Counter-intelligence - Theory of Offensive Counterintelligence

Theory of Offensive Counterintelligence

Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an adversary’s intelligence service or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary’s normal operations.

Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.

Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.

The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:

1. "Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
2. "Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added) correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
3. The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity;identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.

DND further makes the useful clarification, "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."

Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.

Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members “often mistrust and fight among each other, disagree, and vary in conviction.”, are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.

A person willing to take on an offensive counterintelligence role, especially when not starting as a professional member of a service, can present in many ways. A person may be attracted by careful nurturing of a sense that someone may want to act against service A, or may be opportunistic: a walk-in or write-in.

Opportunistic acquisition, as of a walk-in, has the disadvantage of being unexpected and therefore unplanned for: the decision to run a double agent should be made only after a great deal of thought, assessment, and evaluation, and if the candidate comes as a volunteer, the service may have to act without sufficient time for reflection. In this situation the necessity of assessing the candidate conflicts also with the preservation of security, particularly if the officer approached is in covert status. Volunteers and walk-ins are tricky customers, and the possibility of provocation is always present. On the other hand, some of our best operations have been made possible by volunteers. The test of the professional skill of an intelligence organization is its ability to handle situations of this type.

When an agent candidate appears, judgments are needed on four essential questions to decide if a potential operation makes sense, if the candidate is the right person for the operation, and if one's own service can support the operation.

Negative answers on one or even two of these questions are not ground for immediate rejection of the possible operation. But they are ground for requiring some unusually high entries on the credit side of the ledger.

The initial assessment comes from friendly debriefing or interview. The interviewing officer may be relaxed and casual, but underneath the surface his attitude is one of deliberate purpose: he is trying to find out enough to make an initial judgment of the man sensing the subject's motivations, emotional state and mental processes.

For instance, if an agent walks in, says he is a member of another service, and reveals information so sensitive that the other service would surely not give it away just to establish the informant's bona fides, there are two possibilities:

• either the agent is telling the truth
• he is attempting a provocation.

Sometimes, the manner in which the man conducts himself will suggest which of the two it is. In addition to establishing the individual's true identity and examining his documents, there is also a need to gain information on the walk-in's service.

It may be more difficult to determine the reason why the agent presented himself than to establish who he is and what service he represents, because motivation is a complex of mental and emotional drives. The question of the double agent's motivation is approached by the interviewing officer from two angles:

• the agent's professed reasons
• the officer's own inferences from his story and behavior.

If a recruit speaks of a high regard for democratic ideology, but casual conversation about Western history and politics may reveal that the potential double agent really has no understanding of democracy. Ideology may not be the real reason why he is willing to cooperate. While it is possible such an individual created a romanticized fantasy of democracy, it is more likely that he is saying what he thinks the CI officer wants to hear. CI officers should make it comfortable for the agent to mention more base motivations: money or revenge. It can be informative to leave such things as luxury catalogs where the agent can see them, and observe if he reacts with desire, repugnance, or disbelief.

To decide between what the officer thinks the motive is and what the agent says it is not easy, because double agents act out of a wide variety of motivations, sometimes psychopathic ones like a masochistic desire for punishment by both services. Others have financial, religious, political, or vindictive motives. The last are often the best double agents: they get pleasure out of deceiving their comrades by their every act day after day.

Making the judgment about the agent's psychological and physical suitability is also difficult. Sometimes a psychologist or psychiatrist can be called in under some pretext. Such professionals, or a well-trained CI officer, may recognize signs of sociopathic personality disorder in potential double agents. From the point of view of the double agent operation, here are their key traits:

The candidate must be considered as a person and the operation as a potential. Possibilities which would otherwise be rejected out of hand can be accepted if the counterintelligence service is or will be in a position to obtain and maintain an independent view of both the double agent and the case.

The estimate of the potential value of the operation must take into consideration whether his service has the requisite personnel, facilities, and technical support; whether running the operation will prejudice other activities of his government; whether it will be necessary or desirable, at the outset or later, to share the case with foreign liaison; and whether the case has political implications.