the KGB agents with low-level classified information while stationed at the U.S. Embassy in Vienna (contrary to popular belief, Lonetree never admitted to providing information while stationed in Moscow). The CIA turned that information over to the Naval Investigative Service (NIS), who arrested Lonetree.

The result of Lonetree’s confession was a massive hunt for USMC “spies” in all the U.S. Embassies around the world. A large-scale manhunt was launched by the NIS, which in turn saw others arrested and prosecuted for their roles in espionage. Corporal Arnold Bracy was arrested because of the nine-month investigation, along with four other USMC enlisted men. Bracy told the NIS that he was the “lookout” for Lonetree, so Lonetree would be able to escort the KGB around the U.S. Embassy to place bugs in various locations. Bracy later stated that he was coerced into confession and that he did not read his confession, before being forced to sign. His confession was not allowed to be entered in court while charges remained in place against him. Lonetree was charged and tried on 13 counts of espionage. Among those counts, Lonetree faced several counts for conspiracy to gather names and photographs of American intelligence operatives and to provide HUMINT (personality data) on these agents. Furthermore, he was charged with providing the KGB with embassy floor plans. On August 21, 1987, Lonetree was convicted of 12 of the 13 counts by military court. He was sentenced by that same court to 30 years in prison, a 5000 USD fine, and loss of all pay and allowances, reduced in rank to private, and given a dishonorable discharge. After two reductions in sentencing, Lonetree was released in February 1996, after over 9 years in prison.

¹ This is a huge responsibility and as one of our authors, a former United States Marine stated “…the job is not for everyone. It involves an extremely detail oriented training program with a rigorous emphasis on situational awareness and attention to detail.” The graduation rate from the Security Guard Battalion was less than 50%, due to the rigor and demands of the courses. The school provides extensive training on espionage, antiterrorist tactics, and counter espionage. Marines posted in these roles report to civilian government employees known as Regional Security Officers (RSO) who are in charge of security at the diplomatic post in question.

The Case Former CIA Officer Aldrich Ames

The case of Aldrich Ames is both complex and disturbing. Ames spent his entire adult life in the service of his country as a member of the CIA. He began his career with the Agency in 1962, and his original intention was to use it as a “stop gap” while pursuing his formal education. However, as he moved forward within his career, he became fascinated with the clandestine world and subsequently delved ever deeper into that space. Over the course of the next several years, he finished his education and advanced his career through the ranks of the Agency. Ames had been married twice: both times to women who were members of the intelligence community and one of whom, his second wife Maria del Rosario Casas Dupuy, a Colombian-born national, was the former cultural attaché in the Colombian Embassy in Mexico and a CIA informant.

In 1985, the agency became aware that their network of Soviet-bloc agents had begun disappearing without a trace. This of course did not bode well for the agency or their operative as “going off the grid” was typically a very bad scenario. For the next five years, the CIA quietly investigated the matter and in 1990 concluded that there was a mole. However, the source could not be identified, leaving many questions unanswered. The mole of course was Aldrich Ames as it was noted by those in pursuit that he had become a master of HUMINT, gaining the trust of informants and then infiltrating them with the hopes of gaining intelligence from them.

Ames was very successful in parlaying HUMINT techniques successfully as his record clearly attests. However, something occurred with Ames and as a result, he himself became compromised working as a double agent for both the CIA and the Soviets. While assigned to the CIA’s Europe Division/CI branch, Ames was directly responsible for the analysis of Soviet Intelligence operations. This being the case, he had unfettered knowledge and access to the identities of U.S. sources in both the KGB and the Soviet military. The results of his compromise led to the death of at least 10 United States informants and the compromise of well over 100 United States operatives working actively within the region. However, there is some speculation with respect to the degree of compromise and exploitation; Ames received ∼4.6 million USD from the Soviets over time for his service. Demonstrating his mastery of his person, he passed polygraph-screening examinations in 1986 and 1991. On February 21, 1994, both Ames and his wife were arrested for providing highly classified information to the Soviet KGB and its successor organization, the Russian Foreign Intelligence Service. He received life imprisonment for his violations of the Espionage Act. Ames was hiding in plain sight (a theme you will see and hear more about later on). He lived a lavish lifestyle, one that on further investigation brought a great level of scrutiny to the CIA and their handling of the operation. He lived well above his means, and amassed a substantial amount of personal assets, which would or should have triggered investigations into his personal life.

The Case of Former United States Army Noncommissioned Officer Clyde Lee Conrad

Born in January 1948, Clyde Lee Conrad was a United States Army Noncommissioned Officer who was convicted of espionage and high treason in 1990. Conrad was arrested in 1988 by authorities representing the Federal Republic of Germany and tried for espionage on behalf of the Hungarian and Czechoslovak intelligence services. He was convicted by the Koblenz State Appellate Court on June 6, 1990 for masterminding (with the aid and guidance of his mentor Szabo) an espionage ring that sold highly sensitive information, and was sentenced to life in prison. Zoltan Szabo was a Hungarian-born, United States naturalized citizen who along with Sandor Kercsik recruited Conrad over dinner one evening in Germany. Szabo himself was recruited sometime in 1967 and continued, unfettered in his activities until May 21, 1985. In addition to Conrad, Szabo also recruited Roderick Ramsey, Jeffrey Rondeau, Jeffrey Gregory, Tomas Mortati, and Kelly Warren into what was later referred to as the “Conrad Ring” by the United States Defense Department and Intelligence Community.

German prosecutors said that the documents Conrad leaked, dealing with troop movements, NATO strategy, and nuclear weapons sites, eventually made their way to the Soviet KGB. According to the documentation captured as a result of the operation which led to the exposure of the Conrad Ring, should war have broken out between NATO and Warsaw Pact nations, the West would have faced certain defeat and the Federal Republic of Germany would have turned into a nuclear battlefield. Conrad was initially recruited and introduced to the People’s Republic of Hungary’s Secret Service operatives by Zoltan Szabo.

Szabo, a Hungarian émigré to the United States of America, served in the United States Army as a Noncommissioned Officer and later as a Commissioned Officer. Szabo also happened to hold the rank of Colonel in the Hungarian Military Intelligence Service. He recruited Conrad shortly before his retirement from active duty within the United States Army. Later, in 1989 Szabo was found guilty of espionage and convicted in Austria. He received a 10-month suspended sentence in exchange for his cooperation in identifying the documents that Conrad had stolen and sold to the People’s Republic of Hungary’s Secret Service. Conrad was sentenced to life imprisonment. Among the documents were classified information including TOP SECRET NATO war plans that were sold to the People’s Republic of Hungary. The German prosecutors stressed that the documents sold by Conrad were wartime general defense plans (GDP). These documents contained information vital to the effectiveness of many units within Europe, thereby placing the lives of countless thousands of the United States and Allied forces personnel at risk at the height of the Cold War. These documents included detailed information on the military strength, logistics, and movements of every unit that was to go in the event of war, and how they would defend.

To date, it is not known how many participants acted within the Szabo-Conrad spy ring; however, it is known that their activity spanned several decades. Four others were later convicted for having been active participants in the Szabo-Conrad spy ring:

• Roderick James Ramsey: sentenced in August 1992 to 36 years in prison

• Jeffrey Rondeau: sentenced in August 1994 to 18 years in prison

• Jeffrey Gregory: sentenced in August 1994 to 18 years in prison

• Kelly Therese Warren: sentenced in 1999 to 25 years in prison

The method of recruitment within the ring was textbook within the HUMINT world: Conrad would appeal to poorly enlisted Army personnel, promising large sums of money for supplying him with intelligence reports. This was likely the same avenue taken by Szabo, in addition to capitalizing off his position as Conrad’s former unit leader in the United States Army’s 8th Infantry Division. This type of HUMINT is diabolical yet classic in its use and execution of information gathering techniques with respect to prospective subjects or targets of interest identified for compromise. Conrad died of a heart ailment at age 50 in Diez Prison on January 8, 1998. Yet the weight and impact of damage he and his comrades caused are difficult to qualify or quantify. We do know, however, that certain themes seem to be elemental to the compromise and exploitation of subjects or targets of interest; in this case, the motivation was financial.

The Former CIA Officer Case of Edward Lee Howard

The case of Edward Lee Victor Howard is strange even by HUMINT standards. Howard was born in New Mexico in 1951 and served as a Peace Corps volunteer in Bucaramanga, Colombia. While there, he met Mary Cedarleaf in 1973 and the two were married three years later on their return to the United States in St. Paul, Minnesota. In 1976, Howard completed a master’s degree in business administration from the American University in Washington, DC and joined The United States Agency for International Development (USAID), an organization that focuses on nonmilitarily-driven foreign aid issues on behalf of the United States of America. In February 1977, the Howard family left for Lima, Peru where Howard worked and stayed for two years focusing on loan projects.

On returning from Lima, Peru, the Howard family relocated to Chicago, Illinois where Howard went to work for an organization focused on environmental issues. In 1980, Howard was approached and hired by the CIA, and was later joined by his wife, Mary; they were both trained in intelligence and CI methods and techniques. Not long after completing their training, while waiting for assignment to their first post, a routine polygraph exam was administered to both Howard and his wife. The test indicated that Howard had been untruthful with respect to his personal history of drug use and as a result, he was dismissed from the agency in 1983. This all occurred prior to the time when he and his wife were to report to their first CIA duty station at the American Embassy in Moscow, Russia. By many accounts, Howard was disgruntled over what he perceived as “unfair” dismissal relating to the accusations of drug use, petty theft, and deception. As a result, he began abusing alcohol. Soon thereafter, Howard began making phone calls to former colleagues and coworkers in both Washington, DC and in Moscow, Russia. It is unclear as to the exact date and time; however, we can be sure that at some point during this period of despair and anger, he began providing classified information to the Soviet KGB. Edward Lee Howard escaped to Moscow in September 1985 after being targeted as a suspect in an ongoing investigation of the presence of moles within the CIA. In 1984, he and his wife traveled to Vienna for vacation. Faced with growing financial trouble and a mounting dependency on alcohol, Howard reached out and made contact with Soviet agents offering to sell the secrets he had learned while employed by the agency, specifically those he had learned while preparing for a posting in Moscow.

A second meeting was brokered in 1985 and on his return to the U.S. Howard was in possession of expensive gifts and affects he had not left the country with. He was interviewed and denied all charges, and was allowed to go free on his own recognizance knowing he was being monitored.

In the mid-1980s, the CIA was being rocked by security leaks, which led to the exposure of several agents and assets around the world. On August 1, 1985 after 25 years in the service of the KGB, Vitaly Yurchenko entered the U.S. Embassy in Rome and defected to the United States of America.

On interrogations conducted by the CIA, Yurchenko accused Howard and another agent, Ronald Pelton, of working for the KGB providing sensitive information to them regarding the names, assets, and other salient information regarding the agency and its operations. Later that same year, in November, Yurchenko redefected to the Soviet Union. Questions over the years have risen as to whether or not Yurchenko was acting as a double agent on behalf of the KGB all along with the real intent of providing false leads to the CIA in order to protect one of the Soviet Unions’ greatest assets and most important CIA traitor, Aldrich Ames. Howard, who had been living in Santa Fe, New Mexico, had leveraged the skills and training he gained while in the employment of the CIA to evade the FBI. Placed under constant surveillance, Howard decided that the only thing he could do was to flee and his first stop was the Russian Embassy in Helsinki. Later he moved on to Moscow where he was a received as a guest of the state from 1985 through July 12, 2001. Howard was supplied with an apartment and a dacha in the country.

Howard’s case influenced the way in which the agency conducted recruitment and handled situations where an agent was found unfit for foreign service; one of the greatest changes being that agents found not fit for foreign service were kept aboard and reassigned until the classified information they were privileged to was outdated. Interestingly enough, it was during this same time that Aldrich Ames began his career spying for the Soviets, as did Robert Hanson, both of whom might have been negatively impacted had the investigation moved in a different direction.

The Case of United States Chief Warrant Officer John Anthony Walker

At the time of his arrest, it was estimated by some within the intelligence community that the code related data (which in fact was what comprised the heart of his case and this case study) provided by Walker and his ring of spies were enough to significantly change the balance of power between the United States and the Soviet Union. John Anthony Walker began actively spying for the Soviet Union in 1968 and did not stop for nearly two decades. He began his career in espionage not after having been turned down by an operative or compromised by a foreign agent, but by walking into the Soviet Embassy in Washington, DC with a classified Naval Communications Code document offering to sell it. He had turned himself with the aid of no one. Some argue that Walker’s decision was due to a failed attempt at bar ownership that never turned a profit and had thrust him immediately into debt.

Regardless of the root cause, the outcome was quite clear: Walker was ready, willing, and able to compromise himself, his integrity, the trust which had been bestowed upon him by the United States Navy, and the lives of countless millions of people the world over. It has been said that unlike other incidents of espionage, the Walker spy ring resulted in greater losses of data and sensitive information about the United States of America, its envoys, and allied forces than any other incident of espionage. Walker recruited others to aid his operation, applying HUMINT tactics to his participants in order to gain or exploit previous levels of trust and access knowledge that they had access to. He recruited his wife, former student Jerry Whitforth (who believed he was aiding Israeli operatives initially and on discovering that it was the Soviets continued to aid Walker), his brother former Lieutenant Commander Arthur, and his son Michael, an active duty sailor. His ex-wife took down Walker after he refused to pay alimony. Barbara Walker tipped off the FBI and it resulted in an investigation and arrest of Walker, Whitworth, Arthur Walker, and Michael Walker. Because she provided the tip and cooperated with authorities, Barbara Walker was not brought up on charges.

Walker decided to cooperate with the authorities and asked for a plea bargain. In it, he agreed to submit an unchallenged conviction and life imprisonment sentence, provide full disclosure of the details of his espionage efforts and activities, and give testimony against his own recruit, Jerry Whitforth, in exchange for a pledge from the prosecution team that he would receive a sentence of no more than 25 years imprisonment. With the exception of Michael Walker, all the members of the ring received life sentences for their role in committing espionage.

The Case of Former FBI Agent Robert Hanssen

Robert Hanssen’s espionage career illustrates how automated information systems are likely to become an operator’s greatest ally for years to come. Robert Hanssen first began his career in espionage by contacting the GRU, the Soviet military intelligence agency. Hanssen had, by this time, demonstrated his fluency in technology, specifically in harvesting data from computer systems and data management platforms. It is important to note that Robert Hanssen never declared any political or ideological reasoning for his participating in espionage against his country (Figures 6.11 and 6.12).

Figure 6.11 Robert Hanssen.

Figure 6.12 Robert Hanssen mug shot on arrest.

For Hanssen, his involvement with espionage had only monetary origins.² In fact, Hanssen was on more than one occasion noted as saying that he had little use for more than 100,000 USD at any given time—an amount that might strike some as odd but may in fact have proven to be smartly decided on as it was not overly greedy nor was it large enough to necessarily raise suspicion. Today, Hanssen’s accomplishments may not seem impressive; however, in 1979 at the dawn of Hanssen’s career change as a double agent, this was still considered esoteric.³ Robert Hanssen had been assigned to the New York FBI field office where his assignment was to implement a new automated CI database. The system in question was built for the express purpose of tracking the movements and activity of foreign intelligence services operators within the United States and its embassies. As a result of his clearance and his need to know because of his projects profile, Hanssen was able to gain access to other databases, some residing in the NSA, the CIA, and the United States State Department. Hanssen routinely checked the databases located within the FBI’s network environment, specifically those dealing with Electronic Case Filings using variations of his own name.

In 1981, Hanssen was transferred to the Washington, DC office of the FBI. His new role gave him prestige within the Bureau as well as access to various types of information involving a number of different activities in which the Bureau was involved. As he progressed throughout his career, Hanssen became known as the Bureau’s expert on computers and as a result, he gained access to even more data, specifically data related to electronic surveillance and wiretapping—both of which were his responsibility. In 1983, Hanssen was transferred to the Soviet analytical unit within the Bureau. This unit was primarily responsible for studying, identifying, and capturing Soviet spies and intelligence operatives active with the United States of America. Robert Hanssen was in charge of evaluating and monitoring Soviet agents who volunteered to give intelligence to the United States of America, to determine whether or not they were acting as double agents. In 1985, Robert Hanssen took a position with the Bureau’s CI unit based out of New York. In this role, he worked with other agents to study and monitor the movement of Soviets in greater detail. While on a business trip back to Washington, DC, he resumed his career in espionage by becoming a payrolled operative of the KGB. On October 15, 1985 Hanssen sent an anonymous letter to the KGB in which he offered his services for 100,000 USD in cash. To prove his credibility to his new prospective handlers, Hanssen provided them with the names of three Soviet agents working in the United States who were acting as double agents for the United States of America. The following were the agents:

• Boris Yuzhin

• Valery Martynov

• Sergi Motorin

This marked a lucrative and busy period of espionage for Hanssen, which saw him again recalled to Washington, DC to take on a new role within the Bureau. It was during this time that Hanssen was asked to begin investigating the possibility for a mole within the Bureau; a mole that was providing intelligence to the Soviets.

This proved to be a complex and utterly untimely issue for Hanssen as it effectively saw himself looking for himself. It required great care so that he could avoid unmasking himself and his efforts. In 1989, Hanssen provided substantial data on American plans for MASINT. In 1990, Hanssen’s brother-in-law, Mark Wauck, who was also an FBI employee, recommended to the bureau that Hanssen be investigated for espionage. This came as the result of Bonnie Hanssen’s sister Jeanne Beglis finding a pile of cash sitting on the Hanssens’ dresser in 1990 and then telling Wauck. In 1997, IT personnel from the IIS Unit were sent to investigate Hanssen’s FBI desktop computer following a reported failure. Hanssen claimed he simply wanted to connect a color printer to the computer and required the use of a password-breaking program in order to bypass the administrative password. As the FBI believed the story, Hanssen was let off with a warning and the report—though never repealed—was first ridiculed and later ignored by the NSD Security Countermeasures Unit. Hanssen resumed his exhaustive searching of the FBI’s internal computer case record and searched to see if he was under investigation. Finding nothing, he resumed his activities with the Russians working with the SVR. Hanssen, who was extremely guarded with his true identity, never shared it with his Soviet or Russian handlers. Hanssen did so in order to deduce whether or not he was under surveillance and/or investigation for espionage. In fact, with the exception of one failed in-person meeting, Hanssen never met his handlers in person, a decision that proved wise for most of his career as a double agent. Hanssen preferred using aliases and passing intelligence via dead drop systems where both he and his handlers could leave packages in public places using unobtrusive markings to inform the other party that a package was waiting to be collected.

Hanssen was so particular regarding the preservation of his identity that he rejected offers and suggestions made by his handlers for drop sites and instead offered dates specified by himself. Hanssen had collected data for the Soviets and then again after the collapse of the USSR for the Russians as well (Figure 6.13).

Figure 6.13 Drop site used by Robert Hanssen.

He did so by selectively browsing through databases and downloading files onto encrypted disks. He would then take his packages to predefined drop sites using coded messages to communicate with his “handlers.” A “handler” is someone working on behalf of a foreign intelligence service or government whose role is to handle those recruited to work on their behalf. Handlers are often intermediaries who address logistics, pay, and compensation, and other details relevant to ensuring that their source is able to perform and provide data on request. Rough estimates suggest that Hanssen compromised ∼6000 documents of varying degrees of sensitivity. It can be assumed, however, that all of the documents were classified. Among the intelligence that Hanssen relayed to the Soviets, he informed them of how the United States was employing ELINT and RADINT to intercept radar transmissions being sourced by the Soviets. Additionally, Hanssen provided collection schedules for sensors located on classified United States surveillance ships, aircrafts, and satellites. Were this not enough, Hanssen also provided the identities of several Soviet and Russian double agents who had been working with the United States government. Most notable of those directly betrayed by Hanssen was Dmitri Polyakov, code named TOPHAT. Dmitri Polyakov was a CIA informant for more than 20 years prior to his retirement in 1980. He had passed voluminous amounts of information to American intelligence while advancing to the rank of General in the Soviet Army.

For reasons still unknown today—perhaps due to a lack of substantiating evidence—the Soviets did not act on their intelligence about Polyakov until he was betrayed a second time by CIA mole Aldrich Ames in 1985. Polyakov was arrested in 1986 and executed in 1988 by the Soviet authorities and while Ames was officially blamed for giving Polyakov’s name to the Soviets, Hanssen’s role remained unknown until after his arrest in 2001. Among other data points that Robert Hanssen elected to provide were the following:

• Secret tunnels under the Soviet Embassy used to monitor communications

• United States Intelligence Community intelligence reports and assessments on Soviet and Russian capabilities

Prior to his arrest, Hanssen had plans to create a TEMPEST grade environment from which he could communicate openly with his handlers free from the fear of being observed and/or monitored. Additionally, he considered using the wireless 802.11 a and b capabilities of his USRobotics/3Com Palm III PDA to transmit data cleanly and quickly. Hanssen’s career in espionage was long and sophisticated. He was a serious threat and arguably one of the most important spies to have ever originated from within the United States and its intelligence community during and after the Cold War. Robert Hanssen was arrested on February 18, 2001 at Foxstone Park near his home in Vienna, Virginia and was charged with selling American secrets to Russia for more than 1.4 million USD in cash and diamonds over a 22-year period.³ On July 6, 2001, he pleaded guilty to 13 counts of espionage in the United States District Court for the Eastern District of Virginia. He was then sentenced to life in prison without the possibility of parole. His activities have been described as “possibly the worst intelligence disaster in U.S. history.”4

These examples do not represent the entire body of examples relevant to the realm of HUMINT; however, they provide an important insight into what and how compromise is achieved by means of HUMINT. Equally important is the fact that they demonstrate the frailty of humanity and its susceptibility to compromise.

² Wise, D. 2003, Spy: The Inside Story of How the FBI’s Robert Hanssen Betrayed America. Random House, ISBN 0375758941.

³ Perserec Technical Report 02-5 July 2002. Espionage against the United States by American citizens 1947–2001. By Katherine L. Herbig and Martin F. Wiskoff.

⁴ www.fas.org/irp/agency/doj/fbi/websterreport.html

Code Breaking or Cryptanalysis (COMINT/SIGINT)

Codes and their use are, like espionage, well-represented and historically prevalent. Cryptography as an art and science is anything but new. Examine the etymology of the word and you will see quite quickly (and clearly), that it is the science of codes and originated from the Greek words kryptos (secret) and graphos (writing). Historical examples abound from Lysander of the Spartans to Julius Caesar. After the fall of Rome in 472 A.D., it was not until Italian and French cryptographers in the 1500s initiated the resurrection of the art and science of cryptography that it emerged with extremely complex codes and ciphers never previously seen or used. The Science of breaking these codes became known as cryptanalysis. Once begun, it has continued to grow, maturing as a discipline with the advent of new, more complex ciphers and mathematical models.

In modern times, code breaking as well as cryptanalysis is largely dependent on the interception of signals or messages between people (e.g., COMINT or communications intelligence), or between machines and/or networks (e.g., ELINT) or a combination of the two. Regardless of how the data are gathered, the resultant analysis is often as complex as it is thorough. Many cases see analysis being conducted on data deemed “nonsensitive” and “sensitive” with more effort often associated with analyzing “sensitive” data. Analysis of traffic will occur—in real or near real-time packet captures or streamed packet captures—whether the traffic can be decrypted or not.

Aircraft or Satellite Photography (IMINT)

Since the advent of flight, the value of aerial photographs has been realized and recognized as being integral to information and intelligence gathering initiatives of various types. Whether for purposes of espionage, defense, or other state or federally sponsored initiatives, the value demonstrated by aerial photography proved extremely relevant and important historically during times of peace and war. As science and the aerospace industry matured bringing to market advanced satellite technologies, so too did the accuracy and resonance of aerial intelligence acquisition. Today, this is still the case; however, almost anyone has access to basic satellite imagery via technology such as Google Maps and Google World.

Research in Open Publications (OSINT)

Sometimes referred to as Open Source Intelligence because of the use of publicly accessible information outlets and media sources, OSINT involves identifying, selecting, and acquiring information from publicly available sources while being able to analyze that data in order to produce actionable intelligence. It is important to bear in mind that there is no direct correlation to open source software, nor should there be any confusion to that end.

As these tactics evolved, becoming ubiquitous throughout the world via formal and informal organizations, their adoption as standardized forms of observation and information gathering pushed into the realm of the Internet and the cybercriminal arena. Given that in many cases, their use in traditional state sponsored and subnational intelligence operations is well-documented, it is likely that these trends will continue. As we have seen already, the desire to gain information or intelligence regardless of the purpose for doing so has long been a part of human existence and as such, techniques and threats have emerged to see that this information and intelligence gathering capability continues and flourishes.

Web Source Intelligence (WEBINT)

This is the ability to gather open information using the Internet. This can be done in various ways such as using Web crawlers and indexing systems to harvest just about any piece of content that is stored on publically available servers in any language. Additionally, this can also cross over into P2P networks, which are notorious for sharing very sensitive information. The purpose of utilizing WEBINT is performing deep Web collections that allow you to be very specific in what you are intending to gather. Verint is a company that provides WEBINT tools that have strong analytics to correlate unstructured data collections. Analysts who provide the needed intelligence on the specific sources on which they are currently working can use the output of the collection.

In summary, state sponsored intelligence gathering is and will continue as a silent vehicle of information gathering. With the rapid adoption and use of the Internet, it will only make it easier for Foreign Intelligence Services to gather data remotely by utilizing all facets of Web 2.0. Additionally, shifting of the next-generation workforce to a culture of sharing more personal information has shifted the traditional forms of espionage that are typically paid-for services to disclosing sensitive information based on principal.

Summary

In this chapter, we covered some very fundamental aspects of intelligence gathering. Foreign Intelligence Services are able to leverage economies of scale in order to gather information across many vectors that are not accessible to the general public. This provides them with very sensitive information that is worth a lot of money in the wrong the hands. As we articulated the various use cases around espionage, they just illustrate that certain people are willing to take life-changing risks in order to supply the enemy with information. Although these use cases are dealing with espionage, these same use cases can and often mirror the insider threat and corporate espionage we see in the private sector. In the private sector, employees are not vetted on the level of those serving various government agencies. The controls placed on data in the government are on a more need-to-know basis and typically most of their networks are not connected to the Internet, thereby making data exfiltration all that much harder, but it does happen. The key walk-away here is that a lot can be learned from these use cases as the world becomes more connected and your data sets become more disparate.