
How to Spot a Spook (1974) - mercer
http://cryptome.org/dirty-work/spot-spook.htm
======
lb1lf
A (probably apocryphal) story which I heard when spending a few weeks at a
facility deemed of the greatest interest to spooks a couple of decades ago was
that the security services tended to identify infiltrators by questioning the
bar maid at the local pub.

Apparently, regulations required the agents to only have small beers,
presumably to avoid indiscretions while inebriated.

Only problem was, none of the locals ever ordered small beers, as the general
practice was to get wasted enough to forget what a godforsaken place you'd
wound up in, if only for an evening.

------
linkmotif
This piece reminds me of
[http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz...](http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amazing_success_identifying_cia_agents_in_the_field/)

"What Totrov came up with were 26 unchanging indicators as a model for
identifying U.S. intelligence officers overseas."

~~~
nonbel
>"The invariable indicators...agency officers _usually_ had more than one
working foreign language, their cover was _usually_ as a “political” or
“consular” official (often vice-consul); internal embassy reorganizations
_usually_ left agency personnel untouched"

Reading stuff like this is really irritating. Do the author and editors not
know the meaning of "unchanging and invariable"? It just makes the entire
article seem idiotic.

~~~
xkcd-sucks
Outside of formally defined abstract systems, "invariant" almost always means
"usual"

~~~
nonbel
I am a native English speaker and have never heard someone use "unchangeable"
or "invariable" to mean anything other than the correct meaning: "not
variable; not changing or capable of being changed; static or constant."

------
Animats
The Mossad had a big embarrassment some years ago. Wearing ties is not common
in Israel, but, for forged credentials, people were usually photographed
wearing a tie. The photography shop provided people with a tie.

The Mossad used the same three ties for everybody.

~~~
justinjlynn
Contamination kills; I'm amazed they reused forging facilities like that.

~~~
closeparen
I doubt CIA Technical Services was burned down and reconstructed for every
mission. Seems like intelligence agencies are always going to want some
shared, reusable resources.

~~~
justinjlynn
Of course not, but they don't use the same signature techniques on all forged
documents either -- that would just be silly.

------
45h34jh53k4j
"The CIA has a different health insurance plan from the State Department. The
premium records, which are unclassified and usually available to local
employees, are a dead giveaway."

I wonder if this is still the case? Seems like a very externally observable
difference, especially today.

~~~
appleflaxen
it would be fascinating to have an update about these ideas, and a look at
which signals have changed, what signals are the same, and what new signals
might exist.

~~~
oren_thrall
I generally get the feeling that people were way more wreckless before the
80's. The level of technology at the time is surprisingly low. Card catalogs
and the dewey decimal system represented a nominal level of information
technology, rendering many audit trails nearly opaque.

Of course, physical, structural security was bad too. Break a window and climb
on in, just repair the window when you leave and maybe that'd be enough to
capture some records. If it wasn't a bank or a prison, a building probably
wasn't a fortress unless it was extra special.

People cared a lot less about how life turned out 40 or 50 years ago. Alcohol,
tobacco, diseases everywhere, and medicine was kind of terrible. You get a
feel that risk taking was normal.

Now, people clench up at the thought of breaking any rules. Call it the new
technological superstition. We don't believe in god, but we believe in logs.

~~~
jdavis703
Having worked with some departments where the average age was 50+ I've
definitely seen flagrant rule bending for risky behavior (e.g. not carrying
radiation detectors, working on roofs without proper "safety" equipment, etc).
The thing is these people got the job done. The younger generation (which I
belong to) would likely throw up their hands and claim they couldn't complete
the task because some prerequisite for a rule wasn't in place.

~~~
literallycancer
Why would you work in an unsafe environment without proper tools and safety
measures? If you get injured the insurance company won't pay a cent, since you
broke the safety protocol, and the employer will probably just fire you. Dead
people can't sue for damages either.

If you are an just an employee, it makes perfect sense to throw up your hands
and claim you can't solve a problem, when the alternative is taking risks that
reward the company, rather than yourself.

~~~
ridgeguy
It depends on values. Many of a certain age grew up in an environment that
placed less emphasis on benefits to an individual and/or their employer and
more on "gettin' it done".

Not endorsing either POV, just noting that one's formative era affects one's
behavior.

~~~
lb1lf
Also, in an entity large enough, you may find that your incentives clash all
the time as different parts of the organization have different views of what
constitutes success; one department may put the organizational equivalent of
barbed wire and minefields in your path, while another department, blissfully
ignorant of said minefields, order you to charge ahead.

So, what do you do?

a) Throw up your hands in despair and do nothing, annoying whoever asked you
to wade through barbed wire only to find the minefield.

b) Get down to it, step on a few mines after getting cut to shreds on the
barbed wire, annoying the people who placed the mines as well as the ones who
asked you to charge ahead (which are, by now, annoyed that you didn't complete
the task on schedule.)

c) Try to point to the inconsistencies of The System and ask for clarification
and advice. Annoy both the people who put down the mines (who fail to see why
anyone wouldn't want a mine field there, it's not like they put them down for
fun!) and the people who simply want you to do your job (noting that you
complain that the sappers keep you from doing it well, rather than just
getting down to it.)

d) Quit.

------
sverige
There were a couple of things I found interesting. One was the article's
assertion that David Bruce was clearly regular Foreign Service, yet his bio
shows he worked for the OSS, the direct predecessor of the CIA.

>Bruce, David KE--b Md 2/21/98, m (Evangeline Bell). >Princeton U AB 19. Mem
Md bar. US Army 17-19, >42-45 col overseas. PRIV EXPER ... >GOVT EXPER with
Off Strategic Sers 41-45

The other is the date of publication, just before the Church committee
crippled the CIA for a number of years. It makes me wonder how this fits in
with all the other events of that time.

~~~
gitpusher
Good eye. It does say "GOVT EXPER _with_ OSS" (emphasis on 'with') rather than
"XYZ _of_ OSS", implying some sort of external role – such as helping
establish chain of command in the early days, or some other bureaucratic help.
A glance at the register itself shows that most OSS involvement is cited with
the "of" convention:
[https://archive.org/stream/biographicregist1950unit/biograph...](https://archive.org/stream/biographicregist1950unit/biographicregist1950unit_djvu.txt)
(BR, 1950 edition)

~~~
sverige
The distinction of "with" and "of" is interesting in itself. I guess he may
have coordinated external logistics or something else during the war for them.
'41-'45 is a long involvement, either way; surely he knew plenty of people
there. Makes me wonder about the motives for bringing up his name then
dismissing him as anything but career foreign service in the original article.

And that's exactly what makes spy work so interesting to observe in the first
place: trying to figure out the motives, reality vs. cover, intent, etc. of
complete strangers. It's all fun and games until you become their target, I
suppose.

------
joe_the_user
As I understand the situation, the agents that are placed this way have only
the shallowest cover and their job is to interface with the agents and sources
that are actually secret.

The overt description of covert operations, made by the CIA, in their career
description, is that agents _handle_ sources and sources do whatever dirty
deeds the agency really wants done. Of course, the CIA has entirely different
sections with military or hacking capability but basic "game" of embassy based
agents interfacing with covert agents interfacing with actual sources remains.

~~~
ape4
I guess these shallow cover people could be followed or bugged to find the
deeper agents.

------
eth0up
Reminds me a bit of this: [https://cryptome.org/2012/07/gent-forum-
spies.htm](https://cryptome.org/2012/07/gent-forum-spies.htm) (The
Gentleperson's Guide To Forum Spies)

------
carvalho
I was surprised to find the Central Intelligence Agency in my weblogs. This
means they both leave JavaScript on and use the company IP for casual
browsing. I'd expect that they make attack vectors as small as possible and
have access to IP ranges that can not be so easily traced back to them, but
maybe the rules are more relaxed for casual browsing/research.

Don't these agencies, militaries, and companies (BAH, Lockheed, Boeing, Dell)
get micro-targetted exactly like this? I'd imagine foreign intelligence
agencies use websites and ad networks to drop zero-days on persons of
interest.

~~~
jonnybgood
The US military uses NIPRNet which blocks a range of websites on the internet.
HN is not one of them thankfully.

------
taejo
Are the Foreign Service List and the Biographic Register still published? A
quick search only yielded editions many decades old.

~~~
briandear
The FSL still exists; don't know about the Biographic Register -- haven't seen
that. Essentially the FSL is provided to host countries with a listing of all
personnel on diplo passports. NOCs are obviously not listed.

------
gitpusher
Nowadays it's easier to tell – if they work for gov and aren't active on
Twitter, they're hiding something

~~~
CM30
Probably a silly question, but how do you know they're not active on Twitter?
I mean, outside of well known elected officials here (like the US president,
UK prime minister, mayors, etc) I'm not sure there's much of a reason for
people to state they work for the government on social media sites.

Might be a fair few government employees who just don't tie their social media
presence to their real identity for one reason or another. If I get a role in
the UK civil service I'm certainly not putting a job description in my Twitter
profile, but that doesn't mean I work for MI5.

------
myrandomcomment
So this story at then end suggest that the human intel is out dated and we
should rely on technical means. This is what we did and it ended up being a
major cockup that led to failures to understand and predict issues, Iran and
Iraq being some of them. We are still rebuilding our human intel assets. The
Russian who lacked the technical expertise have always relied on human intel
and it shows (trump, et.al)

------
logicallee
I started reading this but had trouble maintaining my interest. Near the
beginning (called the "hook" in journalism) it said that the station chief had
had his own office bugged.

\- Could someone who read through to the end mention what the eventual answer
the journalist gave, as to why?

(I see I got almost instantly downvoted[1], but could you answer the
question?)

Thanks.

[1] [http://i.imgur.com/wH95OMt.png](http://i.imgur.com/wH95OMt.png)

~~~
logicallee
really, guys? downvotes galore, but not half a second to reply briefly? I
didn't ask a lot.

~~~
devopsproject
if you are too lazy to read the article, don't expect others to do the work
for you and give you a synopsis. Do your own work or quietly move on

~~~
logicallee
I didn't ask for a synopsis, but whatever. reading articles isn't "work" and
not everyone has to be interested in every aspect of everything, all the time.

~~~
devopsproject
if you are interested in the answer to your questions, read the article.

~~~
logicallee
>if you are interested in the answer to your question

I guess I'm not. Hey, let me ask you something. Are you a very experienced
Linux user? It's the only other community I've heard this perspective from.

~~~
devopsproject
no

