Notes on Counterintelligence, OPSEC, and Deception OPs

Moderators: Elvis, DrVolin, Jeff

Notes on Counterintelligence, OPSEC, and Deception OPs

Postby Pushkarev » Fri Mar 14, 2014 1:37 am

This is a thread from various books I have on my shelf on counterintelligence, operational security (OPSEC), and deception operations. Most of these are familiar to people here, but if there are people reading that aren't familiar with those terms, these concepts are the security-related aspects of intelligence and security organisations, i.e. how they go about protecting their own secrets and their own operations in various ways (from offensive counterintelligence, like manipulating groups, to the tradecraft of running an operation without being caught by various kinds of adversaries).

To me personally, intelligence and security organisations offer a unique epistemic challenge, e.g. how do you go about gathering knowledge about objects in the world that are secretive and deceptive? I'm not going to go into that philosophical aspect much, but one fruitful route (among others) is to look at counterintelligence, operational security, and deception operations in historical and academic literature (of course, there are meta-epistemic issues here, how do we know that these sources are fruitful?). This allows us to get an insight about the properties/characteristics of secretive and deceptive events, people, and objects.

Notes from Godson's Dirty Tricks or Trump Cards.

First up is the notes from Roy Godson's Dirty Tricks or Trump Cards: US Covert Action & Counterintelligence. In particular the notes are from Chapter Five. Godson is an intelligence scholar. The book covers both covert action and counterintelligence at a historical and a higher conceptual level (the strategic uses of CA and CI, high level principles of these, etc). The book is definitely worth reading if you want a knowledge of how they go about covert actions (covert propaganda, money and support to guerrillas, paramilitary groups, organisations, agents of influence. Assassinations, and various other aspects of covert action). I won't be taking notes on this section of the book, as I'm more interested in the security aspect.

How can counterintelligence help advance policy? The key answer is offensive defense.

The essential components of first class counterintelligence:

(1) Counterintelligence analysis (as distinct from positive intelligence analysis).

(2) Counterintelligence collection (as distinct from positive intelligence collection).

(3) Counterintelligence exploitation. This uses the products of (1) and (2) to exploit adversaries.

(1) Counterintelligence analysis

The key aspects of (1) are:

(1a) Analyzing key secrets that need protection.
(1b) Assessing vulnerabilities in (1a).
(1c) Assessing adversary capabilities and motives towards (1a).
(1d) Counterdeception analysis.
(1e) Support for operations.

(1a) Analyzing key secrets that need protection.

Ascertaining what really needs protection is the place to begin. What secrets need top protection in a powerful, technologically advanced country?

Godson quotes a number of priorities in order:

    Secret Priority One: "... strategic command and control systems, location, and characteristics of strategic weapons; the information processing circuits that such weapons depend on; and specific plans for the use of these weapons and for the defense of leaders and retaliatory forces."

    Secret Priority Two: "The details of the government's relations with scores of other regimes around the world. In the absence of an immediate common threat, relations among states can be particularly strained. Adversary governments or groups may use both overt diplomacy and propaganda and covert action to split up allies and isolate and discredit certain states."

    Secret Priority Three: "... The plan one state uses in negotiations with another -- for instance, where the state is prepared to make concessions, where it will draw the line."

    Secret Priority Four: "Government protection of proprietary technology," as "a state's military and economic capabilities depend on ... technological superiority."

    Secret Priority Five: "States also need to protect their own clandestine operations -- the collection of intelligence, and influencing events abroad. In the United States this is called Operational Security (OPSEC)."

(1b) Assessing vulnerabilities in (1a).

"Vulnerability needs to be assessed at the beginning of a major project."

Godson also notes that vulnerabilities may change in time, due to policy or social factors.

(1c) Assessing adversary capabilities and motives towards (1a).

"After defining the defensive perimeter ... the next job of counterintelligence is to analyze what areas foreign intelligence is targeting and assess its ability to reach those targets ... One of the clearest indication of an intelligence service's true interest is what it chooses to target, that is, what its human and technical sources are being tasked to collect or influence."

(1d) Counterdeception analysis.

"Identifying the clandestine means a foreign government uses to manipulate perceptions and actions. Foreign intelligence services are often used by their governments to deceive and to manage perceptions of adversaries."

Deception has three requirements:

    Deception requirement one: "It must be founded on strategy or policy. Deception for deception's sake serves little purpose."

    Deception requirement two: "If one succeeds in convincing the adversary of something, will the adversary respond with action or not?"

    Deception requirement three: "Deception must be buttressed by an orchestrated plan."

"Clever deception operations use a variety of techniques -- SIGINT, HUMINT, diplomacy, media, rumours, and propaganda -- to prevent the enemy from learning a plan in its entirety, in other words, to keep him scrambling after pieces of the puzzle ... A reliable feedback channel to gauge the adversary's reaction is helpful, if not essential, so that future messages can be constructed to reinforce any conclusions ... It is critical to protect the deception plan itself and the real strategy being concealed."

"If other states are seeking to control or alter perceptions by manipulating foreign collection and analysis, counterintelligence analysts can respond with counterdeception analysis. By mirroring the steps involved in foreign perception management, counterintelligence analysts protect their own government from manipulation. They may try to identify any foreign government objectives that could be furthered by a deception plan. Military operations usually (and economic and diplomatic operations often) employ a deception plan to achieve surprise and thereby to increase the chance of success. Counterintelligence analysts need to examine their own government's collection modus operandi to determine its vulnerability to foreign deception."

"Counterdeception analysts must identify how foreign governments perceive their target as reacting to certain information. Is the target reacting to or merely ignoring attempts at perception management? Counterdeception analysts also need to identify who is conducting the perception management. Are there deception planners in the foreign country? Where are they located? What are their objectives-- what are the specific tasks of their agents, and what do they us to "learn" about their secret military plans? Counterdeception analysts would also do well to learn the foreign country's operational security procedures, which could unlock the deception plan. If they are really good, analysts may be able to discover the information or activity that deception is trying to cover."

(1e) Support for operations.

Here Godson outlines how counterintelligence analysis can be used in support of counterintelligence operations. He outlines two major analytical tools: Pattern analysis and Anomalous behavior analysis.

Pattern analysis is, "guides to the general behavior of foreign intelligence and foreign counterintelligence."

"By collating the experience of many foreign counterintelligence operatives over a long period of time, counterintelligence personnel can detect patterns that may be of great assistance in deciding where and when to concentrate their surveillance of suspects."

"By analyzing patterns of behavior it is sometimes even possible not only to identify foreign intelligence professionals, but also to specify those who are successful and in what type of operations they are succeeding, thus tipping off counterintelligence operators."

Godson gives an example here of adversary intelligence officers being promoted fast in some niche field (like weapons technology). This might imply that they have a spy within that field.

Anomalous behavior analysis, "seeks out strange or puzzling behavior pointing to a counterintelligence problem even before it is known to exist ... There are various kinds of anomalous behaviors that might tip off an analysis about a foreign intelligence service's successful operations." These include:
    Strategic behavior. When an adversary changes their behavior based on secret information.

    Ostensible coincidence. If a series of coincidences occur, you should start seeking out alternative explanations. Since coincidence can "lead to exposure," intelligence organisations will act in ways that make them appear not well informed, less their intelligence source gets outed.

    Personal behavior. Are there changes in the personal behavior of an individual?

Next up in my notes is Counterintelligence Collection from the chapter in Godson's book. I will endeavour to have them up in a week or so.
Posts: 35
Joined: Fri Jan 10, 2014 6:32 am
Blog: View Blog (0)

Re: Notes on Counterintelligence, OPSEC, and Deception OPs

Postby Pushkarev » Fri Mar 14, 2014 1:38 am

Here are some thoughts of mine while taking the above notes. If ya'll just want to make this thread infodumps let me know, and I won't add my own thoughts on the issue. I like creating conceptual tools to use from the notes I make.

Conceptual Tools to use

Take an event, group, person, or something else you think has some underlying aspect that is more to it than what the general consensus is. For the sake of brevity, let us call this event, group, or person "Event X." Here are some questions you could use from the above notes in gathering knowledge about Event X:

(i) The number one security priority within the conspiracy, at least from Godson's view, is the command and control system (or systems, if there are multiple actors). If there were a command and control system, how did actors involved in Event X cover it up or secure it? Are there elements of Event X that resemble a command and control system being covered up? Is the command and control system centralized or decentralized? What are some other properties of the C&C system?

(ii) Look for relations among groups. Are there any explicit relationships being covered up? Are there efforts to cover up certain relationships between allied groups? What about negative relationships between allies and adversaries?

(iii) Are there any plans or negotiations that were likely covered up within Event X?

(iv) Is there any form of technology being protected? This includes strategic weapons related to (1), but also technology in the private sector that gives an economic or military advantage.

(v) Does Event X have any aspects that might have to do with clandestine operations? Were there any intelligence, security, or military special operations personnel involved? If they were involved, what might their OPSEC be like?

How do we see through deception? Can we use counterdeception analysis to help us with Event X? Here is a brief sketch in piercing the veil of deception (that probably needs more elaboration as I read more books):

(vi) Mirror a possible deception operation involved in Event X. How might a deception operation be conducted around the event? It would probably be useful to come up with multiple deception operation scenarios.

(vii) Use (vi) to work out deception requirements. How does the deception plan relate to the overarching plan or strategy? What does the deception plan actually do? I.e. What actions does it make other groups take?

(viii) Are there aspects of investigative journalism, conspiracy theorizing, or anyone else gathering information about Event X that is open to vulnerability? I.e. Are there vulnerabilities with our collection aspect (what and how we gather knowledge about Event X)?

(ix) It would be useful to identify how the actors in Event X perceive their targets as reacting to certain information. As Godson states, "Is the target reacting to or merely ignoring attempts at perception management? "

(x) Identify who is conducting the perception management. What are their aims? What are the specific operational and tactical tasks? What do they want us to "learn" about Event X? There are now two Event X's. There is Event X as it really is. There is also Event X' (Event X Primed). Event X' is what they want us to think, so model Event X' and work out they want us to learn about Event X'.

(xi) If you have knowledge of who might be involved in the deception operation of Event X, what are their OPSEC procedures?

Two major tools of counterintelligence analysis are:

(xii) Pattern Analysis. Given historical sources, how have the organisations involved in Event X acted in the past? What are some "tells" in their pattern of activities? In particular, what are their behavioral patterns?

(xiii) Anomalous behavior analysis. Are there strange and puzzling behaviors about Event X? These include ways in which the members of Event X change their strategic and personal behavior. A series of coincidences in Event X should have alternate explanations that aren't just explained away as coincidences. Some of these leads may be genuine coincidences, but you still should chase them up.

Edit: Screwed up my roman numerals.

Edit 2: Expanded on relationships in (ii).
Posts: 35
Joined: Fri Jan 10, 2014 6:32 am
Blog: View Blog (0)

Re: Notes on Counterintelligence, OPSEC, and Deception OPs

Postby Pushkarev » Sat Apr 12, 2014 11:49 pm

Been a month since I last wrote some notes. I have been busy with Uni study. Here is the second part of the chapter. Sections below that start with "side note" are my own thoughts/ideas while reading the text.

Counterintelligence Collection

"After analysis, the second essential component of counterintelligence is collection, which often takes the form of investigation ... Counterintelligence investigation tends to be more productive when it focuses on targets already identified as suspect by analysis. Focused collection, in turn, provides better, sometimes superior, information to analysts."

Collection Sources

Godson names several kinds of sources for counterintelligence:

(1) Collection from Open Sources.

(2) Clandestine Collection from Human sources.

(3) Technical counterintelligence.

He also talks about the integration of (1) to (3). Here has the following topics of integrating counterintelligence with other areas:

(a) Using intelligence from outside counterintelligence organisations (like signals intelligence or imagery intelligence).

(b) Using technological and scientific breakthroughs for use in counterintelligence collection.

(c) Combining foreign intelligence collection with domestic intelligence collection, e.g. collobration between MI5 and MI6, or the CIA with the FBI. Godson claims this collobration is important because:

"... in the global environment of the late 20th century -- a world of economic interdependence, increasingly open borders, and the easy transfer of people, money, knowledge, and technology -- broad-reaching investigation is more important than ever."

Godson states that foreign counterintelligence (FCI) is harder than domestic counterintelligence (DCI), as DCI is one's home turf. But FCI can be improved by integrating (1) to (3), and (a) to (c).

(1) Collection from Open Sources.

Godson then moves on to some concrete aspects of (1). He gives some examples of open sources that counterintelligence might use, including: the writing of foreign political, economic, and military leaders; newspapers; journals; the slogans and rhetoric of demonstrators; the case histories of political groups; technical magazines; the publications of front companies/groups; speeches of individuals and groups; theoretical and strategic writing of individuals and groups, e.g. manifestos that outline where a group is heading; writings on the internal ideology of groups (including writing that shows "internal fissures" between elements in the group).

As a concrete example, Godson talks about the magazine Aviation Week and Space Technology. During the Cold War, the Soviets subscribed to this magazine, and used technological breakthroughs as a means to guide their intelligence collection. Godson claims that this Soviet pattern of collection was probably used as a counterintelligence lead.

Side note: See also the book Torture Taxi, where plane watching geeks managed to unravel the CIA's rendition plane network. Link:

(2) Clandestine Collection from Human sources.

"Penetrating an adversary's intelligence service, especially the counterintelligence units, is one of the most valuable counterintelligence techniques. Often it is notoriously difficult ... Intelligence services are usually on the lookout for their own weak spots, and they have a whole array of security procedures to combat penetration. Nevertheless, intelligence services do sometimes manage to scale the wall of security and run agents inside other services."

Godson then gives the following kinds of penetration techniques:

    Plant junior officers inside a service and watch them rise. "This is most successful when vetting procedures are slack."

    Recruit a nonintelligence officer that might have access to some target.

    Recruit an intelligence officer. Godson claims this is difficult, as many intelligence officers are trained to be familiar with recruitment techniques. Nevertheless, "skilled recruiters specialize in spotting weaknesses" e.g. financial temptation, revenge, and others. This is easier to do in your own country, than in a foreign country.

    Recruit individuals that are vulnerable in some sense. This includes individuals with lower salaries or prestige, which might make them susceptible to money offers or psychological recruitment.

    Infiltrate political support groups or fronts sympathetic to the politics of the foreign service. This infiltration could lead to recruiting an intelligence officer. This tactic is useful in infiltrating terrorist organizations, that is, planting or recruiting someone inside a terrorist support group. Interesting quotes from this section

"It can be relatively easy to penetrate a nascent movement or organization, ... as the United States found when it penetrated Students for a Democratic Society and various Communist and African-American groups in the 1960s and 1970s."

"As organizations mature, however, pentration becomes more difficult. The terrorist organization will not easily accept unknowns into its inner circle. It may demand loyalty tests, such as committing a murder"

Collection Methods

Godson then goes onto to talk about some sub-species of (2), including:

(i) Defectors

(ii) Physical Surveillance

(iii) Access Agents

(iv) Double Agents

(v) Liaison

(vi) Illegals

I'll flesh out this section, and what (i) to (vi) mean in my next post.
Posts: 35
Joined: Fri Jan 10, 2014 6:32 am
Blog: View Blog (0)

Return to Psyops and Meme Management

Who is online

Users browsing this forum: No registered users and 1 guest