|この項目「防諜」は途中まで翻訳されたものです。（原文：Counterintelligence at 17:44, 4 June 2014 UTC.）
- 1 概要
- 2 防諜手段
- 3 防諜機関
- 4 防諜の任務
- 5 防御的CIの任務
- 6 Theory of offensive counterintelligence
- 7 Types of offensive counterespionage operations
- 8 Running offensive counterespionage operations
- 9 参考文献
- 10 関連項目
- 11 脚注
- 12 外部リンク
- 防諜捜査（CI investigation）：公安警察による法に基づく捜査活動。
- 防諜作戦（― operation）：支援作戦と機密作戦に分類される。
- 支援作戦（― support operation）：情報保全を支援。
- 機密作戦（― sensitive operation）：外国政府の諜報活動に対する攻勢作戦。対スパイ（counter-espionage；略語CE）作戦を含む。
- 防諜収集（― collection）
- 収集活動（Collection activity）：外国政府の諜報活動に関する情報収集。
- 情報源の収集活動（CASO: Collection Activities and Source Operations）：直接の脅威に関する情報収集。
- 機能サービス（Functional Services）：
- 脅威評価（TVA：threat vulnerability assessment）：
- 敵諜報模擬（Adversary intelligence simulation）：レッド・チーム評価（Red Team Evaluation）
- 秘匿エージェント支援（Covering agent support）
- 技術サービス（― Technical Services）
- 嘘発見器（Intelligence polygraph）
- コンピュータ・ネットワーク作戦（CNO:Computer Network Operation）
- 対信号諜報（C-SIGINT:Counter-Signals Intelligence）
- 技術サービス（Technical services）：防諜機関の技術的支援。
- イスラエル公安庁 シャバック（שב"כ）
にみられるセキュリティの分野の多様性もまた、インテリジェンス・セキュリティ・マネジメントと防諜の学問分野に含まれる。The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security.例えば、諜報機関が通信を傍受して特定の国で使われているただひとつの特定の無線送信機を識別したとき、その人物が使用した無線送信機を検知したということは、防諜の対象となるスパイの存在を示唆していることになる。特に、防諜は、少なくとも他のものと比べ、ヒューミントのディシプリンに関する情報収集と大きな関係を持っている。防諜は情報の生産と保護の両方を行うことができる。
多くの国の政府は、これらの保護の責任を分散させている。アメリカのCIAの防諜体制は、人員と設備の保護は警備部（Office of Security）に、情報の保護は国家秘密本部（NCS）内の防諜部と各地域部が連携して担当している。防諜の第一人者といわれるジェームズ・ジーザス・アングルトンが防諜部長を務めていた時は、防諜部は全く独自に業務を遂行していた。アメリカ軍の防諜体制は同様に、複雑に分割されてきた。
囚人に協力する選択する手段が与えられている場合、または深刻な状況に直面している場合、そしてスパイ活動によって死刑が言い渡されている場合を含むいくつかの状況では、最初の手順として逮捕という措置が取られる。Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.
- すべての分野のセキュリティに携わる人員に対して教育を施すこと。この内容は脅威に関する複数のディシプリンについてのブリーフィングである。ブリーフィングの焦点と機密種別のレベルは調整することができるし、されなければならない、Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.
より最近のアメリカ軍が使用しているインテリジェンスのドクトリンは、その基本的な対象を、通常カウンターテロリズムを含む、カウンター・ヒューミントにだけ向けるよう厳しく制限されている。軍事または他のリソースに対する脅威に関するすべての情報収集活動について、誰が責任を負うのか、このドクトリンのもとでは必ずしも明確ではない。アメリカ軍のカウンターインテリジェンスのドクトリンの総覧については、統合作戦を支援するためのカウンターインテリジェンスとヒューマンインテリジェンス（Joint Publication (JP) 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations）として資料が公開されている。
Counter-HUMINT deals with both the detection of hostile HUMINT sources within an organization, or the detection of individuals likely to become hostile HUMINT sources, as a mole or double agent. There is an additional category relevant to the broad spectrum of counterintelligence: why one becomes a terrorist.
The acronym MICE:
- Compromise (or coercion)
describes the most common reasons people break trust and disclose classified materials, reveal operations to hostile services, or join terrorist groups. It makes sense, therefore, to monitor trusted personnel for risks in these areas, such as financial stress, extreme political views, potential vulnerabilities for blackmail, and excessive need for approval or intolerance of criticism. With luck, problems in an employee can be caught early, assistance can be provided to correct them, and not only is espionage avoided, but a useful employee retained. See Motives for spying for specific examples.
Sometimes, the preventive and neutralization tasks overlap, as in the case of Earl Edwin Pitts. Pitts had been an FBI agent who had sold secret information to the Soviets, and, after the fall of the USSR, to the Russians. He was caught by an FBI false flag sting, in which FBI agents, posing as Russian FSB agents, came to Pitts with an offer to "reactivate" him. His activities seemed motivated by both Money and Ego over perceived bad treatment when he was an FBI agent. His sentence required him to tell the FBI all he knew of foreign agents. Ironically, he told them of suspicious actions by Robert Hanssen, which were not taken seriously at the time.
Motivations for information and operations discloure[編集]
To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of Project Slammer, an Intelligence Community sponsored study of espionage. It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage."
|His basic belief structure||– Special, even unique.
– His situation is not satisfactory.
– No other (easier) option (than to engage in espionage).
– Doing only what others frequently do.
– Not a bad person.
– His performance in his government job (if presently employed) is separate from espionage; espionage does not (really) discount his contribution in the workplace.
– Security procedures do not (really) apply to him.
– Security programs (e.g., briefings) have no meaning for him, unless they connect with something with which he can personally identify.
|He feels isolated from the consequences of his actions:||– He sees his situation in a context in which he faces continually narrowing options, until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.
– He sees espionage as a "Victimless" crime.
– Once he considers espionage, he figures out how he might do it. These are mutually reinforcing, often simultaneous events.
– He finds that it is easy to go around security safeguards (he is able to solve that problem). He belittles the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces his resolve.
|Attempts to cope with espionage activity||– He is anxious on initial hostile intelligence service contact (some also feel thrill and excitement).
– After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).
– In the course of long term activity subjects may reconsider their involvement.
– Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves, or both.
– Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.
– Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.
According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed. In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.
Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer,. Kampiles suggested that if someone had noted his "problem"—constant conflicts with supervisors and co-workers—and brought in outside counseling, he might not have stolen the KH-11 manual.
By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board. While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the
"essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage."
Military and security organizations will provide secure communications, and may monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to specialized technical interception.
The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.
Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.
While the concept well precedes the recognition of a discipline of OSINT, the idea of censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.
Great Britain is generally considered to have a very free press, but the UK does have the DA-Notice, formerly D-notice system. Many British journalists find that this system is used fairly, although there will always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.
MASINT is mentioned here for completeness, but the discipline contains so varied a range of technologies that a type-by-type strategy is beyond the current scope. One example, however, can draw on the Operation RAFTER technique revealed in Wright's book. With the knowledge that Radiofrequency MASINT was being used to pick up an internal frequency in radio receivers, it would be possible to design a shielded receiver that would not radiate the signal that RAFTER monitored.
Theory of offensive counterintelligence[編集]
Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an adversary’s intelligence service or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary’s normal operations.
Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.
Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.
The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:
- "Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
- "Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added) correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
- The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity;identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.
DND further makes the useful clarification, "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."
Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.
Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members “often mistrust and fight among each other, disagree, and vary in conviction.”, are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.
A person willing to take on an offensive counterintelligence role, especially when not starting as a professional member of a service, can present in many ways. A person may be attracted by careful nurturing of a sense that someone may want to act against service A, or may be opportunistic: a walk-in or write-in.
Opportunistic acquisition, as of a walk-in, has the disadvantage of being unexpected and therefore unplanned for: the decision to run a double agent should be made only after a great deal of thought, assessment, and evaluation, and if the candidate comes as a volunteer, the service may have to act without sufficient time for reflection. In this situation the necessity of assessing the candidate conflicts also with the preservation of security, particularly if the officer approached is in covert status. Volunteers and walk-ins are tricky customers, and the possibility of provocation is always present. On the other hand, some of our best operations have been made possible by volunteers. The test of the professional skill of an intelligence organization is its ability to handle situations of this type.
When an agent candidate appears, judgments are needed on four essential questions to decide if a potential operation makes sense, if the candidate is the right person for the operation, and if one's own service can support the operation.
|Has he told you everything?||Enough information can ordinarily be obtained in one or two sessions with the candidate to permit testing by polygraph, investigation of leads, and file checks. These steps must be taken very quickly because it is not possible to un-recruit a man. The two areas of possible concealment which are especially dangerous are prior intelligence ties and side-commo.|
|Does he have stayability?||This term combines two concepts—his ability to maintain access to the counterintelligence target for the foreseeable future, and his psychological stamina under the constant (and sometimes steadily increasing) pressure of the double agent's role. If he lacks stayability he may still be useful, but the operation must then be planned for short range.|
|Does the adversary trust him?||Indications of adversary trust can be found in the level of the communications system given him, his length of service, the seniority of the adversary case officer, the nature and level of requirements, and the kind and extent of training provided. If the opposition keeps the agent at arm's length, there is little prospect that doubling him will yield significant returns.|
|Can you control his communications both ways?||Control of communications on your own side can be difficult enough, especially if the agent lives in hostile territory. But control of adversary channels is hard under even the best of circumstances. It requires a great deal of time, technical skill, and—as a rule, manpower.|
Negative answers on one or even two of these questions are not ground for immediate rejection of the possible operation. But they are ground for requiring some unusually high entries on the credit side of the ledger.
The initial assessment comes from friendly debriefing or interview. The interviewing officer may be relaxed and casual, but underneath the surface his attitude is one of deliberate purpose: he is trying to find out enough to make an initial judgment of the man sensing the subject's motivations, emotional state and mental processes.
For instance, if an agent walks in, says he is a member of another service, and reveals information so sensitive that the other service would surely not give it away just to establish the informant's bona fides, there are two possibilities:
- either the agent is telling the truth
- he is attempting a provocation.
Sometimes, the manner in which the man conducts himself will suggest which of the two it is. In addition to establishing the individual's true identity and examining his documents, there is also a need to gain information on the walk-in's service.
It may be more difficult to determine the reason why the agent presented himself than to establish who he is and what service he represents, because motivation is a complex of mental and emotional drives. The question of the double agent's motivation is approached by the interviewing officer from two angles:
- the agent's professed reasons
- the officer's own inferences from his story and behavior.
If a recruit speaks of a high regard for democratic ideology, but casual conversation about Western history and politics may reveal that the potential double agent really has no understanding of democracy. Ideology may not be the real reason why he is willing to cooperate. While it is possible such an individual created a romanticized fantasy of democracy, it is more likely that he is saying what he thinks the CI officer wants to hear. CI officers should make it comfortable for the agent to mention more base motivations: money or revenge. It can be informative to leave such things as luxury catalogs where the agent can see them, and observe if he reacts with desire, repugnance, or disbelief.
To decide between what the officer thinks the motive is and what the agent says it is not easy, because double agents act out of a wide variety of motivations, sometimes psychopathic ones like a masochistic desire for punishment by both services. Others have financial, religious, political, or vindictive motives. The last are often the best double agents: they get pleasure out of deceiving their comrades by their every act day after day.
Making the judgment about the agent's psychological and physical suitability is also difficult. Sometimes a psychologist or psychiatrist can be called in under some pretext. Such professionals, or a well-trained CI officer, may recognize signs of sociopathic personality disorder in potential double agents. From the point of view of the double agent operation, here are their key traits:
|They are unusually calm and stable under stress but cannot tolerate routine or boredom||They do not form lasting and adult emotional relationships with other people because their attitude toward others is exploitative|
|They have above-average intelligence. They are good verbalizers—sometimes in two or more languages||They are skeptical and even cynical about the motives and abilities of others but have exaggerated notions about their own competence.|
|Their reliability as agents is largely determined by the extent to which the case officer's instructions coincide with what they consider their own best interests.||They are ambitious only in a short range sense: they want much and they want it now. They do not have the patience to plod toward a distant reward.|
|They are naturally clandestine and enjoy secrecy and deception for its own sake.|
The candidate must be considered as a person and the operation as a potential. Possibilities which would otherwise be rejected out of hand can be accepted if the counterintelligence service is or will be in a position to obtain and maintain an independent view of both the double agent and the case.
The estimate of the potential value of the operation must take into consideration whether his service has the requisite personnel, facilities, and technical support; whether running the operation will prejudice other activities of his government; whether it will be necessary or desirable, at the outset or later, to share the case with foreign liaison; and whether the case has political implications.
Types of offensive counterespionage operations[編集]
A subject of offensive counterintelligence starts with a loyalty to one service. In these examples:
- Service A: Foreign Intelligence Service (FIS) or non-national group
- Service A1: a client, supporting organization, or ally of A
- Service B: One's own or an allied service
- Service B1: a client, supporting organization, or ally of B
- Service C: A third country's service, which, in this context, should be assumed to be neutral.
Double agents and defectors start out being loyal to service B, which immediately creates the potential for emotional conflict. False flag operations also have the potential for conflict, as these operations recruit people who believe they are working for service C, but they have not been told the truth: they are actually working for service A or B, depending on the nature of the operation.
Moles start out as loyal to service A, but may or may not be a trained intelligence officer of that service. Indeed, those that are not trained, but volunteer to penetrate a FIS, may either not understand the risk, or are tremendously brave individuals, highly motivated against Country B and willing to risk its retaliation if their limited preparation reveals their true affiliation.
- Starts in A
- Joins B
- Transmits to A or disrupts operations until leaves or disrupted
Note that some intelligence professionals reserve mole to refer to enemy personnel that personally know important things about enemy intelligence operations, technology, or military plans. A person such as a clerk or courier, who photographs many documents but is not really in a position to explore enemy thinking, is more generically an asset. To be clear, all moles are assets, but not all assets are moles.
One of the more difficult methods involves having the would-be-mole “dangled” – that is luring the adversary intelligence service (or terrorist group) to recruit the opposition’s clandestine intelligence officer who is posing as a “walk-in” (someone who voluntarily offers information) – in the hopes that the adversary will unknowingly take the bait.
Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at a young age, but definitely not reporting or doing anything that would attract suspicion, until reaching a senior position. Kim Philby is an example of an agent actively recruited by Britain while he was already committed to Communism.
A special case is a false-flag recruitment of a penetrator:
- Starts in C
- Believes being recruited by A
- Actually is recruited by B and sends false information to C
An individual may want to leave their service at once, perhaps from high-level disgust, or low-level risk of having been discovered in financial irregularities and is just ahead of arrest. Even so, the defector certainly brings knowledge with him, and may be able to bring documents or other materials of value.
- Starts in A
- Leaves and goes to B
Defector in place[編集]
Another method is to directly recruit an intelligence officer (or terrorist member) from within the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain their normal duties while spying on their parent service (organization); this is also referred to as recruiting an “agent” or defector in place.
- Starts in A
- Stays working in A but reporting to B
Before even considering double agent operations, a service has to consider its own resources. Managing that agent will take skill and sophistication, both at the local/case officer and central levels. Complexity goes up astronomically when the service cannot put physical controls on its doubles, as did the Double Cross System in World War II.
From beginning to end, a DA operation must be most carefully planned, executed, and above all, reported. The amount of detail and administrative backstopping seems unbearable at times in such matters. But since penetrations are always in short supply, and defectors can tell less and less of what we need to know as time goes on, because of their cut-off dates, double agents will continue to be part of the scene.
Services functioning abroad—and particularly those operating in areas where the police powers are in neutral or hostile hands—need professional subtlety as well. Case officers must know the agent's area and have a nuanced understanding of his language; this is an extremely unwise situation for using interpreters, since the case officer needs to sense the emotional content of the agent's communication and match it with the details of the information flowing in both directions. Depending on whether the operation is being run in one's own country, an allied country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly territory, the case officer needs both liaison with, and knowledge of, the routine law enforcement and security units in the area, so the operation is not blown because an ordinary policeman gets suspicious and brings the agent in for questioning.
The most preferable situation is that the service running the double agent have complete control of communications. When communications were by Morse code, each operator had a unique rhythm of keying, called a "fist". MASINT techniques of the time recognized individual operators, so it was impossible to substitute a different operator than the agent. The agent also could make deliberate and subtle changes in his keying, to alert his side that he had been turned. While Morse is obsolete, voices are very recognizable and resistant to substitution. Even text communication can have patterns of grammar or word choice, known to the agent and his original service, that can hide a warning of capture.
Full knowledge of [the agent's] past (and especially of any prior intelligence associations), a solid grasp of his behavior pattern (both as an individual and as a member of a national grouping), and rapport in the relationship with him.
The discovery of an adversary intelligence officer who has succeeded in penetrating one’s own organization offers the penetrated intelligence service the possibility of “turning” this officer in order to use him as a “double agent”. The way a double agent case starts deeply affects the operation throughout its life. Almost all of them begin in one of the three ways following:
- Walk-in or talk-in
- Detected and doubled, usually under duress
- Provocation agent
- Starts in A
- Recruited by B
- Defects and tells B all he knows (defector)
- operates in place (Agent doubled in place) and continues to tell B about A
False flag double agent
- Starts in A
- Assigned to C
- B creates a situation where agent believes he is talking to C, when actually receiving B disinformation
- Starts in A and is actually loyal to A
- Goes to B, says he works for A, but wants to switch sides. Gives B access to his communications channel with A
- Keeps second communications channel, X with A, about which B knows nothing
- Reports operational techniques of B to A via X
- Provides disinformation from A to B via X
- A does an analysis of C and determines what targets would be attractive to B
- A then recruits citizens of C, which A believes will be more loyal to B
- The A recruit, a citizen of C, volunteers to B
- A can then expose B's penetration of C, hurting B-C relations.
This may be extremely difficult to accomplish, and even if accomplished the real difficulty is maintaining control of this “turned asset”. Controlling an enemy agent who has been turned is a many-faceted and complex exercise that essentially boils down to making certain that the agent’s new-found loyalty remains consistent, which means determining whether the “doubled” agent’s turning is genuine or false. However, this process can be quite convoluted and fraught with uncertainty and suspicion.
Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of and run as a double-agent against the terrorist’s “parent” organization in much the same fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of ease, wherever double-agents are discussed the methodologies generally apply to activities conducted against terrorist groups as well.
A double agent is a person who engages in clandestine activity for two intelligence or security services (or more in joint operations), who provides information about one or about each to the other, and who wittingly withholds significant information from one on the instructions of the other or is unwittingly manipulated by one so that significant facts are withheld from the adversary. Peddlers, fabricators, and others who work for themselves rather than a service are not double agents because they are not agents. The fact that doubles have an agent relationship with both sides distinguishes them from penetrations, who normally are placed with the target service in a staff or officer capacity.
The unwitting double agent is an extremely rare bird. The manipulative skill required to deceive an agent into thinking that he is serving the adversary when in fact he is damaging its interests is plainly of the highest order.
For predictive purposes the most important clue imbedded in the origins of an operation is the agent's original or primary affiliation, whether it was formed voluntarily or not, the length of its duration, and its intensity. The effects of years of clandestine association with the adversary are deep and subtle; the Service B case officer working with a double agent of service A is characterized by an ethnicity or religion may find those bonds run deep, even if the agent hates the government of A. The service B officer may care deeply for the double.
Another result of lengthy prior clandestine service is that the agent may be hard to control in most operations the case officer's superior training and experience give him so decided an edge over the agent that recognition of this superiority makes the agent more tractable. But add to the fact that the experienced double agent may have been in the business longer than his U.S. control his further advantage in having gained a first-hand comparative knowledge of the workings of at least two disparate services, and it is obvious that the case officer's margin of superiority diminishes, vanishes, or even is reversed.
One facet of the efforts to control a double agent operation is to ensure that the double agent is protected from discovery by the parent intelligence service; this is especially true in circumstances where the double agent is a defector-in-place.
Like all other intelligence operations, double agent cases are run to protect and enhance the national security. They serve this purpose principally by providing current counterintelligence about hostile intelligence and security services and about clandestine subversive activities. The service and officer considering a double agent possibility must weigh net national advantage thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of communication with the enemy.
Doubled in place[編集]
A service discovering an adversary agent may offer him employment as a double. His agreement, obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another service has been detected by his original sponsor and who has been persuaded to reverse his affections again also belongs to this dubious class. Many detected and doubled agents degenerate into what are sometimes called "piston agents" or "mailmen," who change their attitudes with their visas as they shunt from side to side.
Operations based on them are little more than unauthorized liaison with the enemy, and usually time-wasting exercises in futility. A notable exception is the detected and unwillingly doubled agent who is relieved to be found out in his enforced service to the adversary.
There can be active and passive provocation agents. A double agent may serve as a means through which a provocation can be mounted against a person, an organization, an intelligence or security service, or any affiliated group to induce action to its own disadvantage. The provocation might be aimed at identifying members of the other service, at diverting it to less important objectives, at tying up or wasting its assets and facilities, at sowing dissension within its ranks, at inserting false data into its files to mislead it, at building up in it a tainted file for a specific purpose, at forcing it to surface an activity it wanted to keep hidden, or at bringing public discredit on it, making it look like an organization of idiots. The Soviets and some of the Satellite services, the Poles in particular, are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have been used to mount provocation operations; the double agent is only one of them.
An active one is sent by Service A to Service B to tell B that he works for A but wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the significant information that he is withholding, in compliance with A's orders, is the fact that his offer is being made at A's instigation. He is also very likely to conceal one channel of communication with A-for example, a second secret writing system. Such "side-commo" enables A to keep in full touch while sending through the divulged communications channel only messages meant for adversary eyes. The provocateur may also conceal his true sponsor, claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his actual control is the A-a fact which the Soviets conceal from the Satellite as carefully as from us.
Passive provocations are variants involving false-flag recruiting.
In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a species of mirror-reading) and selects those citizens whose access to sources and other qualifications make them most attractive to B. Service A officers, posing as service B officers, recruit the citizens of country C. At some point, service A then exposes these individuals, and complains to country C that country B is subverting its citizens.
The stake-out has a far better chance of success in areas like Africa, where intelligence exploitation of local resources is far less intensive than in Europe, where persons with valuable access are likely to have been approached repeatedly by recruiting services during the postwar years.
Multiply turned agent[編集]
A triple agent can be a double agent that decides his true loyalty is to his original service, or could always have been loyal to his service but is part of an active provocation of your service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another time after that are far more difficult, but in some rare cases, worthwhile.
Any service B controlling, or believing it controls, a double agent, must constantly evaluate the information that agent is providing on service A. While service A may have been willing to sacrifice meaningful information, or even other human assets, to help an intended penetration agent establish his bona fides, at some point, service A may start providing useless or misleading information as part of the goal of service A. In the World War II Double Cross System, another way the British controllers (i.e., service B in this example) kept the Nazis believing in their agent, was that the British let true information flow, but too late for the Germans to act on it. The double agent might send information indicating that a lucrative target was in range of a German submarine, but, by the time the information reaches the Germans, they confirm the report was true because the ship is now docked in a safe port that would have been a logical destination on the course reported by the agent. While the Double Cross System actively handled the double agent, the information sent to the Germans was part of the overall Operation Bodyguard deception program of the London Controlling Section. Bodyguard was meant to convince the Germans that the Allies planned their main invasion at one of several places, none of which were Normandy. As long as the Germans found those deceptions credible, which they did, they reinforced the other locations. Even when the large landings came at Normandy, deception operations continued, convincing the Germans that Operation Neptune at Normandy was a feint, so that they held back their strategic reserves. By the time it became apparent that Normandy was indeed the main invasions, the strategic reserves had been under heavy air attack, and the lodgment was sufficiently strong that the reduced reserves could not push it back.
There are other benefits to analyzing the exchange of information between the double agent and his original service, such as learning the priorities of service A through the information requests they are sending to an individual they believe is working for them. If the requests all turn out to be for information that service B could not use against A, and this becomes a pattern, service A may have realized their agent has been turned.
Since maintaining control over double agents is tricky at best, it is not hard to see how problematic this methodology can become. The potential for multiple turnings of agents and perhaps worse, the turning of one’s own intelligence officers (especially those working within counterintelligence itself), poses a serious risk to any intelligence service wishing to employ these techniques. This may be the reason that triple-agent operations appear not to have been undertaken by U.S. counterintelligence in some espionage cases that have come to light in recent years, particularly among those involving high-level penetrations. Although the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both of whom were senior counterintelligence officers in their respective agencies who volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent operations were not attempted throughout the community writ large, these two cases suggest that neutralization operations may be the preferred method of handling adversary double agent operations vice the more aggressive exploitation of these potential triple-agent sources.
- Starts out working for B
- Volunteers to be a defector-in-place for A
- Discovered by B
- Offers his communications with A to B, so B may gain operational data about A and send disinformation to A
A concern with triple agents, of course, is if they have changed loyalties twice, why not a third or even more times? Consider a variant where the agent remains fundamentally loyal to B
- Starts out working for B
- Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that B has discovered and is controlling him
- Discovered by B
- Offers his communications with A to B.
- B actually gets disinformation about A's operational techniques
- A learns what B wants to know, such as potential vulnerabilities of A, which A will then correct
Successes such as the British Double Cross System or the German Operation North Pole show that these types of operations are indeed feasible. Therefore, despite the obviously very risky and extremely complex nature of double agent operations, the potentially quite lucrative intelligence windfall – the disruption or deception of an adversary service – makes them an inseparable component of exploitation operations.
If a double agent wants to come home to Service A, how can he offer a better way to redeem himself than recruiting the Service B case officer that was running his double agent case, essentially redoubling the direction of the operation? If the case officer refuses, that is apt to be the end of the operation. If the attempt fails, of course, the whole operation has to be terminated. A creative agent can tell his case office, even if he had not been tripled, that he had been loyal all along, and the case officer would, at best, be revealed as a fool.
Occasionally a service runs a double agent whom it knows to be under the control of the other service and therefore has little ability to manipulate or even one who it knows has been successfully redoubled. The question why a service sometimes does this is a valid one. One reason for us is humanitarian: when the other service has gained physical control of the agent by apprehending him in a denied area, we often continue the operation even though we know that he has been doubled back because we want to keep him alive if we can>.
Another reason might be a desire to determine how the other service conducts its double agent operations or what it uses for operational build-up or deception material and from what level it is disseminated. There might be other advantages, such as deceiving the opposition as to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to continue running the known redoubled agent in order to conceal other operations. It might want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in a provocation being run against the opposition elsewhere.
Running a known redoubled agent is like playing poker against a professional who has marked the cards but who presumably is unaware that you can read the backs as well as he can.
Running offensive counterespionage operations[編集]
Control is the capacity of a case officer of country B to generate, alter, or halt agent behavior by using or indicating his capacity to use physical or psychological means of leverage. And a case officer working overseas does not control a double agent the way a policeman controls an informer. At best, the matter is in shades of gray. The case officer has to consider that the double from country A still has contact with country B.
Before the case officer pushes a button on the agent's control panel he should know what is likely to happen next. For example, pressure exerted bluntly or blindly, without insight into the agent's motivation and personality, may cause him to tell the truth to the adversary as a means of escaping from a painful situation.
The target service (A) inevitably exercises some control over the double agent, if only in his performance of the tasks that it assigns to him. B, in fact, has to be careful not to disrupt the double's relation with his own service, warning service A of a control. Even if the positive side is being run so poorly that the misguided agent is in danger of coming to the attention of local authorities whose intervention would spoil the CI aspect too, the case officer must restrain his natural impulse to button up the adversary's operation for him. At the very most, he can suggest that the agent complain to the hostile case officer about insecure practices, and then only if the agent's sophistication and relationship with that case officer make such a complaint seem normal.
Physical control of the double is likely only with agents captured in war. The best possible outside capture is either to have the double live where he can be watched, or at least work in a place where he can be watched. Control of the agent's communications is very close to physical control. Communications control, at least partial, is essential: the agent himself is controlled to a considerable extent if his communications are controlled. But even when his communications are completely controlled, a welltrained agent doubled against his will can appear to be cooperating but manage at an opportune moment to send a signal to his own service indicating that he is under duress.
With only partial control, if the agent is in communication with the opposition service through a courier, dead drop, or live drop, some control or surveillance has to be established over these meetings or servicings. The double agent who makes trips in and out of the area where he can be physically controlled presents a multiplicity of problems.
Balancing risk and reward in offensive counterespionage[編集]
The nature and value of the double agent's functions depend greatly on his personal ability as well as on his mission for the other service. He can always report on the objectives and conduct of this mission and possibly more broadly on the positive and counterintelligence targets of the other service or on its plans. If he is skillful and well trained, he can do valuable work by exploiting the weaknesses of others: all intelligence officers of any service, despite their training, have some weaknesses.
One's own side may triple an agent, or turn even more times than that. With each turn, the chances of deception increase, so in such operations, the quality of the agent's services needs to be checked constantly. If the agent no longer elicits trust, he might be offered exfiltration if in a foreign country. He might be retired and given an advisory position where he handles no secrets, but might be useful as an occasional reference.
A rare agent may actually understand the thinking of the highest levels of government policy. This may not be purely a matter of his assignment; Oleg Penkovsky had social ties to high-ranking generals.
An agent, who has been with his service any appreciable time, will be able to provide a good deal of information on the practices, and possibly resources, of his FIS. Other than for the most important of agents, a service is not apt to invent new communications techniques, either for hard-copy passed by dead drop or courier, or for electronic transmission. Information on capabilities comes indirectly, from the level of technology and manufacturing quality with the country-specific equipment with which he was provided.
Some agencies, however, make a point of providing their agents with "sterile" equipment obtained commercially from third countries. If that is their pattern, it may become obvious only if multiple agents are compared at the national CI level. A sufficiently sophisticated agency may obtain different third-country equipment for different agents, leaving the operational instructions as the only detail that may establish a pattern.
The double agent serves also as a controlled channel through which information can be passed to the other service, either to build up the agent in its estimation or for purposes of deception. In the complex matter of deception we may distinguish here between
- operational deception, that concerning the service's own capabilities, intentions, and control of the agent, and
- national deception, that concerning the intentions of the controlling government or other components of it.
National deception operations are usually very delicate, frequently involving the highest levels of the government, and therefore require prior coordination and approval at the national headquarters level.
The double agent channel can be used by the controlling service to insert data into the mechanisms of the other service with a number of possible objectives—for example, to detect its activities in some field. The inserted material is designed to induce certain actions on the part of the other service, which are then observed through another operation or group of operations. The material has to be designed very skillfully if it is to deceive the other service and produce the desired reactions. Such a situation might arise if a case officer handling several operations wanted to set up still another and needed to find out in advance what the pertinent operational pattern was.
Running the operation: do's and dont's[編集]
The following principles apply to the handling of all double agent operations in varying degrees. In composite they form a check-list against which ongoing operations might be periodically reviewed—and given special examination with the appearance of danger signals.
Monitoring, testing and managing the double agent[編集]
"Testing is a continuous process." In accordance with the doctrine in force, use your own, or assistance from psychological specialists, look for changes in motivation. Where appropriate, use a polygraph or newer techniques for detecting emotional stress. Without revealing the penetration, cross-check the information from the agents, including technical analysis of documents and equipment, surveillance, and further research into verifying the agent's story (i.e., "legend" in tradecraft) While "name traces cannot be run on every person mentioned by the agent, do not be stingy with them on persons who have familial, emotional, or business ties with him" in verifying his legend.
T, but only as a double." Improve his own security and cover as a double. Do not, however, improve his intelligence collection skills. The hostile service might make use of information that he collects independently, or they may become suspicious if his skill and reporting suddenly improve. If he has been a bad speller in his reports to his service, don't volunteer to copy edit!
"Require the agent to report and, as security permits, turn over to you everything he gets from the other side: money, gifts, equipment, documents, etc." This is a delicate balance. If he thinks he doesn't have to report something to you, he can become confused about who gets what. At the same time, use judgment to keep him motivated. Rather than confiscating payments to him, you might deposit them in a third-country bank account of which he is aware, and that he can access on termination.
"Prepare all briefings carefully." Teaching him resistance to interrogation may improve his security, but it also may make his service suspicious if his manner, to them, changes.
"Keep analyzing the agent as well as the case." Labels such as "anti-Communist", "militant Jihadi", "morally offended by own side" can oversimplify and interfere with your own understanding of his thinking.
"Review the case file periodically." Always be thinking if the situation would be improved with improvements in your cover, his cover, or the cover for the operational techniques. Think about how new facts validate or invalidate the old. You may be able to ferret out the real priorities of the opposition with a historical perspective, looking at what they told him to follow up out of his reporting.
"Decide early in the operation how it will be terminated if the need arises." The last thing you want to do is leave an angry agent in place, in a hostile service. Transfer him to another case officer or allied agency, or arrange his escape to your side.
Managing expectations of the hostile service[編集]
"Mirror-read" Constantly think about the operation as if you were in the opposing service. Think about what they are receiving from your agent, their satisfaction with it, and their perception of the agent and his capabilities. Do not assume the other side thinks as your service does, a special risk for the United States. The US tends to rely more on technical collection and OSINT than many other world services; the USSR regarded espionage as the most important collection technique, even when they could have used OSINT to collect the same information.
"Be careful about awakening in the hostile service an appetite which cannot later be satisfied without giving away too much." Do not give the agent material, attractive to the other service, but that they might realize he could not have obtained on his own. As long as you are monitoring what he collects before sending it to the other side, let him operate in his own way. By letting him do this, you may detect vulnerabilities that have been missed by your own service, but you can stop the material being sent, or create appropriate disinformation.
"Avoid interference." Let the other service solve—or not solve—agent problems in their usual manner. For example, if the agent is arrested, do not immediately and visibly intervene. In such a situation, the other side may expose additional resources either to support the agent or to provide alternate means of collection. This can always be explained to the agent, with some truth, that you are not giving obvious help to protect his security to his own service.
"Be constantly alert for hostile provocation". If the agent reports a crisis with his service, do not take it at face value; always look for the plot within a plot, but keep perspective. The opposition are not supermen.
"If the adversary appears to be a Satellite [client] service", do not forget that the more powerful organization may not be pulling the strings. A local ideological terror group may well be receiving direction from a distant transnational group. Consider the possibility of false-flag agents in such circumstances.
Protecting your own service[編集]
"Report the case frequently, quickly, and in detail." The FIS has a headquarters staff looking globally for penetrations; why should you not take advantage of your central resources? "Only timely and full reporting to your headquarters will permit it to help you effectively." Keep a full record, including dates, of all adversary assignments given the agent.
"Keep precise records" of any of your own side's classified material fed to the agent. Both for protecting your service and yourself, keep careful notes about who approved the release.
"Do not plan a deception operation or pass deception material without prior headquarters approval."
"Do not reveal your service's assets or CI knowledge to a double." It is vital that double agents be run within the framework of their own materials—the information which they themselves supply. The more you keep from an experienced double the information he should not have, the more he will be reassured that his own safety is in good hands.
"Do not run the operation in a vacuum." Be aware of any political implications that it may have, locally or internationally. Ask for advice when you aren't sure.
"If the operation is joint, weigh, its probable effect upon the liaison relationship." What should you do if the joint service(s) change their priorities?
- Field Manual No.2(FM 2-0) "Intelligence" (Department of the Army, 17 May 2004)
- Johnson, William R. Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer (2009)
- en:Irregular Warfare
- en:List of Counterintelligence Organizations
- スメルシ (Soviet counter-intelligence, abbreviation of the phrase "Smash Spies")
- en:X-2 Counter Espionage Branch
- ^ Executive Order 12333. (1981, December 4). United States Intelligence Activities, Section 3.4(a). EO provisions found in 46 FR 59941, 3 CFR, 1981 Comp., p.1
- ^ Lowenthal, M. (2003). Intelligence: From secrets to policy. Washington, DC: CQ Press.
- ^ Archick, Kristen (2006年7月24日). “ (PDF)”. Congressional Research Service. 2007年11月5日閲覧。
- ^ “Counterintelligence Investigations”. 2008年5月8日閲覧。
- ^ Dulles, Allen W. (1977). The Craft of Intelligence. Greenwood. . Dulles-1977.
- ^ a b Wisner, Frank G. (1993年9月22日). “On "The Craft of Intelligence"”. 2007年11月3日閲覧。
- ^ a b c Matschulat, Austin B. (1996年7月2日). “Coordination and Cooperation in Counerintelligence”. 2007年11月3日閲覧。
- ^ “(PDF)” (2004年4月30日). 2007年11月3日閲覧。
- ^ a b “(PDF)” (2007年). 2015年1月22日閲覧。
- ^ Suvorov, Victor (1984). “Chapter 4, Agent Recruiting”. Inside Soviet Military Intelligence. MacMillan Publishing Company
- ^ a b US Department of the Army (1995年10月3日). “Field Manual 34-60: Counterintelligence”. 2007年11月4日閲覧。
- ^ a b c d e Gleghorn, Todd E. (2003年9月). “ (PDF)”. 2007年11月2日閲覧。
- ^ US Department of Defense (2007年7月12日). “ (PDF)”. 2007年10月1日閲覧。
- ^ Imbus, Michael T (2002年4月). “ (PDF)”. 2007年11月3日閲覧。
- ^ Joint Chiefs of Staff (2007年6月22日). “ (PDF)”. 2007年11月5日閲覧。
- ^ Intelligence Community Staff (1990年4月12日). “Project Slammer Interim Progress Report”. 2007年11月4日閲覧。
- ^ a b Stein, Jeff (July 5, 1994). "The Mole's Manual". New York Times. Retrieved 2007-11-04.
- ^ Security Policy Advisory Board (1997年12月12日). “Security Policy Advisory Board Meeting Minutes”. 2007年11月4日閲覧。
- ^ “Canadian Forces National Counter-Intelligence Unit” (2003年3月28日). 2007年11月19日閲覧。
- ^ “Security Intelligence Liaison Program” (2003年3月28日). 2007年11月19日閲覧。
- ^ a b c d e f g Begoum, F.M. (18 September 1995). "Observations on the Double Agent". Studies in Intelligence. Retrieved 2007-11-03.
- ^ Brown, Anthony Cave (1975). Bodyguard of Lies: The Extraordinary True Story Behind D-Day.