There is no greater accomplishment than realizing the true wilderness of mirrors is life itself. — VEEXH
TOPICS
- Espionage
- Cyber Espionage Intelligence
- Wilderness of Mirrors
- Bonus Section — Don’t Give Up
Espionage
Due to its portrayal in Hollywood films such as James Bond or Mission Impossible, espionage is now a word that is misunderstood by many. But what does this word mean?
Espionage is the tradecraft of obtaining classified information or intelligence via deception. Espionage involves trained agents who act on behalf of another individual or intelligence agency and are sometimes called spies.
Deception, a strategic and deliberate process, is a crucial element in the success of any espionage operation. It involves creating a false perception of reality for the intended target. This deception is not random but rather logical and strategic, integrated into the operation; the more successful the deception, the higher the chances of achieving the intended end goal.
One of the 36 stratagems of ancient Chinese literature, which is all about using deception for the domains of politics, warfare, or civil, perfectly encapsulates the role of espionage and deception: You must “Deceive the heavens to cross the sea.” You carefully use measures to divert your target’s attention from the ongoing operation. You don’t want them to know, so you take all measures to go beyond concealment and completely turn their attention in the opposite direction.
With this in mind, espionage and deception are not just tradecrafts limited to the domain of war. Numerous times, state-sponsored or commercial entities have employed agents to collect secrets.
One such incident highlighting the usage of the Chinese stratagem mentioned earlier is the Chinese MSS(Ministry of State Security) recruitment of Jun Wei Yeo. Yeo was a Singaporean national and a PhD student attending the National University of Singapore.
The MSS officials who recruited him referred to themselves as workers for a think tank based in Shanghai. Yeo created a fake consulting firm on LinkedIn, which was a means of deception aimed at recruiting Western citizens with top-secret security clearances to obtain classified information. The firm was thriving before Yeo’s eventual arrest.
This act of espionage highlights three critical factors: that the internet is a means to conduct successful deception campaigns, that officials can train individuals with the intent and capability to conduct espionage, and that a wilderness of mirrors is essential in protecting agents who recruit spies.
Cyber Espionage Intelligence
Cyber espionage intelligence (CEI) is the tradecraft that recruits technically adept spies for deceptive technological methods to support the intelligence process. This tradecraft juxtaposes cyber threat intelligence, which focuses on identifying and mitigating potential cyber threats.
CEI is not CNA(Computer Network Attack) or CNE(Computer Network Exploitation). While both roles play a part in the success of cyber espionage intelligence, they are distinct and serve different purposes within the tradecraft.
Each distinctive element of CEI is a cycle in its own right that combines processes to arrive at an intended outcome. Suppose you are familiar with the intelligence cycle. In that case, you will realize that Planning & Direction, the stage used for brainstorming and identifying requirements, has been moved to be listed under the cyber portion.
This has been done because the intended outcome or critical requirements are arrived at via technological means, which analysts must identify at an operation’s beginning.
Cyber
The beginning stage of any CEI operation starts with cyber, which incorporates planning and direction along with TTP(Tactics, Techniques, and Procedures), which outlines the framework for carrying out the operation.
In this step, it’s possible to mirror the TTPs of existing APTs (Advanced Persistent Threats) or form a plan that aligns with the requirements. Requirements often change, and the TTPs must reflect these new collection requirements.
Espionage
The recruitment of agents for conducting espionage falls under the intelligence tradecraft of HUMINT(Human Intelligence), which collects information from human sources. The CIA(Central Intelligence Agency) had created an acronym M.I.C.E to use for agent recruit,
Money
Ideology
Coercion/Compromise
Ego/Excitement
which was later abandoned because it never provided a framework for understanding the complexities that drive human motivations. Case officers tasked with recruitment would fall victim to misperceiving their agents. The CIA began using R.A.S.C.L.S, principles that are more aligned with agent recruitment. Listed in the CEI processes in the image above, the ARC(Agent Recruitment Cycle) consists of steps necessary for finding agents.
- Spotting: The process of identifying individuals who meet intelligence needs as outlined by analysts.
- Assessing: Determining if the individual has the access or necessary placement to provide the desired information and analyzing their motivations, weaknesses, and suitability.
- Developing: Cultivating a relationship with the individual to analyze further and assess whether they are responsive to initial tasking for intelligence requirements.
- Recruitment: The recruitment process.
- Training: Training and handling meetings with the individual, which incorporates tasking and debriefing.
- Termination: Terminating the relationship or placing the agent in the care of another case officer.
Reciprocation
Authority
Scarcity
Commitment/Consistency
Liking
Social Proof
Case officers use ARC along with RASCLS to cultivate individuals into successful agents. Yet, DarkNet Espionage is a much more intricate process due to extreme paranoia and the risk involved with cybercrime. RASCLS alone is not enough for the successful recruitment of agents on the DarkNet, so an acronym that aids the RASCLS framework is ARTIST.
- A: Attraction (drawing people in with your reputation and skills).
- R: Reputation (your good name and standing in the community)
- T: Talent (the skills and expertise you bring to the table)
- I: Influence (the ability to influence and motivate others to carry out actions)
- S: Synergy (the collective power and energy that comes from working together)
- T: Talent (the continual development of agent skills, recursively leading to the ARTIST framework running in a continuous cycle until agent termination)
Utilizing these two frameworks will allow recruiters to interact with less friction because they will have a wholistic understanding of human psychology and the culture of the DarkNet, which thrives off of talented individuals working with like-minded individuals who know what they’re doing; the recruiter is now able to breach that wall an individual might have up due to extreme paranoia.
Intelligence
The intelligence cycle commences after the agent successfully transmits information to the case officer. Subsequently, the data undergoes processing, analysis, and dissemination to policy or decision-makers. Feedback is incorporated to refine the cycle. The intelligence cycle is straightforward and the least daunting of the two elements incorporating CEI.
Wilderness of Mirrors
The DarkNet is a decentralized, encrypted, and anonymous online ecosystem that operates outside the boundaries of traditional internet infrastructure. It allows individuals and organizations to engage in confidential and often illicit activities, frequently blurring the lines between legal and illegal behaviors.
The DarkNet is the perfect decentralized economy in which clandestine and digital HUMINT can thrive because two words best describe the underlying foundation of the talented individuals who form this ecosystem: supply and demand.
A supply of highly talented individuals adept at stealing data. The demand for the skills required to penetrate companies to exfiltrate their data.
In like manner, just as there are talented individuals who set themselves apart, not all DarkNet forums, chatrooms, or marketplaces are ideal for espionage. They have to meet specific requirements.
- Reputation — The establishment of the forum or marketplace’s reputation as reputable is crucial.
- Length of Activity — The forum or marketplace must endure persistent security threats from hackers and law enforcement agencies (LEAs), necessitating a robust and continuously maintained architectural framework.
- Quality of Users — Individuals are required to exhibit talent and skill in observing Operational Security (OPSEC) and uphold a standard of professionalism.
- Admin Competency — Are the administrators sufficiently skilled to manage the forum or marketplace, and do they exhibit the essential attributes required for this purpose?
- 5, 9, and 14 Eyes — It is advantageous if the forum or marketplace is based outside the jurisdictions of countries associated with international surveillance alliances, such as the 5, 9, and 14 eyes. Although not obligatory, this criterion is worth considering.
In cyber espionage intelligence (CEI), preserving anonymity and evading attribution to any specific entity is paramount. Professionals in cyber espionage intelligence employ anti-attribution methods when conducting operations. Using advanced obfuscation techniques poses a significant challenge for analysts seeking to attribute cyber attacks accurately.
Furthermore, sophisticated threat actor’s implementation of deception tactics further complicates the attribution process. These tactics deliberately mislead cyber threat intelligence analysts by emulating the methods of other threat actors or by leaving false digital footprints.
While cyber threat intelligence (CTI) analysts may excel at analyzing information and delivering intelligence to clients, they often lack a comprehensive understanding of espionage and the wilderness of mirrors. Consequently, pinpointing the actual perpetrator of a given action becomes exceedingly challenging when attribution becomes a convoluted domain of uncertainty.
Don’t Give Up
Have you ever wondered, “Is this where I want to be in life?” If so, it’s time to take a hard look in the mirror and acknowledge that you’re the only one responsible for your current situation. It’s easy to blame circumstances or others, but the truth is that you have the power to overcome any obstacle.
This isn’t a message of defeat but rather a call to action. You’re not like everyone else, which makes you unique. You have your strengths, weaknesses, and desires. It’s time to tap into those qualities and use them to drive you forward.
Don’t give up on your dreams. You’re not a superhero, but you do have the ability to do amazing things. Believe in yourself and your capabilities, and you’ll be surprised at what you can achieve.
So, the next time you feel stuck, remember: you’re not a victim of circumstance. You’re a powerful individual with the ability to shape your destiny. Don’t let fear or doubt hold you back. Take control and keep moving forward.
Keep pushing forward, and never give up on yourself.
