counterintelligence – Constantin Poindexter Salcedo

January 2, 2024

The Challenge of Spying on China

spy, spies, espionage, counterespionage, intelligence, counterintelligence,carlyle poindexter, constantin poindexter

The WSJ article on Wednesday (Challenge of Spying on China) is a sad reminder of the United States Intelligence Community’s apparent failure to accomplish any broad covert or clandestine penetration of the People’s Republic of China (PRC) in recent history. The lack of HUMINT human intelligence sources (HUMINT) with meaningful access and placement deprives us of insight into Chinese decision making, immediate strategic threat intelligence and perhaps more importantly, gravely impairs U.S. offensive counterintelligence operations.

Moving beyond the obvious difficulties with HUMINT operations within the PRC, reminiscent of the Cold War hostile operational environments, the Intelligence Community is overdue for a paradigm shift in human asset recruitment methodology. For the better part of the last century, the United States Intelligence Community relied on a steady flow of “walk-ins”, volunteers from opposing foreign intelligence services or governments that offered their countries’ secrets. Intelligence officers enjoyed a large degree of success based on a fairly global perception that Americans were the “good guys”, representatives of the land of fairness, equality and justice, qualities that stood in stark contrast to the ruthless and despotic republics from whence they came. Unfortunately, the mystique has faded leaving outsiders to wonder if the values that we promote to the world are nothing more than a hypocritical farce. Mass diffusion of the “Big Lie” throwing fair elections into question, an attempted coup d’etat by an outgoing president, and military involvement under highly questionable intelligence assessments erode the view once held that the United States is the “shining beacon to the oppressed”.

Chinese citizens enjoy a better standard of living than at any time in China’s history. China can rightfully boast that it is a world power and its population can justifiably be proud of its progress. Personal financial success and pride in country promote loyalty. That there is no broad internal rejection of onerous mass surveillance, social credit controls and ethnic cleansing as is the case with the Uyghurs, is a testament to the PRC’s ability to deny facts, deceive its population and prevent the import of non-PRC approved “truths” about freedom and justice within China. The Chinese cultural tendency to identify with the collective rather than the individual is likewise amplified by the PRC’s massive social control machine, with opposing or antagonistic perspectives effectively blocked by the Great Firewall or simply drowned out of public discourse by the volumes of Party-approved propaganda. The PRC’s strategy has created an environment that is more resistant to traditional intelligence recruitment techniques such as economic coercion, ideology exploitation and ego-stroking. Chinese intelligence service recruiters lean on the cultural affinity of ethnically Chinese living in the United States to turn them into spies, coerce them by alluding to what might become of their families living in China or deploy the time-tested technique of guanxi to achieve intelligence asset recruitments. United States intelligence officers do not enjoy a parallel or equivalent.

FBI Director Wray stated, “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.” The threat is grave and our twentieth-century countermeasures, techniques and tradecraft are not appropriate for what many in the Intelligence Community deem the greatest threat to United States national security. Retooling, reimagining the intelligence recruitment cycle and modernizing the way that we approach the recruitment of sources is imperative.

December 2, 2023

Iran Cyber Operations Target Utility Infrastructure

cyber, cyber operations, espionage, counterespionage, counterintelligence, cyber defense, CISA, countermeasures, constantin poindexter

Per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices. The IRGC-affiliated cyber actors left a defacement image stating, “You have been hacked, down with Israel. Every piece of equipment ‘made in Israel’ is CyberAv3ngers legal target.” The victims span multiple U.S. states. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate the risk of compromise from these IRGC-affiliated cyber actors.” (CISA, 12/01/2023)

The penetrations were aimed at critical utilities, in the extant case of U.S. water and water waste treatment infrastructure. Per CISA, “Beginning on November 22, 2023, IRGC cyber actors accessed multiple U.S.-based WWS facilities that operate Unitronics Vision Series PLCs with an HMI likely by compromising internet-accessible devices with default passwords. The targeted PLCs displayed the defacement message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is Cyberav3ngers legal target.” The Water and Wastewater Systems Sector (Water Sector) underpins the health, safety, economy, and security of the nation. It is vulnerable to both cyber and physical threats.” The warning is instructive. The fallout from a successful compromise of public water systems can be severe. Andrew Farr warns, “The imagination can run wild with worst-case scenarios about what a threat actor could do to a water system, but Arceneaux explains that sophisticated actors could hack a system and manipulate pumps or chemical feeds without the utility even knowing they were in the system. They could also create a water hammer that could lead to cracked pipes or release untreated wastewater back into a source water body. What if that happens [to a water system] in a medium or a big city? Maybe it’s only for a few hours, but it could go on for a few days or weeks, depending on how extensive the damage is.” (Farr, WF&M, 04/11/2022) Darktrace reports the very real consequence of a successful water system compromise. “Earlier this month, cyber-criminals broke into the systems of a water treatment facility in Florida and altered the chemical levels of the water supply.” (Matthew Wainwright, Darktrace) If potable water delivered to consumers contains dangerous contaminants or improper balances of the “good” chemicals blended to the product (fluoride, chlorine, chloramine, etc.), it can cause negative health effects. Gastrointestinal illness, nervous system damage, reproductive system damage, and chronic diseases such as cancer are very real risks associated with the same.

CISA cyber defense model of the “brute force” methodology deployed by IRGC operatives may be viewed at MITRE.

January 9, 2022

What is OSINT all about?

OSINT, IMINT, constantin poindexter, carlyle poindexter, masters in intelligence studies, counterintelligence

OSINT is as ancient as written word. I suppose that there were cuniform tablets that were exchanged between Phoenician government functionaries, both public and sensitive that adversaries coveted. The Greeks were particularly good at intelligence. There is a really good book about it written by Frank Santi Russell. It’s super interesting to see what value a first-generation democracy put on information gathering. What is without question is that OSINT is valuable. Wild Bill Donovan said, “Even a regimented press will, again and again, betray their nation’s best interests to a painstaking observer.”

Like the other INTs, there are some definitions that most practitioners have settled on to describe OSINT. Information collected from the “wherever” is generally not intelligence. It is data or simply information. Intelligence is generally an analyzed and polished product that CONTAINS information. The Department of Defense defines OSINT under ¨§931 of Title Nine, “Open-source intelligence (OSINT) is intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” (50 U.S.C.) The Hassan and Hjazi publication which offered this statutory definition verbatim HOWEVER they added what I think are some really important distinctions of what composes OSINT (“components” as Dr. Saar has highlighted.), as follows, “, . . .

*Open-source data
*Open-source information
*Open-source intelligence
*Validated open-source intelligence”

These components are important not only for context and precedence, adhering to the currently accepted intelligence cycle, etc., but also to offer a framework for practitioners of other INTs to identify where to offer input, and from whence to retrieve reliable and timely data, information and/or intelligence for their own purposes.

OSINT has progressed over time, but not in its essential nature. OSINT has essentially existed since cavemen roamed the earth. Ug of the ooga booga tribe probably eavesdropped on conversation between the huti huchi tribesemen to discover where the best mastodon hunting ground was. Obviously, this oversimplifies something that is actually quite sophisticated now, . . . or is it? We now have written word and motions images á la the ubiquitous YouTube, but is observation and pondering (analysis) of those observations really an innovation? My position is that OSINT really hasn’t changed at all. The medium for presentation (or mass dissemination) of information, the sophistication of the sensors that we use to collect information, the volume of collection and the high-speed computer-driven analysis of the information have changed, NOT OSINT.

There are clear advantages to the development and deployment of a rigorous OSINT capability. First and foremost is risk. Passive OSINT presents almost no risk at to either the discovery of the inquiry and the fallout if collection is discovered. Done properly, OSINT projects are discovered by the betrayal of a practitioner. An intelligence manager must consider the likelihood of discovery and the severity of loss due to discovery. OSINT falls low on the risk index. It’s just smart business.

Another big benefit but as the same time, a serious challenge is the volume of data or information. The benefit of volume is generally an increased reliability of product. There are plenty of disinformation operations in the world’o’sphere but in a massive pool of data an enormous effort and resources are required to drown out factual information. Also, a really big pool offers the input of a broad variety of assets or sources. The diversity REALLY helps stabilize analyst’s effort to draw reliable conclusions. The negative of course is how to warehouse and process the huge, HUGE amount of data that an OSINT mission or tasking might produce. This is and will be solved by quantum computing but the OSINT discipline also benefits from the less rigorous processing that a technical INT might require. The Norton piece spoke specifically to the “volume” conundrum along with the vetting challenge. “OSINT is challenging because of its volume and because each piece of information must be verified or “vetted,” often in unique ways.” (Norton, 2011, p. 66)

Among the list of advantages, “shareability” is also important. Not only is dissemination of OSINT product helpful and perhaps imperative among members of the Intelligence Community. It can also be superlatively supportive our allies, the countries with whom we share special liaison or allied service relationships. There is little risk to “sources and methods” with regard to OSINT. The real risk of improper or over-dissemination of OSINT is tipping our hand as to what is important to us AND prejudicing the asset or source, ie., U.S. Adversary: “You are looking at “x”? Oh! You must have some strategic or tactical interest in “x”! We’d better look into shutting off that faucet and since it’s important to YOU, then we’d better figure out a countermeasure.” Russian FIS does this, . . . regularly.

There are some other positive qualities of OSINT, i.e., gives a baseline for understanding the results of more sensitive information collected clandestinely; timeliness, as open sources are often in open competition as to who can “break the story” first; a great enhancement to cultural and ethnic understanding, etc., however the three main attributes above I think are the most valuable and relevant.

I need to give a hat-tip to a crowdsourcing article. The author has offered a neat little diagram to identify it but the author’s statement, “Crowdsourced Intelligence is arguably a separate collection discipline from HUMINT or OSINT collection.” (Stottlemyre, 2015) I feel is prescient. I’m not sure that this fits neatly within the OSINT discipline, most especially if the source is a member of an adversarial government, military or FIS. There are also a lot of wildcards in here, i.e., crowd motivation, crowd identity, or whether it’s really a “crowd” or not. This one merits a deeper look.

Waters, Nick, “Google Maps Is a Better Spy Than James Bond”, Foreign Policy, September 25th, 2018. https://foreignpolicy.com/2018/09/25/google-maps-is-a-better-spy-than-james-bond/#:~:text=In%20the%20words%20of%20William,interests%20to%20a%20painstaking%20observer.%E2%80%9D

Norton, Dr. R.A., “Guide to Open Source Intelligence: A Growing Window into the World”, Journal of Intelligence Studies”, vol. 18, no. 2, Winter/Spring 2011

Stottlemyre, Steven A., “HUMINT, OSINT, or Something New? Defining Crowdsourced Intelligence”, International Journal of Intelligence and Counterintelligence, vol. 28, iss. 3, 2015