Homage to the Double Agent (Or “How I Learned To Talk CI Good and Love Degradation Operations”)

Note: This piece draws heavily on William Johnson’s “Thwarting Enemies at Home and Abroad”, Roy Godson’s “Dirty Tricks or Trump Cards”, and James Olson’s “Fair Play”.

I want to talk about the utility of, and difficulties posed by, double agent operations but if this piece is going to make any sense, I’m going to need to preface with a lesson in counterintelligence terminology.

Let me start by making one thing perfectly clear: the great majority of spies are not double agents. People like Aldrich Ames, Robert Hanssen, Kim Philby, Sergei Skripal, Oleg Penkovsky — they are all what is known as “penetrations.” A penetration is an intelligence officer who is recruited by a second service to clandestinely spy on the officer’s parent service. In this relationship the flow of information is one-way: from the recruited officer to the second (or “controlling”) service. The fact that the officer is betraying their parent service does not make them a “double.”

The definition of “double agent” can be more varied, but, in practical terms a “double agent” is one of two things: a “dangle” or a “playback.”

A dangle is a person controlled by one intelligence service who is presented as a lucrative and exploitable target to an opposing intelligence service, in a manner that encourages their recruitment as an agent of the opposing intelligence service (example: Aleksandr Zhomov, dispatched by the KGB to be recruited by CIA).

A playback begins as an individual who is already any agent of one intelligence service and who is being run against an opposing intelligence service or an individual that has been pitched for recruitment by that first intelligence service; in either case, the individual is subsequently detected — either through volunteering or other methods — and recruited by the opposing intelligence service, effectively being “doubled” and thus becoming a playback (example: Humam al-Balawi, who was doubled by al-Qa’ida and the Pakistani Taliban jointly against CIA and the Jordanian GID).

In all types of double agent operations, the flow of information is in two directions: between two intelligence services, through the double agent (of either type), with only one of the two services knowing the double agent’s true allegiance.

Now that that’s settled, let’s get into it.

William Johnson, a former OSS and CIA officer who specialized in counterintelligence, wrote “As a CI officer, you have to have contact with the enemy…The basic use of double agents is to keep contact with the enemy.” That contact is vital for an effective CI officer to get a feel for the situation in the field.

When you talk about proactive double agent operations these days, you are mostly talking about the dispatching of dangles. Instances of playback doubles are fewer and sometimes more strategic in nature, so formal double agent programs primarily rely on carefully building and running a stable of dangles. (CIA and the FBI call them dangles, the U.S. military intelligence outfits formally call them “controlled sources”, and the Russians often call them “provocations.”)

Dangle operations provide opportunities for a controlling service to engage in a wide variety of counterintelligence activities including — but not limited to — the following:

• Reveal the target service’s modus operandi (to include tradecraft, payment mechanisms, technology, facilities, operational sites, etc.);
• Identify and assess the target service’s personnel;
• Disclose the target service’s collection requirements;
• Take the target service’s money (through payments to the dangle);
• Occupy the target service with useless activity and thus waste time and resources (including personnel should they be arrested);
• Serve as a disinformation channel to support deception or other counterintelligence operations;
• Create an operation that the controlling service can easily “blow” in order to disrupt the activities of the target service and potentially damage the morale of the target service as a result;
• Possibly cast doubt on the validity and information of genuine volunteers who approach the target service;
• Engage in a coordinated campaign through multiple dangles to create doubts and tension within the target service over the validity of one agent or another (this is incredibly rare); and
• If the operation is being run on the domestic turf of the controlling service, present opportunities to potentially catch target service officers in flagrante and/or arrest them.

The first three activities are what traditionally drive dangle programs, but some of these opportunities offer even more than immediately meets the eye. For example, learning a target service’s collection requirements not provides a list of what that service wants to know, but also can suggest to the canny CI analyst what that service might know already. And in the case of dangles being run to occupy the target service in useless activity, a potential collateral result might be a false sense of complacency within in the target service driven by the false belief that it is running enough productive agents at a given time.

Sounds pretty great, right? Who wouldn’t want to have all those options on the table? The trouble is, all of these potential positive results come at a cost, and not an insignificant one. As Roy Godson, one of America’s most prolific CI scholars, wrote in Dirty Tricks and Trump Cards:

…it is extremely hard to run long-term double-agent operations in an open society where sources and information from agents can be checked and double-checked. To keep an operation going usually means giving away some good information, and hence it may become too costly.

The point at which Godson is getting here is that effective double agent operations, especially dangles, rely on “feed material.” According to an unclassified DoD CI dictionary, feed material is “information, that is usually true but unimportant, given to an individual to pass to another intelligence service to maintain or enhance his value to that service.” A dangle needs feed, sometimes pejoratively called “chicken feed” or “gold dust”, to pass to the target service in order for that service to continue to believe that the dangle is a bona fide agent and not what he really is — a provocation. And good feed is very, very difficult to find for a few reasons.

The most readily apparent issue with feed material is best put by Johnson: “[Any] information passed to an adversary increases that adversary’s general knowledge and helps him, if only indirectly, in his espionage program [against you.]” That concern — that feed used in double agent operations at the end of the day does advance the target’s cause — lies at the core of the other key obstacles involving feed: bureaucracy and resources.

Good feed cannot be fabricated because you never know how much the target already knows. So, feed that will keep a dangle active as a bona fide agent in the eyes of the target service needs to be real. Getting agencies to provide such truthful information is difficult for two reasons. First, every agency will jealously guard its secrets and claim its classified material is far too important to make it into the hands of an adversary, even if that material is watered down beforehand. And second, the bureaucratic wrangling involved to subsequently wrest desired feed material from its originators is a beast. (Clearance review boards, the bodies that review classified information to decide if it can be used as feed, are risk-averse, secretive, inefficient, and generally the exact opposite of swift.) Resolving both of these issues, and keeping them resolved to ensure an active stream of viable feed exists for use, is extremely time-, labor-, and resource-intensive.

Dangle operations, and double agent operations in general, also are faced with a number of other inherent challenges, including:

• Convincing managers to sign off on budget authorizations, especially if the controlling service is flush with defectors and/or active penetrations (be they human or technical);
• The imperative for building sufficient layers of cover and lies so as to fool the target service’s asset validation procedures and CI staff — to include thoroughly backstopping the dangle and the feed through available technological means and open sources; and
• The chance that the dangle will actually be doubled — by coercion, positive inducement, or voluntary action — by the target service and become a playback triple agent. (While personnel selected to be dangles are thoroughly investigated to ensure reliability even before the mounting service even approaches them with the suggestion of being part of the operation, this still has to be considered a possibility.)

Clearly, there are significant cost/benefit analyses accompanying the decision to mount even a single dangle operation, let alone a coordinated double agent program.

I have given you the reader all of this background because I want to ensure we are on similar footing when I present the argument that I think that — especially after the Skripal assassination attempt — the United States and the UK, and certain capable NATO members (say, France, Germany, Canada, the Baltics, the Netherlands, Norway, and Denmark) should launch dangle campaigns with the express purpose of degrading Russian intelligence abroad.

Mounting the kind of degradation-focused dangle operations I outlined above has long been a favorite tactic of both the SVR and FSB, a shared trait leftover from their time as the First and Second Chief Directorates of the KGB, respectively. As I’ve previously explored on this blog, other Communist services — namely the East German HVA and Cuban DGI — also were big fans of degradation operations like these. What I’m trying to get at here is that the adversaries of liberal democracy have made this a key part of their toolkit for decades and, in the aftermath of the brazen attack on the Skripals, the time to give the Chekists a taste of their own medicine is overdue.

Sure, authoritarian and autocratic regimes do possess distinct advantages in crafting dangles — strict control over public information and the movement of individuals makes the core deception at the heart of a dangle operation easier to construct. And yes, dangle operations are bureaucratically, time-, labor-, and resource-intensive with significant omnipresent risks for a controlling service. But as Russian behavior continues to flaunt even the most basic of norms typically associated with clandestine and covert operations, the West needs to respond in way that Putin and his cronies understand: stick the knife in, twist it, smile.

Of the potential positive results I listed above, I think this campaign should focus on:

• Occupying the Russians with useless activity, thus wasting their time and resources;
• Creating operational circumstances that Western services can easily “blow” in order to disrupt the Russians’ activities while potentially damaging Chekist morale;
• Aiming to cast doubt on the validity and information of genuine volunteers who approach the Russians; and
• Generating opportunities to potentially catch Russians officers in flagrante and arrest/expel (or pitch) them.

While the Russians are always concerned that they might betargeted by dangles due a persistent strain of mirror-imaging in their thinking, the fact is that no Western service (that I can think of) has relied heavily on degradation operations like these since at least the early 1970s. The Western deployment of these tactics would not blindside the Russians, but it would certainly shake up rezidenturas abroad and create headaches in Yasenevo and the Lubyanka. It also would send a message, just as Angleton theorized how the behavior of intelligence services could serve as signaling mechanisms, that the recent period of permissibility which has allowed a dramatic spike in aggressive Russian intelligence shenanigans — from horrific attacks like that on Skripal and his daughter to the more pedestrian, but still serious, harassment of Western intelligence personnel in third countries — is over and it’s not coming back any time soon.

Russia’s brazen adventurism may in fact present new opportunities that such dangle programs could exploit. For example, the widening scope of Russian active measures targeting elections and political processes is a double-edged sword that could be a boon to Western counterintelligence. Because the Russians are clearly increasingly interested in political intelligence and information about electoral and political systems, reliable individuals with access to this information — which often is not classified — could be more viable than ever as potential dangles. And since Western security services increasingly tend to have visibility into what information regarding electoral processes and systems already have been compromised through Russian cyber-espionage, that same pool of true-but-compromised data could be translated into potential feed for those dangles — especially if it has not yet been made public that said information has been acquired by Russian cyber actors. A similar strategy could be employed involving individuals and information associated with critical infrastructure systems that have been compromised by Russian cyber actors.

I think this would especially have an impact if it was accompanied by a concentrated effort by Western services to turn select cities that the Russians typically treat as havens for their operations abroad — Vienna, for example — into places where Chekists can’t hit the streets without being swarmed by suffocating surveillance. Operationally, all Western services in a given city would do everything possible to stifle and degrade the Russians’ abilities to meet sources, place drops and signals, case sites, or generally do anything of intelligence value. Who knows, maybe Western security services even would come across an illegal like Reino Gikman in the process (credit where it’s due to the ingenuity of the late Brian Kelley).

As part of a broad strategy combining counterintelligence, diplomacy, economic sanctions, and other measures (particularly cyber operations aimed at cutting into and disrupting the espionage campaigns of Russian-affiliated cyber apex threats), I believe these sort of HUMINT-focused degradation programs would make a valuable contribution to punishing Russian recklessness and to reestablishing effective mechanisms of deterrence and reciprocity. I think the juice is worth the squeeze right now, even if it might not have been until recently. What do you think?