防諜

出典: フリー百科事典『ウィキペディア(Wikipedia)』
移動: 案内検索
ドイツのポツダムで防諜部隊のために働く文民の写真技術者(ジープの後方)がセキュリティ・チェックポイントで検問を受ける様子(1945年7月14日)。
この記事はインテリジェンス・サイクル・セキュリティの部分をなす記事です。

防諜(ぼうちょう、Counterintelligence;略語CI)とは、諜報戦において敵のスパイ活動に対抗、又はそれを無力化することである。例えば、日本では警察庁警備局アメリカFBIロシアFSBなどの公安警察イギリスMI5などの情報機関が担当する仕事である。軍事組織は、独自の防諜機関を設置している場合が多い。例えば日本では自衛隊情報保全隊である。この項目では、情報の収集と外国勢力による、または外国勢力に代わって行われる、組織、人またはテロリストの国際的な活動による諜報活動や破壊活動、または暗殺からの要人の警護などの活動について言及するが、人、物理的、機密文書または通信におけるセキュリティに関するプログラムは含まれない。[1]

防諜手段[編集]

  • 防諜捜査(CI investigation):司法警察権を有する機関による法に基づく捜査活動。
  • 防諜作戦(― operation):支援作戦と機密作戦に分類される。
    • 防諜支援作戦(― support operation):情報保護、保全を支援するための防勢作戦。
    • 防諜機密作戦(― sensitive operation):一般に敵諜報機関に対する攻勢作戦。対スパイ(counter-espionage;略語CE)作戦を含む。
  • 防諜収集(― collection)
    • 収集活動(Collection activity):敵諜報機関に関する情報収集。
    • 連絡(Liaison):情報入手のための他機関との連絡。
    • 防諜収集活動・資料源作戦(CASO: Collection Activities and Source Operations):直接の脅威に関する情報収集。
    • 選別(Screening):主としてHUMINTを利用した人物の資格審査。人物の入隊・採用・雇用の際に実施される。
    • 聴取(Debriefing):友軍や民間人からの事情聴取。
    • 機能サービス(Functional Services):
      • 防諜脅威脆弱点見積(TVA:threat vulnerability assessment):
      • 敵諜報模擬(Adversary intelligence simulation):レッド・チーム評価(Red Team Evaluation)
      • 秘匿エージェント支援(Covering agent support)
    • 防諜技術サービス(― Technical Services)
      • 監視(Surveillance)
      • 諜報嘘発見器(Intelligence polygraph)
      • TSCM
      • コンピュータ・ネットワーク作戦(CNO:Computer Network Operation)
      • 情報作戦(IO)
      • 対信号諜報(C-SIGINT:Counter-Signals Intelligence)
  • 分析(Analysis):敵の諜報活動を定式化。
  • 生産(Production):情報資料、見積、報告書の作成。
  • 技術サービス(Technical services):防諜機関の技術的支援。

防諜のカテゴリー[編集]

  • 防諜のための情報収集活動(Collective counterintelligence):実在する可能性のある敵の諜報活動の能力に関する情報の収集。
  • 防御的防諜(Defensive counterintelligence):敵意のある諜報機関による諜報活動に対する妨害の試み。
  • 攻撃的防諜(Offensive counterintelligence):敵の攻撃目標を特定し、敵のエージェントを二重スパイに「転向」させるか、もしくは虚偽の情報を与え、持ち帰らせることによってこれらの攻撃を攪乱すること。[2]

防諜、テロ防止と政府[編集]

多くの国の政府は、特定の目的のための情報収集活動を行う組織と防諜機関を分けて組織している。ほとんどの国において、防諜機関の任務は、主としてそれを行う組織はたいていひとつであるが、複数の組織に分散されている。

防諜機関の国内の任務は、たいていアメリカにおける連邦捜査局(FBI)のような、より大きな法執行機関の任務の一環として行われる。

イギリスは直接的な警察力を持たない保安局(MI5)として知られる分散された治安維持制度の仕組みをもっているが、容疑者の逮捕や令状に基づく捜査などを行うことができる特別課(Special Branch)と呼ばれる法執行機関と緊密に協力している。

ロシア連邦の主な国内の治安維持組織は、ソビエト連邦期の国家保安委員会(KGB)の第2総局および第3総局が前身である連邦保安庁(FSB)である。

カナダは総合的な防御的防諜(contre-ingérence)と安全保障に関する情報収集活動(攻撃的防諜を行う必要があるかどうかを判断するための諜報活動の準備を行う)と法執行機関による諜報活動および攻撃的防諜の機能を分散させている。

軍事組織は、国内および海外で展開し、業務を遂行するために防諜を行う能力を備えている。国により様々であるが、海外で業務を行う際には、文官武官の様々な組み合わせがある。例えば、アメリカの中央情報局(CIA)国家秘密局(National Clandestine Service、NCS)の任務が攻撃的防諜であるのに対し、防御的防諜は、アメリカの大使館と領事館において、人と情報の保護に携わる国務省外交保安局(Diplomatic Security Service、DSS)が行う。[3]

防諜という用語は、現実的にはヒューミントに対抗するものを指すとされるが、仮想的には攻撃的防諜はすべての人的資源を含み、ここでは「攻撃的防諜」という用語は広義の意味で捉えられることを避けるために使われている。

アメリカでは、諜報機関と法執行機関との間で、非常に注意深く線引きが行われている。イギリスでは、治安維持制度(MI5)とロンドン警視庁スコットランドヤード)の特別課との間の区別がある。その他の国でもまた、外国の諜報活動に対抗するための組織は、政府による指揮下の担当当局として、しばしば分離された制度として扱われている。

例えばフランスでは、国内におけるテロ防止のための組織を法執行機関の枠組みのなかに作りあげている。フランスでは、テロ対策を担当する上席行政長官がテロリズム対策の役割を担っている。フランスのテロ対策担当行政長官は、アメリカとイギリスにおける捜査官、検察官および裁判官の機能を併せ持つ複数の機能を担っている。テロ対策担当行政長官は、フランスの国内の治安の維持を担当する国土監視局(Direction de la surveillance du territoire、DST)や外国で諜報活動を行う対外治安総局(Direction Générale de la Sécurité Extérieure、DGSE)から協力を要請され、ともに活動することもある。

スペインでは、内務省が軍の支援を受けながら国内のテロ対策の指揮を執っている。国際的な脅威に対する責任は、国家情報本部(Centro Nacional de Inteligencia、CNI)が負っている。首相に直接報告するCNIの人材は、主として首相官邸に直接所属している。2004年3月11日のマドリード列車爆破テロ事件の発生後、スペインの捜査当局は内務省と国家情報本部との間で問題があったことを発見し、その結果として、国家テロ対策調整本部が創設された。スペインのテロ事件調査委員会は、この本部を作戦の調整のためだけでなく、情報の収集と拡散のためにも活用することを提言した。[4]軍は特定の必要に応じた防諜組織を持っている。

防諜の任務[編集]

CIAの作戦立案担当者としてよく知られるフランク・ワイズナーは、アレン・W・ダレス元CIA長官の自伝について、ダレスは「防諜は本質的にネガティブで反応的な活動であるという一般的な誤解を取り除き、それは押し付けられた状況に対応するため、および敵対するものによって提起された状況に対抗するためだけに、あるいは主として、動くものである」と語り、[5]むしろ、彼はそれが「敵意のある諜報機関の活動に携わる組織と人」に対する創造的だが精力的な攻撃を行うときに、情報の収集および友好国の諜報活動の安全の確保の双方において最も効果的なものになりうるとみていた。[6]今日の防諜の任務は、脅威が国民国家の指揮下にある外国の諜報活動(foreign intelligence services、FIS)に制限されていたときと比べ、拡大されてきている。脅威は国内の反政府組織、犯罪組織、そして多国籍で活動を行う集団(しばしば「テロリスト」とよばれるが、制限されている)を含む非国家または多国籍の集団を含むよう拡大されてきた。それでもなお、外国の諜報活動という用語は防諜に対する脅威について言及する際の有益な方法であり続けている。

現代の実務において、国家レベルから現場レベルに至るまで、防諜にはいくつかの任務と関連がある。

  1. 防御的な分析は、その組織自体の脆弱性を探すための実践的な訓練であり、そして、危険性と利益とに当然注意を払いながら、弱点の発見に近づいていく。
  2. 攻撃的防諜は、発見した外国の諜報活動を行う人物を無力化し、逮捕するか、あるいはその人物が外交官である場合には、ペルソナ・ノン・グラータを宣言することによって国外退去を命じる、最小限の、一連の技法である。その最低限を乗り越え、それにより、諜報活動を行う外国人に関する情報を自身の側で情報を獲得するか、または敵意のある諜報機関に対してダメージを与えるために活発な情報操作を行う。Counterintelligence Force Protection Source Operations (CFSO)とは、外国において、テロリズムや諜報活動からフィールド・ステーションまたは軍を防衛するため、国内において存在する情報のギャップを埋めることを目的とする、人的資源を活用して行われる作戦である。

防諜は、インテリジェンス・サイクル・セキュリティの部分を構成するものであり、同様に、インテリジェンス・サイクル・マネジメントの一部を構成するものでもある。以下に示すような、

  1. 物理的セキュリティ(Physical security)
  2. 人的セキュリティ(Personnel security)
  3. 通信セキュリティ(Communications security、COMSEC)
  4. 情報セキュリティ(Information security、INFOSEC)
  5. セキュリティの機密化(Security classification)
  6. 運用におけるセキュリティ(Operations security、OPSEC)

にみられるセキュリティの分野の多様性もまた、インテリジェンス・セキュリティ・マネジメントと防諜の学問分野に含まれる。The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security.例えば、諜報機関が通信を傍受して特定の国で使われているただひとつの特定の無線送信機を識別したとき、その人物が使用した無線送信機を検知することは、防諜の対象となるスパイが存在していることを示唆していることになる。特に、防諜は、少なくとも他のものと比べ、ヒューミントの規律に関する情報収集と大きな関係を持っている。防諜は情報の生産と保護の両方を行うことができる。

すべてのアメリカの諜報の機能と関連のある省庁は、幹部の業務(Chief of Mission)の権限によるものを除き、海外におけるセキュリティについて、それら自身が責任を負う。[7]

政府は3つの物事を保護しようとする。

  1. 人員
  2. 設備
  3. 業務

多くの国の政府は、これらの物事の保護の責任を分散させている。歴史的に、人員と設備の警護はCIAの警備部(Office of Security)に、業務の保護は工作本部(Directorate of Operations)内の複数のグループに割り当てられていた。防諜の人員と範囲(または機能)の単位は、例えばソビエト連邦部(Soviet Russia Division)のような形で区分けされていた。ジェームズ・ジーザス・アングルトン指揮下のある時点では、防諜部隊は全く自律的に業務を遂行していた。のちに工作本部は、より少ない中央情報局内のスタッフとともに防諜のための部局を創設した。オルドリッチ・エイムズは防諜部のヨーロッパ局に属していたが、彼はソビエトの諜報活動の分析を指揮する責任を担っていた。アメリカ軍は同様に、またはそれ以上に複雑に分割されてきた。

この種類の部門には明らかに緊密な調整が求められるが、実際にこれは日常的に行われている。アメリカのカウンターインテリジェンス・コミュニティの相互依存もまた、明らかにアメリカ人の交友関係と関連がある。安全保障上の懸念のため、これらの関係を遮断することはできないが、計算しなければならない関与するリスクの経験は確かにみられる。[7]

防諜の別の側面として、他のすべての事柄よりも重要なことがある。勢力の浸透を防ぐことである。KGBが勢力の浸透に重点を置いていることは、既に行われた攻撃、または安全保障上の観点による事例の研究から明白なものとなっている。世界で最も優れたセキュリティのシステムは、その技術が人を巻き込むものであるため、それに対する十分な防御力を提供することができない。敵がいることを確実に検知するための唯一の方法は、その計画を事前に、そして詳しく知ることである。

『それどころか、勢力の浸透を高いレベルで防ぐことだけが、作戦が成功するかどうかを決める。高いレベルで敵を捜索することもまた、このことをなし得る。しかし敵は捜索することによってその限界の範囲内にある場合に作戦が成功し得ることを知っている。勢力の浸透を防ぐことなく防諜活動を行うことは、暗闇のなかで戦うようなものだが、勢力の浸透を防ぐとともに防諜活動を行うならば、いとも簡単に成し遂げることができる』[7]

イギリスでは、ケンブリッジ・ファイブの事件と、その後のサー・ロジャー・ホリスMI5長官の疑惑の発生により、国内で大きな意見の相克が起こった。明らかに、イギリスはキム・フィルビーによる浸透工作の影響を受けていたが、他の深刻な浸透工作によっても、いかなる公的な場でも議論は終わらなかった。アメリカでも、アナトリー・ゴリツィンユーリ・ノセンコのスパイ疑惑による告発をめぐり大きな混乱が起こり、さらにCIAとイギリス保安局(MI5)にもその協力者がいたことが発覚した。ゴリツィンはアングルトンが大きな信頼を寄せていたフィルビーについて暴露した。CIAの工作本部の職員で、アメリカとイギリスが共同で行っていたオレグ・ペンコフスキーの取り扱いについて、CIAの側にいたジョージ・キセバルターは、ノセンコはKGBが仕掛けた罠であるというアングルトンの説を信じなかった。ノセンコは、KGBのイギリス海軍に対する工作活動の中心人物であったジョン・バッサルについて暴露したが、ノセンコやイギリス海軍のより信頼できる情報源を含め、バッサルはKGBが他の工作活動について秘密を保護するための生贄であるという主張も存在していた。

防御的防諜[編集]

防御的防諜は、外国の諜報活動(FIS)によって発見することが容易な組織の脆弱な場所を探すことから始まる。FISはカウンターインテリジェンス・コミュニティによる造語であり、そして、今日の世界では、「外国」とはすなわち「対立するもの」と置き換えられる。対立するものは実際に国家であるかもしれないが、国境を超える集団または国内の反乱者の集団であることもある。FISに対抗する作戦は、自国または他の友好国の安全を侵すものに対抗するためのものかもしれない。友好国の政府を支援するためになされる活動の範囲は、幅広い機能を含むこともあり、軍事支援や防諜活動だけでなく、人道支援や開発援助(例えば国家の建設)もその範囲に含まれる。[8]

ここで使われている用語は、まだ定義が定まっていないものもあるが、「国境を超える集団」にはテロリスト集団だけでなく、国境を超える犯罪組織も含まれる。国境を越える犯罪組織には麻薬取引資金洗浄コンピュータまたは通信システムの脆弱性を標的とした攻撃密輸を行う集団などが含まれる。

「反乱者」とは、その国の政府によって犯罪組織または軍事組織と認識されている政府に対立する集団である場合や、自国や友好国の政府に対する秘密の諜報活動や秘密作戦を行っている疑いのある集団であることもある。

カウンターインテリジェンスとカウンターテロリズムは、外国の諜報機関やテロリスト集団に対する戦略的な評価や、現在進行中の作戦や捜査への戦術的なオプションの準備を提供すると分析されている。カウンターエスピオナージには、二重スパイデセプション、または外国の諜報機関の職員をリクルートすることなどの外国の諜報活動に対する積極的な行動も含まれる。秘密のヒューミントの人的資源は、敵の思考に対して最大の洞察を与えるが、それらはまた、敵の攻撃においてその組織の最も脆弱なものとなりうる。敵のエージェントを信用する前に、そのような人物が自国で信用されているかどうかを疑ってから始めることを忘れてはならない。彼らはその国に未だに忠誠を誓っているかもしれないからである。

攻撃的防諜[編集]

ワイズナーは彼自身によって、そしてダレスもまた、外国からの攻撃、勢力の浸透、または諜報活動に対する最善の防御の方法は、それらの敵意のある活動に対して能動的な方法をとることであると強調した。[6]これはしばしばカウンターエスピオナージと呼ばれる方法であり、敵による諜報活動または友好国に対する諜報活動への物理的な攻撃を検知し、損害を与えることや情報の損失を防ぎ、可能であるならば反撃を行うことである。カウンターエスピオナージは反応的なものだけでなく、外国の諜報機関のエージェントをリクルートすることや、実際に自身の活動に忠誠を誓っている人物を疑うこと、敵の諜報活動にとって有益なリソースを取り除くことにより、敵の諜報活動を撃退しようと能動的に試みるものである。これらのすべての行為は、国家による組織だけでなく非国家的な脅威にも適用される。

もし自国で、あるいは友好国で敵意のある行為が行われた場合には、警察による協力を通じて、敵のエージェントは逮捕されるか、あるいはその人物が外交官である場合には、ペルソナ・ノン・グラータが宣言される。諜報活動の観点からは、逮捕または脅威を取り除くための行為のために、ある側にとって有利となる状況を利用することは、通常好ましいことである。諜報活動の優先権は、特に外国の脅威と自国民とともに活動する外国人が重なる場合、時として法執行機関の本来の役割と抵触することがある。

囚人に協力する選択する手段が与えられている場合、または深刻な状況に直面している場合、そしてスパイ活動によって死刑が言い渡されている場合を含むいくつかの状況では、最初の手順として逮捕という措置が取られる。Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.

防諜による諜報活動の安全の確保[編集]

防御的防諜では、特に諜報活動の、文化、源泉、手段と資源におけるリスクの分析が行われる。効果的な諜報活動はしばしばリスクを負って行われるものであるため、リスク管理はそれらの分析に常に反映されなければならない。リスクを計算に入れている場合でさえ、適切な対応策を取り入れることによって活動のリスクを軽減する必要がある。

FISは特に開かれた社会、また、その環境において開拓していくことができ、インテリジェンス・コミュニティーを転覆するために内部の人物と接触してきた。攻撃的なカウンターエスピオナージは侵入者を見つけ、無力化するための最も強力な手法であるが、それが唯一の手段ではない。何が個人を所属している側から転向させるのかについて理解することがスラマー計画の目的である。個人のプライバシーを侵害することなく、特に情報システムの利用における、異常な振る舞いを見つけるためのシステムを開発することは可能である。

"Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards.[9]

Intelligence is vulnerable not only to external but also to internal threats. Subversion, treason, and leaks expose our vulnerabilities, our governmental and commercial secrets, and our intelligence sources and methods. This insider threat has been a source of extraordinary damage to US national security, as with Aldrich Ames, Robert Hanssen, and Edward Lee Howard, all of whom had access to major clandestine activities. Had an electronic system to detect anomalies in browsing through counterintellence files been in place, Robert Hanssen's searches for suspicion of activities of his Soviet (and later Russian) paymasters might have surfaced early. Anomalies might simply show that an especially creative analyst has a trained intuition possible connections, and is trying to research them.

Adding these new tools and techniques to [national arsenals], the counterintelligence community will seek to manipulate foreign spies, conduct aggressive investigations, make arrests and, where foreign officials are involved, expel them for engaging in practices inconsistent with their diplomatic status or exploit them as an unwitting channel for deception, or turn them into witting double agents.[9] "Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information but also aware of its connection to intelligence activities.

Victor Suvorov, the pseudonym of a former Soviet military intelligence (i.e., GRU) officer, makes the point that a defecting HUMINT officer is a special threat to walk-in or other volunteer assets of the country that he is leaving. Volunteers who are “warmly welcomed” do not take into consideration the fact that they are despised by hostile intelligence agents.

The Soviet operational officer, having seen a great deal of the ugly face of communism, very frequently feels the utmost repulsion to those who sell themselves to it willingly. And when a GRU or KGB officer decides to break with his criminal organization, something which fortunately happens quite often, the first thing he will do is try to expose the hated volunteer."[10]

Counterintelligence force protection source operations[編集]

Attacks against military, diplomatic and related facilities are a very real threat, as demonstrated by the 1983 attacks against French and US peacekeepers in Beirut, the 1996 attack on the Khobar Towers in Saudi Arabia, 1998 attacks on Colombian bases and on US embassies (and local buildings) in Kenya and Tanzania the 2000 attack on the USS Cole, and many others. The US military force protection measures are the set of actions taken against military personnel and family members, resources, facilities and critical information, and most countries have a similar doctrine for protecting those facilities and conserving the potential of the forces. Force protection is defined to be a defense against deliberate attack, not accidents or natural disasters.

Counterintelligence Force Protection Source Operations (CFSO) are human source operations, normally clandestine in nature, conducted abroad that are intended to fill the existing gap in national level coverage, as well as satisfying the combatant commander’s intelligence requirements.[11] Military police and other patrols that mingle with local people may indeed be valuable HUMINT sources for counterintelligence awareness, but are not themselves likely to be CFSOs. Gleghorn distinguishes between the protection of national intelligence services, and the intelligence needed to provide combatant commands with the information they need for force protection. There are other HUMINT sources, such as military reconnaissance patrols that avoid mixing with foreign personnel, that indeed may provide HUMINT, but not HUMINT especially relevant to counterintelligence.[12] Active countermeasures, whether for force protection, protection of intelligence services, or protection of national security interests, are apt to involve HUMINT disciplines, for the purpose of detecting FIS agents, involving screening and debriefing of non-tasked human sources, also called casual or incidental sources. such as:

  1. walk-ins and write-ins (individuals who volunteer information)
  2. unwitting sources (any individual providing useful information to counterintelligence, who in the process of divulging such information may not know they are aiding an investigation)
  3. defectors and enemy prisoners of war (EPW)
  4. refugee populations and expatriates
  5. interviewees (individuals contacted in the course of an investigation)
  6. official liaison sources.

"Physical security is important, but it does not override the role of force protection intelligence...Although all intelligence disciplines can be used to gather force protection intelligence, HUMINT collected by intelligence and CI agencies plays a key role in providing indications and warning of terrorist and other force protection threats.[13]

Force protection, for forces deployed in host countries, occupation duty, and even at home, may not be supported sufficiently by a national-level counterterrorism organization alone. In a country, colocating FPCI personnel, of all services, with military assistance and advisory units, allows agents to build relationships with host nation law enforcement and intelligence agencies, get to know the local environments, and improve their language skills. FPCI needs a legal domestic capability to deal with domestic terrorism threats.

As an example of terrorist planning cycles, the Khobar Towers attack shows the need for long-term FPCI. "The Hizballah operatives believed to have conducted this attack began intelligence collection and planning activities in 1993. They recognized American military personnel were billeted at Khobar Towers in the fall of 1994, and began surveillance of the facility, and continued to plan, in June 1995. In March 1996, Saudi Arabian border guards arrested a Hizballah member attempting plastic explosive into the country, leading to the arrest of two more Hizballah members. Hizballah leaders recruited replacements for those arrested, and continued planning for the attack."[14]

Defensive counterintelligence operations[編集]

In US doctrine, although not necessarily that of other countries, CI is now seen as primarily a counter to FIS HUMINT. In the 1995 US Army counterintelligence manual, CI had a broader scope against the various intelligence collection disciplines. Some of the overarching CI tasks are described as

  1. Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.
  2. Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.

More recent US joint intelligence doctrine[15] restricts its primary scope to counter-HUMINT, which usually includes counter-terror. It is not always clear, under this doctrine, who is responsible for all intelligence collection threats against a military or other resource. The full scope of US military counterintelligence doctrine has been moved to a classified publication, Joint Publication (JP) 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations.

More specific countermeasures against intelligence collection disciplines are listed below

CI roles against Intelligence Collection Disciplines, 1995 doctrine[11]
Discipline Offensive CI Defensive CI
HUMINT Counterreconnaissance, offensive counterespionage Deception in operations security
SIGINT Recommendations for kinetic and electronic attack Radio OPSEC, use of secure telephones, SIGSEC, deception
IMINT Recommendations for kinetic and electronic attack Deception, OPSEC countermeasures, deception (decoys, camouflage)

If accessible, use SATRAN reports of satellites overhead to hide or stop activities while being viewed

Counter-HUMINT[編集]

Counter-HUMINT deals with both the detection of hostile HUMINT sources within an organization, or the detection of individuals likely to become hostile HUMINT sources, as a mole or double agent. There is an additional category relevant to the broad spectrum of counterintelligence: why one becomes a terrorist.

The acronym MICE:

  • Money
  • Ideology
  • Compromise (or coercion)
  • Ego

describes the most common reasons people break trust and disclose classified materials, reveal operations to hostile services, or join terrorist groups. It makes sense, therefore, to monitor trusted personnel for risks in these areas, such as financial stress, extreme political views, potential vulnerabilities for blackmail, and excessive need for approval or intolerance of criticism. With luck, problems in an employee can be caught early, assistance can be provided to correct them, and not only is espionage avoided, but a useful employee retained. See Motives for spying for specific examples.

Sometimes, the preventive and neutralization tasks overlap, as in the case of Earl Edwin Pitts. Pitts had been an FBI agent who had sold secret information to the Soviets, and, after the fall of the USSR, to the Russians. He was caught by an FBI false flag sting, in which FBI agents, posing as Russian FSB agents, came to Pitts with an offer to "reactivate" him. His activities seemed motivated by both Money and Ego over perceived bad treatment when he was an FBI agent. His sentence required him to tell the FBI all he knew of foreign agents. Ironically, he told them of suspicious actions by Robert Hanssen, which were not taken seriously at the time.

Motivations for information and operations discloure[編集]

To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of Project Slammer, an Intelligence Community sponsored study of espionage. It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage."[16]

How an espionage subject sees himself (at the time of espionage)
Attitude Manifestations
His basic belief structure – Special, even unique.

– Deserving.

– His situation is not satisfactory.

– No other (easier) option (than to engage in espionage).

– Doing only what others frequently do.

– Not a bad person.

– His performance in his government job (if presently employed) is separate from espionage; espionage does not (really) discount his contribution in the workplace.

– Security procedures do not (really) apply to him.

– Security programs (e.g., briefings) have no meaning for him, unless they connect with something with which he can personally identify.

He feels isolated from the consequences of his actions: – He sees his situation in a context in which he faces continually narrowing options, until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.

– He sees espionage as a "Victimless" crime.

– Once he considers espionage, he figures out how he might do it. These are mutually reinforcing, often simultaneous events.

– He finds that it is easy to go around security safeguards (he is able to solve that problem). He belittles the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces his resolve.

Attempts to cope with espionage activity – He is anxious on initial hostile intelligence service contact (some also feel thrill and excitement).

– After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).

– In the course of long term activity subjects may reconsider their involvement.

– Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves, or both.

– Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.

– Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.

According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed.[17] In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.

Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer,. Kampiles suggested that if someone had noted his "problem"—constant conflicts with supervisors and co-workers—and brought in outside counseling, he might not have stolen the KH-11 manual.[17]

By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board.[18] While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the

"essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage."

Counter-SIGINT[編集]

Military and security organizations will provide secure communications, and may monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to specialized technical interception.

Counter-IMINT[編集]

The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.

Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.

Counter-OSINT[編集]

While the concept well precedes the recognition of a discipline of OSINT, the idea of censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.

Great Britain is generally considered to have a very free press, but the UK does have the DA-Notice, formerly D-notice system. Many British journalists find that this system is used fairly, although there will always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.

Counter-MASINT[編集]

MASINT is mentioned here for completeness, but the discipline contains so varied a range of technologies that a type-by-type strategy is beyond the current scope. One example, however, can draw on the Operation RAFTER technique revealed in Wright's book. With the knowledge that Radiofrequency MASINT was being used to pick up an internal frequency in radio receivers, it would be possible to design a shielded receiver that would not radiate the signal that RAFTER monitored.

Theory of offensive counterintelligence[編集]

Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an adversary’s intelligence service or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary’s normal operations.

Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.

Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.

The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its[19] National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:

  1. "Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
  2. "Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added) correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
  3. The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity;identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.

DND further makes the useful clarification,[20] "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."

Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.

Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members “often mistrust and fight among each other, disagree, and vary in conviction.”, are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.

A person willing to take on an offensive counterintelligence role, especially when not starting as a professional member of a service, can present in many ways. A person may be attracted by careful nurturing of a sense that someone may want to act against service A, or may be opportunistic: a walk-in or write-in.

Opportunistic acquisition, as of a walk-in, has the disadvantage of being unexpected and therefore unplanned for: the decision to run a double agent should be made only after a great deal of thought, assessment, and evaluation, and if the candidate comes as a volunteer, the service may have to act without sufficient time for reflection. In this situation the necessity of assessing the candidate conflicts also with the preservation of security, particularly if the officer approached is in covert status. Volunteers and walk-ins are tricky customers, and the possibility of provocation is always present. On the other hand, some of our best operations have been made possible by volunteers. The test of the professional skill of an intelligence organization is its ability to handle situations of this type.[21]

When an agent candidate appears, judgments are needed on four essential questions to decide if a potential operation makes sense, if the candidate is the right person for the operation, and if one's own service can support the operation.

Deciding if a candidate is viable
Question Answer
Has he told you everything? Enough information can ordinarily be obtained in one or two sessions with the candidate to permit testing by polygraph, investigation of leads, and file checks. These steps must be taken very quickly because it is not possible to un-recruit a man. The two areas of possible concealment which are especially dangerous are prior intelligence ties and side-commo.
Does he have stayability? This term combines two concepts—his ability to maintain access to the counterintelligence target for the foreseeable future, and his psychological stamina under the constant (and sometimes steadily increasing) pressure of the double agent's role. If he lacks stayability he may still be useful, but the operation must then be planned for short range.
Does the adversary trust him? Indications of adversary trust can be found in the level of the communications system given him, his length of service, the seniority of the adversary case officer, the nature and level of requirements, and the kind and extent of training provided. If the opposition keeps the agent at arm's length, there is little prospect that doubling him will yield significant returns.
Can you control his communications both ways? Control of communications on your own side can be difficult enough, especially if the agent lives in hostile territory. But control of adversary channels is hard under even the best of circumstances. It requires a great deal of time, technical skill, and—as a rule, manpower.

Negative answers on one or even two of these questions are not ground for immediate rejection of the possible operation. But they are ground for requiring some unusually high entries on the credit side of the ledger.

The initial assessment comes from friendly debriefing or interview. The interviewing officer may be relaxed and casual, but underneath the surface his attitude is one of deliberate purpose: he is trying to find out enough to make an initial judgment of the man sensing the subject's motivations, emotional state and mental processes.

For instance, if an agent walks in, says he is a member of another service, and reveals information so sensitive that the other service would surely not give it away just to establish the informant's bona fides, there are two possibilities:

  • either the agent is telling the truth
  • he is attempting a provocation.

Sometimes, the manner in which the man conducts himself will suggest which of the two it is. In addition to establishing the individual's true identity and examining his documents, there is also a need to gain information on the walk-in's service.

It may be more difficult to determine the reason why the agent presented himself than to establish who he is and what service he represents, because motivation is a complex of mental and emotional drives. The question of the double agent's motivation is approached by the interviewing officer from two angles:

  • the agent's professed reasons
  • the officer's own inferences from his story and behavior.

If a recruit speaks of a high regard for democratic ideology, but casual conversation about Western history and politics may reveal that the potential double agent really has no understanding of democracy. Ideology may not be the real reason why he is willing to cooperate. While it is possible such an individual created a romanticized fantasy of democracy, it is more likely that he is saying what he thinks the CI officer wants to hear. CI officers should make it comfortable for the agent to mention more base motivations: money or revenge. It can be informative to leave such things as luxury catalogs where the agent can see them, and observe if he reacts with desire, repugnance, or disbelief.

To decide between what the officer thinks the motive is and what the agent says it is not easy, because double agents act out of a wide variety of motivations, sometimes psychopathic ones like a masochistic desire for punishment by both services. Others have financial, religious, political, or vindictive motives. The last are often the best double agents: they get pleasure out of deceiving their comrades by their every act day after day.[21]

Making the judgment about the agent's psychological and physical suitability is also difficult. Sometimes a psychologist or psychiatrist can be called in under some pretext. Such professionals, or a well-trained CI officer, may recognize signs of sociopathic personality disorder in potential double agents. From the point of view of the double agent operation, here are their key traits:

Characteristics of sociopaths
They are unusually calm and stable under stress but cannot tolerate routine or boredom They do not form lasting and adult emotional relationships with other people because their attitude toward others is exploitative
They have above-average intelligence. They are good verbalizers—sometimes in two or more languages They are skeptical and even cynical about the motives and abilities of others but have exaggerated notions about their own competence.
Their reliability as agents is largely determined by the extent to which the case officer's instructions coincide with what they consider their own best interests. They are ambitious only in a short range sense: they want much and they want it now. They do not have the patience to plod toward a distant reward.
They are naturally clandestine and enjoy secrecy and deception for its own sake.

The candidate must be considered as a person and the operation as a potential. Possibilities which would otherwise be rejected out of hand can be accepted if the counterintelligence service is or will be in a position to obtain and maintain an independent view of both the double agent and the case.

The estimate of the potential value of the operation must take into consideration whether his service has the requisite personnel, facilities, and technical support; whether running the operation will prejudice other activities of his government; whether it will be necessary or desirable, at the outset or later, to share the case with foreign liaison; and whether the case has political implications.

Types of offensive counterespionage operations[編集]

A subject of offensive counterintelligence starts with a loyalty to one service. In these examples:

  • Service A: Foreign Intelligence Service (FIS) or non-national group
  • Service A1: a client, supporting organization, or ally of A
  • Service B: One's own or an allied service
  • Service B1: a client, supporting organization, or ally of B
  • Service C: A third country's service, which, in this context, should be assumed to be neutral.

Double agents and defectors start out being loyal to service B, which immediately creates the potential for emotional conflict. False flag operations also have the potential for conflict, as these operations recruit people who believe they are working for service C, but they have not been told the truth: they are actually working for service A or B, depending on the nature of the operation.

Mole[編集]

Moles start out as loyal to service A, but may or may not be a trained intelligence officer of that service. Indeed, those that are not trained, but volunteer to penetrate a FIS, may either not understand the risk, or are tremendously brave individuals, highly motivated against Country B and willing to risk its retaliation if their limited preparation reveals their true affiliation.

Starts in A
Joins B
Transmits to A or disrupts operations until leaves or disrupted

Note that some intelligence professionals reserve mole to refer to enemy personnel that personally know important things about enemy intelligence operations, technology, or military plans. A person such as a clerk or courier, who photographs many documents but is not really in a position to explore enemy thinking, is more generically an asset. To be clear, all moles are assets, but not all assets are moles.

One of the more difficult methods involves having the would-be-mole “dangled” – that is luring the adversary intelligence service (or terrorist group) to recruit the opposition’s clandestine intelligence officer who is posing as a “walk-in” (someone who voluntarily offers information) – in the hopes that the adversary will unknowingly take the bait.

Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at a young age, but definitely not reporting or doing anything that would attract suspicion, until reaching a senior position. Kim Philby is an example of an agent actively recruited by Britain while he was already committed to Communism.

False-flag penetrator[編集]

A special case is a false-flag recruitment of a penetrator:

Starts in C
Believes being recruited by A
Actually is recruited by B and sends false information to C

Defector[編集]

An individual may want to leave their service at once, perhaps from high-level disgust, or low-level risk of having been discovered in financial irregularities and is just ahead of arrest. Even so, the defector certainly brings knowledge with him, and may be able to bring documents or other materials of value.

Starts in A
Leaves and goes to B

Defector in place[編集]

Another method is to directly recruit an intelligence officer (or terrorist member) from within the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain their normal duties while spying on their parent service (organization); this is also referred to as recruiting an “agent” or defector in place.[12]

Starts in A
Stays working in A but reporting to B

Double agent[編集]

Before even considering double agent operations, a service has to consider its own resources. Managing that agent will take skill and sophistication, both at the local/case officer and central levels. Complexity goes up astronomically when the service cannot put physical controls on its doubles, as did the Double Cross System in World War II.

From beginning to end, a DA operation must be most carefully planned, executed, and above all, reported. The amount of detail and administrative backstopping seems unbearable at times in such matters. But since penetrations are always in short supply, and defectors can tell less and less of what we need to know as time goes on, because of their cut-off dates, double agents will continue to be part of the scene.[7]

Services functioning abroad—and particularly those operating in areas where the police powers are in neutral or hostile hands—need professional subtlety as well.[21] Case officers must know the agent's area and have a nuanced understanding of his language; this is an extremely unwise situation for using interpreters, since the case officer needs to sense the emotional content of the agent's communication and match it with the details of the information flowing in both directions. Depending on whether the operation is being run in one's own country, an allied country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly territory, the case officer needs both liaison with, and knowledge of, the routine law enforcement and security units in the area, so the operation is not blown because an ordinary policeman gets suspicious and brings the agent in for questioning.

The most preferable situation is that the service running the double agent have complete control of communications. When communications were by Morse code, each operator had a unique rhythm of keying, called a "fist". MASINT techniques of the time recognized individual operators, so it was impossible to substitute a different operator than the agent. The agent also could make deliberate and subtle changes in his keying, to alert his side that he had been turned. While Morse is obsolete, voices are very recognizable and resistant to substitution. Even text communication can have patterns of grammar or word choice, known to the agent and his original service, that can hide a warning of capture.

Full knowledge of [the agent's] past (and especially of any prior intelligence associations), a solid grasp of his behavior pattern (both as an individual and as a member of a national grouping), and rapport in the relationship with him.

The discovery of an adversary intelligence officer who has succeeded in penetrating one’s own organization offers the penetrated intelligence service the possibility of “turning” this officer in order to use him as a “double agent”. The way a double agent case starts deeply affects the operation throughout its life. Almost all of them begin in one of the three ways following:

  • Walk-in or talk-in
  • Detected and doubled, usually under duress
  • Provocation agent

Double agent

Starts in A
Recruited by B
Defects and tells B all he knows (defector)
operates in place (Agent doubled in place) and continues to tell B about A

False flag double agent

Starts in A
Assigned to C
B creates a situation where agent believes he is talking to C, when actually receiving B disinformation

Active penetrator

Starts in A and is actually loyal to A
Goes to B, says he works for A, but wants to switch sides. Gives B access to his communications channel with A
Keeps second communications channel, X with A, about which B knows nothing
Reports operational techniques of B to A via X
Provides disinformation from A to B via X

Passive Provocateur

A does an analysis of C and determines what targets would be attractive to B
A then recruits citizens of C, which A believes will be more loyal to B
The A recruit, a citizen of C, volunteers to B
A can then expose B's penetration of C, hurting B-C relations.

This may be extremely difficult to accomplish, and even if accomplished the real difficulty is maintaining control of this “turned asset”. Controlling an enemy agent who has been turned is a many-faceted and complex exercise that essentially boils down to making certain that the agent’s new-found loyalty remains consistent, which means determining whether the “doubled” agent’s turning is genuine or false. However, this process can be quite convoluted and fraught with uncertainty and suspicion.

Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of and run as a double-agent against the terrorist’s “parent” organization in much the same fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of ease, wherever double-agents are discussed the methodologies generally apply to activities conducted against terrorist groups as well.[12]

A double agent is a person who engages in clandestine activity for two intelligence or security services (or more in joint operations), who provides information about one or about each to the other, and who wittingly withholds significant information from one on the instructions of the other or is unwittingly manipulated by one so that significant facts are withheld from the adversary. Peddlers, fabricators, and others who work for themselves rather than a service are not double agents because they are not agents. The fact that doubles have an agent relationship with both sides distinguishes them from penetrations, who normally are placed with the target service in a staff or officer capacity.

The unwitting double agent is an extremely rare bird. The manipulative skill required to deceive an agent into thinking that he is serving the adversary when in fact he is damaging its interests is plainly of the highest order.

For predictive purposes the most important clue imbedded in the origins of an operation is the agent's original or primary affiliation, whether it was formed voluntarily or not, the length of its duration, and its intensity. The effects of years of clandestine association with the adversary are deep and subtle; the Service B case officer working with a double agent of service A is characterized by an ethnicity or religion may find those bonds run deep, even if the agent hates the government of A. The service B officer may care deeply for the double.

Another result of lengthy prior clandestine service is that the agent may be hard to control in most operations the case officer's superior training and experience give him so decided an edge over the agent that recognition of this superiority makes the agent more tractable. But add to the fact that the experienced double agent may have been in the business longer than his U.S. control his further advantage in having gained a first-hand comparative knowledge of the workings of at least two disparate services, and it is obvious that the case officer's margin of superiority diminishes, vanishes, or even is reversed.

One facet of the efforts to control a double agent operation is to ensure that the double agent is protected from discovery by the parent intelligence service; this is especially true in circumstances where the double agent is a defector-in-place.

Like all other intelligence operations, double agent cases are run to protect and enhance the national security. They serve this purpose principally by providing current counterintelligence about hostile intelligence and security services and about clandestine subversive activities. The service and officer considering a double agent possibility must weigh net national advantage thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of communication with the enemy.

Doubled in place[編集]

A service discovering an adversary agent may offer him employment as a double. His agreement, obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another service has been detected by his original sponsor and who has been persuaded to reverse his affections again also belongs to this dubious class. Many detected and doubled agents degenerate into what are sometimes called "piston agents" or "mailmen," who change their attitudes with their visas as they shunt from side to side.

Operations based on them are little more than unauthorized liaison with the enemy, and usually time-wasting exercises in futility. A notable exception is the detected and unwillingly doubled agent who is relieved to be found out in his enforced service to the adversary.

Active provocateur[編集]

There can be active and passive provocation agents. A double agent may serve as a means through which a provocation can be mounted against a person, an organization, an intelligence or security service, or any affiliated group to induce action to its own disadvantage. The provocation might be aimed at identifying members of the other service, at diverting it to less important objectives, at tying up or wasting its assets and facilities, at sowing dissension within its ranks, at inserting false data into its files to mislead it, at building up in it a tainted file for a specific purpose, at forcing it to surface an activity it wanted to keep hidden, or at bringing public discredit on it, making it look like an organization of idiots. The Soviets and some of the Satellite services, the Poles in particular, are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have been used to mount provocation operations; the double agent is only one of them.

An active one is sent by Service A to Service B to tell B that he works for A but wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the significant information that he is withholding, in compliance with A's orders, is the fact that his offer is being made at A's instigation. He is also very likely to conceal one channel of communication with A-for example, a second secret writing system. Such "side-commo" enables A to keep in full touch while sending through the divulged communications channel only messages meant for adversary eyes. The provocateur may also conceal his true sponsor, claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from us.

Passive provocateur[編集]

Passive provocations are variants involving false-flag recruiting.

In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a species of mirror-reading) and selects those citizens whose access to sources and other qualifications make them most attractive to B. Service A officers, posing as service B officers, recruit the citizens of country C. At some point, service A then exposes these individuals, and complains to country C that country B is subverting its citizens.

The stake-out has a far better chance of success in areas like Africa, where intelligence exploitation of local resources is far less intensive than in Europe, where persons with valuable access are likely to have been approached repeatedly by recruiting services during the postwar years.[21]

Multiply turned agent[編集]

A triple agent can be a double agent that decides his true loyalty is to his original service, or could always have been loyal to his service but is part of an active provocation of your service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another time after that are far more difficult, but in some rare cases, worthwhile.

Any service B controlling, or believing it controls, a double agent, must constantly evaluate the information that agent is providing on service A. While service A may have been willing to sacrifice meaningful information, or even other human assets, to help an intended penetration agent establish his bona fides, at some point, service A may start providing useless or misleading information as part of the goal of service A. In the World War II Double Cross System, another way the British controllers (i.e., service B in this example) kept the Nazis believing in their agent, was that the British let true information flow, but too late for the Germans to act on it. The double agent might send information indicating that a lucrative target was in range of a German submarine, but, by the time the information reaches the Germans, they confirm the report was true because the ship is now docked in a safe port that would have been a logical destination on the course reported by the agent.[22] While the Double Cross System actively handled the double agent, the information sent to the Germans was part of the overall Operation Bodyguard deception program of the London Controlling Section. Bodyguard was meant to convince the Germans that the Allies planned their main invasion at one of several places, none of which were Normandy. As long as the Germans found those deceptions credible, which they did, they reinforced the other locations. Even when the large landings came at Normandy, deception operations continued, convincing the Germans that Operation Neptune at Normandy was a feint, so that they held back their strategic reserves. By the time it became apparent that Normandy was indeed the main invasions, the strategic reserves had been under heavy air attack, and the lodgment was sufficiently strong that the reduced reserves could not push it back.

There are other benefits to analyzing the exchange of information between the double agent and his original service, such as learning the priorities of service A through the information requests they are sending to an individual they believe is working for them. If the requests all turn out to be for information that service B could not use against A, and this becomes a pattern, service A may have realized their agent has been turned.

Since maintaining control over double agents is tricky at best, it is not hard to see how problematic this methodology can become. The potential for multiple turnings of agents and perhaps worse, the turning of one’s own intelligence officers (especially those working within counterintelligence itself), poses a serious risk to any intelligence service wishing to employ these techniques. This may be the reason that triple-agent operations appear not to have been undertaken by U.S. counterintelligence in some espionage cases that have come to light in recent years, particularly among those involving high-level penetrations. Although the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both of whom were senior counterintelligence officers in their respective agencies who volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent operations were not attempted throughout the community writ large, these two cases suggest that neutralization operations may be the preferred method of handling adversary double agent operations vice the more aggressive exploitation of these potential triple-agent sources.[12]

Triple agent

Starts out working for B
Volunteers to be a defector-in-place for A
Discovered by B
Offers his communications with A to B, so B may gain operational data about A and send disinformation to A

A concern with triple agents, of course, is if they have changed loyalties twice, why not a third or even more times? Consider a variant where the agent remains fundamentally loyal to B

Quadruple agent

Starts out working for B
Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that B has discovered and is controlling him
Discovered by B
Offers his communications with A to B.
B actually gets disinformation about A's operational techniques
A learns what B wants to know, such as potential vulnerabilities of A, which A will then correct

Successes such as the British Double Cross System or the German Operation North Pole show that these types of operations are indeed feasible. Therefore, despite the obviously very risky and extremely complex nature of double agent operations, the potentially quite lucrative intelligence windfall – the disruption or deception of an adversary service – makes them an inseparable component of exploitation operations.[12]

If a double agent wants to come home to Service A, how can he offer a better way to redeem himself than recruiting the Service B case officer that was running his double agent case, essentially redoubling the direction of the operation? If the case officer refuses, that is apt to be the end of the operation. If the attempt fails, of course, the whole operation has to be terminated. A creative agent can tell his case office, even if he had not been tripled, that he had been loyal all along, and the case officer would, at best, be revealed as a fool.

Occasionally a service runs a double agent whom it knows to be under the control of the other service and therefore has little ability to manipulate or even one who it knows has been successfully redoubled. The question why a service sometimes does this is a valid one. One reason for us is humanitarian: when the other service has gained physical control of the agent by apprehending him in a denied area, we often continue the operation even though we know that he has been doubled back because we want to keep him alive if we can>.

Another reason might be a desire to determine how the other service conducts its double agent operations or what it uses for operational build-up or deception material and from what level it is disseminated. There might be other advantages, such as deceiving the opposition as to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to continue running the known redoubled agent in order to conceal other operations. It might want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in a provocation being run against the opposition elsewhere.

Running a known redoubled agent is like playing poker against a professional who has marked the cards but who presumably is unaware that you can read the backs as well as he can.[21]

Running offensive counterespionage operations[編集]

Control is the capacity of a case officer of country B to generate, alter, or halt agent behavior by using or indicating his capacity to use physical or psychological means of leverage. And a case officer working overseas does not control a double agent the way a policeman controls an informer. At best, the matter is in shades of gray. The case officer has to consider that the double from country A still has contact with country B.

Before the case officer pushes a button on the agent's control panel he should know what is likely to happen next. For example, pressure exerted bluntly or blindly, without insight into the agent's motivation and personality, may cause him to tell the truth to the adversary as a means of escaping from a painful situation.

The target service (A) inevitably exercises some control over the double agent, if only in his performance of the tasks that it assigns to him. B, in fact, has to be careful not to disrupt the double's relation with his own service, warning service A of a control. Even if the positive side is being run so poorly that the misguided agent is in danger of coming to the attention of local authorities whose intervention would spoil the CI aspect too, the case officer must restrain his natural impulse to button up the adversary's operation for him. At the very most, he can suggest that the agent complain to the hostile case officer about insecure practices, and then only if the agent's sophistication and relationship with that case officer make such a complaint seem normal.

Physical control of the double is likely only with agents captured in war. The best possible outside capture is either to have the double live where he can be watched, or at least work in a place where he can be watched. Control of the agent's communications is very close to physical control. Communications control, at least partial, is essential: the agent himself is controlled to a considerable extent if his communications are controlled. But even when his communications are completely controlled, a welltrained agent doubled against his will can appear to be cooperating but manage at an opportune moment to send a signal to his own service indicating that he is under duress.

With only partial control, if the agent is in communication with the opposition service through a courier, dead drop, or live drop, some control or surveillance has to be established over these meetings or servicings. The double agent who makes trips in and out of the area where he can be physically controlled presents a multiplicity of problems.[21]

Balancing risk and reward in offensive counterespionage[編集]

The nature and value of the double agent's functions depend greatly on his personal ability as well as on his mission for the other service. He can always report on the objectives and conduct of this mission and possibly more broadly on the positive and counterintelligence targets of the other service or on its plans. If he is skillful and well trained, he can do valuable work by exploiting the weaknesses of others: all intelligence officers of any service, despite their training, have some weaknesses.

One's own side may triple an agent, or turn even more times than that. With each turn, the chances of deception increase, so in such operations, the quality of the agent's services needs to be checked constantly. If the agent no longer elicits trust, he might be offered exfiltration if in a foreign country. He might be retired and given an advisory position where he handles no secrets, but might be useful as an occasional reference.

A rare agent may actually understand the thinking of the highest levels of government policy. This may not be purely a matter of his assignment; Oleg Penkovsky had social ties to high-ranking generals.

An agent, who has been with his service any appreciable time, will be able to provide a good deal of information on the practices, and possibly resources, of his FIS. Other than for the most important of agents, a service is not apt to invent new communications techniques, either for hard-copy passed by dead drop or courier, or for electronic transmission. Information on capabilities comes indirectly, from the level of technology and manufacturing quality with the country-specific equipment with which he was provided.

Some agencies, however, make a point of providing their agents with "sterile" equipment obtained commercially from third countries. If that is their pattern, it may become obvious only if multiple agents are compared at the national CI level. A sufficiently sophisticated agency may obtain different third-country equipment for different agents, leaving the operational instructions as the only detail that may establish a pattern.

The double agent serves also as a controlled channel through which information can be passed to the other service, either to build up the agent in its estimation or for purposes of deception. In the complex matter of deception we may distinguish here between

  • operational deception, that concerning the service's own capabilities, intentions, and control of the agent, and
  • national deception, that concerning the intentions of the controlling government or other components of it.

National deception operations are usually very delicate, frequently involving the highest levels of the government, and therefore require prior coordination and approval at the national headquarters level.

The double agent channel can be used by the controlling service to insert data into the mechanisms of the other service with a number of possible objectives—for example, to detect its activities in some field. The inserted material is designed to induce certain actions on the part of the other service, which are then observed through another operation or group of operations. The material has to be designed very skillfully if it is to deceive the other service and produce the desired reactions. Such a situation might arise if a case officer handling several operations wanted to set up still another and needed to find out in advance what the pertinent operational pattern was.

Running the operation: do's and dont's[編集]

The following principles apply to the handling of all double agent operations in varying degrees. In composite they form a check-list against which ongoing operations might be periodically reviewed—and given special examination with the appearance of danger signals.[21]

Monitoring, testing and managing the double agent[編集]

"Testing is a continuous process." In accordance with the doctrine in force, use your own, or assistance from psychological specialists, look for changes in motivation. Where appropriate, use a polygraph or newer techniques for detecting emotional stress. Without revealing the penetration, cross-check the information from the agents, including technical analysis of documents and equipment, surveillance, and further research into verifying the agent's story (i.e., "legend" in tradecraft) While "name traces cannot be run on every person mentioned by the agent, do not be stingy with them on persons who have familial, emotional, or business ties with him" in verifying his legend.

T, but only as a double." Improve his own security and cover as a double. Do not, however, improve his intelligence collection skills. The hostile service might make use of information that he collects independently, or they may become suspicious if his skill and reporting suddenly improve. If he has been a bad speller in his reports to his service, don't volunteer to copy edit!

"Require the agent to report and, as security permits, turn over to you everything he gets from the other side: money, gifts, equipment, documents, etc." This is a delicate balance. If he thinks he doesn't have to report something to you, he can become confused about who gets what. At the same time, use judgment to keep him motivated. Rather than confiscating payments to him, you might deposit them in a third-country bank account of which he is aware, and that he can access on termination.

"Prepare all briefings carefully." Teaching him resistance to interrogation may improve his security, but it also may make his service suspicious if his manner, to them, changes.

"Keep analyzing the agent as well as the case." Labels such as "anti-Communist", "militant Jihadi", "morally offended by own side" can oversimplify and interfere with your own understanding of his thinking.

"Review the case file periodically." Always be thinking if the situation would be improved with improvements in your cover, his cover, or the cover for the operational techniques. Think about how new facts validate or invalidate the old. You may be able to ferret out the real priorities of the opposition with a historical perspective, looking at what they told him to follow up out of his reporting.

"Decide early in the operation how it will be terminated if the need arises." The last thing you want to do is leave an angry agent in place, in a hostile service. Transfer him to another case officer or allied agency, or arrange his escape to your side.

Managing expectations of the hostile service[編集]

"Mirror-read" Constantly think about the operation as if you were in the opposing service. Think about what they are receiving from your agent, their satisfaction with it, and their perception of the agent and his capabilities. Do not assume the other side thinks as your service does, a special risk for the United States. The US tends to rely more on technical collection and OSINT than many other world services; the USSR regarded espionage as the most important collection technique, even when they could have used OSINT to collect the same information.

"Be careful about awakening in the hostile service an appetite which cannot later be satisfied without giving away too much." Do not give the agent material, attractive to the other service, but that they might realize he could not have obtained on his own. As long as you are monitoring what he collects before sending it to the other side, let him operate in his own way. By letting him do this, you may detect vulnerabilities that have been missed by your own service, but you can stop the material being sent, or create appropriate disinformation.

"Avoid interference." Let the other service solve—or not solve—agent problems in their usual manner. For example, if the agent is arrested, do not immediately and visibly intervene. In such a situation, the other side may expose additional resources either to support the agent or to provide alternate means of collection. This can always be explained to the agent, with some truth, that you are not giving obvious help to protect his security to his own service.

"Be constantly alert for hostile provocation". If the agent reports a crisis with his service, do not take it at face value; always look for the plot within a plot, but keep perspective. The opposition are not supermen.

"If the adversary appears to be a Satellite [client] service", do not forget that the more powerful organization may not be pulling the strings. A local ideological terror group may well be receiving direction from a distant transnational group. Consider the possibility of false-flag agents in such circumstances.

Protecting your own service[編集]

"Report the case frequently, quickly, and in detail." The FIS has a headquarters staff looking globally for penetrations; why should you not take advantage of your central resources? "Only timely and full reporting to your headquarters will permit it to help you effectively." Keep a full record, including dates, of all adversary assignments given the agent.

"Keep precise records" of any of your own side's classified material fed to the agent. Both for protecting your service and yourself, keep careful notes about who approved the release.

"Do not plan a deception operation or pass deception material without prior headquarters approval."

"Do not reveal your service's assets or CI knowledge to a double." It is vital that double agents be run within the framework of their own materials—the information which they themselves supply. The more you keep from an experienced double the information he should not have, the more he will be reassured that his own safety is in good hands.

"Do not run the operation in a vacuum." Be aware of any political implications that it may have, locally or internationally. Ask for advice when you aren't sure.

"If the operation is joint, weigh, its probable effect upon the liaison relationship." What should you do if the joint service(s) change their priorities?

参考文献[編集]

  • Field Manual No.2(FM 2-0) "Intelligence" (Department of the Army, 17 May 2004)
  • Johnson, William R. Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer (2009)

関連項目[編集]

脚注[編集]

  1. ^ Executive Order 12333. (1981, December 4). United States Intelligence Activities, Section 3.4(a). EO provisions found in 46 FR 59941, 3 CFR, 1981 Comp., p.1
  2. ^ Lowenthal, M. (2003). Intelligence: From secrets to policy. Washington, DC: CQ Press.
  3. ^ Counterintelligence Investigations”. 2008年5月8日閲覧。
  4. ^ Archick, Kristen (2006年7月24日). “European Approaches to Homeland Security and Counterterrorism (PDF)”. Congressional Research Service. 2007年11月5日閲覧。
  5. ^ Dulles, Allen W. (1977). The Craft of Intelligence. Greenwood. ISBN 0-8371-9452-0. Dulles-1977. 
  6. ^ a b Wisner, Frank G. (1993年9月22日). “On "The Craft of Intelligence"”. 2007年11月3日閲覧。
  7. ^ a b c d Matschulat, Austin B. (1996年7月2日). “Coordination and Cooperation in Counerintelligence”. 2007年11月3日閲覧。
  8. ^ Joint Publication 3-07.1: Joint Tactics, Techniques,and Procedures for Foreign Internal Defense (FID) (PDF)” (2004年4月30日). 2007年11月3日閲覧。
  9. ^ a b National Counterintelligence Executive (NCIX) (PDF)” (2007年). Template:Cite webの呼び出しエラー:引数 accessdate は必須です。
  10. ^ Suvorov, Victor (1984). “Chapter 4, Agent Recruiting”. Inside Soviet Military Intelligence. MacMillan Publishing Company. http://militera.lib.ru/research/suvorov8/16.html 
  11. ^ a b US Department of the Army (1995年10月3日). “Field Manual 34-60: Counterintelligence”. 2007年11月4日閲覧。
  12. ^ a b c d e Gleghorn, Todd E. (2003年9月). “Exposing the Seams: the Impetus for Reforming US Counterintelligence (PDF)”. 2007年11月2日閲覧。
  13. ^ US Department of Defense (2007年7月12日). “Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms (PDF)”. 2007年10月1日閲覧。
  14. ^ Imbus, Michael T (2002年4月). “Identifying Threats: Improving Intelligence and Counterintelligence Support to Force Protection (PDF)”. 2007年11月3日閲覧。
  15. ^ Joint Chiefs of Staff (2007年6月22日). “Joint Publication 2-0: Intelligence (PDF)”. 2007年11月5日閲覧。
  16. ^ Intelligence Community Staff (1990年4月12日). “Project Slammer Interim Progress Report”. 2007年11月4日閲覧。
  17. ^ a b Stein, Jeff (July 5, 1994). “The Mole's Manual”. New York Times. http://query.nytimes.com/gst/fullpage.html?res=9503E5D91E3CF936A35754C0A962958260&sec=&spon=&pagewanted=print 2007年11月4日閲覧。 
  18. ^ Security Policy Advisory Board (1997年12月12日). “Security Policy Advisory Board Meeting Minutes”. 2007年11月4日閲覧。
  19. ^ Canadian Forces National Counter-Intelligence Unit” (2003年3月28日). 2007年11月19日閲覧。
  20. ^ Security Intelligence Liaison Program” (2003年3月28日). 2007年11月19日閲覧。
  21. ^ a b c d e f g Begoum, F.M. (18 September 1995). “Observations on the Double Agent”. Studies in Intelligence. https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol6no1/pdf/v06i1a05p.pdf 2007年11月3日閲覧。 
  22. ^ Brown, Anthony Cave (1975). Bodyguard of Lies: The Extraordinary True Story Behind D-Day. 

外部リンク[編集]