Few understand the deviousness of our modern world. Just as hackers have mastered schemes to insidiously steal your personal information, so now spies have figured out a new method, and it involves YOU. Consider a report in Harper’s Magazine. A kindly gent visiting a Baltic art house offered a fellow fan a movie he might like on a USB drive. Intrigued, the viewer tried it at home with no luck. Chagrined, he was advised by his new friend to try it out on his computer at work. You can guess the rest. Likewise, it seems another hacking compromised millions of US Government employees. As the New York Times reported two years ago:
Every person given a government background check for the last 15 years was probably affected, the Office of Personnel Management said in announcing the results of a forensic investigation…
Odds are, if you hold a clearance, you’ve been compromised. As a result, vast amounts of briefings, computer fixes, and general mayhem followed. If you still don’t know if you were possibly involved, you might pay your counterintelligence representative a visit.
And yet, why do we think our adversaries only come at us with sophisticated schemes cooked up in some hacker’s den? Consider the following: spies might simply ask you for the information. Yes, on a boring Thursday, you pick up the phone and a kind voice purrs that you met one another at a conference you recently attended. You were at the conference. Since the voice is kind, and of the opposite sex, you aver you remember. Soon you are chatting merrily about home, job, associates, and programs. Who says love doesn’t blossom when least expected?
This type scenario is why cleared organizations establish policies for unsolicited calls. I remember briefings which stated emphatically that our Public Affairs Office was the only point of entrance for callers to the command. What is your company’s policy for properly identifying callers? Is there a policy?
Let’s start with an unsolicited telephone call. You don’t know the person, so you should ask for recontact information, providing none of your own. Do not even confirm they reached the right office, if possible. Direct them to your public affairs office. Then you provide their information to your counterintelligence officer. Do not, under any circumstances, investigate yourself. You’ll see why in a minute.
Let’s say you have been contacted on social media. Here I’d like to make you aware of a phenomenon not only germaine to espionage, but modern terrorist recruitment as well. Here we are in the realm of a sort of duplicity which is particularly well-served by the Internet. Would you not tell your children, “You don’t know the people who contacted you online, so don’t respond.”? Entire fake personas can be created by sophisticated collectors of information, national espionage efforts, or recruiters of terrorists. They create personas that are calculated to appeal to you personally. When you become friends, they provide you with electronic guidance which, when executed by a simple click, gives them access to your computer. It could allow them to manipulate your data, unknown to you.
Never allow another person to know something online which you would not tell them personally. Never tell someone personally something they have no need to know. The spies know if you are lonesome, short on cash, need an ego boost, or are a possible true believer in the cause which, amazingly, they are also adherents of! Just like Mephistopheles, they encourage your weakness and use it against you. They make themselves a persona just like you are hoping, perhaps even praying for. Where do spies get their starting points about you? Today there are sites on the web which share PowerPoint briefings, corporate complaints, and yes, job postings! Not for nothing do they say espionage recruitment is like a love affair. The spies know when you are willing to be seduced. The social media approach makes it so much easier, because you never even see them, but rather believe them to be what the computer says they are. And they are ‘thoughtful’ about you, and ‘care’.
Never ‘friend’ someone who appears from nowhere. For that matter, a friend request or information sharing requiring verification by a click on data from someone you know, which you have not confirmed separately beforehand by other means, could be just as bad. A significant espionage case occurred when recipients of a friend request thought it was from a senior official they quite literally personally knew. Fake personas of known people are a specialty of national espionage services. Such attempts should be reported immediately to your intelligence office. So beguiling are spies today that they could reasonably discuss your program using open source information as starting gates. Don’t give them an opening. Check with your foreign disclosure officer on what can be discussed once you are formally connected, through official channels, with a legitimate caller. Contact and report to your counterintelligence officer all unsolicited contacts.