New in SpyWeek: Threats
Netanyahu joins Russia, China & Iran as challenges to U.S. security, while Open Source intel presents opportunities. But "mediocrity' still hobbles CIA management.
Welcome to SpyWeek, our weekly newsletter, where we look at news from the intersection of intelligence, foreign policy, and military operations.
Worldwide Threats:
The Office of the Director of National Intelligence released its Annual Threat Assessment on Monday, offering the collective judgment of the U.S. intelligence community on what it calls an “increasingly fragile world order.”
The IC’s assessment that Israeli Prime Minister Benjamin Netanyahu's days in office may be numbered dominated the headlines. “Netanyahu’s viability as a leader as well as his governing coalition of far-right and ultra-orthodox parties that pursued hardline policies on Palestinian and security issues may be in jeopardy,” the report states. “A different, more moderate government is a possibility.” Senate Majority Leader Chuck Schumer, D-N.Y., the highest-ranking Jewish elected official in the United States, called for new leadership in Israel Thursday in a speech on the Senate floor.
Netanyahu has promised “total victory” over Hamas and declared that the leaders of the U.S.-designated terror group that killed 1,200 Israelis in a surprise attack on Oct. 7 are “all dead men.” But the U.S. intelligence community predicts that Israel will “probably” face lingering armed resistance from Hamas “for years to come.” The Israeli military “will struggle” to wipe out the group’s underground network of tunnels, “which allows insurgents to hide, regain strength, and surprise Israeli forces.” The risk of escalation of the conflict remains high.
Meanwhile, the Oct. 7 attack has reinvigorated al-Qaeda and ISIS, which have directed their supporters to carry out attacks against U.S. and Israeli interests, according to the threat assessment. “The crisis has galvanized violence by a range of actors around the world. And while it is too early to tell, it is likely that the Gaza conflict will have a generational impact on terrorism,” Avril Haines, the director of national intelligence, told the Senate Monday.
Iran’s role (or lack thereof) in the attack also got some attention. The intelligence community believes that Iranian leaders “did not orchestrate nor had foreknowledge of” the surprise attack by Hamas. After the attacks, however, Tehran was able to use its network of proxies across the Middle East to orchestrate anti-Israel and anti-U.S. attacks from Lebanon to the Bab el-Mandeb Strait, which lies between Yemen and Ethiopia.
Meanwhile, China is growing its nuclear stockpile, space weapons, and cyber capabilities, but a sentence about social media giant TikTok in the threat assessment drew attention on Capitol Hill: “TikTok accounts run by a [People’s Republic of China] propaganda arm reportedly targeted candidates from both political parties during the U.S. midterm election cycle in 2022,” it said.
TikTok wasn’t mentioned in last year’s threat assessment, and its inclusion in this year’s report spurred House members Wednesday to approve legislation intended to force China's ByteDance to sell TikTok or be banned from the United States. Haines told the House Tuesday, “We cannot rule out that the CCP would use” TikTok to influence the 2024 U.S. elections.
The Paradox of Intelligence Failures: As every boxer knows, the punch you didn’t see coming is the one that knocks you out.
Hamas wasn’t even mentioned in last year’s Annual Threat Assessment. Eight months later, the group’s Oct. 7 surprise attack killed 1,200 Israelis, started a war, inflamed the Middle East, and upended U.S. politics and internal relations. Hamas’ attack was the punch no one saw coming.
The CIA’s core responsibility is to prevent “strategic surprise,” the agency’s new deputy director for operations, Tom Sylvester, said recently on “The Langley Files,” a CIA podcast. The public knows strategic surprise by another name: intelligence failures.
Preventing strategic surprise has come a long way since the age when one of the prime indicators of an impending attack was an enemy’s decision to forbid the export of horses. And, traditionally, for obvious reasons, knowledge of an enemy’s plans, especially when gathered by code-breaking intercepts, has been kept secret. But the Biden administration has increasingly turned to surfacing sensitive intelligence to knock an enemy off its stride. In January 2022, the White House surfaced what it knew about a plan by Vladimir Putin to create a “false flag” combat incident with Ukraine. The disclosure robbed the Russian president of a cover story to justify the invasion. But in other ways, things haven’t changed. Intelligence failures like the Oct. 7 attack will always happen.
It’s called the paradox of intelligence failure.
“First, there will always be accurate signals in the ‘pipeline’ before a significant failure of intelligence,” James J. Wirtz wrote in a recent paper in the International Journal of Intelligence. “Second, intelligence failures are inevitable.” Richard K. Betts, one of the most influential scholars in intelligence studies, first laid out this view nearly 50 years ago.
It remains true today. Israel obtained Hamas’s battle plan for the Oct. 7 attack more than a year before it happened, but it was dismissed by its senior Israeli military and intelligence officials, The New York Times reported. The attack came as a surprise to U.S. intelligence as well. It turns out that after 9/11, when the CIA went hunting for al Qaeda, it ceded intelligence collection on Hamas to Israel, SpyTalk’s Jonathan Broder reported last November. It was “understandable,” said former CIA officer Marc Polymeropoulos, but “it was still a mistake.”
The Oct. 7 attack joins a long list of strategic surprises that could have been prevented if leaders had acted on available intelligence, including Hitler’s invasion of Russia, Japan’s attack on Pearl Harbor, the Tet Offensive, the Arab attack on Israel in 1973, and the 9/11 attacks.
A typical response to a significant intelligence failure is reorganization. The CIA was born in great measure out of efforts to “fix” perceived intelligence failures before Japan’s attack on Pearl Harbor. The Office of the Director of National Intelligence was born after the U.S. intelligence community’s perceived failure to “connect the dots” and thwart the 9/11 attacks. Intelligence scholars point out that these reshufflings send old problems to reside in new residences.
However, efforts to fix yesterday’s problems may increase vulnerabilities to tomorrow’s threats and challenges. One example cited by Betts, Professor Emeritus of International and Public Affairs at Columbia University, was a new system implemented by the Defense Intelligence Agency after it failed to pass on a warning that could have prevented North Korea’s 1968 seizure of the USS Pueblo spy ship. The new system tracked every message sent to the Pentagon. It also added a new vulnerability: Messages could be delayed up to four hours.
Past intelligence failures show that the real culprit for intelligence failures isn't usually the spies or the analysts collecting and interpreting fragmented information. Most notable failures occurred when the consumers of intelligence failed to act on the intelligence they’d been given.
Open for Business: On March 8 the U.S. intelligence community released its Open Source Strategy, but with scant details on how America’s spies use powerful, commercially available databases.
The strategy released last week states that U.S. intelligence uses open-source intelligence (OSINT)—information that is publicly and commercially available— to address “specific intelligence priorities, requirements, or gaps.”
Decades ago that might’ve meant reading the local papers, rifling through phone books, and digging into government and business records. Today the massive amountrange of information available commercially “would kind of knock your socks off,” former CIA acting director Michael Morell said in a recent podcast. “If we collected it using traditional intelligence methods, it would be top secret-sensitive. And you wouldn’t put it in a database, you’d keep it in a safe.”
Morrell pointed to the investigative news outlet Bellingcat as an open-source treasure trove. Journalists at Bellingcat used databases available for sale on the Internet or the black market to identify the FSB officers responsible for poisoning opposition leader Alexei Navalny and the GRU personnel who poisoned a Russian double agent in England. Navalny then famously inveigled FSB officers into admitting their crimes on the phone while cameras rolled for a 2022 documentary.
Of course, there’s been pushback on the IC’s use of open source information. An advisory panel for the Director of National Intelligence found that commercially available information could “cause substantial harm, embarrassment, and inconvenience” to Americans without proper controls. “Today, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection,” according to the panel’s report, which was declassified last year. But Morrell is part of a growing consensus that the U.S. intelligence community needs a new, 19th member dedicated to open source intelligence.
Sen. Ron Wyden, D-Ore., has been trying to find out what commercially available information the U.S. intelligence community does use. As we noted, Wyden spent three years to get the National Security Agency to publicly acknowledge that it buys and uses commercially available data “related to wholly domestic Internet communications.”
A new book by former Wall Street Journal reporter Byron Tau, Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State, reports that the secret programs allow the United States to buy access to foreign cell phone networks that would enable American intelligence to see who hundreds of millions worldwide are calling.
A bipartisan group of U.S. lawmakers is trying to stop the government from buying commercial data without court authorization by inserting a provision into a bill reauthorizing Section 702 of the Foreign Intelligence Surveillance Act, which authorizes U.S. counterterrorism agencies to gather communications from U.S.-based tech companies where a foreigner based overseas is on one end of the conservation. The Biden administration said it would ask a court to extend 702 for a year, skirting congressional debate and kicking the can down the road.
What’s Good for the Goose: A Top Secret finding signed by President Trump in 2019 authorized the CIA to launch a clandestine campaign on Chinese social media to turn public opinion in China against its government, Reuters reported.
The spy agency created a small team of operatives who used bogus internet identities to promote allegations that members of the ruling Chinese Communist Party were stashing ill-gotten money overseas. The operatives also slammed China’s Belt and Road Initiative, which funds infrastructure projects in the developing world, as wasteful and corrupt. The disparaging narratives were based on facts, as any really good propaganda is, and were intended to foment paranoia and force the Chinese government to expend resources trying to plug the leaks. “We wanted them chasing ghosts,” one former official said.
Tit-for-tat? The U.S. Threat Assessment predicted that China's desire "to sideline” its critics in the U.S. and “magnify U.S. societal divisions" would spur it to meddle in the 2024 elections. “The Cold War is back,” said intelligence journalist and author Tim Weiner.
Russian Stunt of the Week: A long-time aide to the late Russian opposition leader Alexei Navalny was attacked with a hammer in the Lithuanian capital of Vilnius on Tuesday in what appears to be another sign of the growing sloppiness of Russia’s security services.
Lithuania’s intelligence agency, the State Security Department, said the attack on Leonid Volkov, who suffered a broken arm, was probably a "Russian-organised and implemented operation” aimed at thwarting opposition to Russia’s upcoming presidential election. Volkov, 43, was the longtime chief-of-staff to Navalny, who died last month in prison in a Russian prison in the Arctic.
The crude hammer attack may be a reflection of the steady decline taking place inside Russia’s formerly elite security services.
“Hasty, ill-considered and sometimes unprofessional decisions made in the Russian services lead to mistakes and unassessed risks that not only undermine the efficiency and results of activities but also increase the number of identified cases of malicious activity,” the SSD observed in its 2024 National Threat Assessment.
The war in Ukraine has crushed the morale of Russia’s security services, it said. “Since 2023, Russian intelligence officers have been increasingly dissatisfied with the decisions of the Russian authorities and reluctant to contribute to Russia's aggressive policies,” the SSD found. “This not only affects the quality of their duties but also encourages them to assess the possibility of cooperation with Western authorities.”
Sensing an opening, the CIA recently renewed its effort to recruit Russian spies with the third in a series of videos posted on Telegram. The videos aim to tap into dissatisfaction with the Putin regime. CIA Deputy Director David Cohen said the recruitment videos have been “quite successful.”
Pocket Litter:
Alexander Smirnov, the former FBI informant indicted for lying about President Biden's family and their alleged dealings in Ukraine, was paid by an American company with ties to Trump business associates in Dubai, The Guardian reported. Smirnov also touted his secret FBI work as he chased financial deals that eventually caused him legal trouble, The Washington Post reported.
Russia’s FSB has been “bolstering the architecture” to stop military defections. The agency’s Third Directorate for Military Counterintelligence, or DKVR—charged with preventing military defections—has swelled since the war to become the largest division in the FSB. (WSJ)
Sen. Robert Menendez’s plight continues to worsen. The New Jersey Democrat has been fighting charges of accepting money in exchange for assisting foreign governments. Now it turns out his legal defense is being paid in part by donors with links to a former terrorist organization, a sign of the senator’s need for fast cash. (The Intercept)
The deaths of three U.S. servicemembers killed in a drone attack have prompted calls for the withdrawal of American troops from Syria. Trump’s Special Representative for Syria Engagement, James Jeffrey, says the troops should stay put to thwart attacks by IS and Iran-backed militias. (War on the Rocks)
Laura Thomas, a former CIA case officer and chief of base in Afghanistan, is worried about a CIA brain drain of sorts, “a dearth of people who truly have knowledge on topics nowadays, because we're surging people to different areas.” Speaking to Statecraft, a blog about diplomacy, Thomas said, “We're trying to cross-pollinate and that's to our detriment most of the time.” A shortage of subject-matter and country experts has long concerned CIA veterans, who argue that frequent transfers and the advancement of generalists over specialists rob the agency of people who deeply understand the languages and cultures of the countries they serve in. “The biggest challenge, however,” Thomas said, “is mediocrity in bureaucracy.”
A reference to CIA bomb techs assisting in the investigation of a pipe bomb discovered next to the headquarters of the Democratic National Committee on Jan. 5 was enough to set off a bogus right-wing media frenzy about CIA complicity in the Jan. 6 attack on the Capitol. (Judicial Watch)
Is there something we missed? Or something you would like to see more of? Send your tips, corrections, and thoughts to SpyTalk@protonmail.com.
Wow! This seems better in depth and breadth than weekly reports issued for the President and NSC! Keep it up!
I was the first J2 at USSOCOM. My first priority was to develop a system to provide for the intelligence for special operations , SOCRATES, the Special Operations Command Research and Threat Evaluation System. When John Wyand, my senior civilian, asked me what we should call it. I sold him to come up with a name that focus on special operations and sounded smart.
SOCRATES was designed to incorporate both classified intelligence and open source information.
When we previewed the system for General Lindsey, I told him to ask a question. He thought for a minute then asked us for all the information on the Bolivian navy.
In seconds, we were able to tell him that landlocked Bolivia and provide extensive information on its strength, basing, and much more. Open Sources provided a lot of the data. We learned that, as we spoke, the navy was engaged in a major exercise. The general was impressed. He asked several additional questions; my enlisted analyst, using SOCRATES, provided extensive information for each question.
Rapid access to open source information was a critical objective. Special operations forces operate worldwide and have very unique intelligence needs. Much of that information can only be found in open sources. In one case, I was asked for structural information on oil platforms in the Persian Gulf that could be used by a SOF team to drop one. The operation did not go, but an extensive search revealed that insurance companies had much of the information we needed. SOF units need information on the area of operation to a degree of granularity not normally required by conventional forces. Timely open source information is needed to provide the needed information.
In those days, service intelligence production was focused on the Soviets and North Korea. We (the SOCOM J2) did a study of service intelligence products and found that service organizations were wasting huge amounts of time and resources to produce essentially the same material. At a DIA senior intelligence officers conference in West Berlin, I briefed our study and used actual documents to illustrate the point. Many studies simply reformatted existing studies and putting on their organizations cover sheet. My recommendation was that DIA do a comprehensive study and reallocate 10% of existing intelligence resources to support SOF intelligence needs. It took a whil, but there is now a Joint Intelligence Center at MacDill AFB to support SOCOM and CENTCOM.
About a year after I retired, Open Source Solutions, gave me an award for my leadership in expanding the use of open source information to meet intelligence requirements. Bill Colby presented the award.