Image for post
Image for post
“It’s the start, I should tell you now, of a very, very, clever knot.” (from the BBC’s Tinker Tailor Soldier Spy)

Note: This blog has been updated as of 19 November 2020 to incorporate additional material, which is preceded by an asterisk.

On 22 October, 2020, the U.S. government issued an alert (AA20–296A) for a widespread campaign of malicious activity by a Russian state-sponsored cyber operations entity tracked under a variety of industry monikers. This activity took place between at least September 2020 and October 2020, with its targeting focused on a large volume of entities associated with U.S. state, local, tribal, and territorial (SLTT) networks and aviation sector networks. The Russian entity named as responsible has been linked to Russia’s Federal Security Service (FSB) by the Washington Post in connection to past activity attributed by the U.S. government to “Russian government cyber actors” and by the New York Times in relation to AA20–296A; for the sake of argument let’s say that attribution is plausible, if not correct. (*For additional context, Joe Slowik has also published an exceptional blog on the history and implications of this entity and its operations.) …

Image for post
Image for post
“Long live the fighters of Muad’Dib!” (from SyFy’s “Frank Herbert’s Dune” miniseries)

In 2014, as part of my terrorism coursework for graduate school, one of my assignments was to write a manifesto of a fictional terrorist group explaining why (or why not) that group should use violence, and the accompanying implications of such a choice. The purpose of this exercise was to force us as researchers to simulate the sort of thinking required of leading figures in terrorist groups if they are to succeed in convincing compatriots and recruits that the leaders’ strategies are valid.

I chose to take my inspiration from Frank Herbert’s science fiction masterpiece Dune, and offered a simulated treatise on how Paul-Muad’Dib Atreides devised the Fremen insurgency on the desert planet Arrakis. …

Note: This blog has been updated since I wrote it at approximately 3:00 AM.

I am increasingly loathe to write blogs, mostly due to the combination of time required and a lack of stories that generate sufficient interest on my part to get me to overcome the time commitment hurdle — I usually just do an obnoxiously long Twitter thread. But then, I read the Washington Post’s latest on what CYBERCOM is apparently considering as deterrent measures against Russian interference in the 2020 U.S. elections. …

Image for post
Image for post
Image credit:

We all enjoyed a front row seat Monday to a special event in the history of public attribution: the NSA and GCHQ (via NCSC UK) revealed that the Russian adversary Turla not only compromised the tooling and infrastructure of Iranian adversary OilRig but then leveraged said tooling and infrastructure to conduct it’s own operations. Offhand, I cannot recall another time Western government agencies have exposed this particular flavor of cyber activity. …

In the 2nd Century BCE, the Roman poet Juvenal asked “Quis custodiet ipsos custodes?” This question of who watches the watchmen has become a common one in an age where governments are increasingly the beneficiaries of an imbalance of power between the governing and governed. But that grander question does not interest me here. Instead, I ask “Quis custodiet ipsos interfectores?” Who watches the killers? …

A recent article from the AP explored the concept of how much direct involvement Vladimir Putin has in the wide variety of clandestine activities engaged in by the Russian state, based on the nature of the power structures surrounding the man himself. Two former Russia specialists from CIA have already weighed in on this article, making the point that potentially high-profile and/or high-impact operations would not go forward without Putin’s approval even if there is a significant amount of autonomous authority delegated from Putin and his inner circle to select oligarchs and officials. …

Three recent stories have me thinking about death and intelligence.

  • On August 31, Aleksandr Zakharchenko, the head of the so-called Donetsk People’ s Republic (DNR) — one of the separatists “states” propped up by Russia in the insurgency it has fomented in Ukraine — was assassinated in Donbas by what appears to have been a shaped charge.
  • On September 5, the British government issued arrest warrants for the two GRU officers it identified as having conducted the attempted assassination of Sergei Skripal and his daughter Yulia.
  • On September 8, it was reported that court documents submitted in relation to a lawsuit being undertaken by the Democratic National Committee (DNC) raised the possibility that Joseph Mifsud — the Maltese professor who approached Trump campaign staffer George Papadopulos in 2016 about Russian “dirt” on Hillary Clinton — is dead. …

Note: This piece draws heavily on William Johnson’s “Thwarting Enemies at Home and Abroad”, Roy Godson’s “Dirty Tricks or Trump Cards”, and James Olson’s “Fair Play”.

I want to talk about the utility of, and difficulties posed by, double agent operations but if this piece is going to make any sense, I’m going to need to preface with a lesson in counterintelligence terminology.

Let me start by making one thing perfectly clear: the great majority of spies are not double agents. People like Aldrich Ames, Robert Hanssen, Kim Philby, Sergei Skripal, Oleg Penkovsky — they are all what is known as “penetrations.” A penetration is an intelligence officer who is recruited by a second service to clandestinely spy on the officer’s parent service. In this relationship the flow of information is one-way: from the recruited officer to the second (or “controlling”) service. …

There is perhaps no more controversial figure in all of American intelligence than James Angleton, whose actions and character have been debated so thoroughly that works on him constitute an entire subcategory of literature on counterintelligence (CI). However, while much attention has been focused on negative aspects of his twenty-year tenure as the Associate Deputy Director of Operations for Counterintelligence (ADDO/CI) at the Central Intelligence Agency (CIA), criminally little attention has been paid to his significant contributions in the formation of how American intelligence officers conceptualize counterintelligence.

The limited recognition given to Angleton on this front usually hasbeen presented only as a sort of apology to justify how CIA could have let one man wield so much power for so long with such negative consequences.[1] This piece aims to rectify this asymmetry by consolidating what I believe amounts to Angleton’s core epistemology of CI, shaped in large part during his World War II service as a member of the Office of Strategic Services’ (OSS) X-2 branch. …

In November 2017, John Sipher — a former member of CIA’s Senior Intelligence Service — wrote a primer on the use of strategic deception by the Russian government to advance its goals abroad. Sipher used his analysis to place that practice, a tradition in the operational annals of Russia’s intelligence services, in the context of the active measures campaign that targeted the 2016 U.S. presidential election and how such a practice could be used to exploit the discord in current chaotic political climate. …



Open source counterintelligence referent. Views here are personal, not my employer’s. All original content © Alex Orleans, 2014–2021.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store