State-sponsored cyberattacks have become more expensive, difficult, and risky as businesses have improved their cyber defenses. Though nations have great resources, some are pivoting back to the tried and tested method of recruiting people on the inside. Here’s how organizations can begin to protect themselves against Human Intelligence operations.
Shortly after 7 pm on a cool February evening in 2019, officers from the Swedish Security Service entered a restaurant in Stockholm and arrested a man on suspicion of espionage.
The man was a 45-year old IT-consultant working with two Swedish car manufacturers on autonomous vehicles. At the time of his arrest, he was with a Russian intelligence officer and carrying an envelope containing almost 30.000 Swedish crowns.
The intelligence officer was free to leave. Despite being the head of Russia’s foreign intelligence service in Sweden, his business card said he was a diplomat, granting him immunity. The consultant was later convicted of spying for Russia over a two-year period and sentenced to three years in prison.
The arrest sent shockwaves through the Swedish technology industry. State-sponsored cyberattacks have become increasingly prominent, giving the false impression that human intelligence methods are relics of the Cold War. The reality is different.
State Sponsored Cyberattacks
As businesses have improved their cyber defenses, state-sponsored cyberattacks have become more expensive, difficult, and risky. Though nations have great resources – both in money and manpower – improvements in cyber defences have pushed intelligence services to pivot back to the tried and tested method of recruiting people on the inside.
More than 40 individuals were convicted of espionage between 2010 and 2021, according to a newly released report by the Swedish Defence Research Institute FOI. Another 13 were still awaiting trial at the end of 2021. Most had been spying for Russia, but China, Iran and Belarus were also mentioned. The cases brought to court and made public are merely the tip of the iceberg, however. Not all spies are caught, while others may be concealed for diplomatic reasons.
Human intelligence operations tend to be utilized in parallel with technical operations such as cyberattacks, which continue to increase in both number and sophistication. Authorities view the various methods like tools in a toolbox, and a state actor will use whichever method is likely to be successful given the circumstances.
The Importance of Creating Security Awareness
Organizations must first accept that the trend is real in order to protect themselves. After that, the who and the why come to the fore. Who becomes a spy and what might their motives be?
Several studies show that most of the exposed recruited spies were men. Of the agents exposed in the FOI report, 95 % were men. Only two were women, both of whom committed their crimes in partnership with their husbands. Personality traits identified by various studies include those who are grandiose, narcissistic, and manipulative. Those convicted tend to be thrill seekers or people that are easily led - those who have an extreme but misdirected loyalty or a strong need to feel valued and appreciated.
Intelligence officers, working on behalf of their country, will try to identify vulnerabilities that can be leveraged. Disgruntled employee behavior, gambling problems, affairs, or other secrets can all be used to ensure that targets cooperate.
Human Threat Intelligence
The IT consultant arrested in Stockholm in 2019, for example, had a strained financial situation. Money was probably his motive, but money is only part of the picture in many of the publicly known espionage cases. Many of those caught were paid, but others were also feeling overlooked at work, or felt great loyalty towards their country of origin, and so on.
The tradecraft of recruiting agents or spies goes back decades and has been refined over the years. At the same time, human mechanisms remain little changed. The motivations, personality traits, and behaviors of a person who turned into a spy during the Cold War in the nineteen eighties will look a lot like a person recruited in the 21st century. What’s key for organizations is knowing where to look.
Human Threat Intelligence is about safeguarding your assets when the threat comes from the inside. Security vetting and awareness training should be integral parts of any organization’s core and security strategy - to predict and prevent the growing threat of espionage, crime, and disloyal behavior by those working within the organizations they purport to work for.