Identifying CIA Officers in the Field

During the Cold War, the KGB was very adept at identifying undercover CIA officers in foreign countries through what was basically big data analysis. (Yes, this is a needlessly dense and very hard-to-read article. I think it's worth slogging through, though.)

Posted on October 1, 2015 at 7:00 AM • 28 Comments

Comments

EvanOctober 1, 2015 7:36 AM

The CIA's practices, according to this article, were surprisingly (to me, at least) naive. For all I've read about agents being told to "live their cover", that doesn't seem to have applied to officers with diplomatic cover. Had I been in charge of the CIA (or more specifically, its Clandestine Service) I would have started from the assumption that adversaries would try to reconstruct our employment rolls from publicly available information. That they didn't speaks volumes to me about the CIA's (in)ability to fulfill their job.

BobOctober 1, 2015 8:47 AM

I think the reality was worse than this story indicates.

I clearly recall being with a former state department employee (he was only briefly an employee but his job title was ambassador) and looking at the resume of an individual that we would soon have to work with. He stated, "Hmm, looks like he was CIA." "Why do you say that?" I asked.
"Well, see he worked overseas at the embassy and was listed as Foreign Service Reserve. The State Department never listed the CIA guys as Foreign Service Officers."

Several books describe this practice. Search on "CIA" and "Federal Service Reserve."
See, for example,
https://books.google.com/books?id=iIS1lkQ0AAIC&pg=PA147&dq=%22Foreign+Service+Reserve%22++%22CIA%22&hl=en&sa=X&ved=0CCMQ6AEwAWoVChMI0JbWn7ShyAIVhVweCh1WXAnD#v=onepage&q=%22Foreign%20Service%20Reserve%22%20%20%22CIA%22&f=false


The Foreign Service Reserve was abolished in 1980.

Bob

ianfOctober 1, 2015 9:10 AM


Let's call this SPY AMBIENCE PATTERN RECOGNITION.

A logistical services supervisor at major Continental airports mentioned once, that he could always recognize "CIA folks" arriving effectively in tandem with U.S. couriers schlepping sealed hardcase pieces of electronic etc. equipment under diplomatic cover. Weaponry, if it came in this fashion, was handled by security, not (his) civilian details. Said it was common knowledge among baggage handlers. If they could make that out, so could the KGB. As they said in my civil defense prep classes, in war, it is not the traitors near the top that count, but the lowly clerk-spies that tally up weekly numbers of dirty long-johns sent out to be laundered.

Also, in pre-AirBnB, sofa-surfing times, I advertised for a paying-guest vacation hosts in Florida. Two guys responded, one petered out after a while, the other turned out to be an electrical engineer working for a firm that maintained cables, etc. in US embassies. Or so he said (I wasn't knowledgeable enough then to recognize it as essentially a in-house/ security-clearance/ counter-intel job). We had a nice coffee at a restaurant, then parted company (ultimately, I stayed in a hotel). I have since wondered if that "Peter," perhaps a lowly operative in training, was sent out to "sniff me out" just in case my ethnic/ cultural/ professional profile (then & still at HARDCORE AMATEUR stage) might fit some of his true employer's imaginary "agent material shopping lists," or my prospect file needed fleshing out. He looked the part, except for the crewcut & I must've previously left a breadcrumb trail of reading & borrowing books and whole annals of magazines at an American library.

@ Evan, you don't know what you're talking about. For foreign operatives to truly "live their cover," or, worse still, under the KGB's pattern recognition radar, would have meant THAT MUCH BIGGER budgets for postings administrators, not to mention the specter of OVERTIME. Do not forget that although the CIA's mission was to deliver the goods on non-Yanks, their true raison d'être was survival within the USG bureaucracy—which they proved adept at. Parkinson's Law applies.

rOctober 1, 2015 9:16 AM

/sarcasm ???

it's really not a tough read at all, and the differences listed between FSO's and potentially CIA are pretty glaring.

The guy definitely was telling a story though,
I desperately hope that their opsec has improved.

BoppingAroundOctober 1, 2015 9:16 AM

Moderator, Clive Robinson (the usual one),
I suspect the author of a second post here is an impostor. Can you confirm this?

Vincent ArcherOctober 1, 2015 9:25 AM

The problem is one of bureaucracy. If you want CIA employees to really appear as a random employee of the Department of State, you need:

- To insert them into employee data (easy)
- To have the Department of State pay them (the problems begin there)
- With you managing to provide the eventual difference in pay (I doubt the various bonus align)
- Arrange the necessary budget transfers, because the Department of State is not going to use its funds for CIA employees
- Manage to bypass the career evaluations required ("I have been tasked to review this employee, and he does not appear to do any of the work that should be assigned to him. I recommend sending him back to the States ASAP")

If you ever worked for any form of government agency, this will be not only complicated, but the occasion of numerous headbutting, not to mention that various Dpt. of State staffers that have absolutely no contact with the agent will regularly ask questions because it appears on their payroll and "it should not", and you will probably have high level meetings at every administration rotation about "why are some of our employees seconded to CIA" (even if it's the reverse).

Far easier to keep your agent entirely out of the mess and simply have them there with some random status. Riskier, but easier.

TGuerrantOctober 1, 2015 9:55 AM

Ah, the good old days before OPM had 21.5 million+ records waiting on its servers....

ianfOctober 1, 2015 10:14 AM


@ r /sarcasm??

That was @ Bruce's convoluted way of warding us off what was really a shallow, Salon-comprehension-level, article. Big data indeed. Merely by reading spy thrillers, John Le Carré's mainly, but also a few other Big Names, I arrived at this most likely procedure for any counter-intelligence service to identify its state opponents' resident (deniable under diplomatic cover) operatives:

  1. analyze past known records of & select new prospects based on similarities in age, frequency of postings, gaps in employment rolls, etc
  2. follow these prospects from a distance and observe their daily routines
  3. analyze any breaks in their routines
  4. note the degrees of their security consciousness, how they approach a likely meeting place, do they look over their shoulders
  5. how do they socialize outside the normal office hours?
  6. do they live above their age cohort's means, or are disproportionately free in relation to their official office level?

In short, a list nearly identical to that of KGB's Totrov. It becomes much harder with those that the thriller literature calls unofficial rezidentura. But I'm sure that, if Western services maintain such abroad, the Russians have developed means of sniffing them out as well (bad).

@ Vincent Archer right on.

rOctober 1, 2015 10:15 AM

if the us population was 314m in 2011, 21.5m records = 14% of the population? maybe the 21.5m records are individual entries not entries of individuals?

MikeAOctober 1, 2015 10:35 AM

Could be 14% of the population. They've been using the Stasi playbook for a while now.

My wonder about the OPM CF has more to do with the usual "cockup or conspiracy?" question. Much like when I was a night watchman and was told to ignore a particular gate-mounted alarm. "Wind rattles it, so we just leave it disabled". Um, maybe, until you also start wondering about the product left, packaged for shipment, _outside_ the warehouse doors (near said gate) overnight.

ianfOctober 1, 2015 11:11 AM

Even with the Stasi scenario, and including past/ deceased employees, plus those of subcontractors etc that "needed" to be in the DB for OPM-anal reasons, 14%, or 1 federal employee for each 7 in the population, still sounds unreal. I suspect even for hardcore conservatives always complaining of excessive size of federal government. Perhaps the figure includes records of all applications received over the life of the database?

bickerdykeOctober 1, 2015 11:18 AM

"His approach required a clever combination of clear insight into human behavior, root common sense and strict logic."

And who is surprised that the CIA didn't find out how this was done? .-)

Clive Robinson (the usual one)October 1, 2015 11:20 AM

@ BoppingAround, Moderator,

You would be correct in your assumption, the second post was not from me.

This is the second time this has happened recently...

I guess the question arises "does this person actuall have the same name as me or not?" as there are atleast five people on the internet in related fields from the UK alone it is possible. However if the answer is no, a second question of what they hope to achieve by using my name arises, I guess time will tell.

I'll give them their due though it was an appropriate "one liner".

HarryOctober 1, 2015 11:58 AM

The 21.5MM records don't represent 21.5MM Federal employees. They represent 21.5MM names. If you apply for a clearance you have provide a lot of names: professional contacts (both worked with and worked for), personal contacts, probably people who knew you at each place you lived, your close family members, family members who are foreign nationals. And everyone who applies for a job need to provide other names as references as well. For non-clearance applications, that about 5 per applicant; for clearance applications it could easily be 20 or more.

So 21.5MM names could represent as few as 1MM employees.

RichardOctober 1, 2015 2:07 PM

You can't do simple math about the 21M to get to x percent of the population because those numbers represent two different time frames. 21M is the sum of names over a period of time, how long? who knows exactly. 300 million is a point in time population figure.

If we knew the time horizon of the 21 million, we could get the number of people alive during the entire time period and use that figure to arrive at a "more accurate" meaningless percentage.

The obfuscation of 21M "records" and what they represent exactly (people, names, employees, references, etc...) is another problem is doing math like this...

tyrOctober 1, 2015 3:51 PM


If you want a good look at Foggy Bottom diplomacy and
the usual suspects. Keith Laumer did a series of
fun exposes of the internals. Retief of the CDT and
the "cold war against Groaci (Rus) ". The usual sekrit
agent was an American frat rat with Gumshoes and a
mode of dress that made them stick out like a sore
thumb. So I can't imagine why the Rus would have been
able to detect such a creature.

@Clive
Just remember imitation is the sincerest form of flattery.
I saw Bruce on TV again. He's getting to be a celebrity.

VeracitorOctober 1, 2015 5:05 PM

There isn't any news here. No one EVER thought CIA agents with "diplomatic cover" were unrecognized by folks on the other side. Diplomatic cover was partly for politeness' sake and partly to give those CIA guys diplomatic immunity so if arrested while tending dead drops or meeting locals or whatever they would just be expelled rather than sent to Siberia.

Angleton wasn't worried about adversaries recognizing average CIA guys with diplomatic cover. Adversaries were assumed to know which were CIA just as the US (and British, and so-forth) knew which Russian "diplomats" were KGB and GRU.

Angleton was worried about the identities of deep-cover agents and locals who had been recruited to help CIA in some way. CIA tradecraft was supposed to provide secure communications with such folk and conceal their connections to CIA.

If CIA tradecraft wasn't up to it, the problems were not in the feeble diplomatic disguises worn by some CIA agents, but in something more subtle like poor management of dead drops.

milkshakenOctober 1, 2015 5:39 PM

CIA did not learn anything from these mistakes. As recently as five years ago, Hezbollah was able to identify nearly all CIA operatives in Lebanon, based on their behavior pattern, and pattern of their burner phone calls, they even managed to follow them to meetings with their informants, they even directly spied on their conversations. Hezbollah turned some informants into double agents. And one day, all CIA informants got suddenly arrested, never to be heard of again. Then, Hezbollah published the names of 10 CIA operatives in Lebanon, and said look how nice we are, we could have killed them any time - please stay away...

ianfOctober 1, 2015 10:27 PM


@ milkshaken… and the source for that your massive CIA #facepalm in Lebanon being… ?

BTW. there's a realistic spy thriller “Agents of Innocence” by WaPo columnist David Ignatius (1987). Spanning the years 1969-1984 in Beirut and nearby, at one time it was promoted on CIA's webpage as "a novel, but not fiction." It serves a thinly-veiled tale of CIA's attempts to infiltrate the leadership of the Fatah, and ends up with the agency effectively "representing" PLO's point of view in Washington, DC. Well worth a read.


@ Veracitor
Having been badly burned by Kim Philby, whose friend and protégé in London he once was, by the time he reached the plateau of his career, James Jesus Angleton was first and foremost a paranoid wreck of a bureaucrat. These are the worst. No wonder he had to be killed by proxy in “Three Days of The Condor” by "CIA's" Max von Sydow assassin-for-hire.

WinterOctober 2, 2015 2:17 AM

My question is whether the "Special Opps" of the CIA have ever been successful?

Even with what I read before, signing up as an informant for the CIA has never been a good idea.

ianfOctober 2, 2015 3:20 AM


@ milkshaken, if I am declared a troll by asking for corroboration, what does that make you, who doesn't supply it UNLESS goaded for it explicitly? An centripetal[*] egoist.

“Why don't you google for it” is the equivalent of this 80s(?) adage “On a clear disk one can seek forever.”

[^*] why don't you google for it?

bobOctober 2, 2015 4:29 AM

Of course, it could all be a double-bluff. While the KGP are running around after these relatively obvious CIA peeps, the real ones are elsewhere, better hidden.

CallMeLateForSupperOctober 2, 2015 8:32 AM

"Identifying CIA Officers in the Field"

My twisted brain immediately conjured an image of John Klees in army uniform, knee-deep in weeds, scanning the horizon through binoculars.

chris lOctober 2, 2015 11:11 AM

It seems responses are getting mixed across threads- the comments on the 21.5M people with records in the OPM database that were copied probably belong in the fingerprint thread, but here's the short explanation:

OPM collects all applications for employment in the federal government, as well as applications for access cards for contractors who need to access USG facilities and computer systems. There are three forms: SF-85 for people in non-security sensitive positions, SF-85P for people in "public trust" positions (e.g. public facing handling personal data or large amounts of $), and SF-86 for security clearances secret and above, which includes people like janitors in secure areas, large numbers of aerospace engineers, DOE employees and contractors (weapons engineers) and all manner of non-espionage related people. The "released" records are copies of all the forms submitted to the government since 2000 (OPM says this on their site), as well as the resulting background check information. There are only a few million non-applicants who had PII released-- those are relatives, cohabitants, and possibly very close associates of people who filled out SF-86. OPM also retains data on people from agencies that handle their own clearances (I think CIA does) who transferred to OPM covered agencies, as well as retirees whose records are kept by OPM.

The data for an SF-85 are pretty much what you get on most job applications, plus the responses from your references (if they responded) and the results of your database checks.

SF-85P goes further back in your history, and may include details of medical history or divorce history to provide explanation of your financial history.

SF-86 is 120+ pages of your history, plus PII of your cohabitants, plus results from all sorts of interviews with your references, neighbors, random people the interviewers come across in your work area or neighborhood, possibly polygraph interview details depending on your clearance. It includes your drug, alcohol, and relationship histories (including affairs or memberships in the local dungeon).

All three require full sets of fingerprints, which were included on a chip on your ID card since the implementation of HSPD-12. It's likely that the fingerprints are mostly current employees and contractors who had their prints taken for the PIV-II cards- the numbers sounds about right for that. The 21.5M includes all applications going back to 2000.

chris lOctober 2, 2015 11:15 AM

(after going through the thread I noticed the short comment that brought up the 21.5M, so those comments on it are in the right thread)

Evan HarperOctober 4, 2015 3:24 PM

The article's lead claims to describe "diplomatic and deep cover" being blown, but the techniques described boil down to "the CIA made no serious effort to get their officers under diplomatic cover to actually act like FSO employees in any of the details." None of the information in the article would seem to apply to officers working under non-official-cover.

The article is also confusing in that it claims that agents' lives were jeopardized; the whole point of official cover is that this doesn't happen.

It's not clear to me how secret the identities of official cover CIA officers are even supposed to be. I was under the impression that it was more of a nicety than a security measure; both sides tolerated each other's official cover intelligence officers, with only the occasional expulsion as a gesture of anger, because they thought it was mutually beneficial. I could be wrong. At the least, nobody ever expected to keep the CIA station chiefs' identity secret from other national governments, and probably a good number of civilians, too.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.