Congratulations, you just got that dream job on the security department of a critical infrastructure project, or maybe your security firm got that great deal protecting major cash handling premises.
While this is a cause for celebration, what you often overlook is that sometimes when you shift to another contract or to another field of security work, there could be a new set of threats that you’ve never been exposed to. For instance, when you step into a new role where you have routine access to classified information, have access to large amounts of cash or other assets/valuables, or deal with sensitive business information, you may become the target of human intelligence or HUMINT. In light of this, this article covers the different aspects of the threat of human intelligence to keep in mind from the point of view of a corporate setting or government contract.
To begin with, it goes without saying that a lot of security professionals and other vital workers handle material labelled as “secret” in their day-to-day operations. With a multitude of information streams and channels coming across our screens or desks, only a small portion of the information might be interesting or beneficial to someone who seeks access to secret information. But the day-to-day familiarity of the work routine and grind may mean that many CPOs don’t even think about otherwise valuable information as anything special. For instance, you might handle work drawings, layouts, contracts, or be able to access to sensitive networks or physically protected premises, all of which might be highly valuable targets to outsiders.
For this simple reason, you could be prone to nefarious intelligence gathering efforts. Employees, including security teams, often don’t see themselves as an interesting target to an adversary’s intelligence gathering. But if they are an adversary, then they have the resources and motivation to gather information from a variety of sources and even combining these pieces of information so they can construct concrete and accurate intelligence picture.
Human Intelligence Gathering
HUMINT, short for human intelligence, by its definition, concentrates on methods of acquiring information from people. HUMINT is a suitable sub-speciality to account for the kinds of intelligence needs that other forms of intelligence are not able to ascertain. These might include sensitive assets held by the humans employed in an organization such as classified information or opinions of subject matter experts. Perpetrators of HUMINT often combine it with other forms of intelligence to formulate an especially potent attack.
For example, the Finnish security and intelligence service names several interests that are included in its national security review including infiltration by foreign states, national economics, cybersecurity structures, and critical infrastructure to name a few. HUMINT can tap into all of these interests simultaneously and concurrently. Further to this, often, employees tend to think that intelligence gathering is targeted at only high-level executive or high-status officials. They neglect to account that mid to low-level employees could be equally viable targets. Because HUMINT could be very long-term activity and information is built like a puzzle from many seemingly small and unrelated sources, every little source of information counts in
Who Are the Perpetrators of HUMINT?
State-sponsored operators. Because many high-powered nations are vying for the ultimate position in the international hierarchy or to conduct defensive tactics, state-sponsored human intelligence gathering has become a norm and is a common tool. In Finland, for example, according to Finnish security and intelligence service, there are dozens of foreign intelligence services operators within the country. State-sponsored operators’ actions in Finland are often undertaken with a long-term and systematic view in their approach. Intelligence gathering operations in Finland have included policy and policymaking on the Arctic, investments in Finland’s critical infrastructure and other strategic areas, and the activities of Finnish political organizations, as well as high-tech knowledge and the national economy. When implemented by state-sponsored operators, state actors will try to use human intelligence to influence decision making in their favour.
Corporate espionage. Corporate espionage is a criminal act. The information that the adversary is trying to get by means of corporate espionage is often associate with gathering a corporation’s business and trade secrets. Targets of intelligence gathering may include corporate product development, upcoming investments, or other sensitive or confidential business strategies.
Organized crime. Serious organized crime groups conduct human intelligence to get ahold of crucial information that they need in order to plan and carry out a serious crime. Intelligence needs of organized crime are often related to security arrangements of a targeted premises or routes and times of a cash in transit vehicles, to name a few. Most or if not all the information needed to plan and resource a serious crime is acquired from insiders in these types of crime incidents. The insider may leak out information willingly or without even realizing it.
How does Human Intelligence (HUMINT) work?
Methods used in human intelligence are similar in pretty much all the segments mentioned above. In cases of state-sponsored actors, the emphasis is on long term activity and targeting and nurturing good sources compared to organized crime operations which usually operate on a shorter time span and are more immediately goal-directed and straight-forward.
When an employee gets selected as a target for human intelligence gathering, the term we often talk about is recruiting. Recruiting typically follows the following phases:
Step 1: The first step is the targeting of intelligence needs, which means that in this first phase, the opponent sets out to ascertain and identify what kind of information they need to obtain.
Step 2: Then once the information has been identified, targeting of the source takes place. In this phase, the adversary is looking for somebody with access to information or the systems needed. Targeting the person typically starts with gathering information from open sources like web pages, social media, or company yearbooks. Targeting activity can also be carried out during professional seminars, conferences, or other types of professional social settings to discern valuable information. In this phase, a pool of potential candidates forms the group of targets, which are then narrowed down to only the most suitable and fit for purpose targets.
Step 3: Equipped with personal knowledge and details about the targets and sources, the adversary then approaches the most suitable and selected fit for purpose human target, usually at a professional seminar or in some other work-related social event. In this phase, the adversary doesn’t bring up any intentions of gaining intelligence from the target. The ideal outcome from this phase for the adversary is usually exchanging business cards for later contact or setting up a business lunch in line with the usual manner and professional networking protocol.
Step 4: In this phase, the adversary builds rapport and confirms that the source is the appropriate target for getting the intelligence needed. The adversaries conducting human intelligence are interested in many of the targeted person’s personal affairs like their financial situation, family issues, hobbies, and any other interests that could be tapped into as an area of vulnerability or influence in general. The adversary will also gather any work-related problems or motivation factors. In this phase of the recruiting cycle, the goal is to find out and reassure:
- That the targeted person is worth spending time and resources on;
- To test, if the source is willing to keep in touch and receive gifts or invites to social events or other leisurely activities;
- To assess the level of loyalty towards the employer and the likelihood and possibilities for getting access to confidential information;
- To nurture and build an ongoing two-way liaison relationship with the targeted person and instill a sense of mutuality obligations towards each other;
- To find out information on areas of the target’s weaknesses and vulnerabilities to gain leverage and be used for pressure; and
- To find out the source’s overall level of usefulness, cooperativity and trustfulness.
Step 5: When all the previously mentioned steps are done, the final phase is the actual recruiting. It is important to realize that the recruiting process may last very long. It often happens little by little, without the target even realizing it, especially if dealing with foreign state actors. The contacts that appear innocent are kept going. When time has passed, and trust has been built, the adversary may start by asking for favours, i.e. to deliver some non-confidential document or for the source’s professional opinion on some issues. The goal here is to get you to cooperate. And in the long-term, little by little, the adversary tightens the screw by escalating and asking for favours that border in the grey zone and scale of confidentiality. The recruiting phase’s main element is to win the target’s trust and further deepen the relationship. Often to win gain favour with the target, the adversary will highlight the target’s importance and mutual trust. In return, the target may be offered a monetary reward or a higher social status or career opportunities. The person being recruited often feels obligated because he has enjoyed long-lasting collaboration that has included perks and hospitality in the form of parties, trips, or other benefits.
Meanwhile, in the case of recruiting done by organized crime players, this step is usually shorter in time span. It is focused on information acquired in the previous steps which can be used to pressure the target to cooperate. For instance, the target or source may be offered a monetary reward, or alternatively, the threat of violence may be used to induce cooperation.
Identifying & Defending Against Being a Target of Human Intelligence
Suppose you or anyone else suspects that they may be a target or source of human intelligence gathering or you have reason to doubt the motivation of new acquaintances. In that case, you should consider the following advice:
- Take note of the story that the new acquaintance tells you upon introduction. Are the things he tells you consistent, detailed, or truthful?
- Take note of questions and how they are delivered to you.
- Take note of the acquaintance’s knowledge of the subject. Is he or she really a subject matter expert, or does he or she really work in a role they claim to work?
- Take note if you are asked of any favours or information, even if it’s non-confidential.
- Notice if meetings usually organized in private settings and public spaces rather than in the acquaintance’s office or workplace?
- Consider not taking any gifts from people and decline form of hospitality that seems out of the ordinary.
- Check with reliable sources and conduct open-source information gathering to assess the trustfulness of new acquaintances.
- If you doubt the motivations behind a new person trying to establish a professional relationship with you, have a talk in confidence with your supervisor, head of security, or report any suspicious activity to your local authorities or intelligence services for further guidance.
Organizations can also deter human intelligence operations by implementing processes like background checks and security and non-disclosure agreements, as well as setting rules and procedures on accessing data. Standard access control rules and up-to-date processes to enter different layers of physical premises and IT systems must also be in place. On a personal level, employees must acknowledge that the threat of human intelligence can be a vulnerable part of the profession. Depending on where you work and what type of field and position you are in, consider the threat to be existent, even if it is small but consistent. Following the security instructions and instructions given by your IT department will provide you with layers of protection against the threat. Also, consider how much you share about yourself or your work on social media or with people you just met.
The ongoing global pandemic may create new opportunities to conduct human intelligence gathering operations. The large increase in the workforce working remotely, outside the office may add new vulnerabilities to HUMINT. While outsourcing and contracting for external service providers adds another layer of threat to be aware of. It is not uncommon that the targeted person works for an external service provider, in which case it is crucial to educate external contractors, consultants, and employees on possible threats to avoid being a target.
Human Intelligence Could You Be The Next Target?
By: Wille Heino
Wille Heino is a security professional from Finland with 24 years of protective security experience. In addition to working with various government organizations, Heino runs a security consulting and training company named Gambeson in Finland. To find out more or to contact him, visit: email@example.com www.gambeson.fi