21 May 2016

Cyber's Hot, but Low-Tech Spies Are Still a Threat

May 18, 2016

It was recently made public that U.S. Navy Lt. Cmdr. Edward Lin was arrested by the Naval Criminal Investigative Service on September 11, 2015, and is in pretrial confinement charged with passing secrets to a foreign government, patronizing prostitutes and committing adultery (the latter being a crime under military law). Lin pleaded not guilty, and it has not been revealed whether Lin passed, or attempted to pass, classified information to either Taiwan or China—and just recently, several media reports claim an undercover FBI agent may have been involved. However, since Lin is of Taiwanese heritage, Taiwan’s National Security Bureau quickly disavowed any knowledge, as you would expect, and the People’s Republic of China’s government provide a comment similar to “Who? Never heard of him!”—also as would be expected.

Lin’s arrest is a stark reminder that traditional espionage is ongoing, and despite such a global focus on securing computer systems in the wake of (alleged) Chinese hacking of the Office of Personnel Management, Edward Snowden’s theft of National Security Agency data, Bradley Manning’s release of classified information to the website WikiLeaks and several others, we must continue and renew the focus on countering all of the foreign intelligence methods used to obtain U.S. information.


Too often in today’s world we wake up to find that personal or government data was stolen by unknown (although often suspected) persons who found a way to hack into what we thought was an unhackable computer system. The recurrent theft of our personal data, credit-card details or sensitive government information is almost numbing to the public, but has caused a renewed emphasis across governments and corporations for cybersecurity. The data stolen from the government is unclassified, yet when properly connected and analyzed with other unclassified information, such as personal financial data, could identify government personnel with high amounts of debt and an increased susceptibility for recruitment or coercion by foreign intelligence services.

However, the theft of computer data is but one method of foreign intelligence services. Foreign intelligence entities around the world use a full spectrum of espionage techniques—not just cyber theft. I hope it turns out that an undercover FBI agent posed as a foreign intelligence officer to intercept the classified information Lin had access to, but this case reminds me of two classic operations from the espionage playbook that foreign intelligence agencies may utilize, and of which others must be aware: the honey trap and the false flag.

The honey trap is an intelligence operation that utilizes sex, either to place the target in a compromising position (one that he or she does not want revealed, such as to a spouse or employer) or to establish a “genuine” personal/physical relationship. In Lin’s case, he is accused both of using prostitutes and of adultery, so it is possible that someone took pictures of him with a prostitute and/or having an affair with a person other his wife, which could be used to coerce Lin into stealing classified information on the intelligence-collecting EP-3 Aries II aircraft, to which he was assigned. While I do not believe Western intelligence agencies use this technique, the media has reported its use by China, Taiwan and North Korea, to name a few.

This case also provides an opportunity for a false flag operation. Lin is originally from Taiwan and became a naturalized U.S. citizen. With a false flag operation, a foreign intelligence officer, for example, would identify himself as a compatriot to his target and ask that he or she provide assistance in defending “their” homeland—by providing information. In Lin’s case, a foreign intelligence officer from a third country would identify himself or herself as Taiwanese and appeal to Lin’s Taiwanese heritage to learn about the capabilities and limitations of the EP-3 and how, specifically, the U.S. Pacific Command planned to assist Taiwan in case of an attack from China. That information would be extremely valuable to China, or even North Korea.

The computer system hacks we see today are compromising U.S. national and economic security. However, as shown in the media, the stolen data is accessed through the internet and unclassified. To obtain the really juicy classified information, a foreign nation must establish some type of human connection with a person who has access to the information they need. Long before computer hacking, adversaries were exploiting the personal vulnerabilities and mistakes of their fellow man, and manipulating them to obtain information. Classic foreign espionage is alive and well, and our adversaries lack moral, ethical or even legal limitations on how they steal secrets. The United States must work diligently to educate those with access to sensitive information about the techniques that foreign intelligence services will use.

Neal Duckworth is a former U.S. intelligence officer with multiple international deployments who currently works at Harvard’s John F. Kennedy School of Government.

No comments: