Even spies leave behind a digital footprint. Through social media profiles and various leaks they can be identified and their clandestine activities exposed. In the digital age it takes more time and effort to conceal covert operations, requiring new approaches as early as during their recruiting.

The recent uncovering of Russian GRU agents accused with the attempt to poison former Russian spy Sergei Skripal, as well as the exposure of Saudi Arabian spies in the murder of Jamal Khashoggi clearly show the problems intelligence services are facing when conducting covert operations.

Investigate journalists, such as the Bellingcat team, were able to identify the suspected culprits, often using crowdsourcing to do so. These two examples have proven how effective and timely the wisdom of the crowd can be. Another reason for the great results achieved in these online investigations, is the fact that the contributors to each investigation were highly motivated: they did not make these findings because they had to; they wanted to unravel the mysteries surrounding aforementioned cases.

Both times, blatant mistakes made by the operatives left a paper trail to follow, ultimately leading to the identification of several members of Russian and Saudi intelligence services. Not accounting for the various slipups, the main problem is that all culprits do work for their nation’s government and/or intelligence services and this was too transparent. The GRU operatives had addresses registered to known GRU locations, one of the Saudi operatives is seen in pictures where he appears to belong to the close protection team accompanying Saudi crown prince Mohammad Bin Salman on travels. These are just two examples showing links between the individuals and their governments.

The question remains, how an intelligence service can conduct covert operations that actually remain covert. One of the most obvious solutions to counter this problem is minimizing an operatives’ digital presence. This can be achieved fairly easy. Covert operatives should stay away from social media and press coverage. However, an old IT-saying states: “There is no patch for human stupidity.” Due to this, there will always be a margin of error, undisciplined individuals making exactly the mistakes leading to their public exposure. Massive CCTV coverage is causing another problem. It is impossible to travel nowadays without being filmed or photographed. As soon as these pictures of individuals are published in news and on social media, crowdsourcing kicks in. Maybe this individual was seen entering  a government building, maybe a former government co-worker recognizes him. Although the former co-worker should probably keep this information to himself rather than risking legal consequences (many have signed some form of non-disclosure agreement), this does not stop it from happening. Again, human error stands in the way.  In conclusion, intelligence services should try to rule out human error as much as possible. Regular screenings on intelligence employees aimed at searching for compromising information online could help counter these exposure threats in a timely manner. Another approach would be to decrease the amount of people who actually know of the covert operative. One radical, yet most likely successful approach could be keeping covert operatives away from government entities.

Let me elaborate on this. As soon as an individual enlists within a government entity and becomes part of this system, bureaucracy takes its toll and the individual is listed in numerous databases for mainly administrative reasons, also increasing the number of people who know of his existence. Travel expenses, payment processes and even journeys to known government sites leave plenty of breadcrumbs to follow and to identify someone as a government employee. In many countries, once you are on the government’s payroll, it is highly unlikely you will ever leave the comfort of having this government job and the benefits that come with it.

What if a covert operative never actually worked for the government?

The scenario I am about to explain might sound like it is from a Hollywood movie script, but it might be the only feasible way to conduct future covert operations. It all starts with proper recruiting. Identifying suitable candidates will be challenging and I will not discuss what traits are essential to become a perfect spy. Although former military members might be the first choice, their military service might be what uncovers them in the future. Let us look at the following fictional career:

A young, fit 18-year-old named James appears at a police or military recruiting office and expresses interest in an intelligence, investigation and/or special forces career. He achieves outstanding results in the following assessment center. These results are noted by the intelligence service, upon which they approach the potential recruit. Of course, intensive screenings are conducted beforehand and at no point is he invited to official government sites. All contacts are conducted by a dedicated handler. The used modus operandi is basically the same one used when acquiring HUMINT sources.

James receives an offer to work for the intelligence service but not in the intelligence service. He receives a scholarship to study political science at a renowned university, earning a degree which will provide the basis for his future civilian career. The scholarship is payed for by a complex system of front companies, eventually ending in some sort of charity. During his studies, James uses the semester breaks or long weekends to train the many skills needed for his covert intelligence service job. Officially, he is on long backpack tours around the world or other types of vacations. This training method takes much longer and is conducted individually at inconspicuous sites. However, after 3-4 years of part-time training and smaller operations during his university sojourn, James should be able to conduct covert operations.

After his studies, James receives a job in a worldwide consulting company. Of course, some strings were pulled in the background to enable and promote his civilian career. From time to time, James has to oversee projects in other cities or countries. This is the cover needed to enable worldwide travel to conduct covert intelligence operations. These projects could actually originate from government entities and thus fit to the intelligence operation.

After a certain time as a covert operative, James is removed from the operational line of duty. The compensation for his intelligence work could then be a non-covert job within the intelligence service (or another related government entity) or a severance pay.

This description is very short and is lacking many of the challenging details. I would like to point out a couple of interesting aspects to why this concept might actually be worth the effort:

• The recruit could be dismissed at any time during the training program without major consequences. Other than his handlers, he does not have deep insight into the intelligence service, its locations or operations.
• Providing a college education and kickstarting a promising civilian career, as well as offering an interesting field of work in the intelligence sector should prove extremely motivational.
• The civilian career, when guided by the intelligence service, would deliver the best cover story for operations.
• Failed operations could be denied easier by government entities. In this case, a statement like the recent Saudi “rogue operative theory” would pass easier.

Even though the ratio of supporting intelligence personnel assigned exclusively to such an external covert operative is higher than compared to the amount of supporting staff for regular intelligence employees, the external covert operative in total has less exposure to intelligence personnel. Regarding training, financial and operational planning, everything could be kept in a smaller yet highly professional scale.

Who knows, maybe these techniques are already in use by some intelligence services worldwide. That is probably the reason we never hear about it. Maybe the person sitting next to you on the plane is not just the business traveler he pretends to be.

MW-OSINT / 24.10.2018