Where does HUMINT fit in with the 21st century intelligence community? [by Julien Babanoury, CEIS]
The
honeypot has been an icon in stories of espionage (fiction and
non-fiction) presented to the general public over the past 70 years or
so. In the current digital age, the honeypot has become a pixelated,
scantily-clad female sent to a target in jpeg format to be opened and
inadvertently allow access to his computer or network. Has the advent
of the Internet and complex computer systems led us to ignore the human
factor of interpersonal communication? More pertinent to espionage, has
the rise of signals intelligence (SIGINT) overshadowed human
intelligence (HUMINT) to the point where the latter is
neglected?
Human
intelligence, or HUMINT, has played a role in our society for
centuries, as it is fundamentally information drawn from human sources
and interpersonal communication. HUMINT can be collected through
clandestine operations (recruiting spies), overt collection abroad,
traveller debriefing, POW interrogation, diplomatic missions (military
attachés) and counterintelligence among the many means. The complexity
of these operations requires a strong degree of preparation for any
rendez-vous, interrogation, and extraction of information. Moreover, a
major obstacle is the communication aspect of HUMINT, which could be
difficult due to a lack of cooperation, language barriers, etc. HUMINT
operations in foreign countries can also pose a great risk to the
intelligence collectors because of the susceptibility to the local
police, military or counterintelligence units. Despite these
difficulties and risks, HUMINT can collect raw pieces of intelligence
that are often more accurate than the intelligence collected from
SIGINT. HUMINT is able to find meaning in the smallest pieces of
intelligence, which could have significant consequences in turn.
Signals
intelligence, or SIGINT, is the interception of signals or encrypted
information. While encryption and decryption quickly followed the
development of writing, modern SIGINT originated in the beginning of
the 20th century with electronic cables transmitting communications.
And today, SIGINT includes communications intelligence (COMINT) and
electronic intelligence (ELINT). COMINT is defined as technical and
intelligence information that is taken from foreign communications and
ELINT is the information gathered from advanced computer systems[1].
SIGINT is able to fishnet a massive amount of information from any part
of the world by accessing data from cryptanalysis, traffic analysis,
computer exploitation techniques, and cable tapping; meaning less time
and resources are spent while protecting the lives of intelligence
agents who mostly work from secure bases in their home country or
embassies.
Current Status
Today, SIGINT has taken center
stage in the intelligence community because the Internet and technical
advancements have made its methods rather easy, and the recent
disclosures of American whistleblower Edward Snowden have made the
NSA’s massive SIGINT program public. The United States has generally
tended to favour open source intelligence (OSINT), geospatial
intelligence (GEOINT) and SIGINT over HUMINT as a means to understand
what its enemies were planning. Former CIA officer and spy for the
Soviet Union, Aldrich Ames, bluntly formulated the United States’
attitude towards human intelligence – “The human spy, in terms of the
American espionage effort, had never been terribly pertinent”. Even in
other countries such as Russia, whose security services have had strong
predilections towards HUMINT in the past, are conducting extensive
SIGINT operations; a trend based on necessity and availability.
Communication cables, servers with troves of data, etc. – all relied
upon by our society and all contain information that can be believed to
be pertinent to state security and interests.
Meanwhile, both HUMINT
and SIGINT practices are being integrated into cyber intelligence, or
CYBINT, which encompasses the activities of intelligence collection and
the product of intelligence collection. The primary purposes of CYBINT
are counter-cyber intelligence, specifically ISR (intelligence,
surveillance, and reconnaissance), and computer network exploitation.
CYBINT even goes beyond the collection and operational aspects of
intelligence by employing an analytical methodology with all of the
data and information available to minimize uncertainties for all types
of operations. CYBINT is not designated to a specific US agency,
although the NSA, US Cyber Command and the Defence Information Systems
Agency exercise CYBINT capacities. The former two institutions being
under one command particularly attests to CYBINT collection, analysis,
and operations.
Of course, neither HUMINT nor SIGINT nor CYBINT can
be accurately measured; but their measurability is not what is in
question. Just like any other institution, social practice, or anything
in the physical world, intelligence gathering has a balance that is
determined through causality. An increase and reliance on SIGINT could
diminish and neglect the use of HUMINT. With every person and every
government using the Internet and telecommunications, SIGINT, without a
doubt, plays a major role in intelligence gathering.
Is HUMINT necessary?
It
should be noted that when it comes to using different sources of
intelligence, countries do not choose one source and discard another.
However, they may have preferences or resource limitations, which could
lead to a skewed reliance. Nonetheless, HUMINT should not be ignored.
Human intelligence can give intelligence agencies ‘gems’; but more
importantly, it is the use of all source capacities to their fullest
extent that provides the surest intelligence. When HUMINT has been
neglected and badly under-resourced, the collection gaps that were
created led to operational blunders.
Of the countless examples of
HUMINT’s effective contribution to intelligence gathering, the most
notable recent example was the hunt for Osama bin Laden, where
Pakistani physician was recruited by the CIA to organize a fake
vaccination drive. The purpose of the drive was to collect DNA samples
from the residents of Abbottabad to confirm bin Laden’s presence in the
city. Conversely, an operation that failed due to a lack of human
intelligence was the Bay of Pigs Invasion, a US-backed coup to
overthrow the communist government in Cuba. The failures attributed to
the failed operation were a lack of Cuban sources in Cuba and a lack of
counterintelligence information to discover the double-agents who made
up much of the Cuban paramilitary group sent by the United States.
However, these two examples should not go without saying that HUMINT
doesn’t always produce gold. Between 1999 and 2001 Iraqi defector
codenamed Curveball alleged that Iraq was manufacturing mobile
biological weapon laboratories, an account used to support the US-led
invasion of Iraq in 2003. Curveball had been poorly handled by German
operatives and the CIA was blamed for not properly investigating the
doubts over Curveball and his claims; claims that turned out to be
false.
What is the future of HUMINT?
HUMINT is due for
revitalization for several reasons. First, The United States’ War on
Terror has demonstrated that terrorists and other non-state actors
cannot compete against technologically advanced countries in terms of
firepower and intelligence gathering. As a result, these actors have
reverted to limited or non-technological communication; and thus the
communication leaves little reverberations that can be picked up by
SIGINT. Considering another major source of intelligence, geospatial
intelligence (GEOINT) can only go so far as to tracking enemy
movements, especially terrorist, with drones and satellites.
Intelligence gathering through spies and local recruits is imperative
in locating and possibly destroying terrorist leaders or enclaves.
Second,
the degree of causality in the international intelligence community is
likely to tip the scale towards a stronger emphasis on HUMINT
operations. During the Cold War, the Soviet Union’s human intelligence
capabilities were arguably the strongest in the world. Subsequently, to
meet the strength of Soviet HUMINT, US counterintelligence capabilities
developed into one of the strongest doctrines in the world.
Regarding
SIGINT, the United States’ offensive and surveillance capabilities have
more than surpassed the capabilities of every other country; but this
has created a sense of overconfidence in its technical intelligence
gathering abilities and has obscured the way information is analyzed
and presented. For example, the NSA attempted to map terrorist networks
with data acquired from phone companies and internet service providers.
The creation of complex mega-graphs, nicknamed ‘big ass graphs’, were
of no use to CIA operatives whose job it was to track down the
terrorists[2].
Likewise, in the wake of the revelations of America’s
mass surveillance program, countries are now expected to reduce and
protect their electrical information and communications. Most top
secret information is no longer digitalized and the use of diplomatic
couriers has greatly increased, meaning less vital information is able
to be picked up by SIGINT. Just recognizing SIGINT overconfidence and
signal communications downplay is enough to rebalance the collection
and dissemination methods of the intelligence community.
The Interlacement
During
peacetime, countries will continue to spy, but mainly for economic
intelligence. This means that countries, like the United States, will
spy on allies and friendly nations, who overlap as economic competitors
and military allies during a crisis[3]. This coincides perfectly with
the NSA SIGINT programs in countries like Brazil, France and Germany.
Collecting information from a data center in Utah is much less personal
than sending operatives to allied countries to gather economic
intelligence; and so making it psychologically easier to spy on allies.
This level of impersonality SIGINT has over HUMINT is decreasing
however, as both are becoming more and more intertwined.
As it was
indirectly mentioned above with the ‘big ass graphs’, SIGINT provides
intelligence to HUMINT collectors so that the latter are able to
pinpoint and complete their objectives. Reciprocally, information that
is collected on the ground can be sent to SIGINT offices who can
elaborate on that information with whatever is intercepted. The
traditional intelligence cycle management is still in place but there
is much more dialogue between United States agencies that operate
different collection methods. HUMINT can also contribute to SIGINT and
CYBINT by accessing the targeted computer systems directly through
recruits or unaware victims. The NSA’s tailored access operations, for
example, work closely with the CIA to use its local informants to help
with the operations requiring physical access to computers that are
never connected to a network[4]. Despite its challenges and risks,
HUMINT is a viable option for circumventing physical and cyberdefence
perimeters of computer networks and can defeat confidentiality,
integrity, and availability of secure information by acquiring the
necessary privileges[5].
Conclusion
Human intelligence provides
only 10 to 20% of the information collected by the US intelligence
community[6]. The information collected however is mostly taken from a
wide range of experts and insider sources whose roles are overshadowed
by the use of technology. The human factor is still a major part of
security; especially in cybersecurity where most business and
government leaders see human error as a strong contributor to breaches
of all sorts – and even the heads of IT security in government agencies
can be susceptible to the digital honeypot[7]. Until the dawn of
artificial intelligence, spies will have to continue implementing
technological advancements in their operations while keeping in mind
that not all information is located in a server.
By Julien Babanoury, CEIS
[1]
https://www.cia.gov/news-information/featured-story-archive/2010-featured-story-archive/intelligence-signals-intelligence-1.html
[2] http://online.wsj.com/news/articles/SB10001424052748704820904575055481363319518
[3]
National Research Council. Cryptography’s Role in Securing the
Information Society . Washington, DC: The National Academies Press,
1996.
[4] http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html
[5] Encyclopedia of Quantitative Risk Analysis and Assessment, Volume 1 edited by Edward L. Melnick, Brian S. Everitt
[6] http://globalsecuritystudies.com/Margolis%20Intelligence%20(ag%20edits).pdf
[7] http://nakedsecurity.sophos.com/2013/11/03/fake-femme-fatale-dupes-it-guys-at-us-government-agency/
EN BREF
[21.07.14] [Wired] La loi sur la surveillance électronique votée par le Parlement anglais
[17.07.14]
[portugaldigital.com.br] En visite officielle au Brésil, Xi Jinping,
président de la Chine, critique la politique d’espionnage et le double
standard américain
[17.07.14] [WAM] Le Hub Dubaï Internet City prépare une conférence pour le mois d’août, en partenariat avec le MIT.
[16.07.14]
[Wall Street Journal] La nouvelle directrice de la division criminelle
du US Justice Department annonce que la lutte contre la
cybercriminalité sera sa priorité
[16.07.14] [Google] Google annonce le lancement de « Project Zero » ciblant les vulnérabilités « zero-day »
[15.07.14]
[Gigaom] La Commission allemande en charge de l’affaire NSA réutilise
des moyens physiques pour éviter les écoutes électroniques.
[11.07.14] [BBC] La politique gouvernementale anglaise de lutte contre la cybercriminalité critiquée
[11.07.14] [Facebook] Une cyberattaque déstabilise la tenue des élections législatives tunissiennes
[10.07.14]
[Arab News] Le Ministère de l’Education Saoudien veut enseigner la
gestion des réseaux sociaux dans les écoles saoudiennes.
|