Cyberattacks are making it harder for US intelligence to recruit informants

Christopher Wray sees risks for spies.
Christopher Wray sees risks for spies.
Image: REUTERS/Joshua Roberts
We may earn a commission from links on this page.

At a Senate Intelligence Committee hearing on worldwide threats this morning (Jan. 29), committee chairman Richard Burr asked FBI director Christopher Wray what most concerned him about the weaponization of “big data.”

“As the challenges of encryption become bigger and bigger on the SIGINT (signals intelligence) side, we’re more and more dependent on human sources,” Wray told the North Carolina Republican. “And the more big data can be exploited by our adversaries, the harder it is to recruit and retain human sources.”

Wray seemed to be indicating that potential foreign agents and intelligence sources are worried about being exposed if government systems are hacked. The FBI is responsible for domestic counterintelligence, which includes rooting out spies on US soil. CIA director Gina Haspel, whose agency is responsible for foreign intelligence collection, concurred.

As Wray told the Senate Appropriations Committee earlier this year, “The day that we can’t protect human sources is the day the American people start becoming less safe.”

John Sipher, a 28-year veteran of the CIA’s clandestine service who retired in 2014, has called intelligence collection “a simple—yet fragile—process.”

“It is a moonshot to get a dedicated and trained spy into the right place,” Sipher explained in a 2018 essay. “Hard work over a long time, combined with a series of fleeting and serendipitous opportunities can help intelligence officers find a key source.”

Human sources, who provide “HUMINT,” or “human intelligence,” have long been crucial. Other categories include OSINT and GEOINT—”open-source intelligence,” and “geospatial intelligence.” For obvious reasons, HUMINT is the riskiest of all. A CIA article posted to the agency’s online archive describes it as a “last resort…because assets and NCS [National Clandestine Service] officers have lost their lives collecting HUMINT.”

The success of any HUMINT effort “rests on little more than the ability of intelligence professionals to build trust with people so that they will share information,” wrote Sipher. “The only thing the US can really offer potential intelligence sources is to keep them safe and protect their identities. If people don’t want to talk, there is little the intelligence community can do.”

Protecting sources is why the Russian security services keep details of their human sources offline, according to Janosh Neumann, the pseudonym used by a former FSB officer who fled Russia in 2008 and now lives in the US.

“We did not put any of the identities of our sources into the digital system, it was all in the old-fashioned [paper] system,” Neumann told Quartz. “Not because they don’t have such technology. It’s just an additional protection measure. The problem with the US is that you have digital systems everywhere. It’s more sophisticated, it’s more complex, it’s more reliable. But at the same time, it’s less protected and more vulnerable to potential cyberattacks and leaks.”

SIGINT still makes up an estimated 60% to 75% of all incoming US intelligence, according to sources cited by the Wall Street Journal. Michael Hayden, who headed both the National Security Agency and CIA, has said approximately 60% of daily US intelligence comes from the NSA, America’s SIGINT service.

Wray testified today that cyberattacks continue to come from Russia, China and Iran. What’s changed is that hostile governments are now “enlisting the help of criminal hackers, which is a form of outsourcing that makes it even more of a menace.”