Counterintelligence is an activity aimed at protecting an agency's intelligence program against an opposition's intelligence service.[1] It likewise refers to information gathered and activities conducted to counter espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons, international terrorist activities, sometimes including personnel, physical, document, or communications security programs.[2]

Civilian Photo Technicians (in back of jeep) working for Counter Intelligence Corps, are accounted for by Captain... - NARA - 198977
Civilian photo technicians (in back of jeep) working for Counter Intelligence Corps are accounted for at a checkpoint in Potsdam, Germany, July 14, 1945


Great Game cartoon from 1878
Political cartoon depicting the Afghan Emir Sher Ali with his "friends" the Russian Bear and British Lion (1878). The Great Game saw the rise of systematic espionage and surveillance throughout the region by both powers

Modern tactics of espionage and dedicated government intelligence agencies developed over the course of the late-19th century. A key background to this development was The Great Game - the strategic rivalry and conflict between the British Empire and the Russian Empire throughout Central Asia between 1830 and 1895. To counter Russian ambitions in the region and the potential threat it posed to the British position in India, the Indian Civil Service built up a system of surveillance, intelligence and counterintelligence. The existence of this shadowy conflict was popularised in Rudyard Kipling's famous spy book, Kim (1901), where he portrayed the Great Game (a phrase Kipling popularised) as an espionage and intelligence conflict that "never ceases, day or night".[3]

The establishment of dedicated intelligence and counterintelligence organizations had much to do with the colonial rivalries between the major European powers and to the accelerating development of military technology. As espionage became more widely used, it became imperative to expand the role of existing police and internal security forces into a role of detecting and countering foreign spies. The Evidenzbureau (founded in the Austrian Empire in 1850) had the role from the late-19th century of countering the actions of the Pan-Slavist movement operating out of Serbia.

After the fallout from the Dreyfus Affair of 1894-1906 in France, responsibility for French military counter-espionage passed in 1899 to the Sûreté générale—an agency originally responsible for order enforcement and public safety—and overseen by the Ministry of the Interior.[4]

Okhranka group photo
The Okhrana, founded in 1880, had the task of countering enemy espionage against Imperial Russia. St. Petersburg Okhrana group photo, 1905

The Okhrana[5] initially formed in 1880 to combat political terrorism and left-wing revolutionary activity throughout the Russian Empire, was also tasked with countering enemy espionage.[6] Its main concern was the activities of revolutionaries, who often worked and plotted subversive actions from abroad. It set up a branch in Paris, run by Pyotr Rachkovsky, to monitor their activities. The agency used many methods to achieve its goals, including covert operations, undercover agents, and "perlustration"—the interception and reading of private correspondence. The Okhrana became notorious for its use of agents provocateurs, who often succeeded in penetrating the activities of revolutionary groups - including the Bolsheviks.[7]

Integrated counterintelligence agencies run directly by governments were also established. The British government founded the Secret Service Bureau in 1909 as the first independent and interdepartmental agency fully in control over all government counterintelligence activities.

Due to intense lobbying from William Melville and after he obtained German mobilization plans and proof of their financial support to the Boers, the British government authorized the formation of a new intelligence section in the War Office, MO3 (subsequently redesignated M05) headed by Melville, in 1903. Working under-cover from a flat in London, Melville ran both counterintelligence and foreign intelligence operations, capitalizing on the knowledge and foreign contacts he had accumulated during his years running Special Branch.

Due to its success, the Government Committee on Intelligence, with support from Richard Haldane and Winston Churchill, established the Secret Service Bureau in 1909 as a joint initiative of the Admiralty, the War Office and the Foreign Office to control secret intelligence operations in the UK and overseas, particularly concentrating on the activities of the Imperial German government. Its first director was Captain Sir George Mansfield Smith-Cumming alias "C".[8] The Secret Service Bureau was split into a foreign and counter-intelligence domestic service in 1910. The latter, headed by Sir Vernon Kell, originally aimed at calming public fears of large-scale German espionage.[9] As the Service was not authorized with police powers, Kell liaised extensively with the Special Branch of Scotland Yard (headed by Basil Thomson), and succeeded in disrupting the work of Indian revolutionaries collaborating with the Germans during the war. Instead of a system whereby rival departments and military services would work on their own priorities with little to no consultation or cooperation with each other, the newly established Secret Intelligence Service was interdepartmental, and submitted its intelligence reports to all relevant government departments.[10]

For the first time, governments had access to peacetime, centralized independent intelligence and counterintelligence bureaucracy with indexed registries and defined procedures, as opposed to the more ad hoc methods used previously.


Collective counterintelligence is gaining information about an opponent's intelligence collection capabilities whose aim is at an entity.

Defensive counterintelligence is thwarting efforts by hostile intelligence services to penetrate the service.

Offensive counterintelligence is having identified an opponent's efforts against the system, trying to manipulate these attacks by either "turning" the opponent's agents into double agents or feeding them false information to report.[11]

Counterintelligence, counterterror, and government

Many governments organize counterintelligence agencies separately and distinct from their intelligence collection services. In most countries the counterintelligence mission is spread over multiple organizations, though one usually predominates. There is usually a domestic counterintelligence service, usually part of a larger law enforcement organization such as the Federal Bureau of Investigation in the United States.

The United Kingdom has the separate Security Service, also known as MI5, which does not have direct police powers but works closely with law enforcement especially Special Branch that can carry out arrests, do searches with a warrant, etc.

The Russian Federation's major domestic security organization is the FSB, which principally came from the Second Chief Directorate and Third Chief Directorate of the USSR's KGB.

Canada separates the functions of general defensive counterintelligence (contre-ingérence), security intelligence (the intelligence preparation necessary to conduct offensive counterintelligence), law enforcement intelligence, and offensive counterintelligence.

Military organizations have their own counterintelligence forces, capable of conducting protective operations both at home and when deployed abroad.[12] Depending on the country, there can be various mixtures of civilian and military in foreign operations. For example, while offensive counterintelligence is a mission of the US CIA's National Clandestine Service, defensive counterintelligence is a mission of the U.S. Diplomatic Security Service (DSS), Department of State, who work on protective security for personnel and information processed abroad at US Embassies and Consulates.[13]

The term counter-espionage is really specific to countering HUMINT, but, since virtually all offensive counterintelligence involves exploiting human sources, the term "offensive counterintelligence" is used here to avoid some ambiguous phrasing.

Other countries also deal with the proper organization of defenses against Foreign Intelligence Services (FIS), often with separate services with no common authority below the head of government.

France, for example, builds its domestic counterterror in a law enforcement framework. In France, a senior anti-terror magistrate is in charge of defense against terrorism. French magistrates have multiple functions that overlap US and UK functions of investigators, prosecutors, and judges. An anti-terror magistrate may call upon France's domestic intelligence service Direction de la surveillance du territoire (DST), which may work with the Direction générale de la sécurité extérieure (DGSE), foreign intelligence service.

Spain gives its Interior Ministry, with military support, the leadership in domestic counterterrorism. For international threats, the National Intelligence Center (CNI) has responsibility. CNI, which reports directly to the Prime Minister, is staffed principally by which is subordinated directly to the Prime Minister's office. After the March 11, 2004 Madrid train bombings, the national investigation found problems between the Interior Ministry and CNI, and, as a result, the National Anti-Terrorism Coordination Center was created. Spain's 3/11 Commission called for this Center to do operational coordination as well as information collection and dissemination.[14] The military has organic counterintelligence to meet specific military needs.

Counterintelligence missions

Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles,[15] that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services."[16] Today's counterintelligence missions have broadened from the time when the threat was restricted to the foreign intelligence services (FIS) under the control of nation-states. Threats have broadened to include threats from non-national or trans-national groups, including internal insurgents, organized crime, and transnational based groups (often called "terrorists", but that is limiting). Still, the FIS term remains the usual way of referring to the threat against which counterintelligence protects.

In modern practice, several missions are associated with counterintelligence from the national to the field level.

  • Defensive analysis is the practice of looking for vulnerabilities in one's own organization, and, with due regard for risk versus benefit, closing the discovered holes.
  • Offensive Counterespionage is the set of techniques that, at a minimum, neutralizes discovered FIS personnel and arrests them or, in the case of diplomats, expels them by declaring them persona non grata. Beyond that minimum, it exploits FIS personnel to gain intelligence for one's own side, or actively manipulates the FIS personnel to damage the hostile FIS organization.
  • Counterintelligence Force Protection Source Operations (CFSO) are human source operations, conducted abroad that are intended to fill the existing gap in national level coverage in protecting a field station or force from terrorism and espionage.

Counterintelligence is part of intelligence cycle security, which, in turn, is part of intelligence cycle management. A variety of security disciplines also fall under intelligence security management and complement counterintelligence, including:

The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target. In particular, counterintelligence has a significant relationship with the collection discipline of HUMINT and at least some relationship with the others. Counterintelligence can both produce information and protect it.

All U.S. departments and agencies with intelligence functions are responsible for their own security abroad, except those that fall under Chief of Mission authority.[17]

Governments try to protect three things:

  • Their personnel
  • Their installations
  • Their operations

In many governments, the responsibility for protecting these things is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operations: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.

This kind of division clearly requires close coordination, and this in fact occurs on a daily basis. The interdependence of the US counterintelligence community is also manifest in our relationships with liaison services. We cannot cut off these relationships because of concern about security, but experience has certainly shown that we must calculate the risks involved.[17]

On the other side of the CI coin, counterespionage has one purpose which transcends all others in importance: penetration. The emphasis which the KGB places on penetration is evident in the cases already discussed from the defensive, or security viewpoint. The best security system in the world cannot provide an adequate defense against it because the technique involves people. The only way to be sure that an enemy has been contained is to know his plans in advance and in detail.

Moreover, only a high-level penetration of the opposition can tell you whether your own service is penetrated. A high-level defector can also do this, but the adversary knows that he defected and within limits can take remedial action. Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with penetrations can be like shooting fish in a barrel.[17]

In the British service, the cases of the Cambridge Five, and the later suspicions about MI5 chief Sir Roger Hollis caused great internal dissension. Clearly, the British were penetrated by Philby, but it has never been determined, in any public forum, if there were other serious penetrations. In the US service, there was also significant disruption over the contradictory accusations about moles from defectors Anatoliy Golitsyn and Yuri Nosenko, and their respective supporters in CIA and the British Security Service (MI5). Golitsyn was generally believed by Angleton. George Kisevalter, the CIA operations officer that was the CIA side of the joint US-UK handling of Oleg Penkovsky, did not believe Angleton's theory that Nosenko was a KGB plant. Nosenko had exposed John Vassall, a KGB asset principally in the British Admiralty, but there were arguments Vassall was a KGB sacrifice to protect other operations, including Nosenko and a possibly more valuable source on the Royal Navy.

Defensive counterintelligence

Defensive counterintelligence starts by looking for places in one's own organization that could easily be exploited by foreign intelligence services (FIS). FIS is an established term of art in the counterintelligence community, and, in today's world, "foreign" is shorthand for "opposing". Opposition might indeed be a country, but it could be a transnational group or an internal insurgent group. Operations against a FIS might be against one's own nation, or another friendly nation. The range of actions that might be done to support a friendly government can include a wide range of functions, certainly including military or counterintelligence activities, but also humanitarian aid and aid to development (i.e., "nation building").[18]

Terminology here is still emerging, and "transnational group" could include not only terrorist groups but also transnational criminal organization. Transnational criminal organizations include the drug trade, money laundering, extortion targeted against computer or communications systems, smuggling, etc.

"Insurgent" could be a group opposing a recognized government by criminal or military means, as well as conducting clandestine intelligence and covert operations against the government in question, which could be one's own or a friendly one.

Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. Counterespionage may involve proactive acts against foreign intelligence services, such as double agents, deception, or recruiting foreign intelligence officers. While clandestine HUMINT sources can give the greatest insight into the adversary's thinking, they may also be most vulnerable to the adversary's attacks on one's own organization. Before trusting an enemy agent, remember that such people started out as being trusted by their own countries. They may still be loyal to that country.

Offensive counterintelligence operations

Wisner emphasized his own, and Dulles', views that the best defense against foreign attacks on, or infiltration of, intelligence services is active measures against those hostile services.[16] This is often called counterespionage: measures taken to detect enemy espionage or physical attacks against friendly intelligence services, prevent damage and information loss, and, where possible, to turn the attempt back against its originator. Counterespionage goes beyond being reactive, and actively tries to subvert hostile intelligence services, by recruiting agents in the foreign service, by discrediting personnel actually loyal to their own service, and taking away resources that would be useful to the hostile service. All of these actions apply to non-national threats as well as to national organizations.

If the hostile action is in one's own country, or in a friendly one with cooperating police, the hostile agents may be arrested, or, if diplomats, declared persona non grata. From the perspective of one's own intelligence service, exploiting the situation to the advantage of one's side is usually preferable to arrest or actions that might result in the death of the threat. The intelligence priority sometimes comes into conflict with the instincts of one's own law enforcement organizations, especially when the foreign threat combines foreign personnel with citizens of one's country.

In some circumstances, arrest may be a first step, in which the prisoner is given the choice of cooperating, or facing severe consequence up to and including a death sentence for espionage. Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.

Counterintelligence protection of intelligence services

Defensive counterintelligence specifically for intelligence services involves risk assessment of their culture, sources, methods and resources. Risk management must constantly reflect those assessments, since effective intelligence operations are often risk-taking. Even while taking calculated risks, the services need to mitigate risk with appropriate countermeasures.

FIS are especially able to explore open societies, and, in that environment, have been able to subvert insiders in the intelligence community. Offensive counterespionage is the most powerful tool for finding penetrators and neutralizing them, but it is not the only tool. Understanding what leads individuals to turn on their own side is the focus of Project Slammer. Without undue violations of personal privacy, systems can be developed to spot anomalous behavior, especially in the use of information systems.

Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards.[19]

Intelligence is vulnerable not only to external but also to internal threats. Subversion, treason, and leaks expose our vulnerabilities, our governmental and commercial secrets, and our intelligence sources and methods. This insider threat has been a source of extraordinary damage to US national security, as with Aldrich Ames, Robert Hanssen, and Edward Lee Howard, all of whom had access to major clandestine activities. Had an electronic system to detect anomalies in browsing through counterintellence files been in place, Robert Hanssen's searches for suspicion of activities of his Soviet (and later Russian) paymasters might have surfaced early. Anomalies might simply show that an especially creative analyst has a trained intuition possible connections, and is trying to research them.

Adding these new tools and techniques to [national arsenals], the counterintelligence community will seek to manipulate foreign spies, conduct aggressive investigations, make arrests and, where foreign officials are involved, expel them for engaging in practices inconsistent with their diplomatic status or exploit them as an unwitting channel for deception, or turn them into witting double agents.[19] "Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information but also aware of its connection to intelligence activities.

Victor Suvorov, the pseudonym of a former Soviet military intelligence (i.e., GRU) officer, makes the point that a defecting HUMINT officer is a special threat to walk-in or other volunteer assets of the country that he is leaving. Volunteers who are "warmly welcomed" do not take into consideration the fact that they are despised by hostile intelligence agents.

The Soviet operational officer, having seen a great deal of the ugly face of communism, very frequently feels the utmost repulsion to those who sell themselves to it willingly. And when a GRU or KGB officer decides to break with his criminal organization, something which fortunately happens quite often, the first thing he will do is try to expose the hated volunteer.[20]

Counterintelligence force protection source operations

Attacks against military, diplomatic and related facilities are a very real threat, as demonstrated by the 1983 attacks against French and US peacekeepers in Beirut, the 1996 attack on the Khobar Towers in Saudi Arabia, 1998 attacks on Colombian bases and on U.S. embassies (and local buildings) in Kenya and Tanzania the 2000 attack on the USS Cole, and many others. The U.S. military force protection measures are the set of actions taken against military personnel and family members, resources, facilities and critical information, and most countries have a similar doctrine for protecting those facilities and conserving the potential of the forces. Force protection is defined to be a defense against deliberate attack, not accidents or natural disasters.

Counterintelligence Force Protection Source Operations (CFSO) are human source operations, normally clandestine in nature, conducted abroad that are intended to fill the existing gap in national level coverage, as well as satisfying the combatant commander's intelligence requirements.[21] Military police and other patrols that mingle with local people may indeed be valuable HUMINT sources for counterintelligence awareness, but are not themselves likely to be CFSOs. Gleghorn distinguishes between the protection of national intelligence services, and the intelligence needed to provide combatant commands with the information they need for force protection. There are other HUMINT sources, such as military reconnaissance patrols that avoid mixing with foreign personnel, that indeed may provide HUMINT, but not HUMINT especially relevant to counterintelligence.[22] Active countermeasures, whether for force protection, protection of intelligence services, or protection of national security interests, are apt to involve HUMINT disciplines, for the purpose of detecting FIS agents, involving screening and debriefing of non-tasked human sources, also called casual or incidental sources. such as:

  • walk-ins and write-ins (individuals who volunteer information)
  • unwitting sources (any individual providing useful information to counterintelligence, who in the process of divulging such information may not know they are aiding an investigation)
  • defectors and enemy prisoners of war (EPW)
  • refugee populations and expatriates
  • interviewees (individuals contacted in the course of an investigation)
  • official liaison sources.

Physical security is important, but it does not override the role of force protection intelligence... Although all intelligence disciplines can be used to gather force protection intelligence, HUMINT collected by intelligence and CI agencies plays a key role in providing indications and warning of terrorist and other force protection threats.[23]

Force protection, for forces deployed in host countries, occupation duty, and even at home, may not be supported sufficiently by a national-level counterterrorism organization alone. In a country, colocating FPCI personnel, of all services, with military assistance and advisory units, allows agents to build relationships with host nation law enforcement and intelligence agencies, get to know the local environments, and improve their language skills. FPCI needs a legal domestic capability to deal with domestic terrorism threats.

As an example of terrorist planning cycles, the Khobar Towers attack shows the need for long-term FPCI. "The Hizballah operatives believed to have conducted this attack began intelligence collection and planning activities in 1993. They recognized American military personnel were billeted at Khobar Towers in the fall of 1994, and began surveillance of the facility, and continued to plan, in June 1995. In March 1996, Saudi Arabian border guards arrested a Hizballah member attempting plastic explosive into the country, leading to the arrest of two more Hizballah members. Hizballah leaders recruited replacements for those arrested, and continued planning for the attack."[24]

Defensive counterintelligence operations

In U.S. doctrine, although not necessarily that of other countries, CI is now seen as primarily a counter to FIS HUMINT. In the 1995 US Army counterintelligence manual, CI had a broader scope against the various intelligence collection disciplines. Some of the overarching CI tasks are described as

  1. Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.
  2. Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.

More recent US joint intelligence doctrine[25] restricts its primary scope to counter-HUMINT, which usually includes counter-terror. It is not always clear, under this doctrine, who is responsible for all intelligence collection threats against a military or other resource. The full scope of US military counterintelligence doctrine has been moved to a classified publication, Joint Publication (JP) 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations.

More specific countermeasures against intelligence collection disciplines are listed below

CI roles against Intelligence Collection Disciplines, 1995 doctrine[21]
Discipline Offensive CI Defensive CI
HUMINT Counterreconnaissance, offensive counterespionage Deception in operations security
SIGINT Recommendations for kinetic and electronic attack Radio OPSEC, use of secure telephones, SIGSEC, deception
IMINT Recommendations for kinetic and electronic attack Deception, OPSEC countermeasures, deception (decoys, camouflage)

If accessible, use SATRAN reports of satellites overhead to hide or stop activities while being viewed


Counter-HUMINT deals with both the detection of hostile HUMINT sources within an organization, or the detection of individuals likely to become hostile HUMINT sources, as a mole or double agent. There is an additional category relevant to the broad spectrum of counterintelligence: why one becomes a terrorist.

The acronym MICE:

Compromise (or coercion)

describes the most common reasons people break trust and disclose classified materials, reveal operations to hostile services, or join terrorist groups. It makes sense, therefore, to monitor trusted personnel for risks in these areas, such as financial stress, extreme political views, potential vulnerabilities for blackmail, and excessive need for approval or intolerance of criticism. With luck, problems in an employee can be caught early, assistance can be provided to correct them, and not only is espionage avoided, but a useful employee retained. See Motives for spying for specific examples.

Sometimes, the preventive and neutralization tasks overlap, as in the case of Earl Edwin Pitts. Pitts had been an FBI agent who had sold secret information to the Soviets, and, after the fall of the USSR, to the Russians. He was caught by an FBI false flag sting, in which FBI agents, posing as Russian FSB agents, came to Pitts with an offer to "reactivate" him. His activities seemed motivated by both money and ego over perceived bad treatment when he was an FBI agent. His sentence required him to tell the FBI all he knew of foreign agents. Ironically, he told them of suspicious actions by Robert Hanssen, which were not taken seriously at the time.

Motivations for information and operations disclosure

To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of an individual likely to commit espionage against the United States. It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage."[26]

How an espionage subject sees himself (at the time of espionage)
Attitude Manifestations
Basic belief structure – Special, even unique.

– Deserving.

– The individual's situation is not satisfactory.

– No other (easier) option (than to engage in espionage).

– Doing only what others frequently do.

– Not a bad person.

– Performance in a government job (if presently employed) is separate from espionage; espionage does not (really) discount contribution in the workplace.

– Security procedures do not (really) apply to the individual.

– Security programs (e.g., briefings) have no meaning for the individual unless they connect with something with which they can personally identify.

Feels isolated from the consequences of his actions: – The individual sees their situation in a context in which they face continually narrowing options until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.

– They see espionage as a "Victimless" crime.

– Once they consider espionage, they figure out how it might be done. These are mutually reinforcing, often simultaneous events.

– Subject finds that it is easy to go around security safeguards (or is able to solve that problem). They belittle the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces resolve.

Attempts to cope with espionage activity – Anxious on initial hostile intelligence service contact (some also feel thrill and excitement).

– After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).

– In the course of long-term activity, subjects may reconsider their involvement.

– Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves or both.

– Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.

– Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.

According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed.[27] In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.

Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer, Kampiles suggested that if someone had noted his "problem"—constant conflicts with supervisors and co-workers—and brought in outside counseling, he might not have stolen the KH-11 manual.[27]

By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board.[28] While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the

essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage.

Counter-SIGINT (Signals Intelligence)

Military and security organizations will provide secure communications, and may monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to specialized technical interception.

Counter-IMINT (Imagery Intelligence)

The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.

Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.

Counter-OSINT (Open-Source Intelligence)

While the concept well precedes the recognition of a discipline of OSINT, the idea of censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.

Great Britain is generally considered to have a very free press, but the UK does have the DA-Notice, formerly D-notice system. Many British journalists find that this system is used fairly, although there will always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.

Counter-MASINT (Measurement and Signature Intelligence)

MASINT is mentioned here for completeness, but the discipline contains so varied a range of technologies that a type-by-type strategy is beyond the current scope. One example, however, can draw on the Operation RAFTER technique revealed in Wright's book. With the knowledge that Radiofrequency MASINT was being used to pick up an internal frequency in radio receivers, it would be possible to design a shielded receiver that would not radiate the signal that RAFTER monitored.

Theory of offensive counterintelligence

Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an adversary's intelligence service or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary's normal operations.

Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.

Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting from a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.

The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its[29] National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:

  1. "Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
  2. "Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added) correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
  3. The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity; identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.

DND further makes the useful clarification,[30] "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."

Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.

Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members "often mistrust and fight among each other, disagree, and vary in conviction.", are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.

A person willing to take on an offensive counterintelligence role, especially when not starting as a professional member of a service, can present in many ways. A person may be attracted by careful nurturing of a sense that someone may want to act against service A, or may be opportunistic: a walk-in or write-in.

Opportunistic acquisition, as of a walk-in, has the disadvantage of being unexpected and therefore unplanned for: the decision to run a double agent should be made only after a great deal of thought, assessment, and evaluation, and if the candidate comes as a volunteer, the service may have to act without sufficient time for reflection. In this situation the necessity of assessing the candidate conflicts also with the preservation of security, particularly if the officer approached is in covert status. Volunteers and walk-ins are tricky customers, and the possibility of provocation is always present. On the other hand, some of our best operations have been made possible by volunteers. The test of the professional skill of an intelligence organization is its ability to handle situations of this type.[31]

When an agent candidate appears, judgments are needed on four essential questions to decide if a potential operation makes sense, if the candidate is the right person for the operation, and if one's own service can support the operation.

Deciding if a candidate is viable
Question Answer
Has he told you everything? Enough information can ordinarily be obtained in one or two sessions with the candidate to permit testing by polygraph, investigation of leads, and file checks. These steps must be taken very quickly because it is not possible to un-recruit a man. The two areas of possible concealment which are especially dangerous are prior intelligence ties and side-commo.
Does he have stayability? This term combines two concepts—his ability to maintain access to the counterintelligence target for the foreseeable future, and his psychological stamina under the constant (and sometimes steadily increasing) pressure of the double agent's role. If he lacks stayability he may still be useful, but the operation must then be planned for short range.
Does the adversary trust him? Indications of adversary trust can be found in the level of the communications system given him, his length of service, the seniority of the adversary case officer, the nature and level of requirements, and the kind and extent of training provided. If the opposition keeps the agent at arm's length, there is little prospect that doubling him will yield significant returns.
Can you control his communications both ways? Control of communications on your own side can be difficult enough, especially if the agent lives in hostile territory. But control of adversary channels is hard under even the best of circumstances. It requires a great deal of time, technical skill, and—as a rule, manpower.

Negative answers on one or even two of these questions are not ground for immediate rejection of the possible operation. But they are ground for requiring some unusually high entries on the credit side of the ledger.

The initial assessment comes from friendly debriefing or interview. The interviewing officer may be relaxed and casual, but underneath the surface his attitude is one of deliberate purpose: he is trying to find out enough to make an initial judgment of the man sensing the subject's motivations, emotional state and mental processes.

For instance, if an agent walks in, says he is a member of another service, and reveals information so sensitive that the other service would surely not give it away just to establish the informant's bona fides, there are two possibilities:

  • either the agent is telling the truth
  • he is attempting a provocation

Sometimes, the manner in which the man conducts himself will suggest which of the two it is. In addition to establishing the individual's true identity and examining his documents, there is also a need to gain information on the walk-in's service.

It may be more difficult to determine the reason why the agent presented himself than to establish who he is and what service he represents, because motivation is a complex of mental and emotional drives. The question of the double agent's motivation is approached by the interviewing officer from two angles:

  • the agent's professed reasons
  • the officer's own inferences from his story and behavior.

If a recruit speaks of a high regard for democratic ideology, but casual conversation about Western history and politics may reveal that the potential double agent really has no understanding of democracy, then ideology may not be the real reason why he is willing to cooperate. While it is possible that such an individual created a romanticized fantasy of democracy, it is more likely that he is saying what he thinks the CI officer wants to hear. CI officers should make it comfortable for the agent to mention more base motivations: money or revenge. It can be informative to leave such things as luxury catalogs where the agent can see them, and observe if he reacts with desire, repugnance, or disbelief.

To decide between what the officer thinks the motive is and what the agent says it is not easy, because double agents act out of a wide variety of motivations, sometimes psychopathic ones like a masochistic desire for punishment by both services. Others have financial, religious, political, or vindictive motives. The last are often the best double agents: they get pleasure out of deceiving their comrades by their every act day after day.[31]

Making the judgment about the agent's psychological and physical suitability is also difficult. Sometimes a psychologist or psychiatrist can be called in under some pretext. Such professionals, or a well-trained CI officer, may recognize signs of sociopathic personality disorder in potential double agents. From the point of view of the double agent operation, here are their key traits:

Characteristics of sociopaths
They are unusually calm and stable under stress but cannot tolerate routine or boredom They do not form lasting and adult emotional relationships with other people because their attitude toward others is exploitative
They have above-average intelligence. They are good verbalizers—sometimes in two or more languages They are skeptical and even cynical about the motives and abilities of others but have exaggerated notions about their own competence.
Their reliability as agents is largely determined by the extent to which the case officer's instructions coincide with what they consider their own best interests. They are ambitious only in a short range sense: they want much and they want it now. They do not have the patience to plod toward a distant reward.
They are naturally clandestine and enjoy secrecy and deception for its own sake.

The candidate must be considered as a person and the operation as a potential. Possibilities which would otherwise be rejected out of hand can be accepted if the counterintelligence service is or will be in a position to obtain and maintain an independent view of both the double agent and the case.

The estimate of the potential value of the operation must take into consideration whether his service has the requisite personnel, facilities, and technical support; whether running the operation will prejudice other activities of his government; whether it will be necessary or desirable, at the outset or later, to share the case with foreign liaison; and whether the case has political implications.

Types of offensive counterespionage operations

A subject of offensive counterintelligence starts with a loyalty to one service. In these examples:

  • Service A: Foreign Intelligence Service (FIS) or non-national group
  • Service A1: a client, supporting organization, or ally of A
  • Service B: One's own or an allied service
  • Service B1: a client, supporting organization, or ally of B
  • Service C: A third country's service, which, in this context, should be assumed to be neutral.

Double agents and defectors start out being loyal to service B, which immediately creates the potential for emotional conflict. False flag operations also have the potential for conflict, as these operations recruit people who believe they are working for service C, but they have not been told the truth: they are actually working for service A or B, depending on the nature of the operation.


Moles start out as loyal to service A, but may or may not be a trained intelligence officer of that service. Indeed, those that are not trained, but volunteer to penetrate a FIS, may either not understand the risk, or are tremendously brave individuals, highly motivated against Country B and willing to risk its retaliation if their limited preparation reveals their true affiliation.

Starts in A
Joins B
Transmits to A or disrupts operations until leaves or disrupted

Note that some intelligence professionals reserve mole to refer to enemy personnel that personally know important things about enemy intelligence operations, technology, or military plans. A person such as a clerk or courier, who photographs many documents but is not really in a position to explore enemy thinking, is more generically an asset. To be clear, all moles are assets, but not all assets are moles.

One of the more difficult methods involves having the would-be-mole "dangled" – that is luring the adversary intelligence service (or terrorist group) to recruit the opposition's clandestine intelligence officer who is posing as a "walk-in" (someone who voluntarily offers information) – in the hopes that the adversary will unknowingly take the bait.

Another special case is a "deep cover" or "sleeper" mole, who may enter a service, possibly at a young age, but definitely not reporting or doing anything that would attract suspicion, until reaching a senior position. Kim Philby is an example of an agent actively recruited by Britain while he was already committed to Communism.

False-flag penetrator

A special case is a false-flag recruitment of a penetrator:

Starts in C
Believes being recruited by A
Actually is recruited by B and sends false information to C


An individual may want to leave their service at once, perhaps from high-level disgust, or low-level risk of having been discovered in financial irregularities and is just ahead of arrest. Even so, the defector certainly brings knowledge with him, and may be able to bring documents or other materials of value.

Starts in A
Leaves and goes to B

Defector in place

Another method is to directly recruit an intelligence officer (or terrorist member) from within the ranks of the adversary service (terrorist group) and having that officer (terrorist) maintain their normal duties while spying on their parent service (organization); this is also referred to as recruiting an "agent" or defector in place.[22]

Starts in A
Stays working in A but reporting to B

Double agent

Before even considering double agent operations, a service has to consider its own resources. Managing that agent will take skill and sophistication, both at the local/case officer and central levels. Complexity goes up astronomically when the service cannot put physical controls on its doubles, as did the Double Cross System in World War II.

From beginning to end, a DA operation must be most carefully planned, executed, and above all, reported. The amount of detail and administrative backstopping seems unbearable at times in such matters. But since penetrations are always in short supply, and defectors can tell less and less of what we need to know as time goes on, because of their cut-off dates, double agents will continue to be part of the scene.[17]

Services functioning abroad—and particularly those operating in areas where the police powers are in neutral or hostile hands—need professional subtlety as well.[31] Case officers must know the agent's area and have a nuanced understanding of his language; this is an extremely unwise situation for using interpreters, since the case officer needs to sense the emotional content of the agent's communication and match it with the details of the information flowing in both directions. Depending on whether the operation is being run in one's own country, an allied country, or hostile territory, the case officer needs to know the relevant laws. Even in friendly territory, the case officer needs both liaison with, and knowledge of, the routine law enforcement and security units in the area, so the operation is not blown because an ordinary policeman gets suspicious and brings the agent in for questioning.

The most preferable situation is that the service running the double agent have complete control of communications. When communications were by Morse code, each operator had a unique rhythm of keying, called a "fist". MASINT techniques of the time recognized individual operators, so it was impossible to substitute a different operator than the agent. The agent also could make deliberate and subtle changes in his keying, to alert his side that he had been turned. While Morse is obsolete, voices are very recognizable and resistant to substitution. Even text communication can have patterns of grammar or word choice, known to the agent and his original service, that can hide a warning of capture.

Full knowledge of [the agent's] past (and especially of any prior intelligence associations), a solid grasp of his behavior pattern (both as an individual and as a member of a national grouping), and rapport in the relationship with him.

The discovery of an adversary intelligence officer who has succeeded in penetrating one's own organization offers the penetrated intelligence service the possibility of "turning" this officer in order to use him as a "double agent". The way a double agent case starts deeply affects the operation throughout its life. Almost all of them begin in one of the three ways following:

  • Walk-in or talk-in
  • Detected and doubled, usually under duress
  • Provocation agent

Double agent

Starts in A
Recruited by B
Defects and tells B all he knows (defector)
operates in place (Agent doubled in place) and continues to tell B about A

False flag double agent

Starts in A
Assigned to C
B creates a situation where agent believes he is talking to C, when actually receiving B disinformation

Active penetrator

Starts in A and is actually loyal to A
Goes to B, says he works for A, but wants to switch sides. Gives B access to his communications channel with A
Keeps second communications channel, X with A, about which B knows nothing
Reports operational techniques of B to A via X
Provides disinformation from A to B via X

Passive Provocateur

A does an analysis of C and determines what targets would be attractive to B
A then recruits citizens of C, which A believes will be more loyal to B
The A recruit, a citizen of C, volunteers to B
A can then expose B's penetration of C, hurting B-C relations.

This may be extremely difficult to accomplish, and even if accomplished the real difficulty is maintaining control of this "turned asset". Controlling an enemy agent who has been turned is a many-faceted and complex exercise that essentially boils down to making certain that the agent's new-found loyalty remains consistent, which means determining whether the "doubled" agent's turning is genuine or false. However, this process can be quite convoluted and fraught with uncertainty and suspicion.

Where it concerns terrorist groups, a terrorist who betrays his organization can be thought of and run as a double-agent against the terrorist's "parent" organization in much the same fashion as an intelligence officer from a foreign intelligence service. Therefore, for sake of ease, wherever double-agents are discussed the methodologies generally apply to activities conducted against terrorist groups as well.[22]

A double agent is a person who engages in clandestine activity for two intelligence or security services (or more in joint operations), who provides information about one or about each to the other, and who wittingly withholds significant information from one on the instructions of the other or is unwittingly manipulated by one so that significant facts are withheld from the adversary. Peddlers, fabricators, and others who work for themselves rather than a service are not double agents because they are not agents. The fact that doubles have an agent relationship with both sides distinguishes them from penetrations, who normally are placed with the target service in a staff or officer capacity.

The unwitting double agent is an extremely rare bird. The manipulative skill required to deceive an agent into thinking that he is serving the adversary when in fact he is damaging its interests is plainly of the highest order.

For predictive purposes the most important clue embedded in the origins of an operation is the agent's original or primary affiliation, whether it was formed voluntarily or not, the length of its duration, and its intensity. The effects of years of clandestine association with the adversary are deep and subtle; the Service B case officer working with a double agent of service A is characterized by an ethnicity or religion may find those bonds run deep, even if the agent hates the government of A. The service B officer may care deeply for the double.

Another result of lengthy prior clandestine service is that the agent may be hard to control in most operations the case officer's superior training and experience give him so decided an edge over the agent that recognition of this superiority makes the agent more tractable. But add to the fact that the experienced double agent may have been in the business longer than his U.S. control his further advantage in having gained a first-hand comparative knowledge of the workings of at least two disparate services, and the case officer's margin of superiority diminishes, vanishes, or even is reversed.

One facet of the efforts to control a double agent operation is to ensure that the double agent is protected from discovery by the parent intelligence service; this is especially true in circumstances where the double agent is a defector-in-place.

Like all other intelligence operations, double agent cases are run to protect and enhance the national security. They serve this purpose principally by providing current counterintelligence about hostile intelligence and security services and about clandestine subversive activities. The service and officer considering a double agent possibility must weigh net national advantage thoughtfully, never forgetting that a double agent is, in effect, a condoned channel of communication with the enemy.

Doubled in place

A service discovering an adversary agent may offer him employment as a double. His agreement, obtained under open or implied duress, is unlikely, however, to be accompanied by a genuine switch of loyalties. The so-called redoubled agent whose duplicity in doubling for another service has been detected by his original sponsor and who has been persuaded to reverse his affections again also belongs to this dubious class. Many detected and doubled agents degenerate into what are sometimes called "piston agents" or "mailmen," who change their attitudes with their visas as they shunt from side to side.

Operations based on them are little more than unauthorized liaison with the enemy, and usually time-wasting exercises in futility. A notable exception is the detected and unwillingly doubled agent who is relieved to be found out in his enforced service to the adversary.

Active provocateur

There can be active and passive provocation agents. A double agent may serve as a means through which a provocation can be mounted against a person, an organization, an intelligence or security service, or any affiliated group to induce action to its own disadvantage. The provocation might be aimed at identifying members of the other service, at diverting it to less important objectives, at tying up or wasting its assets and facilities, at sowing dissension within its ranks, at inserting false data into its files to mislead it, at building up in it a tainted file for a specific purpose, at forcing it to surface an activity it wanted to keep hidden, or at bringing public discredit on it, making it look like an organization of idiots. The Soviets and some of the Satellite services, the Poles in particular, are extremely adept in the art of conspiratorial provocation. All kinds of mechanisms have been used to mount provocation operations; the double agent is only one of them.

An active one is sent by Service A to Service B to tell B that he works for A but wants to switch sides. Or he may be a talk-in rather than a walk-in. In any event, the significant information that he is withholding, in compliance with A's orders, is the fact that his offer is being made at A's instigation. He is also very likely to conceal one channel of communication with A-for example, a second secret writing system. Such "side-commo" enables A to keep in full touch while sending through the divulged communications channel only messages meant for adversary eyes. The provocateur may also conceal his true sponsor, claiming for example (and truthfully) to represent an A1 service (allied with A) whereas his actual control is the A.

Passive provocateur

Passive provocations are variants involving false-flag recruiting.

In Country C, Service A surveys the intelligence terrain through the eyes of Service B (a species of mirror-reading) and selects those citizens whose access to sources and other qualifications make them most attractive to B. Service A officers, posing as service B officers, recruit the citizens of country C. At some point, service A then exposes these individuals, and complains to country C that country B is subverting its citizens.

The stake-out has a far better chance of success in areas like Africa, where intelligence exploitation of local resources is far less intensive than in Europe, where persons with valuable access are likely to have been approached repeatedly by recruiting services during the postwar years.[31]

Multiply turned agent

A triple agent can be a double agent that decides his true loyalty is to his original service, or could always have been loyal to his service but is part of an active provocation of your service. If managing a double agent is hard, agents that turned again (i.e., tripled) or another time after that are far more difficult, but in some rare cases, worthwhile.

Any service B controlling, or believing it controls, a double agent, must constantly evaluate the information that agent is providing on service A. While service A may have been willing to sacrifice meaningful information, or even other human assets, to help an intended penetration agent establish his bona fides, at some point, service A may start providing useless or misleading information as part of the goal of service A. In the World War II Double Cross System, another way the British controllers (i.e., service B in this example) kept the Nazis believing in their agent, was that the British let true information flow, but too late for the Germans to act on it. The double agent might send information indicating that a lucrative target was in range of a German submarine, but, by the time the information reaches the Germans, they confirm the report was true because the ship is now docked in a safe port that would have been a logical destination on the course reported by the agent.[32] While the Double Cross System actively handled the double agent, the information sent to the Germans was part of the overall Operation Bodyguard deception program of the London Controlling Section. Bodyguard was meant to convince the Germans that the Allies planned their main invasion at one of several places, none of which were Normandy. As long as the Germans found those deceptions credible, which they did, they reinforced the other locations. Even when the large landings came at Normandy, deception operations continued, convincing the Germans that Operation Neptune at Normandy was a feint, so that they held back their strategic reserves. By the time it became apparent that Normandy was indeed the main invasions, the strategic reserves had been under heavy air attack, and the lodgment was sufficiently strong that the reduced reserves could not push it back.

There are other benefits to analyzing the exchange of information between the double agent and his original service, such as learning the priorities of service A through the information requests they are sending to an individual they believe is working for them. If the requests all turn out to be for information that service B could not use against A, and this becomes a pattern, service A may have realized their agent has been turned.

Since maintaining control over double agents is tricky at best, it is not hard to see how problematic this methodology can become. The potential for multiple turnings of agents and perhaps worse, the turning of one's own intelligence officers (especially those working within counterintelligence itself), poses a serious risk to any intelligence service wishing to employ these techniques. This may be the reason that triple-agent operations appear not to have been undertaken by U.S. counterintelligence in some espionage cases that have come to light in recent years, particularly among those involving high-level penetrations. Although the arrest and prosecution of Aldrich Ames of the CIA and Robert Hanssen of the FBI, both of whom were senior counterintelligence officers in their respective agencies who volunteered to spy for the Russians, hardly qualifies as conclusive evidence that triple-agent operations were not attempted throughout the community writ large, these two cases suggest that neutralization operations may be the preferred method of handling adversary double agent operations vice the more aggressive exploitation of these potential triple-agent sources.[22]

Triple agent

Starts out working for B
Volunteers to be a defector-in-place for A
Discovered by B
Offers his communications with A to B, so B may gain operational data about A and send disinformation to A

A concern with triple agents, of course, is if they have changed loyalties twice, why not a third or even more times? Consider a variant where the agent remains fundamentally loyal to B

Quadruple agent

Starts out working for B
Volunteers to be a defector-in-place for A. Works out a signal by which he can inform A that B has discovered and is controlling him
Discovered by B
Offers his communications with A to B.
B actually gets disinformation about A's operational techniques
A learns what B wants to know, such as potential vulnerabilities of A, which A will then correct

Successes such as the British Double Cross System or the German Operation North Pole show that these types of operations are indeed feasible. Therefore, despite the obviously very risky and extremely complex nature of double agent operations, the potentially quite lucrative intelligence windfall – the disruption or deception of an adversary service – makes them an inseparable component of exploitation operations.[22]

If a double agent wants to come home to Service A, how can he offer a better way to redeem himself than recruiting the Service B case officer that was running his double agent case, essentially redoubling the direction of the operation? If the case officer refuses, that is apt to be the end of the operation. If the attempt fails, of course, the whole operation has to be terminated. A creative agent can tell his case office, even if he had not been tripled, that he had been loyal all along, and the case officer would, at best, be revealed as a fool.

Occasionally a service runs a double agent whom it knows to be under the control of the other service and therefore has little ability to manipulate or even one who it knows has been successfully redoubled. The question why a service sometimes does this is a valid one. One reason for us is humanitarian: when the other service has gained physical control of the agent by apprehending him in a denied area, we often continue the operation even though we know that he has been doubled back because we want to keep him alive if we can>.

Another reason might be a desire to determine how the other service conducts its double agent operations or what it uses for operational build-up or deception material and from what level it is disseminated. There might be other advantages, such as deceiving the opposition as to the service's own capabilities, skills, intentions, etc. Perhaps the service might want to continue running the known redoubled agent in order to conceal other operations. It might want to tie up the facilities of the opposition. It might use the redoubled agent as an adjunct in a provocation being run against the opposition elsewhere.

Running a known redoubled agent is like playing poker against a professional who has marked the cards but who presumably is unaware that you can read the backs as well as he can.[31]

Running offensive counterespionage operations

Control is the capacity of a case officer of country B to generate, alter, or halt agent behavior by using or indicating his capacity to use physical or psychological means of leverage. And a case officer working overseas does not control a double agent the way a policeman controls an informer. At best, the matter is in shades of gray. The case officer has to consider that the double from country A still has contact with country B.

Before the case officer pushes a button on the agent's control panel he should know what is likely to happen next. For example, pressure exerted bluntly or blindly, without insight into the agent's motivation and personality, may cause him to tell the truth to the adversary as a means of escaping from a painful situation.

The target service (A) inevitably exercises some control over the double agent, if only in his performance of the tasks that it assigns to him. B, in fact, has to be careful not to disrupt the double's relation with his own service, warning service A of a control. Even if the positive side is being run so poorly that the misguided agent is in danger of coming to the attention of local authorities whose intervention would spoil the CI aspect too, the case officer must restrain his natural impulse to button up the adversary's operation for him. At the very most, he can suggest that the agent complain to the hostile case officer about insecure practices, and then only if the agent's sophistication and relationship with that case officer make such a complaint seem normal.

Physical control of the double is likely only with agents captured in war. The best possible outside capture is either to have the double live where he can be watched, or at least work in a place where he can be watched. Control of the agent's communications is very close to physical control. Communications control, at least partial, is essential: the agent himself is controlled to a considerable extent if his communications are controlled. But even when his communications are completely controlled, a welltrained agent doubled against his will can appear to be cooperating but manage at an opportune moment to send a signal to his own service indicating that he is under duress.

With only partial control, if the agent is in communication with the opposition service through a courier, dead drop, or live drop, some control or surveillance has to be established over these meetings or servicings. The double agent who makes trips in and out of the area where he can be physically controlled presents a multiplicity of problems.[31]

Balancing risk and reward in offensive counterespionage

The nature and value of the double agent's functions depend greatly on his personal ability as well as on his mission for the other service. He can always report on the objectives and conduct of this mission and possibly more broadly on the positive and counterintelligence targets of the other service or on its plans. If he is skillful and well trained, he can do valuable work by exploiting the weaknesses of others: all intelligence officers of any service, despite their training, have some weaknesses.

One's own side may triple an agent, or turn even more times than that. With each turn, the chances of deception increase, so in such operations, the quality of the agent's services needs to be checked constantly. If the agent no longer elicits trust, he might be offered exfiltration if in a foreign country. He might be retired and given an advisory position where he handles no secrets, but might be useful as an occasional reference.

A rare agent may actually understand the thinking of the highest levels of government policy. This may not be purely a matter of his assignment; Oleg Penkovsky had social ties to high-ranking generals.

An agent, who has been with his service any appreciable time, will be able to provide a good deal of information on the practices, and possibly resources, of his FIS. Other than for the most important of agents, a service is not apt to invent new communications techniques, either for hard-copy passed by dead drop or courier, or for electronic transmission. Information on capabilities comes indirectly, from the level of technology and manufacturing quality with the country-specific equipment with which he was provided.

Some agencies, however, make a point of providing their agents with "sterile" equipment obtained commercially from third countries. If that is their pattern, it may become obvious only if multiple agents are compared at the national CI level. A sufficiently sophisticated agency may obtain different third-country equipment for different agents, leaving the operational instructions as the only detail that may establish a pattern.

The double agent serves also as a controlled channel through which information can be passed to the other service, either to build up the agent in its estimation or for purposes of deception. In the complex matter of deception we may distinguish here between

  • operational deception, that concerning the service's own capabilities, intentions, and control of the agent, and
  • national deception, that concerning the intentions of the controlling government or other components of it.

National deception operations are usually very delicate, frequently involving the highest levels of the government, and therefore require prior coordination and approval at the national headquarters level.

The double agent channel can be used by the controlling service to insert data into the mechanisms of the other service with a number of possible objectives—for example, to detect its activities in some field. The inserted material is designed to induce certain actions on the part of the other service, which are then observed through another operation or group of operations. The material has to be designed very skillfully if it is to deceive the other service and produce the desired reactions. Such a situation might arise if a case officer handling several operations wanted to set up still another and needed to find out in advance what the pertinent operational pattern was.

Running the operation: do's and dont's

The following principles apply to the handling of all double agent operations in varying degrees. In composite they form a check-list against which ongoing operations might be periodically reviewed—and given special examination with the appearance of danger signals.[31]

Monitoring, testing and managing the double agent

"Testing is a continuous process." In accordance with the doctrine in force, use your own, or assistance from psychological specialists, look for changes in motivation. Where appropriate, use a polygraph or newer techniques for detecting emotional stress. Without revealing the penetration, cross-check the information from the agents, including technical analysis of documents and equipment, surveillance, and further research into verifying the agent's story (i.e., "legend" in tradecraft) While "name traces cannot be run on every person mentioned by the agent, do not be stingy with them on persons who have familial, emotional, or business ties with him" in verifying his legend.

T, but only as a double." Improve his own security and cover as a double. Do not, however, improve his intelligence collection skills. The hostile service might make use of information that he collects independently, or they may become suspicious if his skill and reporting suddenly improve. If he has been a bad speller in his reports to his service, don't volunteer to copy edit!

"Require the agent to report and, as security permits, turn over to you everything he gets from the other side: money, gifts, equipment, documents, etc." This is a delicate balance. If he thinks he doesn't have to report something to you, he can become confused about who gets what. At the same time, use judgment to keep him motivated. Rather than confiscating payments to him, you might deposit them in a third-country bank account of which he is aware, and that he can access on termination.

"Prepare all briefings carefully." Teaching him resistance to interrogation may improve his security, but it also may make his service suspicious if his manner, to them, changes.

"Keep analyzing the agent as well as the case." Labels such as "anti-Communist", "militant Jihadi", "morally offended by own side" can oversimplify and interfere with your own understanding of his thinking.

"Review the case file periodically." Always be thinking if the situation would be improved with improvements in your cover, his cover, or the cover for the operational techniques. Think about how new facts validate or invalidate the old. You may be able to ferret out the real priorities of the opposition with a historical perspective, looking at what they told him to follow up out of his reporting.

"Decide early in the operation how it will be terminated if the need arises." The last thing you want to do is leave an angry agent in place, in a hostile service. Transfer him to another case officer or allied agency, or arrange his escape to your side.

Managing expectations of the hostile service

"Mirror-read" Constantly think about the operation as if you were in the opposing service. Think about what they are receiving from your agent, their satisfaction with it, and their perception of the agent and his capabilities. Do not assume the other side thinks as your service does, a special risk for the United States. The US tends to rely more on technical collection and OSINT than many other world services; the USSR regarded espionage as the most important collection technique, even when they could have used OSINT to collect the same information.

"Be careful about awakening in the hostile service an appetite which cannot later be satisfied without giving away too much." Do not give the agent material, attractive to the other service, but that they might realize he could not have obtained on his own. As long as you are monitoring what he collects before sending it to the other side, let him operate in his own way. By letting him do this, you may detect vulnerabilities that have been missed by your own service, but you can stop the material being sent, or create appropriate disinformation.

"Avoid interference." Let the other service solve—or not solve—agent problems in their usual manner. For example, if the agent is arrested, do not immediately and visibly intervene. In such a situation, the other side may expose additional resources either to support the agent or to provide alternate means of collection. This can always be explained to the agent, with some truth, that you are not giving obvious help to protect his security to his own service.

"Be constantly alert for hostile provocation". If the agent reports a crisis with his service, do not take it at face value; always look for the plot within a plot, but keep perspective. The opposition are not supermen.

"If the adversary appears to be a Satellite [client] service", do not forget that the more powerful organization may not be pulling the strings. A local ideological terror group may well be receiving direction from a distant transnational group. Consider the possibility of false-flag agents in such circumstances.

Protecting your own service

"Report the case frequently, quickly, and in detail." The FIS has a headquarters staff looking globally for penetrations; why should you not take advantage of your central resources? "Only timely and full reporting to your headquarters will permit it to help you effectively." Keep a full record, including dates, of all adversary assignments given the agent.

"Keep precise records" of any of your own side's classified material fed to the agent. Both for protecting your service and yourself, keep careful notes about who approved the release.

"Do not plan a deception operation or pass deception material without prior headquarters approval."

"Do not reveal your service's assets or CI knowledge to a double." It is vital that double agents be run within the framework of their own materials—the information which they themselves supply. The more you keep from an experienced double the information he should not have, the more he will be reassured that his own safety is in good hands.

"Do not run the operation in a vacuum." Be aware of any political implications that it may have, locally or internationally. Ask for advice when you aren't sure.

"If the operation is joint, weigh, its probable effect upon the liaison relationship." What should you do if the joint service(s) change their priorities?

Further reading

  • Johnson, William R. Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer (2009)
  • Ginkel, B. van (2012). "Towards the intelligent use of intelligence: Quis Custodiet ipsos Custodes?". 3 (10). The Hague: The International Centre for Counter-Terrorism.
  • Lee, Newton (2015). Counterterrorism and Cybersecurity: Total Information Awareness (Second Edition). Springer International Publishing Switzerland.
  • Toward a Theory of CI

See also


  1. ^ Johnson, William (2009). Thwarting Enemies at Home and Abroad: How to be a Counterintelligence Officer. Washington DC: Georgetown University Press. p. 2.
  2. ^ Executive Order 12333. (1981, December 4). United States Intelligence Activities, Section 3.4(a). EO provisions found in 46 FR 59941, 3 CFR, 1981 Comp., p.1
  3. ^ Philip H.J. Davies (2012). Intelligence and Government in Britain and the United States: A Comparative Perspective. ABC-CLIO.
  4. ^ Anciens des Services Spéciaux de la Défense Nationale ( France )
  5. ^ "Okhrana" literally means "the guard"
  6. ^ Okhrana Britannica Online
  7. ^ Ian D. Thatcher, Late Imperial Russia: problems and prospects, page 50.
  8. ^ "SIS Or MI6. What's in a Name?". SIS website. Archived from the original on 26 September 2008. Retrieved 11 July 2008.
  9. ^ Christopher Andrew, The Defence of the Realm: The Authorized History of Mi5 (London, 2009), p.21.
  10. ^ Calder Walton (2013). Empire of Secrets: British Intelligence, the Cold War, and the Twilight of Empire. Overlook. p. 5–6.
  11. ^ Lowenthal, M. (2003). Intelligence: From secrets to policy. Washington, DC: CQ Press.
  12. ^ Clark, R.M. and Mitchell, W.L., 2018. Deception: Counterdeception and Counterintelligence. CQ Press.
  13. ^ "Counterintelligence Investigations". Retrieved 2008-05-08.
  14. ^ Archick, Kristen (2006-07-24). "European Approaches to Homeland Security and Counterterrorism" (PDF). Congressional Research Service. Retrieved 2007-11-05.
  15. ^ Dulles, Allen W. (1977). The Craft of Intelligence. Greenwood. ISBN 0-8371-9452-0. Dulles-1977.
  16. ^ a b Wisner, Frank G. (1993-09-22). "On "The Craft of Intelligence"". CIA-Wisner-1993. Retrieved 2007-11-03.
  17. ^ a b c d Matschulat, Austin B. (1996-07-02). "Coordination and Cooperation in Counerintelligence". Archived from the original on 2007-10-10. Retrieved 2007-11-03.
  18. ^ "Joint Publication 3-07.1: Joint Tactics, Techniques, and Procedures for Foreign Internal Defense (FID)" (PDF). 2004-04-30. Retrieved 2007-11-03.
  19. ^ a b "National Counterintelligence Executive (NCIX)" (PDF). 2007.
  20. ^ Suvorov, Victor (1984). "Chapter 4, Agent Recruiting". Inside Soviet Military Intelligence. MacMillan Publishing Company.
  21. ^ a b US Department of the Army (1995-10-03). "Field Manual 34-60: Counterintelligence". Retrieved 2007-11-04.
  22. ^ a b c d e Gleghorn, Todd E. (September 2003). "Exposing the Seams: the Impetus for Reforming US Counterintelligence" (PDF). Retrieved 2007-11-02.
  23. ^ US Department of Defense (2007-07-12). "Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms" (PDF). Archived from the original (PDF) on 2008-11-23. Retrieved 2007-10-01.
  24. ^ Imbus, Michael T (April 2002). "Identifying Threats: Improving Intelligence and Counterintelligence Support to Force Protection" (PDF). USAFCSC-Imbus-2002. Retrieved 2007-11-03.
  25. ^ Joint Chiefs of Staff (2007-06-22). "Joint Publication 2-0: Intelligence" (PDF). US JP 2-0. Retrieved 2007-11-05.
  26. ^ Intelligence Community Staff (12 April 1990). "Project Slammer Interim Progress Report". Retrieved 2007-11-04.
  27. ^ a b Stein, Jeff (July 5, 1994). "The Mole's Manual". New York Times. Retrieved 2007-11-04.
  28. ^ Security Policy Advisory Board (12 December 1997). "Security Policy Advisory Board Meeting Minutes". Retrieved 2007-11-04.
  29. ^ "Canadian Forces National Counter-Intelligence Unit". 2003-03-28. Canada-DND-DAOD 8002-2. Retrieved 2007-11-19.
  30. ^ "Security Intelligence Liaison Program". 2003-03-28. Canada-DND-DAOD 8002-3. Retrieved 2007-11-19.
  31. ^ a b c d e f g Begoum, F.M. (18 September 1995). "Observations on the Double Agent" (PDF). Studies in Intelligence. Retrieved 2007-11-03.
  32. ^ Brown, Anthony Cave (1975). Bodyguard of Lies: The Extraordinary True Story Behind D-Day.
Administration for Security and Counterintelligence

The Administration for Security and Counterintelligence (Macedonian: Управа за безбедност и контраразузнавање), commonly referred to by the acronym UBK, is the domestic counterintelligence and security agency of the North Macedonia. Its headquarters are located in Skopje, and the agency is under jurisdiction of the Ministry of Internal Affairs.The agency was founded in the People's Republic of Macedonia under the name Department for People's Protection OZNA, as the official security agency in the Macedonian socialist republic. Officially, the Administration for Security and Counterintelligence, was founded in 1995 under the name Directorate for Security and Counterintelligence.

Coast Guard Intelligence

Coast Guard Intelligence (CGI) is the military intelligence branch of the United States Coast Guard, and a component of the Central Security Service of the United States Department of Defense.

The United States Coast Guard is a military, multi-mission, maritime, uniformed service of the United States Department of Homeland Security and one of the United States's five armed services. Its core roles are to protect the public, the environment, and U.S. economic and security interests in any maritime region in which those interests may be at risk, including international waters and the U.S.'s coasts, ports, and inland waterways. The Coast Guard provides unique benefits to the nation because of its distinctive blend of military, humanitarian, and civilian law enforcement capabilities. To assist in accomplishing the many diverse missions of the Coast Guard, senior leadership and operational commanders rely on Coast Guard Intelligence.

Coast Guard intelligence came into existence in 1915 by the assignment of a "Chief Intelligence Officer" in Headquarters. Article 304 in the first set of Coast Guard Regulations provided for the establishment of a Chief Intelligence Officer who was to be attached to the Office of Assistant Commandant. The Chief Intelligence Officer's duties were spelled out in Article 614 of those same Regulations: "securing of information which is essential to the Coast Guard in carrying out its duties; for the dissemination of this information to responsible officers, operating units of the Coast Guard, the Treasury Department and other collaborating agencies; and the maintenance of adequate files and records of law enforcement activities."

The office was relatively unknown until the enactment of the Prohibition Act when CGI grew to a cadre of 45 investigators. CGI was extremely successful during prohibition and an Intelligence Division was established at Headquarters in 1930, followed by district intelligence offices in 1933.

During World War II, CGI was concerned with internal and domestic intelligence and counterintelligence. It was charged with conducting all necessary investigation of Coast Guard personnel, and all applicants for positions therein, as well as investigations of applicants for merchant marine documentation. Further, Coast Guard Intelligence was charged with conducting investigations in connection with the Coast Guard's regulatory functions, except Marine Inspection Regulations.

The modern Coast Guard Intelligence program has cultivated extensive relationships and partnerships with other elements of the Intelligence Community to provide timely, tailored support in a wide range of Coast Guard and national missions. These missions include port security, search and rescue, maritime safety, counter-narcotics, alien migration interdiction, and living marine resources protection.

The Coast Guard Counterintelligence Service (CGCIS) falls under Coast Guard Intelligence and protects the Coast Guard from foreign agents who might attempt to penetrate their ranks or compromise their operations. This involves intelligence collection and analysis.

It is currently designated as part of the CG-2 directorate of Coast Guard headquarters.

Counterintelligence Corps

The United States Army Counter Intelligence Corps (Army CIC) was a World War II and early Cold War intelligence agency within the United States Army consisting of highly trained Special Agents. Its role was taken over by the U.S. Army Intelligence Corps in 1961 and, in 1967, by the U.S. Army Intelligence Agency. Its functions are now performed by its modern-day descendant organization; United States Army Counterintelligence. The National Counter Intelligence Corps Association (NCICA), a veterans' association, was established in the years immediately following World War II by Military Intelligence agents who had served in every area of military and domestic operations. The organization meets annually. Its newsletter, the Golden Sphinx, is published quarterly.

Counterintelligence Field Activity

Counterintelligence Field Activity (CIFA) was a United States Department of Defense (DoD) agency whose size and budget were classified. The CIFA was created by a directive from the Secretary of Defense (Number 5105.67) on February 19, 2002. On August 8, 2008, it was announced that CIFA would be shut down. The Defense Intelligence Agency (DIA) absorbed most of the components and authorities of the CIFA into the Defense Counterintelligence and Human Intelligence Center which was later consolidated into the Defense Clandestine Service.

Dirección General de Contrainteligencia Militar

The Directorate General of Military Counterintelligence (DGCIM) is the military counterintelligence agency of Venezuela whose function is to prevent intelligence or espionage internally and externally enemy by military and civilians.


Espionage or spying is the act of obtaining secret or confidential information without the permission of the holder of the information. Spies help agencies uncover secret information. Any individual or spy ring (a cooperating group of spies), in the service of a government, company or independent operation, can commit espionage. The practice is clandestine, as it is by definition unwelcome. In some circumstances it may be a legal tool of law enforcement and in others it may be illegal and punishable by law. Espionage is a method of intelligence gathering which includes information gathering from non-disclosed sources.

Espionage is often part of an institutional effort by a government or commercial concern. However, the term tends to be associated with state spying on potential or actual enemies for military purposes. Spying involving corporations is known as industrial espionage.

One of the most effective ways to gather data and information about a targeted organization is by infiltrating its ranks. This is the job of the spy (espionage agent). Spies can then return information such as the size and strength of enemy forces. They can also find dissidents within the organization and influence them to provide further information or to defect. In times of crisis, spies steal technology and sabotage the enemy in various ways. Counterintelligence is the practice of thwarting enemy espionage and intelligence-gathering. Almost all nations have strict laws concerning espionage and the penalty for being caught is often severe. However, the benefits gained through espionage are often so great that most governments and many large corporations make use of it.

Information collection techniques used in the conduct of clandestine human intelligence include operational techniques, asset recruiting, and tradecraft.

Federal Security Service

The Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ), tr. Federal'naya sluzhba bezopasnosti Rossiyskoy Federatsii, IPA: [fʲɪdʲɪˈralʲnəjə ˈsluʐbə bʲɪzɐˈpasnəstʲɪ rɐˈsʲijskəj fʲɪdʲɪˈratsɨjɪ]) is the principal security agency of Russia and the main successor agency to the USSR's Committee of State Security (KGB). Its main responsibilities are within the country and include counter-intelligence, internal and border security, counter-terrorism, and surveillance as well as investigating some other types of grave crimes and federal law violations. It is headquartered in Lubyanka Square, Moscow's centre, in the main building of the former KGB. According to the 1995 Federal Law "On the Federal Security Service", direction of the FSB is executed by the president of Russia, who appoints the Director of FSB.The immediate predecessor of the FSB was the Federal Counterintelligence Service (FSK) of Russia, itself a successor to the KGB: on 12 April 1995, Russian president Boris Yeltsin signed a law mandating a reorganization of the FSK, which resulted in the creation of the FSB. In 2003, the FSB's responsibilities were widened by incorporating the previously independent Border Guard Service and a major part of the abolished Federal Agency of Government Communication and Information (FAPSI). The three major structural successor components of the former KGB that remain administratively independent of the FSB are the Foreign Intelligence Service (SVR), the State Guards (FSO), and the Main Directorate of Special Programs of the President of the Russian Federation.

Under Russian federal law, the FSB is a military service just like the armed forces, the MVD, the FSO, the SVR, the FSKN, Main Directorate for Drugs Control and EMERCOM's civil defence, but its commissioned officers do not usually wear military uniforms.

The FSB is mainly responsible for internal security of the Russian state, counterintelligence, and the fight against organized crime, terrorism, and drug smuggling, whereas overseas espionage is the primary responsibility of the Russian Foreign Intelligence Service, successor to the KGB's First Directorate, as well as the GRU, a body within the Russian Ministry of Defence. However, the FSB's FAPSI conducts electronic surveillance abroad. All law enforcement and intelligence agencies in Russia work under the guidance of the FSB, if necessary.The FSB employs about 66,200 uniformed staff, including about 4,000 special forces troops. It also employs Border Service personnel of about 160,000–200,000 border guards.Under Article 32 of the Federal Constitutional Law On the Government of the Russian Federation, The FSB answers directly to the RF president and the Director of FSB, while a member of the RF government which is headed by the Chairman of Government, reports to the president only; the Director also, ex officio, is a permanent member of the Security Council of Russia presided over by the president and chairman of the National Anti-terrorism Committee of Russia.

Intelligence cycle security

This article is part of a series under the intelligence cycle management, and deals with protection of the intelligence cycle. For a hierarchical list of articles, see the intelligence cycle management hierarchy.National intelligence programs, and, by extension, the overall defenses of nations, are vulnerable to attack. It is the role of intelligence cycle security to protect the process embodied in the intelligence cycle, and that which it defends. A number of disciplines go into protecting the intelligence cycle. One of the challenges is there are a wide range of potential threats, so threat assessment, if complete, is a complex task. Governments try to protect three things:

Their intelligence personnel

Their intelligence facilities and resources

Their intelligence operationsDefending the overall intelligence program, at a minimum, means taking actions to counter the major disciplines of intelligence collection techniques:

Human Intelligence (HUMINT)

Signals Intelligence (SIGINT)

Imagery Intelligence (IMINT)

Measurement and Signature Intelligence (MASINT)

Technical Intelligence (TECHINT)

Open Source Intelligence (OSINT)To these are added at least one complementary discipline, counterintelligence (CI) which, besides defending the six above, can itself produce positive intelligence. Much, but not all, of what it produces is from special cases of HUMINT.

Also complementing intelligence collection are additional protective disciplines, which are unlikely to produce intelligence:

Physical security

Personnel security

Communications security (COMSEC)

Information system security (INFOSEC)

Security classification

Operations security (OPSEC)These disciplines, along with CI, form intelligence cycle security, which, in turn, is part of intelligence cycle management. Disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target.

CI refers to efforts made by intelligence organizations to prevent hostile or enemy intelligence organizations from successfully gathering and collecting intelligence against them. Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles, that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services. In 1991 and 1995 US Army manuals dealing with counterintelligence, CI had a broader scope against the then-major intelligence collection disciplines. While MASINT was defined as a formal discipline in 1986, it was sufficiently specialized not to be discussed in general counterintelligence documents of the next few years.

All US departments and agencies with intelligence functions are responsible for their own security abroad.In many governments, the responsibility for protecting intelligence and military services is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operation: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.

Some of the overarching CI tasks are described as

Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.

Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.

KOS (Yugoslavia)

The Counterintelligence Service or KOS (Bosnian: Kontraobavještanja služba; Croatian: Protuobavještajna služba; Serbian: Контраобавештајна служба/Kontraobaveštajna služba; Slovene: Kontraobveščevalna služba; Macedonian: Контраразузнавачка служба) was the counterintelligence service of the Yugoslav People's Army (JNA) that existed between 1946 and the breakup of Yugoslavia in 1991. In 1992, the Security Administration continued its work in Serbia and Montenegro.

List of counterintelligence organizations

Counterintelligence organizations and agencies attempt to prevent foreign intelligence organizations from successfully gathering and collecting intelligence against the governments they serve.

Military Counterintelligence Directorate

Dirección de Contra-Inteligencia Militar is the military intelligence department of the Ministry of the Revolutionary Armed Forces (MINFAR) of Cuba.

The non-military intelligence agency of Cuba is the Dirección de Inteligencia.

Military Counterintelligence Service (Germany)

The Military Counterintelligence Service (German: Militärischer Abschirmdienst; MAD) is one of the three federal intelligence agencies in Germany and is responsible for military counterintelligence. The other two are the Bundesnachrichtendienst (Federal Intelligence Service, BND), which is the foreign intelligence agency, and the Bundesamt für Verfassungsschutz (Federal Office for the Protection of the Constitution, BfV) which is the domestic civilian intelligence agency.

The headquarters of the MAD are in Cologne, with twelve groups located in cities throughout Germany. These MAD groups are collectively known to be the Militärischer Abschirmdienst. The agency has about 1,300 military and civilian employees and in 1995 had an annual budget of 74 million euros.

Its full formal name is Amt für den Militärischen Abschirmdienst; formerly it was formally named Amt für die Sicherheit der Bundeswehr.

Military Security Agency

The Military Security Agency (Serbian: Војнобезбедносна Агенција / Vojnobezbednosna Agencija, abbr. ВБА / VBA) is a Serbian military security and counterintelligence agency under the Ministry of Defence.

The Military Security Agency directive is to provide security to the defense system (planning, organizing and realization of tasks and activities which pertain to the counterintelligence and security function).

Naval Criminal Investigative Service

The United States Naval Criminal Investigative Service (NCIS) is the primary law enforcement agency of the U.S. Department of the Navy. Its primary function is to investigate criminal activities involving the U.S. Navy and U.S. Marine Corps, though its broad mandate includes national security, counterintelligence, counter-terrorism, cyber warfare, and the protection of U.S. naval assets worldwide. NCIS is the successor organization to the former Naval Investigative Service (NIS), which was established by the Office of Naval Intelligence after the Second World War.

The vast majority of NCIS personnel are civilian, with half being special agents. NCIS agents are armed federal law enforcement investigators, who frequently coordinate with other U.S. government agencies and have a presence in over 40 countries and on U.S. Navy vessels. NCIS special agents are supported by analysts and other experts skilled in disciplines such as forensics, surveillance, surveillance countermeasures, computer investigations, physical security, and polygraph examinations.

Office of Intelligence and Counterintelligence

The Office of Intelligence and Counterintelligence (OICI), established in 1977, is an office of the United States Department of Energy that focuses on gathering intelligence for the department. It provides information to the Secretary of Energy and senior federal policy makers. As a member of the Intelligence Community, it also provides the other intelligence agencies with technical analysis of foreign intelligence. The Office of Intelligence utilizes all of the Department of Energy's resources to gather and analyze intelligence, including the national laboratories. Its expertise is in nuclear weapons, nuclear proliferation, nuclear energy, radioactive waste and energy security. Its most important function to the Intelligence Community is its assessments of foreign nuclear weapons programs. However, it also provides scientific expertise, analysis and technology. Currently, the office does not perform counterintelligence activities. These are handled by the National Nuclear Security Administration and the Office of the National Counterintelligence Executive.

Office of the National Counterintelligence Executive

The Office of the National Counterintelligence Executive (ONCIX) leads national counterintelligence (CI) for the United States government and serves as the director of the National Counterintelligence and Security Center under the Office of the Director of National Intelligence (ODNI).


SPECTRE (SPecial Executive for Counterintelligence, Terrorism, Revenge and Extortion) is a fictional organization featured in the James Bond novels by Ian Fleming, the films based on those novels, and James Bond video games. Led by evil genius and supervillain Ernst Stavro Blofeld, the international organization first formally appeared in the novel Thunderball (1961) and in the film Dr. No (1962). SPECTRE is not aligned to any nation or political ideology, enabling the later Bond books and Bond films to be regarded as somewhat apolitical, though the presence of former Gestapo members in the organization are a clear sign of Fleming's warning of the Nazi fascists surviving after the Second World War first detailed in the novel Moonraker (1954). SPECTRE began in the novels as a small group of criminals but became a vast international organization with its own SPECTRE Island training base in the films, to replace the Soviet SMERSH.

United States Army Counterintelligence

United States Army Counterintelligence is the component of United States Army Military Intelligence which conducts counterintelligence activities to detect, identify, assess, counter, exploit and/or neutralize adversarial, foreign intelligence services, international terrorist organizations, and insider threats to the United States Army and U.S. Department of Defense.

Voice stress analysis

Voice stress analysis (VSA) and computer voice stress analysis (CVSA) are collectively a pseudoscientific technology that aims to infer deception from stress measured in the voice. The CVSA records the human voice using a microphone, and the technology is based on the tenet that the non-verbal, low-frequency content of the voice conveys information about the physiological and psychological state of the speaker. Typically utilized in investigative settings, the technology aims to differentiate between stressed and non-stressed outputs in response to stimuli (e.g., questions posed), with high stress seen as an indication of deception.The use of voice stress analysis (VSA) for the detection of deception is controversial. Discussions about the application of VSA have focused on whether this technology can indeed reliably detect stress, and, if so, whether deception can be inferred from this stress. Critics have argued that—even if stress could reliably be measured from the voice—this would be highly similar to measuring stress with the polygraph, for example, and that all critiques centered on polygraph testing apply to VSA as well. A 2002 review of the state of the art conducted for the United States Department of Justice found several technical challenges to the technology, including the same problem of determining deception. When reviewing the literature on the effectiveness of VSA in 2003, the National Research Council concluded, “Overall, this research and the few controlled tests conducted over the past decade offer little or no scientific basis for the use of the computer voice stress analyzer or similar voice measurement instruments”. A 2013 paper published in Proceedings of Meetings on Acoustics reviewed the "scientific implausibility" of its principles and "ungrounded claims of the aggressive propaganda from sellers of voice stress analysis gadgets".Confession made following a voice stress examination was allowed to be used as evidence in a case in Wisconsin in 2014. In the case of the murder of 12-year-old Stephanie Crowe confessions were made while three suspects were undergoing VSA which were later found to be false by a judge; the manufacturer of the VSA equipment later settled a lawsuit that alleged that it was liable for the harm the three suspects suffered. In a similar case, Donovan Allen falsely confessed to killing his mother after failing a VSA test. He was acquitted 15 years later based on exonerating DNA evidence. George Zimmerman was given a VSA after he fatally shot Florida teenager Trayvon Martin in 2012.


This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.