How does a government agency know if it is compromised?

3

The U.S. spies on other nations and in turn gets spied on. I don't think I need a citation to prove this.

Every now and then, there are people who gain access to highly classified information and transfer it. You don't have to go far to find a long instance of issues. Furthermore, there are spies who may rise to high ranks in a Secret Agency and do serious damage or transfer even more sensitive information. Scientology did a coordinated effort of this. You may even have a spy that ends up becoming the President, who does not need a clearance.

How does an agency, like the FBI or CIA, know if a major part of its hierarchy is compromised from a purely espionage perspective?

isakbob

Posted 2019-08-25T03:29:05.827

Reputation: 4 592

Answers

3

No organization can be sure that a person isn't an insider threat, which is why they operate assuming anyone could be. Physical and logical controls operate on a principle of least access, which means that no person should have access to information which they don't have a specific need to know or areas that they don't have a specific need to access.

Agencies perform background checks before employment and on an ongoing basis, at a rate that they find satisfactory to balance the cost of the investigation against the value of the information the person is working with. For example, before being granted a Top Secret clearance, a person needs to have a Single-Scope Background Investigation. While I don't know if the trainings the government gives on insider threats are public information, you could take a look at this article on Insider Threats in the private sector to get a good idea of what kind of behavior government auditors and security personnel are looking for when trying to figure out if someone is an insider threat. Some examples include: Downloading or accessing substantial amounts of data, attempts to bypass security, and discussions of resigning or new opportunities.

Agencies will also provide an appropriate level of auditing and surveillance to their information and facilities (appropriate again meaning they have weighed the damage of disclosure against the cost of implementation), so when someone does exfiltrate information they will hopefully be able to find them and stop them before they can do further damage, or even block the attempt in progress.

IllusiveBrian

Posted 2019-08-25T03:29:05.827

Reputation: 5 929

1

They don't know.

They run background checks, they run counterintelligence operations on their own territory, they try to learn what the enemy knows about them. But in the end, they cannot know that someone is not compromised. Absence of evidence is not evidence of absence.

o.m.

Posted 2019-08-25T03:29:05.827

Reputation: 49 884

Please clarify how do they know that they can't know that someone is not compromised. That is, there might be some general and rigorous disproof of reliability, just vague suspicions, or something else... – agc – 2019-08-25T13:28:35.970

2@agc, simple logic. Investigators can find an absence of evidence for treason, but that's no proof of absence of treason. – o.m. – 2019-08-25T18:04:05.443

Ah, the catchphrase again. That's fine enough, when there is ground for suspicion, but let's say we're going to plant some tomato seeds by throwing them on a freshly paved undisturbed vacant lot in Arizona. Are these seeds going to grow into bushels of juicy tomatoes? By that catchphrase, we don't really know. But we do know because tomatoes need water and soil, and the paved lot has neither. Similarly there are probably necessary conditions for spying, lacking which no spy could flourish. – agc – 2019-08-26T09:41:21.747

I would recommend you look at some of the known cases and the history of the investigations around them. No one detail is unique to all of them, but in many cases there are a few common traits. – hszmv – 2019-08-26T14:22:16.783

@agc, that sounds like arguing an all-American kid is probably safe, and anyone who looks funny probably isn't. About a century ago there was the Dreyfus affair which shows the error if this concept. – o.m. – 2019-08-27T05:47:41.460

@o.m., Arguing that prior negative cases, (like the Dreyfus affair), disprove the existence of necessary conditions, (for spying), is like arguing that failed pre-Wright Bros. airplanes, (negative cases), disprove the possibility of airplanes, (e.g. finding the necessary conditions for flight). – agc – 2019-08-27T06:02:19.040

Very confused answer. Of course they can easily know. If they are aware of at least one case of stolen information, then they know with full certainty that they have been compromised. This post is great example of the pitfalls of why it's not a good idea to memorize logical fallacies without actually understanding them. – Rayce1950 – 2019-08-27T19:29:24.537

1

Generally, agencies with counterintelligence roles like the CIA, FBI, NSA, DHS will keep track of espionage in other, non-intelligence agencies (which is the majority of them) and if they detect anything, let them know.

There are many ways to detect information leaking:

  • Surveillance of individual employees to see if you catch them spying
  • Deliberately giving false information to see if adversaries end up acting on it
  • Asking your own spies in the adversary's agencies where they get their intel
  • Having your own spies pose as defectors to discover other (true) defectors
  • Having your agent pose as foreign spies trying to recruit defectors to see who is disloyal

And many other techniques besides that. A StackExchange question is probably not the medium to cover basically all of intelligence.

However, in the situation where a major part of the FBI is compromised, the FBI itself probably cannot be expected to do much. Maybe another agency which isn't as compromised can detect it. But if all of your intelligence apparatus is significantly compromised at high levels, you've lost. See for example intelligence victories of Allies during WW2.

Rayce1950

Posted 2019-08-25T03:29:05.827

Reputation: 883

1Can you support this with some sources? The latter two bulletpoints, to me, seem more like something out of a B-movie without substantiation that this is used. – JJJ – 2019-08-28T08:54:00.840

0

While some spies may go undetected for years, their spycraft can manifest itself in the physical world.

Take for example, the case when the Russians hacked extensive areas of the executive branch and State Department, including the White House in 2014. In this case, the hack caused severe network issues for weeks! So people knew right away.

Or this case of espionage resulted in 70 CIA assets in Iran and China being murdered. We knew because the number of people killed could not be a coincidence.

Another way you find out: someone can out it for political gain. Ronald Reagan famously delcassified the Russian shooting down of Korean Airlines flight 007, over the concerns of the US intelligence communities. The intelligence was gathered from satellite and other means. Reagan definitely wanted to brand the USSR's actions as representative of a pariah state.

Sooner or later the evidence of the spycraft will reveal itself in the material world for political gain.

K Dog

Posted 2019-08-25T03:29:05.827

Reputation: 1