The CIA's counterintelligence unit was recently sufficiently shocked to send a 'hair on fire' letter to its case officers all over the world.
The New York Times reports today (emphasis added):
Captured, Killed or Compromised: C.I.A. Admits to Losing Dozens of Informants
WASHINGTON — Top American counterintelligence officials warned every C.I.A. station and base around the world last week about troubling numbers of informants recruited from other countries to spy for the United States being captured or killed, people familiar with the matter said.
The message, in an unusual top secret cable, said that the C.I.A.’s counterintelligence mission center had looked at dozens of cases in the last several years involving foreign informants who had been killed, arrested or most likely compromised. Although brief, the cable laid out the specific number of agents executed by rival intelligence agencies — a closely held detail that counterintelligence officials typically do not share in such cables.
The cable highlighted the struggle the spy agency is having as it works to recruit spies around the world in difficult operating environments. In recent years, adversarial intelligence services in countries such as Russia, China, Iran and Pakistan have been hunting down the C.I.A.’s sources and in some cases turning them into double agents.
I know of no organization that would send this kind of letter out of the blue and without immediate cause. 'Hair on fire' letters are usually send after some recent incident happened that had relative grave consequences. So what had happened immediately before this letter went out? I can only think of one recent incident.
A week back, on September 29, this news item made the rounds:
Russia arrests founder of cybersecurity firm Group-IB for high treason
Authorities in Russia have arrested the founder and chief executive officer of prominent cybersecurity company Group-IB Global Private Ltd. on accusations of high treason.
Ilya Sachkov, who founded the company in 2003, was arrested today on a warrant issued by Moscow’s Lefortova district court. The arrested followed a raid on the office of Group-IB on Tuesday.
Bleeping Computer notes that the company has assisted law enforcement organizations, including the European Union Agency for Law Enforcement Cooperation and the International Criminal Police Organization, with information, expertise and statistical data that helped combat cybercriminal endeavors. However, there is some claim that the company refused to cooperate with Russia’s Federal Security Service outside official contracts or on political issues.
According to TASS the arrest of Sachkov took place on Tuesday, September 28:
"The Lefortovo District Court of Moscow ruled on September 28 to choose custody for a term until November 27 as a measure of restraint for Ilya K. Sachkov suspected of committing a crime stipulated under Article 275 of Russia’s Criminal Code (‘High treason’)," the source said.
Earlier, media outlets reported that law enforcement officials raided the Moscow office of Group-IB on Tuesday. The company’s press service noted that the law enforcement officials left the office in the evening of the same day. The company added that it had no information regarding the reason for the investigation.
Another TASS report quotes an anonymous official about the alleged crime:
Group-IB founder Ilya Sachkov, arrested earlier over charges of treason, worked for foreign intelligence and handed them classified information on cybersecurity, according to the investigation, a source in law enforcement told TASS.
"The investigation suspects Sachkov of handing over classified information on cybersecurity to foreign intelligence agencies," the source said.
According to the source, Sachkov could have been "employed" by intelligence agencies of several countries, but they will not be named in the interest of the investigation.
"The Federal Security Service (FSB) military counter-intelligence has joined the investigation," the source said.
In 2016, Sachkov was included in the Forbes 30 Under 30 list. He is an associate professor of the Bauman Moscow State Technical University IT Security Department, and a member of Russian State Duma and Foreign Ministry expert committee.
A Russian cybersecurity expert with international contacts and with insight into Russian cybersecurity issues would certainly be a target of CIA recruitment efforts.
He wasn't the first one:
In 2019, a court sentenced a former top FSB cyber security official to 22 years on treason charges for passing information along to the US. A former senior executive at Kaspersky Lab, Russia’s top cyber security firm, was sentenced to 14 years in prison in the same case, details of which were not made public.
The New York Times report notes that the CIA's problem is partitally caused by giving the wrong incentives to case officers. Misaligned incentive structures are a typical problem in U.S. human resource management:
Recruiting new informants, former officials said, is how the C.I.A.’s case officers — its frontline spies — earn promotions. Case officers are not typically promoted for running good counterintelligence operations, such as figuring out if an informant is really working for another country.
The loss of informants, former officials said, is not a new problem. But the cable demonstrated the issue is more urgent than is publicly understood.
Russia's counterintelligence will surely have had a close look at Sachkov. Unfortunately it is unlikely that it will reveal how it has caught him.
Posted by b on October 5, 2021 at 18:00 UTC