The second part in this series showed clearly that the US Intel community has been overrun by untrainable and undependable people.
The more facts that come out, the worse the situation looks. We trust these people to dissect and analyze critical pieces of information and based on their experience advise the President of the United States whether or not diplomacy, spying, and covert action, sanctions, or even military engagement is warranted.
So, the big question in part 2 became, how do you induct over 3 million new employees with no previous experience into what is supposed to be one of the most complicated professions on the planet? Can this be done in less than 5 years? The answer is you can’t.
Most of the Intel the US is using right now comes from private sector sources. Over 80% of the current NSA budget goes to subcontractors that can hire and layoff on a per-project basis. There is no loyalty to employees or government service. Loyalties are bought and sold by the highest bidders as part of the daily grind to just make a living.
One day Jimmy the 1st year apprentice Intel guy might work for the US government. Two weeks later he might work for the Ukrainian lobby doing Oppo-research. Three weeks later he might work for a company that has both for clients. He takes all the software packages with him as well as insight into the data he’s gained or if it’s OSINT, the data itself can change hands if it does so before being labeled “secret.”- The Unthinkable Consequences of Outsourcing US Intel
Since 2015, I’ve watched the Intel industry go through radical changes in a very short time. This started long before I interviewed Michael Jasinski (MJ), the Assistant Professor Department of Political Science University of Wisconsin–Oshkosh about this.
The following is professor Jasinski’s remarks from the 2017 article and following that the interview we did the other day. In literally 2 years the Intel community hiring standards have gone from university researchers with at least some experience and education in the field down to Jimmy who used to work at Walmart and is now an intern at the CIA, FBI, DIA, DOD or fill in another agency of your choice.
Professor Jasinski had oversight over researchers that were later hired by US Intel agencies following 9/11 and provided evaluations of them prior to their employment.
MJ- “Considering how the intelligence community is depicted in the media or in the movies (and clearly CIA “outreach” plays a role here), you’d think Jedi Knights. The Justice League. Gandalf. But if you ever had personal contact with the “three-letter agencies” for any period of time, you’d think different. My most recent experience with the “intelligence” community was at MIIS, post-9/11 when the agencies were coming there to hire, and they were hiring big. They hired many of my research assistants–I was doing what might be termed “open-source intelligence” on WMD proliferation–and in the process, they’d ask me, their immediate supervisor, for my opinion. So I’d tell them point-blank: can’t read, can’t write, can’t analyze. I don’t care what their CV says, the only language they can function in at any level in English. No matter, they’d get hired anyway. Drug convictions? No matter, they’d get hired anyway (at least at the time, the CIA would hire you if you didn’t have any drug convictions within the last 3 years). Scary political views they wore on their sleeve? No matter, they’d get hired anyway. All of my good assistants went to work for the UN, IAEA, major NGOs. The dregs went to “intelligence.” So now when I see a) the “Russian interference” stories and b) the inability to safeguard, and presumably use responsibly, your own cyber-warfare arsenal, I can’t say I’m exactly surprised. But there are no shortcuts in this kind of work. If you rapidly expand at the cost of dramatically lowering standards, you (and the country) are going to pay a price. We’re paying it right now.”- The Private Contractors Using Vault 7 Tools for US Gov: US Intel Needs a Ground-Up Rebuild Part 1
GE– Professor Jasinski, how do you feel about the idea of can’t read, can’t write the language analyst types gaining NSA size tools and being sent to spy into Russian infrastructure as bounty hunters looking for threats?
MJ-It’s not unlike giving a monkey a live hand grenade, except that the monkey in question would not run the risk of causing major power war. I hope these reports are, essentially, disinformation, because NYT would never publish anything the intel community doesn’t want to see published. At the same time, it may well be Venezuela was thusly targeted, and the recent Latin American power outages could be the collateral damage. If that’s the case, one can imagine the potential scope for trouble. And wouldn’t it be something if a cyber-attack on Russia turned resulted in a major EU or Chinese power outage?
GE-How would you feel about these same analysts gaining manager positions in the agencies and as the private contractor counterparts?
MJ– If in supervisory positions, they will succumb to the First Law of Bureaucracy which is to protect and expand turf, which in practical terms means more and more cyber-ops which are probably already being touted as the new “smart bombs”– a perfect solution to every national security problem, real or imagined. There will be lobbying, policy papers, entire think tanks funded by agencies led by people interested in not only expanding cyber ops but specifically expanding their own agency’s responsibility for cyber ops and in order to do that, you have to have some “track record” of running cyber ops. So you can imagine the potential for rapid escalation.
GE-If this type of activity occurred in say Russia’s nuclear sector where bounty hunter hackers with rancid political views gained access, how bad could this be?
MJ-If you are paranoia-minded (and since I’m from Eastern Europe, I am), the Chernobyl HBO series may serve as an “informational preparation of the battlefield.” If a Russian nuclear power plant is hacked and results in an incident, any incident (it doesn’t need to be as extreme as the what happened at Chernobyl), it damages Russia’s power grid, the credibility of the Russian government and the Russian state (all kinds of “collapse of USSR” parallels would be drawn), and also the attractiveness of Russian nuclear power exports to third countries. Three major US foreign policy aims for the price of one! And all of it can be plausibly blamed on Russian nuclear butterfingers.
GE-Is there any governmental or industrial sector that is hiring private hackers, IO pros, and private spies which could prove beneficial and not cost the US its status in the world or have international repercussions?
MJ- I think this is relatively straightforward. Pretty much everyone will acquire a defensive cyberwar capability, but the problem is that it may be extremely difficult to prevent an offensive arms race from being initiated. What makes this worse than conventional or even nuclear arms races is that you never really know what others have and it’s extremely difficult to verify the elimination of a capability, since we are essentially talking about software tools in a world where everyone and their brother is writing code. And if there is an underlying mistrust among major powers, it will naturally promote the development of offensive capabilities (which will be described as retaliatory, of course), which then will have to be tested in some way.
GE-What is the potential of bounty hunter hackers, IO pros, and private spies fomenting war outside of all government policy or oversight?
MJ– This is a bit more complicated. If the tools really proliferate among non-state actors, it’s the equivalent of selling biowarfare kits in pharmacies all over the world. Anyone can get them, then launch anthrax/black plague/whatever attacks on whatever individual, organization, city, or country they don’t like at the moment. So that probably will not be allowed to happen, and we’ll see something like the de-facto ban on shoulder-launched SAMs from being sold or given to non-state actors. Even the war in Syria did not seem to break that taboo. The bigger problem is governments outsourcing cyberwar to quasi-private actors, in the same way, propaganda has been outsourced to the likes of Bellingcat, censorship to Google and Facebook, killing people to Eric Prince. So, for reasons of plausible deniability, you could set up a Dirty Dozen-style outfit of cybercriminals given suspended sentences in return for cooperating with the gov’t, then use them to stage cyber ops to benefit the US gov’t, or at least the intel community, and do it with considerable plausible deniability and moreover hide it in some “black” budget program. I do wonder who all these Cozy Bears and Fancy Bears really are.
Professor Jasinski’s point is well taken. What would the world be like if anyone could get their hands on aggressive NSA state-level tools and point them at their neighbor?
When he taught the people that would eventually become CIA and FBI OSINT agents and managers, the transition from State to privatized Intel was in its infancy. Part 2 of the series showed Richard Clarke made the US Agency transitions to the privatization of Intel. UK PM David Cameron labeled the man that got the job transitioning US agencies to privatized Intel an idiot. That was Steve Emerson and his sidekick and former gift shop cashier, the lovely Rita Katz.
From the 1990s into the 2000s and 2010s, all of the elite hack, defense, and attack tools were purposely labeled freeware for anyone that decided to pick them up. This means the scenario professor Jasinski labeled as a nightmare is already coming true.
A researcher made an elite hacking tool out of the info in the Vault 7 leak. And most of the tools in their primary form are available online free of charge.
Why did this happen?
The Guardian made the point in November 2014 with “Our choice isn’t between a world where either the good guy’s spy or the bad guy’s spy. It’s a choice of everybody gets to spy or nobody gets to spy.”
So said the security luminary Bruce Schneier at BBC Future’s World-Changing Ideas Summit in October…With so many cheap or free tools out there, it is easy for anyone to set up their own NSA-esque operations and collect all this data. – American Jihadi Starts Private NSA And Attacks America
This has been gradually developing into the norm in America. Your safety and the safety of your loved ones, not to mention the rest of the world is in the hands of otherwise unhireable people that are learning as they go to hack and attack foreign countries and domestic civilians.
“In a Sept. 2013 Reuters article, Jameel Jaffer, deputy legal director at the American Civil Liberties Union, said the reported incidents of NSA employees’ violations of the law are likely “the tip of the iceberg” of lax data safeguards. The laws guiding the NSA’s spying authority in the first place are a bigger issue, he said. “If you only focus on instances in which the NSA violated those laws, you’re missing the forest for the trees,” Jaffer said. “The bigger concern is not with willful violations of the law but rather with what the law itself allows.” –NSA staff used spy tools on spouses, ex-lovers: watchdog
The companies and individual actors sell information. For some, this is the basis of how they market their services. They spy on other companies – on regular people – commit espionage and run legally dubious information operations against civilians.
But because of the work they do for both the U.S. government and private corporations, few restrictions are placed on them. Where they are supposed to be supervised by the Director of National Intelligence (DNI), in some cases they are supervising themselves and other companies and training DNI agencies to act like them. –Intel-for-Hire Undermines U.S. Intelligence (Part 2)
It is only along this line, the NYT article U.S. Escalates Online Attacks on Russia’s Power Grid can be comprehended. Why is the military leaving the nation’s Commander in Chief blinded from what has the potential to spark a hot war? How?
While Jimmy works at the ODNI this week, the DOD uses 1st year Intel intern Jimmy’s brother Gary. Gary has a solid 6 months behind him as a privatized operator to carry out OSINT against Russian assets.
Do you think I’m exaggerating? My first thought is ole’ Gary made a mess the US government was going to get taken behind the shed for. But, why would the DOD get behind this hacking operation and alienate their Commander in Chief? Why not invoke plausible deniability? Do they think Trump will take the ODNI use of private sector apprentices to heart and fire them?
This is part of an ODNI and DOD Intel policy change. The DOD has been using private citizens like ole’ Gary for a while. Now, it almost seems like they bring these guys into a room and really chat them up before letting them loose to wreak havoc on society.
Ole’ Gary, you are a supa’ spy! Yes, you are. Yes, you are! Now go get me sum red Ruskies!
To defend 21st-century networks, should the US use the model of 18th-century privateers?
It seems Ole’ Gary and the Podunk crew received new and improved titles. They are bounty hunters and privateers. This is immensely important and will be the subject of the next article in the series.
All they need to do is go back to the room and get chatted up again and they can start their new careers. I’ve been researching this cottage industry and watching it develop since 2015. The Privatized NSA Army is Attacking YOU!
According to the DOD, this function is supposed to do exactly what the DOD just did. The problem is it is more of an embarrassment to let ole’ Gary and Jimmy loose in the press than it is to embarrass their direct commander and the highest executive according to the Constitution.
CIA morale plummets as Trump becomes president and CIA veterans say spat with Trump could have real-world consequences.
The problem is most of the morale slump is coming from private contractors that are doing the actual work. Contrary to popular belief, the CIA would be relegated to the level of Keystone Cops if they had real agents face forward online every day. So, what does this mean?
Ole Jimmy and Gary want to feel the part. They want to dress the part. They want to live the part. Their lack of GEDs just won’t allow it to happen. Sorry, Jimmy. Sorry, Gary. The CIA doesn’t offer apprenticeships. But, because they do work indirectly for the CIA, they pretend they are CIA and use their real CIA tools on their neighbors. We’ll get into that in the next article.
If U.S. intelligence is questionable and untrustworthy, there is no single greater threat to the planet today. Members of an intelligence community who try to circumvent the democratic process should be prosecuted no matter who they are or who they are trying to undermine.- U.S. Intelligence Crisis Poses a Threat to the World (Part 1)
It’s time for a quiz and let’s see who’s paying attention
Or was it Jimmy and Gary again?
If you said yes, you may just win and the US goes back to the things we were all taught to value.
Agents like Jimmy and Gary provide most of the OSINT and Intel for the FBI and Homeland Security.
The next article in the series is mind-boggling because it opens up the reality of cyber privateering and bounty hunting. The reality of the situation and the deviant turns it’s taken make the dire predictions professor Jasinksi made look very tame and optimistic.