AMU Homeland Security Intelligence Opinion Terrorism

Whether in Tehran or Beirut, “Moscow Rules” Still Apply

By William Tucker

“The FBI believes that the Lebanese-based Hezbollah has terrorist cells in at least 10 U.S. cities. The Iranian government has backed Hezbollah to the tune of $100 million. John Miller, the FBI’s assistant director for public affairs, told me the Bureau is concerned that Iran could activate a network of Hezbollah terrorists in the United States if the international community takes action to stop the Iranian nuclear program” – Bill Gertz, from Enemies

The U.S. is the largest target for foreign intelligence collection in the world. It would be naive to think that the U.S. doesn’t reciprocate. It would also be naïve to think that operations don’t occasionally go wrong. Over the past few years, most notably in the immediate aftermath of the 2006 Israeli-Hezbollah war, a few media outlets have carried stories of Israeli spies getting caught in Lebanon. This coverage went on for a few years, but it wasn’t until this past June that Hezbollah claimed to have captured two U.S. spies. Recently, Hassan Nasrallah’s June announcement has taken on new weight as headlines yesterday claim that unnamed officials of the U.S. administration have confirmed that this did indeed happen. It is rather strange that the U.S. would acknowledge the disruption of an intelligence collection activity, even unofficially, and yet, there may be a method to this madness. We’ll get to that shortly, but first we need to discuss what happened and why.

Failures in Tradecraft

After reading through several news reports on this incident it becomes apparent that the authors are unfamiliar with U.S. intelligence methods of operating specifically and intelligence operations in general. Since this article is based solely upon open source information, we’ll do our best to sort through some of the conflicting information. It appears that the majority of the articles available are reprints from the Associated Press, but there is one article from ABC News that carries some unique information. These articles point to the now important June announcement from Hezbollah General Secretary Hassan Nasrallah that two high ranking officials of Hezbollah were acting as CIA spies. This is where we need to clarify the terminology a bit. These individuals were most likely paid assets of the CIA or another agency rather than U.S. government employees or someone working non-official cover. In other words, an intelligence case officer used a method, or several methods, to recruit people within Hezbollah that would have access to information deemed vital to the national security of the U.S. This is a vital distinction as it would affect how Washington approached the compromise of a collection activity.

Another possibility is that these officials approached the U.S. and volunteered to pass information of their own volition. People walking in off the street and volunteering to engage in espionage can be godsend, or may be an opening volley in an offensive counterintelligence operation against the U.S. A good case officer, in conjunction with the local station chief, will use several methods to discern the intentions of the volunteer. Requesting specific, verifiable information, or lengthy interviews are standard fare when dealing with a new source. Interviews of a subject can also be used to determine the stability of the person and not just sincerity. These methods are particularly vital when dealing with a volunteer. Once a source is vetted, a good case officer will put the individual through some rudimentary training such as countersurveillance, the adversaries defensive counterintelligence techniques (to avoid detection), communications procedures, and, of course, methods for passing information. Judging from the content of the available information on this particular case, this is where part of the breakdown occurred.

A breakdown in the intelligence effort may have also occurred in the number of sources. The use of the terms ‘spy ring’ or ‘espionage ring’ indicate that more than just two people were working from the inside. In fact, the reports state that two rings were in operation which would make sense considering the use of two high ranking sources. Using multiple sources is a good way to verify material or fill in knowledge gaps. This does increase the risk of detection, however. Some sources, either of their own volition or encouraged by their handler, may reach out to other people with knowledge of a specific area or access to certain information. In some cases, a handler may recruit more people to facilitate the espionage rings activities. Some past espionage cases show that sources have taken it upon themselves to build up an espionage ring and have even gone so far as to disclose the full nature of the collection effort. The Walker case in the U.S. is a prime example of this. While this may help in the collection of information it does increase the number of poorly trained sources engaging in espionage activity. Any organization that suspects that they are losing information will go on a mole hunt. Hezbollah is no exception to this rule.

Perhaps the final area in which a breakdown likely occurred was the frequent meetings between the sources and their handlers. The reports available indicate that the handlers often met their sources at a Beirut Pizza Hut – the codeword for scheduling a meeting was reportedly “Pizza” –but some quoted officials dismiss that claim. This bit of information doesn’t sound quite right. It seems a bit far fetched that officials from western intelligence agency would meet sources at a western restaurant. Furthermore, if this was indeed happening, it should have been noticed as a problem in the field reports by the station chief, the head of the Hezbollah section, or any supervisor of a Middle East country desk at Langley that would have read the reports. It’s certainly possible that this did occur as reported, but for now the benefit of the doubt goes to the CIA. All that being said, meetings between sources and handlers are supposed to be infrequent because of the possibility of exposure. It’s also important to note that case officers should be rotated regularly to prevent their identities from being compromised by a targets counterintelligence apparatus. That both of these two time tested methods of operating weren’t followed is certainly cause for concern and the set back resulting from mishandling these sources could be felt for years.

Why Target Hezbollah?

As of September 15, 2011, the U.S. State Department still lists Hezbollah as a Foreign Terrorist Organization. As such, many analysts take a one dimensional view of the organization which often leads to incorrect analysis. Although Hezbollah is certainly a terrorist organization, it is also a major Lebanese political party, has a proficient militia, and perhaps just as important to U.S. intelligence, provides another avenue for collection against Iranian and Syrian intelligence. Hezbollah has long been supported by Iran and Syria and has actually carried out joint operations with Iranian intelligence in South America, Africa, and of course, the Middle East. By targeting Hezbollah so aggressively, U.S. intelligence would get a view into the complicated politics of Lebanon and get a sense of how foreign intelligence organizations work with the group. If any hostilities with Iran escalate beyond the intelligence world it would indeed be conceivable that Hezbollah would be one such terrorist organization that Iran could use as a force in the conflict. Some analysts argue over this point, but it is important to point out that the majority of Hezbollah’s weapons, along with the hundreds of millions of dollars coming out of Tehran, is substantial leverage over the organization. If U.S. intelligence has lost its window into Hezbollah, it could complicate Washington’s policy in Lebanon and beyond.

U.S. Operations Hit in Tehran

Late last spring Iran made an announcement that over 30 U.S. and Israeli spies had been captured. In addition to the announcement, Iranian television showed several websites that these spies were allegedly using to communicate with their handlers. The available reports do indicate that the U.S. lost a number of assets in Iran that were providing information. While the loss of any asset is undesirable it does appear as if some information is continuing to flow out of Iran. The recent IAEA report on Iran’s nuclear program states that it received information from ten western intelligence agencies. As there is no reason to doubt the veracity of that claim, it is quite possible that some assets remain in place and are able to continue transmitting information. Iran is quite aware that information is still leaking from their country and is likely continuing their counterintelligence operations to disrupt the foreign intelligence collection effort.

Another take on these announcements from Hezbollah and Iran is that while they may be accurate they may also serve another purpose. By publicly claiming the disruption of an espionage network it is possible that some of the untrained assets providing intelligence may get panicky and attempt to contact their handlers. In essence, the public announcement may serve to smoke out some of the remaining moles. From the U.S. perspective there is certainly a motivation for confirming the foreign claims. By publicly, and unusually, confirming that a U.S. espionage network was uncovered, Washington may be attempting to protect assets that are still in place. Washington may be gambling that its confirmation of the intelligence failure will result in Iran and Hezbollah scaling back their current counterintelligence investigation; however unlikely that may be.

The Need to Play by “Moscow Rules”

Layman discussion of the Cold War usually revolves around the issue of nuclear brinkmanship, but a very real war was being fought between the two sides. For U.S. intelligence officers in the midst of operations, much of the world was rather dangerous, and yes, some places were more dangerous than others. At the top of the list was Moscow itself. In the former Soviet Union someone merely had to be suspect to enjoy a trip to the infamous basement of Lubyanka, and, contrary to belief, little has changed. Those intelligence officers who managed to work successfully in Moscow developed a set of guidelines for new officers that would eventually become known as the “Moscow Rules.” There are 40 sections that make up the Rules, but only a severely abbreviated set exists in the open source.

If anything is to be taken from the Rules, it is this – discipline. Judging from the reports over this massive compromise, if it is indeed accurate, discipline simply wasn’t part of the equation. In any espionage operation respect for the enemies counterintelligence capabilities must be built in. You cannot forget that you are operating in someone else’s backyard, and most importantly, you cannot believe your enemy to be incompetent. It really doesn’t matter where an operation takes place; if you follow the rules along with the rest of your training, you’ll be better off. Failure to follow the rules can result in being listed “persona non grata,” or worse, systemic failure. Two poignant reminders of this are purposely listed among the Moscow Rules: Assume nothing and don’t look back – you are never completely alone. By ignoring these rules, Washington has just lost its inside view of a terrorist organization that has a presence in the U.S. and possibly lost access to vital information from a country that is nearing nuclear breakout.

Comments are closed.