(Forge Books) is about the turf wars between the Pentagon and the CIA and the privatization of national security.
Is there any way one can figure out some of the CIA's most highly guarded secrets from a corporate website?
Absolutely.
I’ve done it. (And you can count on it that America’s friends and enemies alike have, too.)
Recently while researching a piece for The Spy Who Billed Me, I took a break and reviewed my internet logs to see who was curious about my recent writings on the black sites. Among hundreds of hits on the page (and thousands in the logs), one in particular jumped out. It was a single page view that lasted for some fifty seconds and it came from an unmasked site, a common signature. I backtracked it and was shocked at what I found.
Typically members of the Intelligence Community have their IPs masked when they visit the blog, living no fingerprints, but not this one. The hit was from a company I had never heard of before, but with less than a minute on their site, I knew I had discovered one of the Intelligence Community's most secretive contractors, one of the A teams. The big surprise was that this corporate website leaked secrets like Zubaydah after his first thrifty-five second waterboarding.
I'm sure many are skeptical that a contractor would reveal clandestine ops on their sites, but keep in mind their sites are also marketing themselves to the corporate world and sometimes they say a little too much, believing that they have coded their information enough to protect it.
So let's see what can be deduced from an open source, available to all of America's friends and enemies on the world wide web. We’ll dissect the company's website and see just how well intelligence outsourcing is working from an operational security perspective.
(Note: Not that every intel agency worth it's salt hasn't already scooped up this info, but out of respect for Intelligence Community sensibilities, I'll call the Dulles toll road corridor contractor "Heckle and Jeckle Gizmos" and I won't quote directly from the site.)
Now the first question when reviewing Heckle and Jeckle's site, or any contractor's for that matter, is to ask: who do these guys work for? This can help quickly zero in on what they're up to.
Heckle and Jeckle boast that most of their employees have TS/SCI clearances, many based on a particularly thorough procedure, the highest level of security clearances. There are but a handful of government agencies that require this for contractor access and really only two major intelligence agencies that do so. One of them is located in Langley, Virginia a couple of miles from the eastern entrance to the Dulles Toll Road and it has well-known, overt satellite offices stretching out west thereon at various exits. The other is located in Ft. Meade, Maryland.
For those who live as far out of the Beltway as I do, these clearances suggest that Heckle and Jeckle are doing business with the CIA and NSA.
The specific governmental entities Heckle and Jeckle provide outsourced services for can be quickly narrowed down though the geography of their corporate offices which are located near Dulles airport in northern Virginia; in Cumberland County, North Carolina; Virginia Beach, Virginia and Tampa, Florida and if we dig a little we discover they have staff co-located at an Annapolis Junction Maryland facility. To the uninitiated, that means they contract with the CIA, work extensively with Army and Navy tier-one Special Forces Teams as well as Special Operations Command (SOCOM) with a little NSA thrown in.
When it comes to who is working for whom in the Intel Community, geography doesn't lie: Location, location, location.
For purposes of our analysis, the next question then becomes , what is Heckle and Jeckle's specialty? According to their site, it's specialized communications, including nonattributable communication systems and communications devices that function in hostile environments. In fact, their employees have experience working in hostile and denied areas and have immediate availability to deploy as part of a team or alone to ply their trade abroad or in the US. (Private domestic spying, anyone?)
Go-bags packed, ready to deploy with teams raises the obvious follow up question: which teams?
Anyone know any teams in Virginia Beach or Fayettenam?
And where would they be tagging along with these Special Forces teams? Maybe to the Special Forces Club in London, but Heckle and Jeckle’s employees' background suggests foreign hostile or denied areas.
Now what could they possibly do in hostile, denied or politically sensitive areas?
Again, the contractor’s website gives us the answer: Heckle and Jeckle's comm equipment has offensive and defensive capabilities.
Offensive communications--can you say clandestine ELINT and SIGINT collection?
In laymen's terms, setting up in a house that happens to be in the path of a highly directional signal or on top of just the right cable, but in this case the metaphorical houses are probably in such friendly spots as Iran or wherever the yellow brick road of GWOT contracting leads.
To pull the conclusions of our open-source intelligence (OSINT) together, Heckle and Jeckle teams stand ready, custom-designed high-tech gadgets in hand, for clandestine missions in enemy territory to covertly and remotely intercept foreign communications or penetrate information systems. This can be done independently or in conjunction with SEAL or Delta or other secret squirrel teams on behalf of SOCOM and the CIA.
In other words, they set up black sites albeit a different type than has been in the news lately. To put it into context, such black sites such as covert listening posts in hostile territories and even in friendlier ones where discovery could create international tensions count among the Intelligence Community's blackest secrets. And now, thanks to the About page on Heckle and Jeckle's website, we know that the CIA is outsourcing this to Heckle and Jeckle, whose identity would make it somewhat easier to uncover the black collection sites.
Now that's serious OPSEC.
(We can only hope that they outsource the cover aliases they use when establishing and serving these sites.)
Digging inside the website, particularly into its previous versions which can be found in the internet archive, we can create an even more revealing picture of what Heckle and Jeckle are up to.
From job descriptions for various types of engineers they're seeking, we learn that their main facility is near the Dulles Toll Road in northern Virginia. Since contractors tend to locate their main facilities near their contracting agencies, this suggests that the bulk of their work is for the Directorate of Science and Technology (DS&T) at the CIA, the relevant offices of which are conveniently located nearby. No surprise. DS&T provides the equipment that the National Clandestine Services uses to do its job.
In 2005 the firm began posting job openings (although it's questionable how many linguists and engineers know enough about H&J to to go directly to their site looking for a job.) These are rich with details indicating various clandestine programs, OSINT just waiting to be scooped up.
Here we learn that Heckle and Jeckle are seeking subject matter experts (SME) in Arabic to work with its customer's teams in Annapolis Junction, MD. This can only be the National Security Agency. The NSA is primarily made up of contractors and providing them with SMEs is nothing special. Let's move on.
Heckle and Jeckle also brag about a micro-electromechanical facility which becomes particularly interesting in conjunction with their job openings announcements. Reviewing the skill sets they're looking for, it quickly becomes apparent that they design and program their own computer chips, so they're clearly creating proprietary cutting-edge gadgets. It's notable how frequently they're searching for engineers with experience in one of the most miserable operating systems for mobile devices: Windows mobile. They're also regularly seeking programmers versed in another mobile device language: Symbian. Now this information taken in conjunction with their specialty and their prior claims of micro-electromechanical facilities suggests they're designing and creating a lot of mobile, hand held covert communications devices.
And here I'd venture a pure guess that these are probably designed to look like standard run-of-the-mill Treos and other smart phones, blending their “intelligent phones” into the mobile world. The largest consumer of such gizmos is, of course, the CIA's DS&T, adding to suspicions that Heckle and Jeckle is a major DS&T contractor. The primary use of such covert communications gear is for communications with nonofficial cover officers (NOCs) and agents. So the information on Heckle and Jeckle's site suggests that they are likely designing and creating the latest must-have accessories for NOCs and agents, a far cry from the clunky COVCOM gear of yesteryear. (And from the Agency's point of view, knowledge of this would be a serious security breech. Keep in mind the CIA does not even allow contractors to acknowledge their affiliation with the Agency, let alone divulge the programs they are working on, particularly such sensitivities ones.)
Not only have CIA programs been compromised, so have SOCOMs. Judging from the job postings for positions in Florida, Heckle and Jeckle are doing data mining and analytical work for SOCOM. Among other things that can be deduced, they search for relational patterns of terrorist activity and affiliations, looking at a wide array of seemingly innocuous relationships using open source and clandestinely gathered data, particularly focusing upon financial transactional data. I'm betting they have a very sophisticated quantitative model that they're constantly tweaking that underlies this process.
Again, Heckle and Jeckle job postings give us hints to other SOCOM programs. It appears that Heckle and Jeckle are involved in tracking SOCOM assets worldwide. Moving beyond Heckle and Jeckle's own website to other open sources, it's possible to learn some of the specs of related handhelds including whose low-earth orbiting satellites they use. Digging a little deeper, it's also possible to discover the code name of Heckle and Jeckle's RF geolocation program...
US national security is compromised by the Intelligence Community's heavy dependence upon corporations, corporations whose websites sometimes spill out some of the darkest government secrets to those who know how to read them. Last week's revelations by D/CIA Hayden that CIA contractors have been involved in enhanced interrogation techniques at detention facilities (i.e. waterboarding at black sites) should make it clear even to the casual observer that private corporations are integrally involved in the Intelligence Community's most sensitive and secretive clandestine and covert programs. Nothing is off-limits. Corporate involvement in clandestine programs raises operational security concerns that only exist because these companies market their services to the private sector, capitalizing upon their exotic experience with the US government.
In other words, we're taking risks with our national security, risks we don't have to take. Perhaps some of the risk can be mitigated through restrictions upon contractor marketing and better contractor policing. As a big fan of the private sector and of government outsourcing, I don’t like to think that the problem is inherent to outsourcing, but at the moment, it’s hard to imagine it otherwise. A Congressional ban on using government contracting experiences for marketing purposes may be one partial solution.
The Director of National Intelligence McConnell has been a strong proponent of increased use of open-source intelligence, OSINT. It's overdue that the Intelligence Community takes OSINT for seriously counterintelligence (CI) purposes (and it comes as no surprise that CI uses of OSINT was a notable omission in the ODNI's Open Source Conference last summer.) This needs to be immediately addressed--our national security depends upon it. Eliot, are you listening?
I'm sure some in the Intelligence Community will be appalled that I have publicly posted this analysis, particularly since it involves a key clandestine player, but keep in mind, what I’ve done is an exercise in OSINT, an exercise the Intelligence Community should have done long ago. Whereas the contents of this article might come as a surprise to intelligence professionals in Ouagadougou and Ulaanbaatar, they won't be in Moscow, Beijing or even Tehran.
And they shouldn't be in McLean.
"Heckle and Jeckle" are the ones who posted the raw intel on their own website and they're the ones who left their corporate electronic footprints on my blog. It's particularly ironic, since they're specialists in covert communications. It's equally ironic that I've protected their identity when they’ve hardly bothered to hide our national secrets. It is not my intent to hurt the company.
It's my sincere hope that as a result of this post, the Intelligence Community pays a little more attention to the operational security compromises of the divided intelligence contractor mission of serving the public interest while marketing those same services to the corporate world. As I wrote in the Washington Post last summer, corporations have succeeded where few foreign governments have: they've penetrated the CIA. Now it's up to the Agency and the Intelligence Community to ensure that programs are not further compromised as a result of this wide-scale industrial penetration.
***
(And if anyone needs assistance closing up the gaps from someone who discerns faint patterns within reams of seemingly unrelated data, I rent out for parties.)
Funny that you don't talk about government employees and their loud mouths on the net. It is also funny that you lump one bad egg into the same basket as the rest of the contracting force. I have seen the best of both worlds, no need to bash either; we all are on the same side.
Posted by: Rob Leymoyne | February 19, 2008 at 09:59
Actually, this contractor isn't a "bad egg," but rather it's considered among the best and brightest.
I'm not contractor bashing. We are indeed all on the same side and it's this blind spot when it comes to CI that troubles me. As I pointed out in the post, I'm actually protecting the contractor's identity, although for security purposes, it really doesn't matter since this stuff has been on the web for years.
RJH
Posted by: R J Hillhouse | February 19, 2008 at 11:57
Rob,
"Admit nothing, deny everything, make counteraccusations." Yep, I have one of those ballcaps, too. And it isn't just one contractor that so boldly proclaims what it does for the USG on its website.
I cannot help but muse that there is something--I don't know what--about our current government leadership that seems to induce, almost legitimize, the type of disclosures and "mistakes" that would've surely led to termination in disgrace just a few short years ago. My perception is that this started in the early 1990s, but the current administration did nothing to reverse the trend. Quite the contrary, they demanded that intelligence professionals trade professional integrity for political loyalty in an unprecedented way. And now we are living with the blowback.
Posted by: Retired | February 19, 2008 at 13:51
Too bad that Rob didn't see your post for what it is - a classic Red Team analysis of OPSEC discipline. Nice work, as usual, RJ.
Posted by: Jeff Carr | February 19, 2008 at 15:02
Spooky revelations Dr. RJ Hillhouse. Given the corporate penetration and perhaps compromising of the intelligence community, - do those individuals operating the mobile proprietary micro-electromagnetic gadgets with both offensive and defensive capabilities, and their corporate masters serve the best interests of the American people, - or said corporations?
Posted by: Tony Foresta | February 19, 2008 at 20:16
It's the Directorate of Science and Technology, not the Division.
Posted by: TOO | February 20, 2008 at 11:05
Thanks, TOO. A last minute change resulted in a typo. My error.
RJH
Posted by: R J Hillhouse | February 20, 2008 at 12:24
Funny, Retired, that's a perfect summary of what I've just read in a book recently. You're not Mr Baer by any chance, are you?
In any case, this blog is both very depressing and enlightening. Cheers, RJH.
Posted by: Snoopy | February 20, 2008 at 19:31
What prevents these contractors from selling their services to foreign corporations or governments?
Posted by: Derek Gilbert | February 20, 2008 at 19:48
Given the your"...perception is that this started in the early 1990s, but the current administration did nothing to reverse the trend. Quite the contrary, they demanded that intelligence professionals trade professional integrity for political loyalty in an unprecedented way. And now we are living with the blowback" (a perception I share in a pedestrian way), - the offensive capabilities of these gadgets and the (suspect) loyalties of the contractors lurking about using them that is....troubling.
"Deliver us from evil!"
Posted by: Tony Foresta | February 20, 2008 at 22:09
My perception is that this started in the early 1990s, but the current administration did nothing to reverse the trend. Quite the contrary, they demanded that intelligence professionals trade professional integrity for political loyalty in an unprecedented way. And now we are living with the blowback.
They only thing intelligence employees have been able to execute effectively in the last 30 or so years is make excuses for there inept waste of taxpayers dollars.
Posted by: KLEPT | February 21, 2008 at 01:43
KLEPT,
I'm sure that we would all be interested in your sharing your insightful, first hand knowledge of exactly what was going on. Please do so. Thanks.
Posted by: Retired | February 21, 2008 at 23:04
Derek Gilbert:
The same thing that keeps government employees from doing the same thing: their own virtue. I think what you are talking about is the organized transfer of intel collected or developed on U.S. Government contract to a foreign power by a commercial entity and not the individual.
Rob L:
No one has covered themselves with glory concerning this subject. Both commercial and government sides have dropped the ball.
I'd like to right more but am in the middle of morning coffee and thinking hurts.
Your post speaks for itself. /snark
Posted by: Rich | February 22, 2008 at 07:47
The last line was to Klept. See what I mean about morning coffee?
Posted by: Rich | February 22, 2008 at 07:48
I am contacting you through this contact form as there was no email address available. We would be interested in purchasing advertising on your blog http://www.thespywhobilledme.com/the_spy_who_billed_me/
. Please get back to me using the email address I have entered if you would be interested in discussing this further.
Posted by: Scott | February 22, 2008 at 20:58
Rich: Exactly right. Profit is a powerful incentive, as evidenced by the lack of judgment displayed by the company profiled by Dr. Hillhouse.
Posted by: Derek Gilbert | February 22, 2008 at 22:16
And therein lies the problem and our dread concern Derek Gibert.
Are these companies and corporations loyal to America and Americans, or to profit?
If the former, than shame on them for sloppiness, - if the latter, - then woe to us for allowing our intelligence apparatus to be sold to individuals, and companies whose operations, interests, and loyalties are focused on profits, - and not America or Americans.
"Deliver us from evil!"
Posted by: Tony Foresta | February 23, 2008 at 05:21
Re. the culture of persistent OPSEC violations:
I will never forget, shortly after 9/11/2001, hearing Bush's press secretary talk about "picking up terrorist chatter." I nearly fell out of my chair, as that phrase transparently translates to "intercepting terrorst communications," and such blatant blabbing about sources & methods in years past would have gotten the man fired before the end of the press conference.
Instead, that phrase was repeated countless times by countless Administration officials, in the years following the attacks.
Quite a contrast to the days of "Never Say Anything" and "I work for the (unrelated mundane civilian agency or department) doing (something terribly boring), you really don't want to hear it."
To that we can add the Plame case, the Iran crypto leak, Cheney's refusal of document security checks, White House comms handled over insecure private data facilities for political reasons, and countless similar examples.
The bottom line is, the present Administration wouldn't know an OPSEC problem if it was wearing dark glasses, a cloak, and a dagger. And they have set an (atrocious) example from top to bottom, which has been duly followed by those whose hiring had more to do with ideology than with capability.
The only thing that's going to change it is this year's election and a clean sweep top to bottom. Any of the three leading candidates can be counted on to do a better job, though it pains me to say that if we have to have eight years of Democrats in the White House to do it, then so be it.
Posted by: 510 | February 23, 2008 at 05:23
Word 5:10. The proliferation of private military, private intelligence, and private media industrial compex contractors is focused exclusively on wanton profiteering by the fascists in the Bush government, and NOT on securing America.
Intelligence is no longer raw data compiled, collated, vetted, and analyzed - it is purely political propaganda pimped and proselytized. Tragically, it is the America people and our uniformed assets that must burden the hazards, and pay the gargantuan bills.
"Deliver us from evil!"
Posted by: Tony Foresta | February 24, 2008 at 01:17
I don't know about the profiteering angle. Government employees have functioned as moles in the intelligence apparatus for, in some cases, decades before being discovered. They operated, in many cases with an unstated profit motive. We know what the motives of companies we are outsourcing to up front. To make a profit and i don't have a problem with that. We are going to have to deal with this eventually since the contractors are here to stay. I don't pretend to know the answer, but, I think any line of arguement that includes we can't have private military contractors has a built in fatal flaw.
Posted by: Richard Cook | February 26, 2008 at 17:26
Foresta wrote: "The proliferation of private military, private intelligence, and private media industrial compex contractors is focused exclusively on wanton profiteering by the fascists in the Bush government..."
Anyone who writes such cannot possibly have had a particularly broad or deep first hand knowledge of intelligence outsourcing during the past decade. Those who have realize that contracting out intelligence, as opposed to nation building support, has been pretty much the result of: (1) a demand for rapid expansion of the numbers of people used in the intelligence function by both the White House and Congress, (2) the structuring of the funding of this expansion in a way that pretty much dictated contracting out (i.e., hiring green badgers) as opposed to building internal infrastructure (i.e., hiring blue badgers), and (3) the reaction of the marketplace to same.
Unlike outsourced "nation building" support, which is handled by a handful of well-connected large firms, privatized intelligence has resulted in an almost extreme proliferation of small, specialized companies, each with their niche. To the extent that these microfirms are politically loyal to anyone, they are far too numerous and their ownership far too diverse to constitute a financial windfall for Bush cronies.
Intelligence contracting, PMCs and nation building support can't be lumped into a single characterization. They are very different, indeed.
Posted by: Retired | February 26, 2008 at 18:06
Readers may find it interesting that H&J, aka Blackbird Technologies, is home to LTC Tim Eads, recently featured in the NYT article on Pentagon propagandists. LTC Eads is Blackbird's VP for "govt relations"
Posted by: Tim Eadz | May 12, 2008 at 20:08
This is just a stepping stone for the Government Executives to start up there own company's and gain profit and polictical gain from it. That is why it is left alone. I have seen several go to retirement and start up, or secure thier positions with these H&J companies. But What can you do? Nothing, because there either getting paid off now or it will come in it's time, once they retire. So whats at stake you say, our security!!! And our taxes!!
Posted by: Why supply | December 09, 2008 at 20:15