Hard Target: Challenges to Human Penetration of Terrorist Organizations

For my inaugural post, I wanted to share a piece I originally wrote back in 2015 and updated lightly in 2017. I’ve always found violent non-state actors (VNSAs) to be fascinating challenges for HUMINT operators, akin to foreign intelligence services. This essay focuses on ethical and CI issues associated with running successful human assets inside terrorist organizations.

The U.S. Department of Defense defines a “hard target” as “a person, nation, group, or technical system often hostile to the U.S. or heavily protected, with a well-honed counterintelligence capability that presents a potential threat to the U.S. or its interests, and provides significant difficulty for agent infiltration or penetration.”[1] Today, foreign terrorist organizations (FTOs) rank among the most critical hard targets — alongside more the traditional nation-state targets of Russia, China, and Iran — due to the constant physical threat they pose to the United States and its citizens. FTOs are held within the U.S. Intelligence Community to be incredibly difficult to penetrate with human agents, but it is also known that because of both the compartmentation regimes and structure of terrorist organizations that human agents have the best chance of dynamically reporting valuable information about terrorist activities.

If progress is going to be made in mitigating the critical collection challenges that these organizations present to human intelligence (HUMINT) operations, those challenges must be mapped. This paper will begin by examining core obstacles to penetration that almost all terrorist organizations present. Then two specific organizations will be explored in-depth, as they provide examples of more specific complications: the Provisional Irish Republican Army (representative of the organizations with a dedicated internal security element, as well as emphasizing one of the more difficult ethical issues involved in running terrorists as agents) and the Black September Organization (representative of the danger that agents doubled by terrorist organizations pose to intelligence personnel). The conclusions will address the lessons provided by these cases, emerging challenges posed by the tradecraft employed by the Islamic State of Iraq and the Levant (ISIL), and topics requiring further research.

The Terrorist Organization as HUMINT Collection Target

As a human intelligence collection target, terrorist organizations are most closely analogous to a foreign intelligence service.[2] In order to conduct attacks, terrorist organizations traditionally have needed to operate clandestinely not simply in the run up to an attack, but also to establish infrastructure in a target country, conduct reconnaissance, and to generally secure themselves against the efforts of security services. In this way, a terrorist is very similar to a Russian illegal, striving to operate undetected deep within a foreign country, safeguarded through tradecraft and compartmentation within their organization. Terrorist groups, like foreign intelligence services, also carefully study the intelligence and security forces pursuing them and respond dynamically through adapting tradecraft and cover measures as necessary.

Of course, a foreign intelligence service is a much more fixed target compared to a terrorist organization.[3] For example, the Russian SVR operates through officers under legal, non-official, and illegal cover around the world; this known modus operandi provides counterintelligence officers a variety of avenues to uncover SVR operations (e.g. monitoring an illegal support officer under diplomatic cover to identify an illegal). Intelligence and security services also can expect to have a firm grasp on typical SVR tradecraft, strategic culture, and collection priorities. On the other hand, a strong argument can be made that all members of a terrorist network operating in the West for the purpose of conducting attacks behave very similarly to illegals if the members of that network are taking their tradecraft seriously. While identifying illegals is already regarded as one of the most complex, arcane, and difficult counterintelligence tasks, the fact that an entire network would be operating using illegals’ tradecraft — in conjunction with widely available encrypted communications technology — denies avenues of identification typically available in cases where the adversary is a foreign intelligence service.

The fact that an FTO may also have several command-and-control hubs worldwide (such as al-Qa’ida) means that knowledge of the parent organization, traditionally operating from a safe haven, does not necessarily provide insight into the activities of cells abroad which are responsible for actually executing attacks.[4] An al-Qa’ida network operating that way in, say, Germany, could be answering to superiors in Pakistan, Yemen, or Syria — all depending on its precise affiliation within the broader movement. Obviously, tradecraft could vary as well depending on the preferences of the command-and-control structure to which a given network answers. The cell-and-network structure also allows terrorists to adjust their tradecraft, communication channels, or even organizational structure (such as through the dissolving and re-coalescing of cells) in the face of potential detection.[5]

Another key difference between counterintelligence and counterterrorism is that the value of intelligence in the latter can be significantly more perishable; the most valuable information from a counterterrorism source will be actionable intelligence which allows the neutralization of an imminent threat.[6] The problem is that acting on such intelligence is very likely to compromise the source involved, resulting in an early turnover of the source and a renewed need for a fresh one.[7] (Of course, information on the finances, doctrines, training programs, safe houses, strategic plans, etc. of a terrorist organization typically has a longer shelf-life and can often be used to develop access to a source — electronic or human — which can provide prized intelligence on an imminent threat.) Terrorist organizations also operate on a shorter intelligence cycle than foreign intelligence services, as the former’s is driven by supporting attacks while the latter’s is designed to support diverse customers in a government. Because the terrorist’s intelligence cycle is tied directly to its success in rapidly and adroitly executing attacks, disrupting that intelligence cycle is even more vital in counterterrorism than it is in counterintelligence.

All of these qualities make FTOs dynamic, fluid targets for collection by intelligence services.[8] To effectively neutralize the threat posed by terrorist attacks, a service requires superb intelligence on a terrorist organization’s intention, method, timing, location, and personnel for a potential attack.[9] This represents the need for both strategic and tactical intelligence on the threat a given organization poses.[10] As with counterintelligence, the best way to acquire such compartmented information is through the recruitment of penetrations within the target terrorist group.[11] As with the recruitment of a counterintelligence penetration, an intelligence service must contend with the fact that its targets are security-conscious, hostile, likely loyal to a deeply-held cause, and acutely aware of their desirability as recruits.[12]

In addition, terrorists are often bound by more than ideological loyalty, but familial and communal — often tribal or clan-based — ties as well, which can not only impede moving an individual toward betraying the trust of their comrades, but also is a tremendous stumbling block to any effort to effectively seed an agent into a terrorist organization or conduct a recruitment using a person lacking substantial relevant cultural knowledge and language skills.[13] A seeded agent also will inevitably encounter the standard trial of trust within terrorist organizations: killing.[14] Whether or not to allow an agent to kill to earn the trust of the terrorists they have been sent to infiltrate is one of the key ethical issues in counterterrorism intelligence, and it is discussed more in-depth below. And of course, these are all impediments that a recruiter encounters only after succeeding in the incredibly difficult task of identifying terrorists in the first place.

These difficulties do not negate the fact that the surest way to penetrate a terrorist organization is through the recruitment of someone who is already a member.[15] One author suggests that the best way to do this is to pitch group members who are already in the custody of an intelligence or security service and then either extensively debriefing them or (more riskily) sending them back to their organization to report from within.[16] This technique has a mixed record of success. It was used extensively by the British security forces in Northern Ireland in efforts to target the PIRA, with agents and informers recruited while in custody for unrelated offenses and promised some degree of immunity in return for information.[17] It was also the method through which Humam al-Balawi was recruited by Jordanian intelligence, a case which ended in Balawi becoming a double agent for al-Qa’ida and killing his American and Jordanian handlers in a carefully orchestrated suicide attack.[18]

When it comes to recruiting an active member of a terrorist organization, the vital fact remains that he is a human being, and thus subject to all the vagaries of human nature which make an individual potentially susceptible to becoming a spy.[19] For example, a member of the Algerian GIA volunteered as a source to the French DGSE in return for money to replace operational funds he had stolen.[20] A former officer of the British Army’s Force Research Unit (FRU), the undercover outfit which ran agents in Northern Ireland from 1980 through the mid-1990s, recounted in his memoir that the agents he ran had “as many motivating factors there [were] agents”, and those factors included revenge, anti-violence views, and greed.[21] While recruitments of agents with direct access to the terrorist organization is always preferred, those with indirect access to the organization or its personnel can also be productive.[22] These include members of a local community from which the target organization is known to operate — be it the republican strongholds in Northern Ireland or the Arab communities in Europe — and as well as individuals who may come into contact with organization members in a capacity such as providing transport, materials, or other services.

The Provisional Irish Republican Army: Security Departments and Ethical Dilemmas

Beginning in 1969, the Provisional Irish Republican Army (PIRA) became the leading Irish republican terrorist organization in Northern Ireland, fighting to reunite the North with the rest of Ireland and protect Catholic communities from both the British security forces and unionist violence. In 1976, the PIRA reorganized itself to enhance its security and survivability in the face of increasingly sophisticated and successful British counterterrorism efforts. The most dramatic aspect of this restructuring was a shift from a regimental, military-style structure to a cellular one with increased compartmentation aimed explicitly at limiting the damage an informer could potentially do.[23] This shift to cells, called Active Service Units (ASUs), was accompanied by several other changes, including the installation of local security officers attached in each ASU in Northern Ireland, as well as establishment of a dedicated counterespionage and security department which answered to the PIRA’s General Headquarters.[24] This department was known colloquially as the “Nutting Squad”, so called after the preferred method of executing informers by shooting them in the head.[25]

The Nutting Squad had five primary purposes.[26] In practice, its foremost responsibility was investigating failed or compromised operations and individuals suspected of working for the British. Second (although nominally first) came the vetting of new recruits for the PIRA, including indoctrinating them with counterintelligence awareness before they received training. The third responsibility was the debriefing of all PIRA members who were arrested or interrogated by British forces and subsequently released. Fourth was the overseeing and conducting of “courts of enquiry” of individuals suspected of being informers or engaging in other disciplinary infractions. Fifth and finally, the Squad carried out the execution of individuals determined to be passing information to the British.

Nutting Squad investigations were supported by the local security officers attached to ASUs, as well as the PIRA’s own extensive intelligence apparatus. The initiation of an investigation could be triggered by a local security officer’s concerns about a member of his unit, reporting by a member that another was seen engaging in potentially suspicious behavior, a pattern of failed or compromised operations involving a specific individual or unit, or even a tip from a non-member who passed information to the PIRA (such as a police officer, civil servant, or vigilant citizen).[27] The subsequent investigation would be pursued either by suspending all activity in the potentially penetrated unit and opening a wide-reaching — and sometimes uncontrollable — investigation or, more often, allowing the unit to continue to operate while clandestinely monitoring it and continuing to build a case.[28]

If a potential British agent was identified in the course of any of the Squad’s activities, they would subjected to lengthy and intense interrogations — ranging from several hours to more than a week — which could include significant torture such as burning, beating, and the breaking of bones. One infamous technique was the application of a power drill to a subject’s kneecaps. If after interrogation the suspect was determined by the Nutting Squad to be an informer, they would be executed. These executions were occasionally disguised by offers of immunity in return for confession, but only those given a public amnesty could expect any chance of survival, and even that chance was slim.[29] The customary execution was being shot in the head from behind and the body dumped in a public place with a bank note stuffed into a pocket and tape placed over the eyes.[30] Between 1978 and 1994, at least twenty-four to thirty-five people were killed by the PIRA on the basis that they were (or were believed to be) informants.[31] With this kind of reputation, it is no surprise that the average PIRA member feared the Nutting Squad far more than any organ of the British counterterrorism forces.[32]

In this atmosphere, with a terrorist organization fielding a dedicated and feared counterespionage unit, both the difficulty of recruiting agents and the risks recruited agents are exposed to significantly increase. The PIRA’s reorganization and the vetting function of the Nutting Squad significantly increased the counterintelligence and security awareness of its rank and file personnel, amplifying their sensitivity to, and fear of, British recruitment approaches as well as enhancing their resistance to previously successful British interrogation tactics.[33] However, while this reduced the efficacy of low-level agents for the British, it dramatically increased the utility of high-level penetrations in sensitive positions, such as within the Nutting Squad itself or command elements of the whole PIRA.[34] It also led to a downturn in PIRA operational tempo, as the organization’s counterintelligence doctrine increasing stressed the necessity for operations to only be launched from a strong defensive position from which operational success could be viewed with considerable certainty.[35] So, the reorganized PIRA’s counterintelligence posture was, in the end, a mixed blessing for the organization. But it complicated British intelligence efforts and led to the execution of at least five real British agents.[36]

The Nutting Squad also lies at the center of a controversy which still lingers in the aftermath of the Troubles — one that goes right to the heart of the ethical issues at play when running a terrorist as an agent. In 1978, PIRA member Frederick “Freddie” Scappaticci volunteered as an agent to British Army Intelligence and subsequently codenamed “Stakeknife”.[37] His apparent motive was a growing disillusionment with the PIRA’s leadership, particularly its willingness to expose young men to dangerous missions while not directly participating themselves, and possibly residual resentment for a beating he had suffered at the hands of PIRA men prior to his joining the organization.[38] Over the years, his British handlers in the FRU maneuvered him to join the Nutting Squad in 1980, of which he eventually became deputy chief and where he served until 1996.[39]

During the course of his work in the Nutting Squad, Scappaticci participated in, and likely personally carried out, the murders of suspected British agents — almost certainly with the knowledge of the British government.[40] It is estimated by a former FRU officer that Scappaticci was party to up to thirty-five murders, and likely personally responsible for “well into the tens.”[41] The British intelligence community was well-aware that a PIRA man who killed was considered beyond reproach, and apparently condoned Scappaticci’s activities in order to preserve his cover and divert attention from himself onto others.[42] At the time, British informants in Northern Ireland — and only Northern Ireland — could be granted “participation status”, which allowed them to commit crimes in order to prevent a more significant one from taking place.[43] Those same guidelines, however, forbid an agent’s handler from not stopping a serious crime from taking place if an agent informed them about, or promising an agent blanket immunity — but in practice these rules were regularly breached.[44] It was generally accepted that for an agent to be of real value, they had to be involved in the actual conduct of PIRA operations, although some officers considered it ethically cleaner to use agents with only access to operational planning or general PIRA administration, as opposed to those with “hands-on” duties.[45]

James Olson, in his book Fair Play, examines this very sort of dilemma when he asks commentators and readers to decide if it would be moral to allow an agent in a terrorist group to kill an innocent individual in order to preserve their cover.[46] All three former CIA officers invited to comment in the book rightly decry the idea. The first, Haviland Smith, described rejection of such an allowance as a “cultural imperative for the U.S.” and correctly points out that if the agent in question was doubled back against his handlers, the terrorist group would have secured a “bulletproof assassin.”[47] The second, David Edger, rules out even letting the agent kill another terrorist or a criminal, stating that too would not pass the test of morality.[48] The third, Burton Gerber, not only notes that such an act would be illegal if done by a U.S. intelligence officer, but then provides a litany of ways in which the agent could still be of use even if he did not follow through with the killing (including provision of the sort of “longer shelf-life” intelligence described above).[49]

The British, apparently, took quite the opposite approach and judged that Scappaticci’s access justified allowing him to be party to numerous murders of innocent people. There is even evidence that the British were willing to sacrifice a lower-level agent of their own within the PIRA, a former member of the British Army named Kevin Fulton who had been seeded into the PIRA, in order to bolster Scappaticci’s reputation within the PIRA as an efficient spy-catcher.[50] Fulton has recounted publically how he came under suspicion after the arrest of several high-profile PIRA members connected to his activities as terrorist facilitator, and was interrogated by Scappaticci in his capacity as Nutting Squad deputy chief. As Fulton was subjected to subsequent rounds of interrogation, he requested his British handlers to pull him out and relocate him because he feared for his life. Instead, Fulton claims that they gave him only vague reassurances and that he discovered he had been called back to a third interrogation but another suspect, a relative of Fulton’s, had not. This, along with an alleged tip off by a separate British intelligence officer, led Fulton to conclude that his handlers had decided he had outlived his usefulness and was no longer worth saving. In response, he immediately went into hiding and remains alive today.

While Fulton was unaware that Scappaticci was also a British agent, it would seem that the British decided that since the Nutting Squad had apparently decided to execute Fulton that it was more worthwhile to allow Fulton to die rather than undermine Scappaticci by extracting Fulton. Although, simply extracting Fulton and allowing it to leak that he had been a British agent could potentially have accomplished both goals simultaneously: Scappaticci would be vindicated within the PIRA as having correctly zeroed in on a traitor while Fulton would remain safely alive. Whether the British ever considered this course of action is unknown.

The core question remains: was the intelligence Scappaticci provided worth all the lives he was involved in taking, including almost that of another British agent? He apparently provided significant high-grade intelligence about the PIRA, as well as passed information which allowed the foiling of numerous PIRA kidnapping operations.[51] How many lives his information helped save remains unclear (the only criterion that could be the basis for any argument to defend allowing his activities), but seeing as that it is more than likely that his British handlers allowed Scappaticci to be party to the murder of innocents suspected by the PIRA of informing, this author believes that the moral compromise was not worth it. Having a penetration in the heart of a terrorist organization, even one that is such a coup in counterintelligence terms, does not justify even the tacit facilitation of murder.

The Black September Organization: the Threat of Doubled Agents

Decades before the case of Humam al-Balawi made clear to the American public that an agent tasked with penetrating a terrorist organization presents a mortal threat to his case officers should he be doubled, the Palestinian terror group known the Black September Organization (BSO) taught that tragic lesson to the Israeli Mossad in the 1970s. The BSO was a covert arm of Fatah established in 1971 to serve as an operationally compartmented unit designed to conduct terror attacks on Israeli targets abroad with a measure of plausible deniability for Fatah’s leadership.[52] It operated on a cell structure and was explicitly designed to take advantages of the kind of benefits offered by an “underground” organization, such as blending into the Arab communities in Europe.[53] Most famous for carrying out the massacre of the Israeli athletes at the Munich Olympics in 1972, the BSO is also well-known now as the target of the Mossad’s retaliatory assassination campaign codenamed Operation Wrath of God. Wrath of God ran from 1972 until at least 1978, and led to the deaths of more than sixty BSO operators, including Ali Hassan Salameh, the chief of Fatah counterintelligence.[54] However, during this six-year period, the BSO was not complacent about the threat posed by the Israelis. BSO members and leadership were highly adept at counterintelligence, and made the identification of Israeli agents reporting on BSO activities a priority.[55]

In the course of its counterintelligence operations, the BSO took advantage of the opportunities that double agents presented to degrade Israeli counterterrorism efforts. There are at least two documented cases of the BSO using double agents against their Israeli handlers with near-lethal or lethal consequences. The first was a dangle named Mohammad Rabah.[56] Rabah, a Fatah agent of Moroccan extraction, had attempted several times throughout 1971 to get himself recruited by the Mossad in Europe (especially Belgium), but had been rejected based on suspicions that he was a dispatched agent or a fabricator. During the week of mourning following the Munich massacre, Israel was desperate for fresh intelligence — a fact that Rabah took advantage of when he again tried to volunteer, this time securing a meeting in a secluded café in Brussels with Mossad officer Zadok Ophir for September 10, 1972. Ophir’s operational portfolio at the time focused on gathering information about Palestinian activities in Europe.[57] At that meeting, Rabah shot Ophir no less than four times and escaped. Ophir, despite being shot in both the head and body, survived.

The second case, occurring not even five months later, involved a Palestinian student working for the Mossad in Madrid. Baruch Cohen was a senior and gifted Mossad officer, being a native Arabic speaker and former Shin Bet investigator who had spent time deployed in that capacity to Galilee, Nablus, and the Gaza Strip during the 1960s.[58] In 1970, he was operating out of Spain in a role similar to Ophir’s in Belgium and had recruited several Palestinian students in an effort to monitor for potential BSO or Fatah activity in continental Europe. One of those students was either turned by Fatah intelligence, or had been working for it all along.[59] (Abu Iyad, head of Fatah intelligence and a founder of the BSO, later claimed that multiple students in Cohen’s network had in fact been under BSO control.[60]) When Cohen began to suspect that one student in particular was feeding him disinformation — possibly because that student had not carried out several operational acts directed by Cohen — the BSO decided to kill Cohen.[61] On January 26, 1973, during a rendezvous at a Madrid café with the student in question, Cohen was shot to death in an ambush by either two BSO operators or the student himself and became the first Mossad officer that Israel would publically acknowledge as having been killed by terrorists.[62]

The BSO cases underscore the lessons of the Balawi case. Double agents run by foreign intelligence services pose a very limited physical threat to the officers they are deceiving; at worst, the targeted officer may be roughed up during an arrest and subsequently declared persona non grata. Double agents controlled by terrorist organizations pose a very real, lethal threat to their intelligence officer handlers. This stresses not only the need for taking proper security measures when meeting with agents inside terrorist organizations, but also the vital role of ongoing and substantial asset and operational validation to ensure an agent is free of hostile control.

Conclusions

Given the substantial barriers that exist to recruiting an agent in-place within a terrorist organization, it is clear that while HUMINT remains perhaps the most dynamic method for monitoring terrorist groups, counterterrorism intelligence must, like all other intelligence, truly be an all-source effort. Daniel Byman lays out how non-traditional HUMINT — such as interrogations and document exploitation — play a key role in filling a void left by the absence of penetrations in counterterrorism, as well how SIGINT can play a unique role in mapping networks and accessing safe havens.[63] OSINT also has the capability to help illuminate a terrorist organization’s activities and thinking, through the analyses of documents published by the organization, social media, and other internet traffic.

ISIL currently poses novel challenges for the collection of such intelligence via human assets. One example is the pioneering manner in which its external operations branch, commonly known as Enmi, has successfully implemented the “virtual planner” model to facilitate attacks in Western countries by radicalized individuals employing lone wolf tactics.[64] Another is the internet-heavy tradecraft employed by Enmi to handle its networks of operators abroad, such as those that executed the attacks in Paris and Brussels.[65] Both of these innovations in clandestine operations management allow ISIL to provide much of the support historically furnished via physical networks through virtual means, [66] while circumventing many of the counterintelligence challenges typically associated with maintaining physical networks. This “virtual infrastructure” also provide Enmi planners and handlers efficient platforms through which to quickly educate potential attackers on improvements in tradecraft — such as how to avoid detection or conduct attacks — developed as the result of a failure of one sort or another. Taken as whole, the ISIL modus operandi could represent a significant paradigm shift in how FTOs operate in target countries and require a matching shift in how intelligence, security, and law enforcement agencies work to counter such operations.

Enmi communications and tradecraft highlight how crucial the use of SIGINT and cyber operations have become to gathering the sort of counterterrorism intelligence which may have only been available through HUMINT in the past. Given how reliant ISIL is on this sort of infrastructure for radicalization, recruitment, and planning — actions which in the past were often conducted in person — logic dictates that SIGINT and cyber tools are not only vital collection instruments, but are also potentially potent enablers during all stages of the spot-assess-develop-recruit-handle lifecycle of new human assets. The obstacles to HUMINT penetration laid out above — including these emerging behaviors pioneered by ISIL — drive home just how vital all-source synthesis is to all counterterrorism operations, whether they focus on intelligence collection or frustration of terrorist acts.

Concurrently, the case of the PIRA Nutting Squad should serve as a reminder that zeal in the pursuit of victory cannot blind an intelligence officer to how their actions may seriously compromise what they are fighting for. Human intelligence may essentially be a business of betrayal, but an intelligence officer cannot betray the morals and principles he is fighting to defend in the name of that defense. In a sense, that would make him no better than those he is fighting and his actions would symbolize a victory for his foes as a weakening of the moral structure they are assailing.

The BSO’s use of double agents and the case of al-Balawi starkly illustrate the need for counterintelligence within counterterrorism intelligence operations. Asset and operational validation take on a greater urgency when dealing with agents connected to terrorist organizations, given the potential lethal harm they may visit upon their case officers. Like in the handling of penetrations of foreign intelligence services, because the stakes for the agent are so high, it behooves the handling service to continually and thoroughly assess human counterterrorism assets to for signs of hostile control, fabrication, and deception. Offensive counterintelligence — often underutilized in Western counterintelligence — also has utility in counterterrorism. It presents unique opportunities to manipulate the intelligence cycle discussed earlier that lays at the core of terrorist operations, as well as to potentially sow mistrust (and subsequently discord) within an organization.

Lastly, and deserving of a more thorough examination than possible here, is the counterintelligence threat posed by terrorist organizations in their efforts to penetrate the intelligence services targeting them.[67] Al-Qa’ida has already succeeded in such efforts against the security services of several Middle Eastern countries.[68] The case of Nada Prouty, a Lebanese-born former CIA officer and FBI special agent, demonstrates how even the United States may not be immune from this danger.[69] After an investigation, Prouty pled to a misdemeanor charge of having accessed FBI files on Lebanese Hezbollah without authorization and exfiltrating classified documents to her home. This is of particular concern given that her brother-in-law had been accused of having funneled $20 million from restaurants in Detroit to Hezbollah before fleeing to Lebanon. While the FBI did not uncover any evidence that Prouty was spying for Hezbollah, the possibility remains, particularly given Hezbollah’s history of successfully recruitment of penetrations in the Israeli military and its extensive CI capabilities that are backed up with Iranian state-sponsorship.[70] Clearly, counterespionage departments must be vigilant not only for penetrations run by foreign intelligence services, but terrorist organizations as well.

[1] United States Department of Defense. “Terms & Definitions of Interest for Counterintelligence Professionals.” Public Intelligence, 13 July 2014. Web. 21 Apr. 2015. 156.

[2] Sulick, Michael J. “Counterintelligence in the War Against Terrorism.” Studies in Intelligence 48.4 (2004): 25–34. Print. 26.

[3] Byman, Daniel. “The Intelligence War on Terrorism.” Intelligence and National Security 29.6 (2014): 837–63. Print. 842.

[4] Ibid 843.

[5] Harber, Justin R. “Unconventional Spies: The Counterintelligence Threat from Non-State Actors.” International Journal of Intelligence and Counterintelligence 22.2 (2009): 221–36. Print. 229.

[6] Sulick 31.

[7] Byman 844.

[8] Harber 229.

[9] Byman 838, 841.

[10] Byman 842.

[11] Sulick 27.

[12] Godson, Roy. Dirty Tricks or Trump Cards. New Brunswick: Transaction, 2001. Print. 207–208; Olson, James M. Fair Play. Washington: Potomac, 2006. Print.108–109

[13] Olson 108; Harber 229.

[14] Olson 106, 108.

[15] Godson 210.

[16] Harber 229.

[17] Urban, Mark. Big Boys’ Rules. London: Faber and Faber, 1993. Print. 104–105.

[18] Warrick, Joby. The Triple Agent. New York: Vintage Books, 2012. Print.

[19] Byman 843.

[20] Nasiri, Omar. Inside the Jihad. New York: Basic, 2006. Print. 47–48.

[21] Ingram, Martin, and Greg Harkin. Stakeknife. Madison: U of Wisconsin, 2004. Print. 26, 31, 36–38.

[22] Ibid 35.

[23] Mobley, Blake W. Terrorism and Counterintelligence. New York: Columbia UP, 2012. Print. 44–45.

[24] Mobley 53–54; Ingram and Harkin 95.

[25] Urban 102.

[26] Collins, Eamon, and Mick McGovern. Killing Rage. London: Granta, 1997. Print. 217–218, 238; Ingram and Harkin 95–97.

[27] Ingram and Harkin 96.

[28] Ibid 97–99.

[29] Collins and McGovern 237.

[30] Urban 104.

[31] Ibid 102; Ingram and Harkin 83–93.

[32] Ingram and Harkin 101.

[33] Mobley 59.

[34] Ibid 58, 60.

[35] Iladi, Gaetano J. “Irish Republican Army Counterintelligence.” International Journal of Intelligence and Counterintelligence 23.1 (2009): 1–26. Print. 10.

[36] Ingram and Harkin 83–93.

[37] Ibid 61.

[38] Teague, Matthew. “Double Blind.” The Atlantic 1 Apr. 2006. Web.

[39] Ingram and Harkin 61–62, 66, 83.

[40] Teague; Ingram and Harkin 83.

[41] Teague.

[42] Ibid.

[43] Ingram and Harkin 59.

[44] Urban 107.

[45] Ibid 106; Ingram and Harkin 58–59.

[46] Olson 105–109.

[47] Ibid 106.

[48] Ibid 107.

[49] Ibid 107–108.

[50] Teague; Ingram and Harkin 104–110.

[51] Ingram and Harkin 64–66.

[52] Mobley 87.

[53] Ibid 87–89.

[54] Ibid 91–92.

[55] Ibid 93–98.

[56] Bar-Zohar, Michael, and Eitan Haber. The Quest for the Red Prince. Guilford: Lyons, 2002. Print. 133–135; Black, Ian and Benny Morris. Israel’s Secret Wars. New York: Grove Press, 1991. Print. 267.

[57] Black and Morris 267.

[58] Ibid 267.

[59] Bar-Zohar and Haber 155; Reeve, Simon. One Day in September. New York: Arcade, 2011. Print. 173.

[60] Black and Morris 273–274.

[61] Ibid 273; Mobley 97–98.

[62] Bar-Zohar and Haber 155; Reeve 174.

[63] Byman 843–847.

[64] Gartenstien-Ross, Daveed and Madeleine Blackman. “ISIL’s Virtual Planners: A Critical Terrorist Innovation,” War on the Rocks, January 4, 2017, web.

[65] Callimachi, Rukmini. “How ISIS Built the Machinery of Terror Under Europe’s Gaze.” New York Times, March 29, 2016. Web; Callimachi, Rukmini. “How a Secretive Branch of ISIS Built a Global Network of Killers.” New York Times, August 3, 2016. Web.

[66] Gartenstien-Ross and Blackman.

[67] Sulick 28.

[68] Harber 223.

[69] Harber 221.

[70] Wege, Carl A. “Hizballah’s Counterintelligence Apparatus.” International Journal of Intelligence and Counterintelligence 25.4 (2012): 771–85. Print. 775–778.