Monthly Archives: November 2012

So You Want to Work for the CIA/Mossad?

Former Mossad officer Michael Ross and I were comparing notes on the unusual messages and emails that come our way and, not surprisingly, we both deal with some similar characters. Setting aside the absolute nutters for a moment we’d like to address those sometimes young, sometimes naive, but often well intentioned people who contact us about jobs in the US/Israeli intelligence communities. Let me start by saying that if you fantasize about a career as a super spy and your first step on that journey is contacting either one of us through a direct message on Twitter (or the contact form on Blogs of War) you are not off to a promising start! No worries, though. we’re here to shore up your security practices a bit and hopefully point you in the right direction.

John Little: It seems rather obvious but contacting a stranger on the Internet, especially one not connected to the intelligence community, in an attempt to launch a spying career exposes potential applicants to quite a bit of risk doesn’t it? I usually point people in the direction of an official recruiting site such as http://www.intelligence.gov/careers-in-intelligence/ or http://www.intelligence.gov/careers-in-intelligence/types-of-opportunities/for-students.html if they express interest but I have often been troubled by how much they reveal in their direct messages or emails. How do you deal with people who, misguided or not, want to join the Mossad? As a Canadian citizen that is a sensitive topic is it not?

Michael Ross: I receive innocent queries from people on a fairly regular basis enquiring how they can join the Mossad. In fact, I recently corresponded with a well-meaning person who informed me that their renowned skate-boarding prowess allowed them to travel to all manner of exotic locales. You have to admit that a skateboarder appearing at the gates of Fordow would certainly be the most original approach the Iranians had ever encountered however, gaining access to a target by skateboard is the least important of things to consider when setting out on the career path of professional espionage. I think people who want to be spies should set out by exercising some initiative in finding out what they can through open sources first before furtively approaching me on Twitter or via an email.

My first question when someone approaches me is what is their citizenship? If they are an Israeli citizen then I have no problem directing them to the Mossad’s website at: http://www.mossad.gov.il/Eng/AboutUs.aspx. If they are citizens of other countries, I politely advise them that it’s not a good idea to offer one’s services to another country’s intelligence service regardless how closely the countries are allied – unless you are in fact – a citizen of that country. If the person approaching me is a U.S. citizen, I direct them to the plethora of intelligence agencies that are available to the American citizen. U.S. citizens are spoiled for choice in this realm.

I think people have been conditioned by Hollywood to believe that spies can be stateless soldiers of fortune and so long as they’re fighting terrorists, details about nationality and allegiance are not that important in the scheme of things. I have to often explain that while we share many worthy goals, intelligence services pursue differing agendas that are driven by national security priorities specific to their government. For a long period of time, the Mossad had a very difficult time convincing the British SIS that Hezbollah was more than just a localized threat to Israel. Likewise when on rare occasion they approached us concerning a matter involving IRA terrorist activity. Turkey couldn’t understand why the PKK wasn’t top of the counter-terrorism agenda for everyone else. You can see through these examples that while we’re all countering terrorism, national security priorities do not always align 100% between allies.

In my own case, I lived for a long time in Israel, served in the IDF, became fluent in Hebrew, and spent some years going native before I was even considered for recruitment. While national security priorities differed between Canada and Israel, I never once felt that I was straying into a grey zone that would put me in a moral conflict with my Canadian citizenship.

I encourage people interested in pursuing a career in the intelligence milieu to do their homework. Official websites offer a great deal of useful information about how to apply and what criteria they are specifically looking for in a potential candidate. If you approach me without doing all that initial research, I’ll tell you that by first coming to me, the message you’re sending is that you’re probably not cut out for this business.

John Little: And what would you say to those aspiring CIA/Mossad officers about their communication and personal security practices in that period leading up to potential employment? It’s never too early to practice discretion is it?

Michael Ross: Well, first of all, if you write me asking how to join the Mossad and your IP address shows you live in Dahieh, then you’re either suicidal or think I’m asleep at the wheel. Either way, people should be aware that computers are the most insecure devices ever conceived by man and users should bear that in mind when using electronic communication.

For anyone interested in joining an intelligence service – regardless of which – it’s best to do the research and then keep your intentions to yourself. One thing that is highly valued in a candidate for recruitment is an innate sense of discretion. During the course of your being assessed as a candidate to work for an intelligence service, questions will be asked about with whom you’ve been communicating your intentions. When it comes out (and it will) that you’ve been emailing far and wide, it’s going to indicate to your perspective employer that you’re clearly not the right stuff.

As for social media, having pictures of yourself engaged in any type of indiscreet activity or participating in online behavior that can be translated as even mildly compromising, isn’t going to help your case. Let the sentiment behind the saying, “discretion is the better part of valour” be your guide.

Other Discussions with Michael Ross
A Gentle Reminder About Security and Social Media for Security Cleared Professionals

Blurring the Lines Between Hacktivism and Terrorism

Blurring the Lines Between Hacktivism and Terrorism

Dr. Clint Arizmendi is a Research & Analysis Officer at the Land Warfare Studies Centre. The views expressed are his own and do not reflect those of the Australian Department of Defence or the Australian Government.

As the IDF and Hamas conflict unfolded, observers witnessed more than the world’s first ‘Twitter war’, they witnessed the widening of the conflict to include the participation of unsanctioned non-state cyber actors (UNCAs), who not only aided, but also interfered with – and obstructed – Israeli and Hamas operations in the name of hactivism. Are such hacktivists performing a public service, committing a crime, or have they crossed a cyber line into terrorism?

Aside from the traditional method of using kinetic force to shape the battlespace by way of precision strikes, the IDF also used a variety of social media platforms to simultaneously deter Hamas and reassure the global audience that terrorists were the only target. Techniques used range from live video of the killing of a high-ranking Hamas official to realtime tweeting of events as they unfolded. Likewise, Hamas disseminated video of a downed Israeli drone and evidence of their Iranian-made long-range rockets reaching Tel Aviv, thus highlighting the importance and significance of establishing – and sustaining – a ‘positive’ social presence.

The use of social media as a key element of information operations (IO) is not new – the US run Sabahi website in the Horn of Africa and the now controversial attempt by the US embassy in Cairo to de-escalate tension via Twitter during the attack in Libya serve as prime examples. For the IDF, presumably, the use of social media was a calculated strategy to prevent a repeat of the negative global press after their 2006 campaign.

As the conflict in Gaza shifted back-and-forth from the conventional and information realm to the cyber realm, the opportunity for UNCAs to influence the digital battlespace increased significantly, making it a particularly risky venture for both Israelis and Hamas. Here, UNCAs had a realtime effect on conflict, notably with regard to hacktivists such as The J35st3r and Anonymous – the former supporting Israel by disrupting Hamas websites and the latter supporting the Palestinians, having declared cyber-war on Israel.

While Israeli officials claim that only one of the 44 million cyber attacks on its government websites was successful during Operation Pillar of Defense against Hamas, Anonymous claimed more than 600 successful cyber attacks against both public and private Israeli websites. As an unintended consequence of its attempt to use social media to shape the battlespace, Israel’s campaign against terrorism became more complex; they were simultaneously fighting a physical and IO war against Hamas and a cyber war against Anonymous.

Although Anonymous – as an UNCA collective – chose to support Hamas as an expression of humanitarian concern, Hamas is considered a terrorist organisation by not only Israel, but also the EU, the USA, Canada, Japan and Jordan. Australia considers the military wing as such. The question now is whether Anonymous is also a terrorist organisation – or a supporter of a terrorist organisation – by association.

If Anonymous members who engaged in the ‘war’ against Israel reside in one of the countries listed above, then there is domestic terrorism legislation that can be brought to bear to regulate such behaviour. If however, they reside in a country such as Turkey, Norway or Russia, none of whom classify Hamas a terrorist organisation, then – at best – they are engaging in cyber crime.

The status of hacktivists engaging in such attacks can be considered analogous to the legal confusion surrounding the ‘combatant’ status of many Guantanamo Bay detainees. Are the Anonymous collective hacktivists, cyber combatants or criminals? Arguably, it depends from where they conduct their activities (assuming, of course, that this information can be determined).

Further complicating the matter is the potential for these ostensibly unsanctioned non-state cyber actors to be sponsored by the party that benefits from their activities. It is by no means beyond the realms of possibility for elements operating within the Anonymous collective to have received financial or technical support from Hamas or its supporters. Likewise, is it too much of a stretch that The J35st3r might be this century’s answer to the state-sponsored, deniable ‘black’ operatives of the Cold War?

Anonymous has formally recognised the Gaza ceasefire and declared mission success in Operation Israel, while Hamas has declared a national holiday of victory. Whether there is a way to actually measure the affect that Anonymous and The J35st3r had upon the conflict remains to be seen; however, one thing is for certain: the use of social media and the cyber realm for war represents the risk of direct external influence – if not obstruction – from UNCAs as they blur the lines between hactivism and terrorism.

 
Update from Blogs of War
@th3j35t3r, who describes himself as a “Hacktivist for good. Obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys” contacted Blogs of War on Twitter after this post was published. I am posting screenshots of his private feedback with his permission:

jester Blurring the Lines Between Hacktivism and Terrorism

You can learn more on his blog.

A Gentle Reminder About Security and Social Media for Security Cleared Professionals

Social Media use by security cleared professional creates obvious risks that are mostly well managed by the thousands of professionals who use it day in and day out. And we are thrilled that you do so. Twitter gives national security and international relations geeks unbelievable access to great minds and inside players across the globe. However, there are a number of not-so-obvious dangers lurking just out of sight to most people. They dutifully avoid releasing personally identifiable and classified information but their networks, communication style, and other subtle factors can paint a robust profile when viewed by a careful observer. I recently discussed this with former Mossad officer Michael Ross and it is our hope that this discussion will prompt many of you to look at your networks and communication patterns through a different lens.

John Little: There were online communities when you were active but I assume they weren’t pervasive enough to require much thought except in very specific cases. Now virtually everyone in the developed world, and many beyond, has a social presence online. Have you thought much about the impact that social media is having on intelligence? The upside from a mass collection / data mining perspective is pretty obvious but it is also presents intelligence professionals with a unique operating environment in its own right doesn’t it?

Michael Ross: Social media and the possibilities for open source intelligence collection have expanded exponentially with the advent of all the various social media platforms available online. It also opens up a whole world of operational cover and networking possibilities that in the past involved a lot of leg-work when I was in harness.

Social media has both strong offensive and defensive elements in its makeup. For a “poacher” like myself, I can mine a considerable amount of data on a potential target for recruitment (including vulnerabilities or avenues for exploitation) long before I even come into any contact with the target. For my “gamekeeper” colleagues in the counterintelligence realm, it offers a number of possibilities in determining potential for attack and what the “poachers” are targeting.

Social media and the internet are a double-edged sword also because they are open to abuse by outfits like Stratfor that sell jargon, open-source information, and fabrication as a finished intelligence product for corporate and government consumers. The other edge of the sword is that people like myself and others can access social media and set the record straight.

The most interesting aspect for me however, is that I can interface with someone in say, Beirut and find out in real time what’s happening in the southern suburbs of that city while I sit at my table Laphroaig at elbow. Now that’s social media.

John Little: Let’s talk about the threat this poses in places like the U.S. where social media is ubiquitous. You recently tweeted “Okay, I’m a “former” member of FIS (foreign intelligence service), but I could have a field day collecting without leaving the comfort of my rainswept Vancouver residence.” and this really resonated with me because the same techniques I use to build my network for Blogs of War are also open to exploitation by hostile forces. I love the fact that I can build networks of subject matter experts but I find it troubling that so many of them are obviously attempting to keep a low profile while unknowingly revealing so much about themselves. You can learn a lot about someone through their social networks (who they follow, who follows them, who they retweet, and chat with) even if they assume that their identity is obscured. Twitter is ripe for exploitation isn’t it?

Michael Ross: Obviously my statement about the ability to use social media and the internet as a collection tool was in large part due to what Joshua Foust aptly termed, “L’affaire Petraeus”. First of all I was struck by attempts in certain quarters on social media to render the issue “out of bounds” through moralizing pseudo concern for Petraeus’ apparently dissolving marriage. Social media is just that; all the pleasant and unpleasant characteristics of human interaction and to suddenly think it should be immune to gossip or a forum only for the high-minded and moral is both naive and absurd.

A really excellent example of using Twitter and Facebook to collect important information, was Avi Mayer of the Jewish Agency for Israel recently outing Greta Berlin, the founder of the Free Gaza Movement, for tweeting that Zionists were responsible for the Nazi Holocaust and then trying to erase her electronic footprints. This is but one example of how social media can be a powerful collection and dissemination tool and why it should never be under-estimated.

For a foreign intelligence service seeking specific HUMINT targets to exploit, social media offers a plethora of opportunities for collectors to initially spot and assess targets for recruitment and this is all done in a passive context without even initiating any direct contact with the target. Whether it’s acknowledged or not, collection activity through social media is a form of HUMINT. With little effort, I can obtain photos, addresses, occupations, telephone numbers, workplace addresses, friends, associations etc., etc. all from the comfort of home. I could probably identify in my twitter feed at least a score of people whom I believe to have some form of security clearance and/or access to classified information of high value. How I choose to develop that relationship (which I do not by the way!) for potential recruitment and handling is made easier by having had access to so much readily available information through the simple construct of social interaction. This is also very much a two way street; for counter-intelligence people (CI), this also provides them with information on what I as a collector am interested in targeting. I know on one occasion for certain that I was having my own tires kicked by a representative of a country that is semi-hostile to Israel and U.S. (and I have to say, the approach was far more subtle than I would have thought given the country in question).

What is your Twitter feed or Facebook page if not a network? In the old days of spying it used to take years to develop networks that can be cobbled together in a very short time. I returned to Twitter about three weeks to a month ago and I have approximately 700 people from all kinds of backgrounds following me; law-enforcement, special operations, intelligence, military, academia, private sector, journalism that I now have immediate access to on an almost 24/7 basis.

I’m on record as stating that the U.S. is too liberal in providing security clearances. 854,000 plus employees now hold top-secret security clearances, an example of the astonishing growth in the intelligence bureaucracy since 2001. In my liaison capacity with the CIA, a case officer from the Tel Aviv station appeared at a meeting with a contractor from Lockheed-Martin in tow. Seeing my look of astonishment, my CIA colleague explained that he had a top secret clearance. I replied to my colleague, “not with us he doesn’t” and cut the meeting short. This is the core of the problem; too many clearances, improper compartmentation, and too much reliance on self-regulation. Security, like an unprotected coastline, is subject to erosion.

John Little: So we know this is a mess because we both parse this information on a hourly basis as we’re building our networks of subject matter experts. I am always looking at new accounts with a critical eye because I’m looking to track the most knowledgeable people possible. Are they really a SEAL? Really former Mossad (no offense Michael)? Are they who they say they are or are they someone interesting despite their low profile? There are those who appropriately obscure every piece of personal identification but their lingo, quality of their feed, and network says volumes about their role or access. I track hundreds of low-profile accounts like that and they’re some of my best sources of information.

Not using your real name and photo is not enough. I can Google your Twitter ID and potentially track it back to other social networks or forums where you might have revealed even more personal information. And who you choose to follow can reveal much about you. Are the first few people people you followed family members? Fellow employees? Professional contacts? You may have kept your personal information under wraps but have they? Beyond that there’s the simple back and forth conversations, inside jokes, and retweets that may be incredibly revealing to a careful observer.

The techniques I describe here require no resources, special tools, or technical knowledge. We’re just scratching the surface but a hostile organization is likely using applications similar to Maltego (http://paterva.com/web6/) or much more powerful proprietary tools that can take this network mapping to a completely different level. Is there any hope that countries with enormous security and intelligence infrastructures will be able to get their hands around this problem or is it just a losing battle?

Michael Ross: It is a losing battle insomuch as people with security clearances or access to sensitive material are entrusted with self-regulation. Some of this demographic will be vigilant and careful not to make themselves vulnerable to attack and others will forget that the internet is a very unsafe environment for those wishing to keep secrets. Some of the people who follow me on Twitter are particularly careful to obscure their footprint; but then that only makes me curious as to why they are being so careful in the first place. If the object of social media is to engage in some form of interaction with other like-minded persons on the internet, then why go to all the trouble to “hide in plain sight”? You have no photo, profile or location, a locked account, no followers and you’re following several hundred or even thousand accounts of a national security bent. That in itself is interesting and raises antennae.

When I was in training and we were required to collect intelligence on a person, place or thing, the first place we always started with was open source material. My instructor likened it to trying to meet a girl you are really interested in. You don’t just walk up to someone you don’t know and start asking them personal questions. You ask around first. Is she single?; what’s she like?; who are her friends?; What do you have in common?; etc., etc. Likewise with a nuclear installation in Iran; you don’t just fly to Iran and start taking pictures outside the location because you’d soon find yourself in the fingernail factory for a few days followed by hanging from a crane shortly thereafter. You see what’s available through open sources first and that’s not just the nuclear site itself but cover points nearby that could facilitate a visit to the area and explain your presence to the environment without raising suspicion. It is also a superb device for building cover. There is so much collection that can be done before even considering getting on a plane. The real intelligence however, is not on the internet. For all it’s possibilities open source intelligence (OSINT) does not even scratch the surface of what is collected via the myriad of platforms available to a top tier intelligence service. What social media and the internet do provide however, are the means to spot, assess, and develop possibilities that will provide an opening or means for these collection platforms to do their work. As a HUMINT case officer, I still have to sit face-to-face with my potential source and convince the poor soul to betray his or her country or ideology (often at great risk to themselves) but getting to that person has potentially been made so much easier thanks to social media and the internet.

Follow us on Twitter (If you dare): @blogsofwar and @mrossletters