The CIA Discovers It Has A Mole

The arrest of former CIA case officer Jerry Chun Shing Lee sheds light on a shadowy counterintelligence drama that has been playing out for nearly eight years. 

Starting around 2010, the Central Intelligence Agency saw some of its most valuable spies inside China go down. This does not mean “going down” in a perp-walk-to-the-courthouse sort of way. This is China: They were executed. 

One was reportedly shot right outside the government building where he worked, just to make sure his coworkers got the message. The lucky ones were imprisoned. According to The New York Times, 18 to 20 CIA sources were blown, making it one of the most damaging counter intelligence losses in agency history. The story of Lee’s arrest is still developing, but much is already clear. 

First of all, Jerry Chun Shing Lee wasn’t some back-room paper-pushing bureaucrat at Langley. He was a “case officer” whose job was helping to recruit foreign spies to spill secrets to the United States. He was supposed to create moles, not become one.

It also appears the Chinese government probably gained access to highly classified information about US assets through electronic means, a mole, or both

According to press reports, intelligence officials have been sharply divided about how exactly all of this valuable intelligence got into Beijing’s hands. News of Lee’s arrest suggests that a mole was involved but certainly does not rule out other possibilities or people.

The FBI has not yet run this case to ground. According to the affidavit by FBI Special Agent Kellie R. O’Brien released recently, FBI agents searched through Lee’s belongings while he stayed at hotels in Hawaii and Virginia in August 2012. 
Those searches found two little books filled with big secrets that included the true names of Chinese assets, operational notes from clandestine meetings, as well as covert CIA facility locations. Now, more than five years later, Lee has been arrested only for unlawful retention of national defense information, not for handing that information over to a foreign government. If there’s another shoe, it hasn’t dropped yet.

It’s also clear that the damage done is big. In addition to blown assets, which take years to develop, and compromised information, which likely revealed American intelligence tradecraft, the organisational aftershocks for the CIA will be significant. 

Counter-intelligence failures are the ultimate betrayal, when one of the agency’s own, someone inside the circle of trust who swore an oath and promised to serve, turns against country and cause. Lee’s coworkers and others are undoubtedly asking themselves what they could or should have known. 

Investigations are undoubtedly exploring what early warning indicators might have been missed and what more could have been done. The heat will be on to learn the right lessons for the future and to tighten security protocols. All of these steps are important and necessary. But it’s a delicate thing, dealing with betrayal. 

Counter intelligence taken too far can create a debilitating, distrustful culture where suspicions run wild, careers can be destroyed, and truth can get lost.  

How do we know? Because we have seen this before. For 20 long years, CIA counter intelligence efforts were led by a boozy paranoid named James Angleton who was seared by the discovery that one of his dearest friends in British intelligence, Kim Philby, was actually a Soviet mole. Philby was eventually sacked and fled to Moscow. Angleton was convinced the Russians had more Philbys in the United States, and he spent his life on a relentless quest to find them, trusting no one, suspecting everyone, and ruining the lives of many. 

At the end of his career he was widely viewed as cagey, uncontrollable, isolated, and drunk. Decades later, the CIA’s own historian charitably described Angleton as someone whose “negatives outweighed his positives.”

The final pages of Lee’s spy story haven’t been written yet. But history suggests some useful lessons about how they should not end.

DefenseOne

You Might Also Read: 

CIA Chief - Trump Picks Pompeo:

US Intelligence Agencies Fear Insiders As Much As Spies:

Secret Arrest Of A National Security Agency Contractor:

 

 

« How To Handle A Cyber Crisis
Insiders Are Behind Most Business Cybersecurity Incidents »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

Bromium

Bromium

Bromium deliver a new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

ThriveDX

ThriveDX

ThriveDX, the world’s premier EdTech provider (formerly HackerU), champions digital transformation training as a means of empowering individuals to thrive in the age of digital disruption.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.