Detecting corruption & money laundering: 72 potential indicators, from the perspective of Financial Intelligence Units (FIUs)

Front page of public summary document released by the Egmont Group.

The Egmont Group (Twitter: @EGFIU) is a platform for exchange of expertise and financial intelligence that consists of 164 (!) Financial Intelligence Units (FIUs) worldwide. In mid-July 2019, it released a public summary (.pdf, 22 pages; mirror) of the “FIU Tools and Practices for Investigating Laundering of the Proceeds of Corruption”. The release stems from an initiative started by the FIUs of Israel (IMPA), the Netherlands (FIU-Nederland), Russia (Rosfinmonitoring) & Ukraine (SFMS).

The summary provides, notably, a list of 72 indicators (pp.16-22; a ‘checklist’, if you will) to identify possible cases of corruption and money laundering. Be reminded that the latter is also relevant to combat terrorist financing. The indicators are grouped as follows:

  • Indicators of Corruption in Public Procurement
  • Indicators of Unexplained Wealth or Income
  • General Indicators

They serve as potential triggers for FIU investigations and can be used by banks and accountancy firms — but investigative journalists (‘follow the money’) and others may also want to take note. For the latter and other purposes I (re)post the indicators below as quick reference.

NOTE #1: there is no substitute for reading original documents in full, so do read the original public summary in full. Context always matters.

NOTE #2: for some historic reading and background on FIUs, see the IMF publication Financial Intelligence Units: An Overview (.pdf, 2004, 149 pages; mirror).

Egmont Group Set of Indicators for Corruption Related Cases From the FIUs’ Perspective

Indicators of Corruption in Public Procurement

  1. Services provided to state-owned companies or public institutions by shell companies, offshore companies or formations, companies in registration offices or P.O. companies.
  2. Services provided to state-owned companies or public institutions by companies registered in high-risk jurisdictions.
  3. Long-term contracts are repeatedly awarded to the same subcontractor, or a certain legal entity or legal arrangement consistently winning a majority of the largest contracting authority tenders/public procurement bids.
  4. The issuance of unreasonable specifications for the performance of the contract (including restrictive conditions for the location of the contractor, restrictive conditions for the materials needed for the performance of the contract, particularly tight deadlines, etc.) by the procuring authority.
  5. Subcontractors have common director(s), beneficial owner(s) and/or are related with the management of the contractor.
  6. Subcontractors/intermediaries brought in on business deals once a contract has already been agreed and for no obvious reason.
  7. Contractors, subcontractors or their counterparties (within the timeframe for completion of the state contract) are linked by address, telephone number, IP-address, etc.
  8. Procurement projects which are funded through loan agreements by governing bodies such as development institutions but where the eventual tender price put out is significantly higher than the loan amount requested.
  9. Deposits in public officials’ accounts with checks issued by construction companies, individuals or non-governmental entities that previously benefited from public works contracts.
  10. Legal entities with little or limited experience receiving highly complex and technical government contracts/projects (not compatible with the size or experience of the entity) or receiving government contracts/projects that are not related to their field of business.
  11. A certain legal entity or arrangement, which is a contractor to a state-owned company, usually receives payments of higher amounts for goods or services which normally should cost less (when compared to the normal market prices for equivalent products or services).
  12. Funds received by a contractor of public procurements are not spent within a reasonable timeframe to fulfil the contract needs.
  13. Checks issued in favor of public officials and come from accounts of persons that benefited from public procurements/funds, without an evident justification.
  14. Checks issued by a public entity being cashed out and subsequently deposited to accounts of public officials or entities related to public officials.
  15. Public officials, especially those having a role in government contract management or public procurement of high-value assets, receive funds transfer instructions:
    • from business and/or personal accounts, where these funds appear to be excessive in value;
    • according to in-built distribution methods or contractors or intermediaries;
    • from distributors used at the request of the contracting party;
    • according to existence of rebate arrangements, particularly if agreed outside the contract;
    • under requirements to obtain licenses and other government permits as a pre-requisite of doing business.
  16. Use of third parties, such as contractors, consultants, vendors, suppliers and advisor/intermediaries, in order to facilitate procurement contracts fulfilment:
    • Requests for compensation not explicitly contemplated in the third party contract
    • Requests that payments be made to different third parties
    • Third party requests for charitable or political contributions
    • A third party is in a different line of business than that for which it is engaged
    • The third party has little or no experience in the relevant industry or activity
    • The third party does not have an office in the country where services will be performed
    • The third party was recently formed or incorporated
    • The third party has poor financial stability or credit record
    • The third party has a high level of reliance on subcontractors or intermediaries (so-called “fourth parties”)
    • The third party became part of a transaction at the express request or insistence of a public official
    • The third party is recommended or referred by a public official
    • Third party commissions are unreasonably large or based on inaccurate or incomplete invoices
  17. Contracting party issues commercial cards to individuals that are not employees of contracting party and are used to purchase luxury goods, make payments for high-cost services or other transactions that are not normal business expenses.
  18. Payments based on a public procurement contract are conducted at a price higher than originally contracted.
  19. Payments conducted according to public procurement contracts where there was only a single bid for a government procurement tender, which signals a lack of competition and closed access.
  20. Receipt of commission or fees before signing of agreement for services or carrying out a function or process in relation to public procurement contract.
  21. Commissions, interest or payments under commercial terms of public procurement contract are increased, reduced or restructured in a manner that is not commercially viable.
  22. Repeated or subsequent purchases of low-quality goods, works and services at market prices of goods of higher quality or purchases of goods, works and services at higher than market prices.
  23. Payments for goods according to public procurement contracts without delivery of such goods to customs territory of the country.
  24. Payments are conducted to accounts of providers of goods, works and services, which are opened in countries different from where such goods, works and services are originated or provided.

Indicators of Unexplained Wealth or Income

  1. The subjects in a transaction are domestic or foreign public officials and receive and/or send unusually large amounts of funds in different currencies.
  2. Funds received in accounts of persons, legal entities, or legal arrangements with no visible connection to public officials, but known to be controlled by such, or persons related to them (a frontman, a strawman, or legal entity established to conceal the beneficial ownership), where the funds have been sent by a shell company. The additional information provided with regard to the funds refers to “loans”, “investment purposes”, or “purchase of real estate property”, or otherwise reveal an irreconcilable conflict of interest involving commercial business between a private enterprise and a public official.
  3. Representative of a public official (i.e. lawyer, secretary, accountant) opens account and purchases expensive property or luxury goods with the express intent of bypassing Customer Due Diligence (CDD) process screening for public officials.
  4. “Straw men” (especially in the remittance sector) can be used to obfuscate the beneficial ownership of the assets by involving public officials’ employees i.e. cleaner/ gardener/driver. Usually, the funds received on the accounts of such straw men significantly exceed their legitimate employment income.
  5. Public officials receive or purchase shares (or the option to purchase shares):
    • In a company in exchange for services; or
    • In a company where the purchase is financed by the vendor; or
    • In a company where the purchase price is below the net asset value of the company; or
    • In a company and receives a dividend from the company which is disproportional to the purchase price; or
    • Which give the right to sell shares at a price which is higher than either the current market value or the price at which the shares were purchased; or
    • And profit from a share transaction where the purchase and selling dates of shares are within a short time period.
  6. Public officials receive loan guarantees from a public corporation or government body, or a loan under favorable conditions.
  7. Public officials receive large amounts of money for their attendance in workshops, conferences or as consultants to projects, in order to disguise the origin of the funds from being seen as a payment of corruption.
  8. Public officials receive debt forgiveness or repayment requirements are waived by the creditor.
  9. Public officials perform transactions with sovereign wealth funds or government-linked companies.
  10. Misrepresentation and/or inconsistency between the declared source of wealth of public officials through their sworn asset declarations, and those established during the due diligence process.
  11. Public officials have purchased virtual assets in a total amount higher than their legally declared income.
  12. The purchase of goods or services, or transfer of payments, or the receipt of any other benefits (i.e. rental payments, school fees, chauffeur fees, fees for private healthcare, funding of private jets, consultancy fees, high commissions, etc.) for or on behalf of a public official, from the contracting authority, or a contractor in the period of the execution of the state contract.
  13. Transactions that take place in accounts of public officials involving cash deposits or withdrawals in unusual frequency and amounts.
  14. Incoming transactions from foreign jurisdictions (specifically from high-risk jurisdictions) on accounts of public officials, which are intended for real estate purchases or purchases of high-value or luxury goods, typically contain no additional information about the transaction itself, and the necessary remittance information is vague (e.g. refers to ‘consultancy fees’). Such situations result in a lack of transparency with regard to the transaction and difficulty determining the source of funds.
  15. Purchases or leases of movable or immovable assets by public officials which do not coincide with the subject’s income.
  16. The use of hawala type mechanisms (especially through the remittance sector) by public officials to move money abroad.
  17. Fixed Term Deposit Certificates made by companies with the main purpose that the capital and interest generated from the investment should be transferred immediately to accounts of a political party.
  18. Cash deposits with no rationale:
    • Credit card/ home loan applications (even if declined) are useful to find out what the public official earns versus what is deposited into their account; or
    • Cash deposits made into the same public official’s account from different locations.
  19. The immediate transfer of funds from a private entity’s account to a personal account of a public official and the subsequent movement of the funds to third party accounts. These funds are eventually moved abroad, which indicates the use of the aforementioned accounts as a temporary node. Some of the persons in the described chain may deduct a percentage of the amount before transferring it further, which indicates that these persons have received a commission for their services.
  20. Incoming cash or electronic transfers from different external sources on accounts of public officials are later spent at online gambling sites – credit from the same site or different online gambling sites can then be seen.
  21. Transferring of funds from accounts of public officials to high-risk vehicles abroad, such as corporate trusts.
  22. Public officials establish legal entities or legal arrangements, which have purchased land and buildings of significant value (as is evident from their accounting documents), despite the absence of any other commercial activity, or without a justifiable source of funds.
  23. Public officials have made cash transactions involving large amounts (e.g. currency exchange, use of cash to purchase high value goods, etc.).
  24. Transaction payments of unusual amounts or frequency from public officials to lawyers, accountants, or other professional intermediaries.
  25. Payments in favor of public officials are made to facilitate or expedite a government service.
  26. Use of state funds to purchase shares in private companies or private companies belonging to public officials, at prices above market value.
  27. Issuance of sovereign debt to public officials or entities known to be controlled by them, at interest rates above the prevailing market rate.
  28. Use of Joint Venture (JV) structures for government contracts in which public officials or a company belonging to them are silent partners. For example, in a JV between a state-owned company and a private company, a third silent shareholder owned or controlled by a public official is inserted in order to allow the public official to take a share of the profit.
  29. Payments by entities to NPOs that public officials are known to be associated with.
  30. A transaction or financial activity, which involves foreign nationals with no significant link (apart from the financial) to the country where the transactions took place. These foreign nationals are known to be active consultants or employees of lobbying organizations and are sometimes reluctant to explain the source of wealth/funds or give unsatisfactory explanations.
  31. Financial flows, which reveal complex financial mechanisms and intervention by foreign legal entities or arrangements, are received in an account in another jurisdiction, where the account is related to a public official.
  32. International transfer from the Treasury of a foreign country to shell companies, to entities with no public profile, or no physical or online presence, or to individuals who are not known employees of the government.
  33. The stated source of wealth of funds received to an account of a public official may be inconsistent with the client’s stated career history, expertise, or age. In this regard a mismatch may exist between the applicant’s stated career history and their total net worth.
  34. Transactional activity usually characterized by first party payments to and from accounts in the same name or between offshore company and trust structures (linked or known to be linked to public officials).
  35. Customer, especially when it is a public official, transferring funds to/from other public officials, including law enforcement officers.

General Indicators

  1. Open source information, which can relate specific financial activity to ongoing investigations into individuals, and concerns about corruption.
  2. An entity that receives public contracts and its legal representative/s appear in media reports, which link/s him/her/them to corruption or other financial crimes.
  3. Payments made by contractors for consultancy services, particularly in industries with a higher risk to corruption, such as arms, mineral extraction, telecoms, public infrastructures, where the amount paid appears to be outside the normal price range for consultancy services.
  4. A fiduciary service company which set up the structure for the applicant may be the subject of negative press reporting.
  5. Close family members or associates of public officials are appointed as senior management officials in private companies without meeting the necessary requirements for taking up the position or the hire’s salary or compensation package is not commensurate with market conditions.
  6. Applicant wants to open an account with an unnecessarily complex structure of economic and beneficial ownership possibly involving eclectic wealth planning arrangements or bearer share companies (known to be linked to a public official).
  7. Applicant (who is a public official) expresses urgency on an application (e.g. completion on a mortgage or other time critical transaction).
  8. Explanations for transactions may include the use of words and phrases often used as euphemisms for bribes (for example commission, marketing fees, surcharge, etc.).
  9. Public officials increase their standard of living after the expiration of the officials’ mandate without any legally justifiable reasons. Another possibility would be an inability or refusal by these persons to provide a credible account regarding how the wealth was generated or to provide corroborative support for the source of wealth. In other cases, the corroborative documentation provided raises concerns about authenticity or is otherwise inconsistent with the source of wealth statement.
  10. Opaqueness of government business schemes used to encourage diversity, which should be overtly transparent.
  11. Companies which pay other firms to perform logistical roles in countries where there is a high degree of perceived corruption and which they could perform themselves, in order to transfer the risk to the other firm.
  12. Companies changing the terms of agreements and definitions of intermediaries to avoid registration and regulatory oversight in other countries.
  13. Company wins a public tender with short submission period (i.e. number of days between publication of a call for tenders and the deadline for submission of the bid).


The Twenty-Five Rules of Disinformation — H. Michael Sweeney, 2001

Here’s a shameless rip of Twenty-Five Ways To Suppress Truth: The Rules of Disinformation (last updated 2001) as permitted by the copyright notice of its author H. Michael Sweeney (Twitter: @PPPBooks). Reasons for reposting it on my blog are that 1) it has gained renewed relevance in recent years, and 2) Lots of Copies Keeps Stuff Safe. I left out references to the author’s original domain (proparanoid dot com) because it is no longer under his control.

Click here to jump directly to the 25 rules, each with explanation, an example, and a proper response.

Quick overview:

  1. Hear no evil, see no evil, speak no evil
  2. Become incredulous and indignant
  3. Create rumor mongers
  4. Use a straw man
  5. Sidetrack opponents w name calling, ridicule
  6. Hit and Run
  7. Question motives
  8. Invoke authority
  9. Play Dumb
  10. Associate opponent charges with old news
  11. Establish and rely upon fall-back positions
  12. Enigmas have no solution
  13. Alice in Wonderland Logic
  14. Demand complete solutions
  15. Fit the facts to alternate conclusions
  16. Vanish evidence and witnesses
  17. Change the subject
  18. Emotionalize, Antagonize, and Goad
  19. Ignore facts, demand impossible proofs
  20. False evidence
  21. Call a Grand Jury, Special Prosecutor
  22. Manufacture a new truth
  23. Create bigger distractions
  24. Silence critics
  25. Vanish


Twenty-Five Ways To Suppress Truth: The Rules of Disinformation

by H. Michael Sweeney
(c) 1997, 2000, 2001 All rights reserved

Permission to reprint/distribute hereby granted for any non commercial use provided information reproduced in its entirety and with author information in tact. […]

Built upon Thirteen Techniques for Truth Suppression by David Martin, the following may be useful to the initiate in the world of dealing with veiled and half-truth, lies, and suppression of truth when serious crimes are studied in public forums. This, sadly, includes every day news media, one of the worst offenders with respect to being a source of disinformation. Where the crime involves a conspiracy, or a conspiracy to cover up the crime, there will invariably be a disinformation campaign launched against those seeking to uncover and expose the truth and/or the conspiracy. There are specific tactics which disinfo artists tend to apply, as revealed here. Also included with this material are seven common traits of the disinfo artist which may also prove useful in identifying players and motives. The more a particular party fits the traits and is guilty of following the rules, the more likely they are a professional disinfo artist with a vested motive. People can be bought, threatened, or blackmailed into providing disinformation, so even “good guys” can be suspect in many cases.

A rational person participating as one interested in the truth will evaluate that chain of evidence and conclude either that the links are solid and conclusive, that one or more links are weak and need further development before conclusion can be arrived at, or that one or more links can be broken, usually invalidating (but not necessarily so, if parallel links already exist or can be found, or if a particular link was merely supportive, but not in itself key) the argument. The game is played by raising issues which either strengthen or weaken (preferably to the point of breaking) these links. It is the job of a disinfo artist to interfere with these evaluation… to at least make people think the links are weak or broken when, in truth, they are not… or to propose alternative solutions leading away from the truth. Often, by simply impeding and slowing down the process through disinformation tactics, a level of victory is assured because apathy increases with time and rhetoric.

It would seem true in almost every instance, that if one cannot break the chain of evidence for a given solution, revelation of truth has won out. If the chain is broken either a new link must be forged, or a whole new chain developed, or the solution is invalid an a new one must be found… but truth still wins out. There is no shame in being the creator or supporter of a failed solution, chain, or link, if done with honesty in search of the truth. This is the rational approach. While it is understandable that a person can become emotionally involved with a particular side of a given issue, it is really unimportant who wins, as long as truth wins. But the disinfo artist will seek to emotionalize and chastise any failure (real or false claims thereof), and will seek by means of intimidation to prevent discussion in general.

Twenty-Five Rules of Disinformation ~

  1. Hear no evil, see no evil, speak no evil
  2. Become incredulous and indignant
  3. Create rumor mongers
  4. Use a straw man
  5. Sidetrack opponents w name calling, ridicule
  6. Hit and Run
  7. Question motives
  8. Invoke authority
  9. Play Dumb
  10. Associate opponent charges with old news
  11. Establish and rely upon fall-back positions
  12. Enigmas have no solution
  13. Alice in Wonderland Logic
  14. Demand complete solutions
  15. Fit the facts to alternate conclusions
  16. Vanish evidence and witnesses
  17. Change the subject
  18. Emotionalize, Antagonize, and Goad
  19. Ignore facts, demand impossible proofs
  20. False evidence
  21. Call a Grand Jury, Special Prosecutor
  22. Manufacture a new truth
  23. Create bigger distractions
  24. Silence critics
  25. Vanish

Eight Traits of The Disinformationalist ~

  1. Avoidance
  2. Selectivity
  3. Coincidental
  4. Teamwork
  5. Anti-conspiratorial
  6. Artificial Emotions
  7. Inconsistent
  8. Newly Discovered: Time Constant

It is the disinfo artist and those who may pull their strings (those who stand to suffer should the crime be solved) MUST seek to prevent rational and complete examination of any chain of evidence which would hang them. Since fact and truth seldom fall on their own, they must be overcome with lies and deceit. Those who are professional in the art of lies and deceit, such as the intelligence community and the professional criminal (often the same people or at least working together), tend to apply fairly well defined and observable tools in this process. However, the public at large is not well armed against such weapons, and is often easily led astray by these time-proven tactics. Remarkably, not even media and law enforcement have NOT BEEN TRAINED to deal with these issues. For the most part, only the players themselves understand the rules of the game.

This why concepts from the film, Wag-The-Dog, actually work. If you saw that movie, know that there is at least one real-world counterpart to Al Pacino’s character. For CIA, it is Mark Richards, who was called in to orchestrate the media response to Waco on behalf of Janet Reno. Mark Richards is the acknowledged High Priest of Disinformation. His appointment was extremely appropriate, since the CIA was VERY present at Waco from the very beginning of the cult to the very end of their days — just as it was at the People’s Temple in Jonestown. Richards purpose in life is damage control.

For such disinformationalists, the overall aim is to avoid discussing links in the chain of evidence which cannot be broken by truth, but at all times, to use clever deceptions or lies to make select links seem weaker than they are, create the illusion of a break, or better still, cause any who are considering the chain to be distracted in any number of ways, including the method of questioning the credentials of the presenter. Please understand that fact is fact, regardless of the source. Likewise, truth is truth, regardless of the source. This is why criminals are allowed to testify against other criminals. Where a motive to lie may truly exist, only actual evidence that the testimony itself IS a lie renders it completely invalid. Were a known ‘liar’s’ testimony to stand on its own without supporting fact, it might certainly be of questionable value, but if the testimony (argument) is based on verifiable or otherwise demonstrable facts, it matters not who does the presenting or what their motives are, or if they have lied in the past or even if motivated to lie in this instance — the facts or links would and should stand or fall on their own merit and their part in the matter will merely be supportive.

Moreover, particularly with respects to public forums such as newspaper letters to the editor, and Internet chat and news groups, the disinfo type has a very important role. In these forums, the principle topics of discussion are generally attempts by individuals to cause other persons to become interested in their own particular position, idea, or solution — very much in development at the time. People often use such mediums as a sounding board and in hopes of pollination to better form their ideas. Where such ideas are critical of government or powerful, vested groups (especially if their criminality is the topic), the disinfo artist has yet another role — the role of nipping it in the bud. They also seek to stage the concept, the presenter, and any supporters as less than credible should any possible future confrontation in more public forums result due to their early successes. You can often spot the disinfo types at work here by the unique application of “higher standards” of discussion than necessarily warranted. They will demand that those presenting arguments or concepts back everything up with the same level of expertise as a professor, researcher, or investigative writer. Anything less renders any discussion meaningless and unworthy in their opinion, and anyone who disagrees is obviously stupid — and they generally put it in exactly those terms.

So, as you read any such discussions, particularly so in Internet news groups (NG), decide for yourself when a rational argument is being applied and when disinformation, psyops (psychological warfare operations) or trickery is the tool. Accuse those guilty of the later freely. They (both those deliberately seeking to lead you astray, and those who are simply foolish or misguided thinkers) generally run for cover when thus illuminated, or — put in other terms, they put up or shut up (a perfectly acceptable outcome either way, since truth is the goal.) Here are the twenty-five methods and seven traits, some of which don’t apply directly to NG application. Each contains a simple example in the form of actual (some paraphrased for simplicity) from NG comments on commonly known historical events, and a proper response. Accusations should not be overused — reserve for repeat offenders and those who use multiple tactics. Responses should avoid falling into emotional traps or informational sidetracks, unless it is feared that some observers will be easily dissuaded by the trickery. Consider quoting the complete rule rather than simply citing it, as others will not have reference. Offer to provide a complete copy of the rule set upon request (see permissions statement at end):

Twenty-Five Rules of Disinformation ~

Note: The first rule and last five (or six, depending on situation) rules are generally not directly within the ability of the traditional disinfo artist to apply. These rules are generally used more directly by those at the leadership, key players, or planning level of the criminal conspiracy or conspiracy to cover up.

  1. Hear No Evil, See No Evil, Speak No Evil ~ Regardless of what you know, don’t discuss it — especially if you are a public figure, news anchor, etc. If it’s not reported, it didn’t happen, and you never have to deal with the issues.
    • Example: Media was present in the courtroom (Hunt vs. Liberty Lobby) when CIA agent Marita Lorenz ‘confession’ testimony regarding CIA direct participation in the planning and assassination of John Kennedy was revealed. All media reported was that E. Howard Hunt lost his libel case against Liberty Lobby (Liberty Lobby’s newspaper, The Spotlight, had reported Hunt was in Dallas that day and were sued for the story). See Mark Lane’s remarkable book, Plausible Denial, for the full confessional transcript.
    • Proper response: There is no possible response unless you are aware of the material and can make it public yourself.. In any such attempt, be certain to target any known silent party as likely complicit in a cover up. In this case, it would be the entire Time-Warner Media Group, among others. This author is relatively certain that reporters were hand-picked to cover this case from among those having intelligence community ties.
  2. Become Incredulous and Indignant ~ Avoid discussing key issues and instead focus on side issues which can be used show the topic as being critical of some otherwise sacrosanct group or theme. This is also known as the ‘How dare you!’ gambit.
    • Example: ‘How dare you suggest that the Branch Davidians were murdered! the FBI and BATF are made up of America’s finest and best trained law enforcement, operate under the strictest of legal requirements, and are under the finest leadership the President could want to appoint.’
    • Proper response: You are avoiding the Waco issue with disinformation tactics. Your high opinion of FBI is not founded in fact. All you need do is examine Ruby Ridge and any number of other examples, and you will see a pattern of abuse of power that demands attention to charges against FBI/BATF at Waco. Why do you refuse to address the issues with disinformation tactics (rule 2 – become incredulous and indignant)?
  3. Create Rumor Mongers ~ Avoid discussing issues by describing all charges, regardless of venue or evidence, as mere rumors and wild accusations. Other derogatory terms mutually exclusive of truth may work as well. This method which works especially well with a silent press, because the only way the public can learn of the facts are through such ‘arguable rumors’. If you can associate the material with the Internet, use this fact to certify it a ‘wild rumor’ from a ‘bunch of kids on the Internet’ which can have no basis in fact.
    • Example: ‘You can’t prove his material was legitimately from French Intelligence. Pierre Salinger had a chance to show his ‘proof’ that flight 800 was brought down by friendly fire, and he didn’t. All he really had was the same old baseless rumor that’s been floating around the Internet for months.’
    • Proper response: You are avoiding the issue with disinformation tactics. The Internet charge reported widely is based on a single FBI interview statement to media and a similar statement by a Congressman, neither of which had actually seen Pierre’s document. As the FBI is being accused in participating in a cover up of this matter and Pierre claims his material is not Internet sourced, it is natural that FBI would have reason to paint his material in a negative light. For you to assume the FBI to have no bias in the face of Salinger’s credentials and unchanged stance suggests you are biased. At the best you can say the matter is in question. Further, to imply that material found on Internet is worthless is not founded. At best you may say it must be considered carefully before accepting it, which will require addressing the actual issues. Why do you refuse to address these issues with disinformation tactics (rule 3 – create rumor mongers)?
  4. Use a Straw Man ~ Find or create a seeming element of your opponent’s argument which you can easily knock down to make yourself look good and the opponent to look bad. Either make up an issue you may safely imply exists based on your interpretation of the opponent/opponent arguments/situation, or select the weakest aspect of the weakest charges. Amplify their significance and destroy them in a way which appears to debunk all the charges, real and fabricated alike, while actually avoiding discussion of the real issues.
    • Example: When trying to defeat reports by the Times of London that spy-sat images reveal an object racing towards and striking flight 800, a straw man is used. The disinformationalist, later identified as having worked for Naval Intelligence, simply stated: ‘If these images exist, the public has not seen them. Why? They don’t exist, and never did. You have no evidence and thus, your entire case falls flat.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. You imply deceit and deliberately establish an impossible and unwarranted test. It is perfectly natural that the public has not seen them, nor will they for some considerable time, if ever. To produce them would violate national security with respect to intelligence gathering capabilities and limitations, and you should know this. Why do you refuse to address the issues with such disinformation tactics (rule 4 – use a straw man)?’
  5. Sidetrack Opponents with Name-Calling and Ridicule ~ This is also known as the primary ‘attack the messenger’ ploy, though other methods qualify as variants of that approach. Associate opponents with unpopular titles such as ‘kooks’, ‘right-wing’, ‘liberal’, ‘left-wing’, ‘terrorists’, ‘conspiracy buffs’, ‘radicals’, ‘militia’, ‘racists’, ‘religious fanatics’, ‘sexual deviates’, and so forth. This makes others shrink from support out of fear of gaining the same label, and you avoid dealing with issues.
    • Example: ‘You believe what you read in the Spotlight? The Publisher, Willis DeCarto, is a well-known right-wing racist. I guess we know your politics — does your Bible have a swastika on it? That certainly explains why you support this wild-eyed, right-wing conspiracy theory.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your imply guilt by association and attack truth on the basis of the messenger. The Spotlight is well known Populist media source responsible for releasing facts and stories well before mainstream media will discuss the issues through their veil of silence. Willis DeCarto has successfully handled lawsuits regarding slanderous statements such as yours. Your undemonstrated charges against the messenger have nothing to do with the facts or the issues, and fly in the face of reason. Why do you refuse to address the issues by use of such disinformation tactics (rule 5 – sidetrack opponents with name calling and ridicule)?’
  6. Hit and Run ~ In any public forum, make a brief attack of your opponent or the opponent position and then scamper off before an answer can be fielded, or simply ignore any answer. This works extremely well in Internet and letters-to-the-editor environments where a steady stream of new identities can be called upon without having to explain criticism reasoning — simply make an accusation or other attack, never discussing issues, and never answering any subsequent response, for that would dignify the opponent’s viewpoint.
    • Example: ”This stuff is garbage. Where do you conspiracy lunatics come up with this crap? I hope you all get run over by black helicopters.’ Notice it even has a farewell sound to it, so it won’t seem curious if the author is never heard from again.
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your comments or opinions fail to offer any meaningful dialog or information, and are worthless except to pander to emotionalism, and in fact, reveal you to be emotionally insecure with these matters. If you do not like reading ‘this crap’, why do you frequent this NG which is clearly for the purpose of such discussion? Why do you refuse to address the issues by use of such disinformation tactics (rule 6 – hit and run)?’
  7. Question Motives ~ Twist or amplify any fact which could be taken to imply that the opponent operates out of a hidden personal agenda or other bias. This avoids discussing issues and forces the accuser on the defensive.
    • Example: ‘With the talk-show circuit and the book deal, it looks like you can make a pretty good living spreading lies.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your imply guilt as a means of attacking the messenger or his credentials, but cowardly fail to offer any concrete evidence that this is so. If you think what has been presented are ‘lies’, why not simply so illustrate? Why do you refuse to address the issues by use of such disinformation tactics (rule 6 – question motives)?’
  8. Invoke Authority ~ Claim for yourself or associate yourself with authority and present your argument with enough ‘jargon’ and ‘minutia’ to illustrate you are ‘one who knows’, and simply say it isn’t so without discussing issues or demonstrating concretely why or citing sources.
    • Example: ‘You obviously know nothing about either the politics or strategic considerations, much less the technicals of the SR-71. Incidentally, for those who might care, that sleek plane is started with a pair of souped up big-block V-8’s (originally, Buick 454 C.I.D. with dual 450 CFM Holly Carbs and a full-race Isky cams — for 850 combined BHP @ 6,500 RPM) using a dragster-style clutch with direct-drive shaft. Anyway, I can tell you with confidence that no Blackbird has ever been flown by Korean nationals nor have they ever been trained to fly it, and have certainly never overflown the Republic of China in a SR or even launched a drone from it that flew over China. I’m not authorized to discuss if there have been overflights by American pilots.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your imply your own authority and expertise but fail to provide credentials, and you also fail to address issues and cite sources. You simply cite ‘Jane’s-like’ information to make us think you know what you are talking about. Why do you refuse to address the issues by use of such disinformation tactics (rule 8 – invoke authority)?’
  9. Play Dumb ~ No matter what evidence or logical argument is offered, avoid discussing issues except with denials they have any credibility, make any sense, provide any proof, contain or make a point, have logic, or support a conclusion. Mix well for maximum effect.
    • Example: ‘Nothing you say makes any sense. Your logic is idiotic. Your facts nonexistent. Better go back to the drawing board and try again.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. You evade the issues with your own form of nonsense while others, perhaps more intelligent than you pretend to be, have no trouble with the material. Why do you refuse to address the issues by use of such disinformation tactics (Rule 9 – play dumb)?’
  10. Associate Opponent Charges with Old News ~ A derivative of the straw man — usually, in any large-scale matter of high visibility, someone will make charges early on which can be or were already easily dealt with – a kind of investment for the future should the matter not be so easily contained.) Where it can be foreseen, have your own side raise a straw man issue and have it dealt with early on as part of the initial contingency plans. Subsequent charges, regardless of validity or new ground uncovered, can usually then be associated with the original charge and dismissed as simply being a rehash without need to address current issues — so much the better where the opponent is or was involved with the original source.
    • Example: ‘Flight 553’s crash was pilot error, according to the NTSB findings. Digging up new witnesses who say the CIA brought it down at a selected spot and were waiting for it with 50 agents won’t revive that old dead horse buried by NTSB more than twenty years ago.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your ignore the issues and imply they are old charges as if new information is irrelevant to truth. Why do you refuse to address the issues by use of such disinformation tactics (rule 10 – associate charges with old news)?’
  11. Establish and Rely Upon Fall-Back Positions ~ Using a minor matter or element of the facts, take the ‘high road’ and ‘confess’ with candor that some innocent mistake, in hindsight, was made — but that opponents have seized on the opportunity to blow it all out of proportion and imply greater criminalities which, ‘just isn’t so.’ Others can reinforce this on your behalf, later, and even publicly ‘call for an end to the nonsense’ because you have already ‘done the right thing.’ Done properly, this can garner sympathy and respect for ‘coming clean’ and ‘owning up’ to your mistakes without addressing more serious issues.
    • Example: ‘Reno admitted in hindsight she should have taken more time to question the data provided by subordinates on the deadliness of CS-4 and the likely Davidian response to its use, but she was so concerned about the children that she elected, in what she now believes was a sad and terrible mistake, to order the tear gas be used.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your evade the true issue by focusing on a side issue in an attempt to evoke sympathy. Perhaps you did not know that CIA Public Relations expert Mark Richards was called in to help Janet Reno with the Waco aftermath response? How warm and fuzzy it makes us feel, so much so that we are to ignore more important matters being discussed. Why do you refuse to address the issues by use of such disinformation tactics (rule 11 – establish and rely upon fall-back positions)?’
  12. Enigmas Have No Solution ~ Drawing upon the overall umbrella of events surrounding the crime and the multitude of players and events, paint the entire affair as too complex to solve. This causes those otherwise following the matter to begin to loose interest more quickly without having to address the actual issues.
    • Example: ‘I don’t see how you can claim Vince Foster was murdered since you can’t prove a motive. Before you could do that, you would have to completely solve the whole controversy over everything that went on in the White House and in Arkansas, and even then, you would have to know a heck of a lot more about what went on within the NSA, the Travel Office, and the secret Grand Jury, and on, and on, and on. It’s hopeless. Give it up.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your completely evade issues and attempt others from daring to attempt it by making it a much bigger mountain than necessary. You eat an elephant one bite at a time. Why do you refuse to address the issues by use of such disinformation tactics (rule 12 – enigmas have no solution)?’
  13. Alice in Wonderland Logic ~  Avoid discussion of the issues by reasoning backwards or with an apparent deductive logic which forbears any actual material fact.
    • Example: ‘The news media operates in a fiercely competitive market where stories are gold. This means they dig, dig, dig for the story — often doing a better job than law enforcement. If there was any evidence that BATF had prior knowledge of the Oklahoma City bombing, they would surely have uncovered it and reported it. They haven’t reported it, so there can’t have been any prior knowledge. Put up or shut up.’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. Your backwards logic does not work here. Has media reported CIA killed Kennedy when they knew it? No, despite their presence at a courtroom testimony ‘confession’ by CIA operative Marita Lornez in a liable trial between E. Howard Hunt and Liberty Lobby, they only told us the trial verdict. THAT, would have been the biggest story of the Century, but they didn’t print it, did they? Why do you refuse to address the issues by use of such disinformation tactics (rule 13 – Alice in Wonderland logic)?’
  14. Demand Complete Solutions ~  Avoid the issues by requiring opponents to solve the crime at hand completely, a ploy which works best with issues qualifying for rule 10.
    • Example: ‘Since you know so much, if James Earl Ray is as innocent as you claim, who really killed Martin Luther King, how was it planned and executed, how did they frame Ray and fool the FBI, and why?’
    • Proper response: You are avoiding the issue with disinformation tactics. It is not necessary to completely resolve any full matter in order to examine any relative attached issue. Discussion of any evidence of Ray’s innocence can stand alone to serve truth, and any alternative solution to the crime, while it may bolster that truth, can also stand alone. Why do you refuse to address the issues by use of such disinformation tactics (rule 14 – demand complete solutions)?
  15. Fit the Facts to Alternate Conclusions ~ This requires creative thinking unless the crime was planned with contingency conclusions in place.
    • Example: ‘The cargo door failed on Flight 800 and caused a catastrophic breakup which ruptured the fuel tank and caused it to explode.’
    • Proper response: The best definitive example of avoiding issues by this technique is, perhaps, Arlan Specter’s Magic Bullet from the Warren Report. This was eloquently defeated in court but media blindly accepted it without challenge. Thus rewarded, disinformationalists do not shrink from its application, even though today, thanks in part to the movie, JFK, most Americans do now understand it was fabricated nonsense. Thus the defense which works best may actually be to cite the Magic Bullet. ‘You are avoiding the issue with disinformation tactics. Your imaginative twisting of facts rivals that of Arlan Specter’s Magic Bullet in the Warren Report. We all know why the impossible magic bullet was invented. You invent a cargo door problem when there has been not one shred of evidence from the crash investigation to support it, and in fact, actual photos of the cargo door hinges and locks disprove you. Why do you refuse to address the issues by use of such disinformation tactics (rule 15 – fit facts to an alternate conclusion)?’
  16. Vanish Evidence and Witnesses ~ If it does not exist, it is not fact, and you won’t have to address the issue.
    • Example: ‘You can’t say Paisley is still alive… that his death was faked and the list of CIA agents found on his boat deliberately placed there to support a purge at CIA. You have no proof. Why can’t you accept the Police reports?’ This is a good ploy, since the dental records and autopsy report showing his body was two inches too long and the teeth weren’t his were lost right after his wife demanded inquiry, and since his body was cremated before she could view it — all that remains are the Police Reports. Handy.
    • Proper response: There is no suitable response to actual vanished materials or persons, unless you can shed light on the matter, particularly if you can tie the event to a cover up other criminality. However, with respect to dialog where it is used against the discussion, you can respond… ‘You are avoiding the issue with disinformation tactics. The best you can say is that the matter is in contention ONLY because of highly suspicious matters such as the simultaneous and mysterious vanishing of three sets of evidence. The suspicious nature itself tends to support the primary allegation. Why do you refuse to address the remaining issues by use of such disinformation tactics (rule 16 – vanish evidence and witnesses)?’
  17. Change the Subject ~ Usually in connection with one of the other ploys listed here, find a way to side-track the discussion with abrasive or controversial comments in hopes of turning attention to a new, more manageable topic. This works especially well with companions who can ‘argue’ with you over the new topic and polarize the discussion arena in order to avoid discussing more key issues.
    • Example: ‘There were no CIA drugs and was no drug money laundering through Mena, Arkansas, and certainly, there was no Bill Clinton knowledge of it because it simply didn’t happen. This is merely an attempt by his opponents to put Clinton off balance and at a disadvantage in the election: Dole is such a weak candidate with nothing to offer that they are desperate to come up with something to swing the polls. Dole simply has no real platform.’ Assistant’s response. ‘You idiot! Dole has the clearest vision of what’s wrong with Government since McGovern. Clinton is only interested in raping the economy, the environment, and every woman he can get his hands on…’ One naturally feels compelled, regardless of party of choice, to jump in defensively on that one…
    • Proper response: ‘You are both avoiding the issue with disinformation tactics. Your evade discussion of the issues by attempting to sidetrack us with an emotional response to a new topic — a trap which we will not fall into willingly. If you truly believe such political rhetoric, please drop out of this discussion, as it is not germane, and take it to one of the more appropriate politics NGs. Why do you refuse to address the issues by use of such disinformation tactics (rule 17- change the subject)?’
  18. Emotionalize, Antagonize, and Goad Opponents ~ If you can’t do anything else, chide and taunt your opponents and draw them into emotional responses which will tend to make them look foolish and overly motivated, and generally render their material somewhat less coherent. Not only will you avoid discussing the issues in the first instance, but even if their emotional response addresses the issue, you can further avoid the issues by then focusing on how ‘sensitive they are to criticism.’
    • Example: ‘You are such an idiot to think that possible — or are you such a paranoid conspiracy buff that you think the ‘gubment’ is cooking your pea-brained skull with microwaves, which is the only justification you might have for dreaming up this drivel.’ After a drawing an emotional response: ‘Ohhh… I do seem to have touched a sensitive nerve. Tsk, tsk. What’s the matter? The truth too hot for you to handle? Perhaps you should stop relying on the Psychic Friends Network and see a psychiatrist for some real professional help…’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. You attempt to draw me into emotional response without discussion of the issues. If you have something useful to contribute which defeats my argument, let’s here it — preferably without snide and unwarranted personal attacks, if you can manage to avoid sinking so low. Your useless rhetoric serves no purpose here if that is all you can manage. Why do you refuse to address the issues by use of such disinformation tactics (rule 18 – emotionalize, antagonize, and goad opponents)?’
  19. Ignore Proof Presented, Demand Impossible Proofs ~ This is perhaps a variant of the ‘play dumb’ rule. Regardless of what material may be presented by an opponent in public forums, claim the material irrelevant and demand proof that is impossible for the opponent to come by (it may exist, but not be at his disposal, or it may be something which is known to be safely destroyed or withheld, such as a murder weapon.) In order to completely avoid discussing issues, it may be required that you to categorically deny and be critical of media or books as valid sources, deny that witnesses are acceptable, or even deny that statements made by government or other authorities have any meaning or relevance.
    • Example: ‘All he’s done is to quote the liberal media and a bunch of witnesses who aren’t qualified. Where’s his proof? Show me wreckage from flight 800 that shows a missile hit it!’
    • Proper response: ‘You are avoiding the issue with disinformation tactics. You presume for us not to accept Don Phillips, reporter for the Washington Post, Al Baker, Craig Gordon or Liam Pleven, reporters for Newsday, Matthew Purdy or Matthew L. Wald, Don Van Natta Jr., reporters for the New York Times, or Pat Milton, wire reporter for the Associated Press — as being able to tell us anything useful about the facts in this matter. Neither would you allow us to accept Robert E. Francis, Vice Chairman of the NTSB, Joseph Cantamessa Jr., Special Agent In Charge of the New York Office of the F.B.I., Dr. Charles Wetli, Suffolk County Medical Examiner, the Pathologist examining the bodies, nor unnamed Navy divers, crash investigators, or other cited officials, including Boeing Aircraft representatives a part of the crash investigative team — as a qualified party in this matter, and thus, dismisses this material out of hand. Good logic, — about as good as saying 150 eye witnesses aren’t qualified. Then you demand us to produce evidence which you know is not accessible to us, evidence held by FBI, whom we accuse of cover up. Thus, only YOU are qualified to tell us what to believe? Witnesses be damned? Radar tracks be damned? Satellite tracks be damned? Reporters be damned? Photographs be damned? Government statements be damned? Is there a pattern here?. Why do you refuse to address the issues by use of such disinformation tactics (rule 19 – ignore proof presented, demand impossible proofs)?’
  20. False Evidence ~ Whenever possible, introduce new facts or clues designed and manufactured to conflict with opponent presentations — as useful tools to neutralize sensitive issues or impede resolution. This works best when the crime was designed with contingencies for the purpose, and the facts cannot be easily separated from the fabrications.
    • Example: Jack Ruby warned the Warren Commission that the white Russian separatists, the Solidarists, were involved in the assassination. This was a handy ‘confession’, since Jack and Earl were both on the same team in terms of the cover up, and since it is now known that Jack worked directly with CIA in the assassination (see below.)
    • Proper response: This one can be difficult to respond to unless you see it clearly, such as in the following example, where more is known today than earlier in time… ‘You are avoiding the issue with disinformation tactics. Your information is known to have been designed to side track this issue. As revealed by CIA operative Marita Lorenz under oath offered in court in E. Howard Hunt vs. Liberty Lobby, CIA operatives E. Howard Hunt, James McCord, and others, met with Jack Ruby in Dallas the night before the assassination of JFK to distribute guns and money. Clearly, Ruby was a coconspirator whose ‘Solidarist confession’ was meant to sidetrack any serious investigation of the murder AWAY from CIA. Why do you refuse to address the issues by use of such disinformation tactics (rule 20 – false evidence)?’
  21. Call a Grand Jury, Special Prosecutor, or Other Empowered Investigative Body ~ Subvert the (process) to your benefit and effectively neutralize all sensitive issues without open discussion. Once convened, the evidence and testimony are required to be secret when properly handled. For instance, if you own the prosecuting attorney, it can insure a Grand Jury hears no useful evidence and that the evidence is sealed an unavailable to subsequent investigators. Once a favorable verdict is achieved, the matter can be considered officially closed. Usually, this technique is applied to find the guilty innocent, but it can also be used to obtain charges when seeking to frame a victim.
    • Example: According to one OK bombing Federal Grand Juror who violated the law to speak the truth, jurors were, contrary to law, denied the power of subpoena of witness of their choosing, denied the power of asking witnesses questions of their choosing, and relegated to hearing only evidence prosecution wished them to hear, evidence which clearly seemed fraudulent and intended to paint conclusions other than facts actually suggested.
    • Proper response: There is usually no adequate response to this tactic except to complain loudly at any sign of its application, particularly with respect to any possible cover up. This happened locally in Oklahoma, and as a result, a new Grand Jury has been called to rehear evidence that government officials knew in advance that the bombing was going to take place, and a number of new facts which indicate it was impossible for Timothy McVeigh to have done the deed without access to extremely advanced explosive devices such as available ONLY to the military or intelligence community, such as CIA’s METC technology. Media has refused to cover the new Oklahoma Grand Jury process, by they way.
  22. Manufacture a New Truth ~ Create your own expert(s), group(s), author(s), leader(s) or influence existing ones willing to forge new ground via scientific, investigative, or social research or testimony which concludes favorably. In this way, if you must actually address issues, you can do so authoritatively.
    • Example: The False Memory Syndrome Foundation and American Family Foundation and American and Canadian Psychiatric Associations fall into this category, as their founding members and/or leadership include key persons associated with CIA Mind Control research. Read The Professional Paranoid or Phsychic Dictatorship in the U.S.A. by Alex Constantine for more information. Not so curious, then, that (in a perhaps oversimplified explanation here) these organizations focus on, by means of their own “research findings”, that there is no such thing as Mind Control.
    • Proper response: Unless you are in a position to be well versed in the topic and know of the background and relationships involved in the opponent organization, you are not well equipped to fight this tactic.
  23. Create Bigger Distractions ~ If the above does not seem to be working to distract from sensitive issues, or to prevent unwanted media coverage of unstoppable events such as trials, create bigger news stories (or treat them as such) to distract the multitudes.
    • Example: To distract the public over the progress of a WTC bombing trial that seems to be uncovering nasty ties to the intelligence community, have an endless discussion of skaters whacking other skaters on the knee. To distract the public over the progress of the Waco trials that have the potential to reveal government sponsored murder, have an O.J. summer. To distract the public over an ever disintegrating McVeigh trial situation and the danger of exposing government involvements, come up with something else (Flight 800?) to talk about — or, keeping in the sports theme, how about sports fans shooting referees and players during a game and the focusing on the whole gun control thing?
    • Proper response: The best you can do is attempt to keep public debate and interest in the true issues alive and point out that the ‘news flap’ or other evasive tactic serves the interests of your opponents.
  24. Silence Critics ~ If the above methods do not prevail, consider removing opponents from circulation by some definitive solution so that the need to address issues is removed entirely. This can be by their death, arrest and detention, blackmail or destruction of their character by release of blackmail information, or merely by destroying them financially, emotionally, or severely damaging their health.
    • Example: As experienced by certain proponents of friendly fire theories with respect to flight 800 — send in FBI agents to intimidate and threaten that if they persisted further they would be subject to charges of aiding and abetting Iranian terrorists, of failing to register as a foreign agents, or any other trumped up charges. If this doesn’t work, you can always plant drugs and bust them.
    • Proper response: You have three defensive alternatives if you think yourself potential victim of this ploy. One is to stand and fight regardless. Another is to create for yourself an insurance policy which will point to your opponents in the event of any unpleasantness, a matter which requires superior intelligence information on your opponents and great care in execution to avoid dangerous pitfalls (see The Professional Paranoid by this author for suggestions on how this might be done). The last alternative is to cave in or run (same thing.)
  25. Vanish ~ If you are a key holder of secrets or otherwise overly illuminated and you think the heat is getting too hot, to avoid the issues, vacate the kitchen.
    • Example: Do a Robert Vesco and retire to the Caribbean. If you don’t, somebody in your organization may choose to vanish you the way of Vince Foster or Ron Brown.
    • Proper response: You will likely not have a means to attack this method, except to focus on the vanishing in hopes of uncovering it was by foul play or deceit as part of a deliberate cover up.


Essay by Charles S. Viar: “The Dark Art: Intelligence, Counterintelligence, and the Mind of the State” (2009)

Repost of an essay from 2009 by Charles S. Viar (Twitter: @Charles_S_Viar), present chairman of the Center for Intelligence Studies in Washington D.C. (reposted here for layout reasons; in accordance with the copyright notice at the bottom of the essay):


Intelligence, Counterintelligence, and the Mind of the State

Charles S. Viar

Although the origins of intelligence have been lost in the mists of time, the practice is at least as ancient as warfare. In what is perhaps the oldest written reference to an intelligence operation, The Book of Numbers recounts God’s command that Moses dispatch a reconnaissance team to scout the Israelite advance upon the Promised Land:

Send thou men, that they may search the land of Canaan, which I give unto the Children of Israel. Of every tribe of their fathers shall ye send a man, everyone a ruler among them…

Had the Canaanites possessed an effective counterintelligence capability, the story of the Israelite assault might have ended differently. For even a minimal foreknowledge of their intentions and capabilities would have made it possible for the Canaanites to organize a more effective defense. But as may be inferred from the Bible, they failed to detect the operation directed against them.

For that, they paid a fearsome price.


Narrowly defined as “evaluated information,” intelligence is a dynamic process that involves the collection, analysis, and dissemination of data to national policymakers and other government officials of lesser rank. Intelligence serves to forewarn them of likely actions, events, and developments within their sphere of responsibility; and aids in matching available resources to threats and opportunities alike. As such, it is the sine qua non of effective statecraft.

More broadly, intelligence also serves as a force-multiplier. Much as Archimedes Lever makes it possible to magnify mechanical force transmitted across space, covert and clandestine intelligence operations make it possible for states to enhance the power they project beyond their frontiers. History is littered with examples of small and middling states exercising disproportionate influence through the deft application of secret intelligence.

Given the enormous – and occasionally decisive – advantages conferred by effective intelligence in the Great Game of Nations, well-governed states seek to maximize the effectiveness of their own intelligence services and to protect themselves against hostile services deployed against them. Domestic security typically provides one level of defense, and counterintelligence another.


Although counterintelligence has been recognized as an integral component of state security since the Chinese military scholar Sun Tzu published The Art of War in the Fourth or Fifth century BC, the concept remains muddled. For almost two and a half millennia, the term itself has defied definition.

According to James Angleton, the legendary former Chief of CIA Counterintelligence, the term is ineffable. Although Angleton’s Deputy Chief for Operations generally concurred, he believed counterintelligence could nonetheless be described in terms of core functions. Angleton’s Deputy Chief for Analysis, however, disagreed with both. According to Raymond G. Rocca, counterintelligence is self-defined: it applies to any action undertaken to counter, i.e., negate, the efforts of hostile intelligence services.

Having studied under all three of the practitioners listed above, the writer of this paper eventually concluded Rocca’s understanding is more nearly correct; and has since argued that counterintelligence can be best illustrated by contrast. Where counterespionage – or security – seeks to neutralize individual spies and spy rings, counterintelligence attempts to neutralize hostile intelligence services as a whole.


In a more perfect world, intelligence services would aspire to comprehensive coverage of their targets. But in actual practice, physical, organizational, political, and budgetary constraints have traditionally forced them to limit their collection activities to data pertaining to the targeted state’s organization, capabilities, and intentions. More recently, intelligence services have been tasked with gathering financial, economic, and technical data as well; and with the development of remote collection techniques, the amount of raw data collected by major intelligence services has become staggering in both scope and volume.

From a theoretical standpoint, intelligence collection and analysis should not be especially difficult. But given the fact that intelligence services routinely devote a substantial portion of their resources to deception operations designed to deceive their adversaries, the task is far more difficult than it first appears. Tables of organization and orders of battle can be faked, deployment patterns and readiness indicators manipulated, and communications traffic played for purpose. Indeed, almost any sort of intelligence data can be fabricated and fed to foreign intelligence services through sacrificial spies, dangles, false defectors, and dispatched agents.

This inherent vulnerability to hostile deception operations lays bare what Angleton formally referred to as the Epistemological Problem:

Given the fact that foreign intelligence services routinely mount large and carefully crafted deception operations against us, how can we know what we believe to be true is actually so?

In less guarded moments, he called it “That damnable question.”


As intelligence practitioners will attest, it is a damnable question indeed. Nonetheless, there are two solutions to the problem – one partial, the other complete.

The first solution is to look at intelligence data in terms of a jigsaw puzzle extending across time. After fitting together as many of the pieces as possible, one may flag those that are known to be true beyond doubt. Subsequent pieces that fit with those may be presumed true, in the absence of contrary evidence.

Although this approach has considerable merit – including especially the way it facilitates intuitive judgments – the results it generates are both probabilistic and tentative. The likelihood that new data may significantly alter the pattern is high.

In contrast, the second solution can provide definitive answers – but only rarely, when two relatively unlikely events occur simultaneously: 1) a high-level penetration agent confirms the validity of specific intelligence data, and 2) a code break “backstops” the veracity of the confirming agent. In the world of intelligence, certainty depends upon serendipity.

The recruitment of high-level penetration agents is rare, and code breaks are even more so. They occur together perhaps once a decade, and when they do intelligence analysts emerge from their garrets to enjoy a brief moment of clarity. But when the agent is lost or the codes are changed, they are condemned to wander once more through what Angleton termed “The Wilderness of Mirrors” – an Epistemological Hell from which neither truth nor falsehood may be surely obtained.


Determining the validity of intelligence data thus depends in part on recruiting from the enemy’s ranks senior political office holders or high-ranking government officials, and in part upon breaking their codes. But once affected, these unlikely circumstances open a window to other intriguing possibilities – including, specifically, offensive counterintelligence operations designed to penetrate, infiltrate, and suborn the target’s intelligence service in order to play it back against the state it serves. The ultimate goal of such operations is to entice or provoke the targeted state into undertaking ruinous and self-destructive actions.

As Angleton observed, successful politicians and senior government officials are a remarkably homogenous lot. For the most part, they derive from roughly comparable social circumstances and share core formative experiences in common. They attend the same schools – or at least the same types of schools – and are imbued with the same canon. They also hold remarkably similar beliefs and values, and share certain characteristic attitudes regarding the larger world. Together these form something akin to a collective psyche, or what Angleton termed the “Mind of the State.”

If states have minds, they also have states of mind – and as with individuals, it is their state of mind that makes them most vulnerable to deception. For a state of mind is a predisposition to belief or action; and if that predisposition can be accurately gauged, tempting or provoking the targeted decision-makers to ruin becomes a plausible exercise in perception management.


If there is a single failing common to decision-makers throughout history, it is an excessive faith in intelligence. For reasons that remain obscure, decision-makers seem unable or unwilling to grasp the implications of the Epistemological Problem Angleton described. Despite ample warnings, they almost invariably place far more credence in intelligence reports than they deserve; and it is upon this most basic failing that offensive counterintelligence plays.

In The Art of War, Sun Tzu wrote “Supreme excellence is to subdue the enemy without fighting” and argued this end may best be achieved by manipulating the “Golden Threads” of intelligence – that is, the lines of communications that connect agents recruited from within the enemy’s camp to one’s own.  The first Golden Thread may be activated by sacrificing deliberately misinformed low-level agents for capture, dangling double agents for enemy recruitment, and dispatching false defectors to the enemy’s camp. The second is brought into play by querying the agent-in-place to determine how the enemy decision-makers have interpreted the false information they delivered. If the information evokes the intended state of mind, the false message can be reinforced by repeating the process in different ways. If not, it can be modulated until it does.

By these means offensive counterintelligence operations can create a false picture of reality in the minds of targeted decision-makers, much as an artist paints an image upon a sheet of canvass. Brush stroke by brush stroke, the attacking service can exploit the enemy intelligence service it suborned to systematically manipulate the Mind of the State.


The many critics of offensive counterintelligence argue that strategic deception operations of the size and scale suggested above are far too complex and complicated to be practical, as they are doomed to eventually collapse under their own weight. The criticism is true at least in part, but nonetheless disingenuous. Intelligence operations of any sort have a relatively short shelf life; and unless shut down by those who initiated them or uncovered by their intended targets, they will ALL eventually collapse for similar cause.

Perhaps more to the point, modern history is strewn with examples of successful strategic deceptions including the TRUST operation of the 1920’s, which saved the nascent Soviet state from ruin; the Soviet-sponsored WIN operation that forced the United States to abandon its post-war efforts to liberate Eastern Europe; and the Anglo-American deception operation that made possible the successful invasion of Normandy in 1944. All of these operations were conducted in the manner outlined above, and each inflicted massive damage upon the states they targeted.

Unfortunately, the United States abandoned its national counterintelligence capability in December of 1974 – and with it, the ability to mount large-scale strategic deception operations. Redefined and re-envisioned by successive administrations, counterintelligence had been reduced to little more than a security function until the Clinton Administration partially resurrected it after disastrous and overlapping penetrations of the CIA and the FBI were uncovered in the 1990’s. Expanded and reorganized in the aftermath of 9-11, a National Counterintelligence Executive now exists as a semi-autonomous supervisory agency. And yet despite the many long overdue reforms that have been undertaken since 2001, U.S. counterintelligence remains hobbled by an obtuse and legalistic definition, conceptual confusion, tangled jurisdictions, and – above all – by institutional timidity. For while offensive counterintelligence operations are now officially recognized, they remain tightly controlled and rarely sanctioned. They are tactical operations, most often mounted in reprisal.

Despite ample modern precedents, strategic deception operations of the sort advocated by Sun Tzu and refined by Angleton remain beyond the pale. This is unfortunate and – for those that seek to limit the suffering caused by armed conflict – deeply disconcerting.

For in the Great Game of Nations, offensive counterintelligence remains the only plausible means for achieving victory without war. For if only in theory, it is the primary offensive instrument of state.

Published by the Center for Intelligence Studies.
1016 K Street NE. Washington, DC. 20002
202 / 399-0292

Copyright 2009. This paper may be reproduced in part or in whole for civic or educational purposes, provided that context is preserved and full attribution is given


[Dutch] Nederlandse aanpak tegengaan statelijke dreigingen (citaten uit kamerbrief Grapperhaus dd 18 april 2019)

Voor eigen doeleinden (waaronder quick reference) licht ik hieronder de tabel “Aanpak tegengaan statelijke dreigingen” en bijlage van de kamerbrief van Grapperhaus d.d. 18 april 2019 over statelijke dreigingen uit.

1. Tabel: “Aanpak tegengaan statelijke dreigingen”

Aanpak tegengaan statelijke dreigingen
A. Systematiek belangen dreiging weerbaarheid Volgens een vaste systematiek van belangen-dreiging-weerbaarheid wordt bezien welke veiligheidsbelangen beschermd moeten worden, wat de dreiging is vanuit statelijke actoren voor de nationale veiligheid en hoe de weerbaarheid vergroot kan worden. Dit is een constant proces. Hierbij zijn bij uitstek de lidstaten van de EU en NAVO en binnen Nederland meerdere ministeries, lokaal bestuur en private organisaties betrokken. Dat vergt coördinatie en verbinding.
De Minister van Justitie en Veiligheid richt zich, vanuit het perspectief van nationale veiligheid, in samenspraak met andere departementale partners op coördinatie en afstemming tussen de verschillende betrokkenen, verantwoordelijkheden, initiatieven, projecten en informatiestromen.
In deze lijn is onlangs een Taskforce Economische Veiligheid opgericht die in het teken staat van kwetsbaarheden en beheersmaatregelen van het 5G-netwerk.
B. Verbetering informatiepositie Er wordt ingezet op verbetering van de informatiepositie en informatiedeling tussen en met gelijkgestemde partijen, zowel nationaal als internationaal om tijdig zicht te krijgen op en duiden van de (potentiële) dreigingen. Daartoe moet informatie delen gemakkelijker en logischer worden, waardoor een gedeeld normbeeld kan ontstaan.
Waar nodig worden interdepartementale trusted communities ingericht of versterkt.
Werkafspraken rondom specifieke onderwerpen zorgen er voor dat indien nodig informatie snel kan worden gedeeld en handelingsperspectief voor handen is.
Ook in internationaal verband vindt nauwe samenwerking plaats ten aanzien van dreiging en best practices in de aanpak.
Ambassades hebben een belangrijke monitoring- en signaleringsfunctie ter bevordering van het situationeel bewustzijn.
Nederland neemt in EU-verband deel aan het Rapid Alert System, waar direct informatie wordt uitgewisseld in geval van desinformatie campagnes.
In Nederland wordt de civiel-militaire samenwerking geïntensiveerd.
C. Bewustwording & oefenen Bewustwording vormt een belangrijke schakel in het verhogen van de weerbaarheid tegen de dreiging vanuit statelijke actoren.
Er wordt fors ingezet op bewustwording bij onder andere inkopers, ambtenaren, gemeenten, vitale infrastructuur, CEO’s en richting het publiek door middel van bijvoorbeeld bijeenkomsten, voorlichting en communicatiemateriaal. Een voorbeeld hiervan is de bewustwordingscampagne desinformatie die is gestart.
Op nationaal en internationaal niveau wordt geoefend op identificatie van en respons op statelijke dreigingen, mede door het ontwikkelen van en oefenen met scenario’s. Deelname aan oefeningen van NAVO (CMX) en EU (PACE) wordt voortgezet.
D. Integrale kennisontwikkeling Door middel van een integrale onderzoeksagenda en kennisontwikkeling op het gebied van weerbaarheid tegen statelijke dreigingen wordt gezamenlijk kennis opgebouwd.
E. Maatregelen ter verdediging en afschrikking Nederland zet zich ook in voor verdere ontwikkeling van maatregelen ter verdediging en afschrikking.
Diplomatiek: Binnen het responskader heeft het kabinet verschillende diplomatieke instrumenten tot haar beschikking om statelijke dreigingen tegen te gaan.
Ter verdediging van de nationale veiligheid zet Nederland zich, waar mogelijk in samenwerking met internationale partners, in voor verdere ontwikkeling van een effectief diplomatiek responskader, inclusief attributie. Zo kan bij aanvallen van statelijke actoren worden gekozen om tot (publieke) attributie over te gaan.
De aanpak op ongewenste buitenlandse inmenging blijft actueel en verbreed zich naar meerdere landen.
Politieke beïnvloeding wordt tegengegaan door toerusting en bescherming politieke ambtsdragers, een verkenning registratieplicht lobbyisten, veilig verloop van de verkiezingen door het onderkennen van bijzondere signalen, beïnvloeding en desinformatie.
In de Defensienota en het Nationaal Plan zet Defensie in op versterking van capaciteiten oa op het gebied van inlichtingen, cyber en contra-hybrid. In de nieuwe Defensienota zal volgend jaar ingegaan worden op verdere doorontwikkeling ten behoeve van nationale en internationale veiligheid.
F. Economie en Veiligheid Het instrumentarium om onze economische veiligheid te borgen tegen nationale veiligheidsrisico’s moet op orde zijn. Maatwerk, proportionaliteit en aandacht voor de verschillende belangen die spelen zijn daarbij belangrijke uitgangspunten van de aanpak.
Ten aanzien van economische veiligheid wordt onder andere gewerkt aan een uitwerking van een investeringstoets op nationale veiligheidsrisico’s bij overnames en investeringen, aan de ontwikkeling en uitrol van beleid en richtlijnen bij inkoop en aanbesteding bij de overheid en binnen de vitale infrastructuur. Ook wordt gewerkt aan een uitbreiding van de kennisregeling ivm weglekken gevoelige technologie via het academische vlak.
Bij het toetsen van nationale veiligheidsrisico’s wordt gebruik gemaakt van consistente, en technisch up to date zijnde criteria.
G. Digitale aanpak Het kabinet zet middels de Nederlandse Cybersecurity Agenda (NCSA), die in april 2018 aan uw Kamer is verzonden, de Internationale Cyberstrategie en de GBVS, in op een digitaal veilig Nederland. In de aanpak wordt ook rekening gehouden met de invloed van statelijke actoren.
Zo wordt bijvoorbeeld geïnvesteerd in het versterken van de weerbaarheid van digitale processen en een meer robuuste infrastructuur en wordt de digitale slagkracht verder op orde gebracht om te kunnen reageren op de toename van de digitale dreiging en grootschalige cyberincidenten die de nationale veiligheid bedreigen.
In een aparte brief wordt uw Kamer, in samenhang met het CSBN 2019, nog voor de zomer geïnformeerd over de jaarlijkse voortgang van de NCSA.
H. Internationale samenwerking Nederland zet zich in internationaal verband in lijn met de Geïntegreerde Buitenland- en Veiligheidsstrategie in voor:
Goede samenwerking in EU- en NAVO-verband, als ook tussen EU en NAVO, op het gebied van situationeel bewustzijn, weerbaarheid en respons. In EU-verband staan de 22 actiepunten centraal zoals geformuleerd in het Gezamenlijk Kader voor de Bestrijding van Hybride Bedreigingen (2016). In NAVO-verband is de NATO Strategy on NATO’s role in Countering Hybrid Warfare (2015) het leidend kader.
Accurate (internationale) informatiepositie in nauwe samenwerking met internationale partners om informatie uit te wisselen. In EU- en NAVO verband en ad hoc met gelijkgezinde partners.
Het bevorderen van de internationale rechtsorde en een effectief multilateraal systeem op het gebied van statelijke dreigingen. Om de toenemende dreiging het hoofd te bieden zet NL, waar mogelijk en relevant, in op gezamenlijke respons en attributie van operaties.
Geloofwaardige afschrikking tegen statelijke dreigingen in bondgenootschappelijk verband, onder andere in NAVO-verband. In juli 2018 is besloten tot instelling van Counter Hybrid Support Teams (CHST), ofwel NAVO-teams die bondgenoten kunnen adviseren en assisteren rondom hybride dreigingen.
Benutting van het European Centre of Excellence on Countering Hybrid Threats als netwerkorganisatie en platform voor expertiseontwikkeling. Nederland is hier sinds 2018 bij aangesloten.
Verbeterde samenwerking tussen de verschillende EU instellingen om onderwerpen met de noodzakelijke samenhang te adresseren (zoals onder meer desinformatie, verkiezingen, cybersecurity, crisisbeheersing, vitale infrastructuur en buitenlandse overnames).
Met het aantreden van een nieuwe Europese Commissie in 2019 ontstaat een belangrijk momentum om een lans te breken voor een consistentere aanpak op het gebied van interne veiligheid, waaronder statelijke dreigingen.1

1Staat van de Europese Unie 2019, Kamerstuk 35 078, nr. 1.

2. Bijlage: “Accenten van de aanpak statelijke dreigingen”

Bijlage: Accenten van de aanpak statelijke dreigingen

De aanpak rondom het tegengaan van statelijke dreigingen bestaat uit een aantal generieke maatregelen, zoals beschreven in de brief. Gezien de dreiging, de te beschermen belangen en de recente casuïstiek ligt daarnaast het accent van de aanpak de komende periode op de thema’s:

(1) ongewenste buitenlandse inmenging gericht op diaspora, (2) beschermen democratische processen en instituties en (3) economische veiligheid.

Binnen deze thema’s zijn voor een deel al belangrijke stappen gezet en zijn ook weer nieuwe facetten onderkend die een versterkte aanpak behoeven. In deze bijlage treft u de aanpak op deze thema’s aan inclusief uitkomsten ex-ante analyses op economische veiligheid.

1. Ongewenste buitenlandse inmenging gericht op diaspora

Ongewenste buitenlandse inmenging gericht op de diaspora betreft doelbewuste, vaak stelselmatige en in vele gevallen heimelijke activiteiten van statelijke actoren (of actoren die aan statelijke actoren zijn te relateren) in Nederland of gericht op Nederlandse belangen, die door de nagestreefde doelen, de gebruikte middelen of ressorterende effecten het politieke en maatschappelijke systeem kunnen ondergraven. Nederlandse burgers moeten, ongeacht hun achtergrond, in de Nederlandse rechtsstaat in staat zijn om in vrijheid eigen keuzes te maken als het gaat om de inrichting van hun leven, politieke voorkeur en de band met hun land van oorsprong of dat van hun ouders. Contacten vanuit een statelijke actor met Nederlandse burgers dienen op transparante wijze plaats te vinden en op basis van vrijwilligheid en mogen niet leiden tot het exporteren van spanningen naar Nederlands grondgebied of een negatieve invloed op de integratie of de binding met de Nederlandse samenleving.

In het afgelopen jaar zijn verschillende voorbeelden geweest van ongewenste buitenlandse inmenging gericht op diaspora waarover uw Kamer is ingelicht.1 De aanpak op ongewenste buitenlandse inmenging is een generieke – landen neutrale – aanpak waarover uw Kamer eerder is ingelicht.

Betrokken departementen en diensten staan doorlopend in nauw contact om op basis van een gezamenlijke en gestructureerde werkwijze een beeld te vormen en indien nodig te besluiten tot gecoördineerde actie en opschaling. Bij (dreigende) incidenten wordt gebruik gemaakt van een divers instrumentarium. Dit loopt uiteen van monitoren en informeren, tot maatregelen in het kader van de openbare orde en veiligheid. Daarnaast heeft het kabinet verschillende diplomatieke instrumenten, zoals het voeren van een dialoog met landen van zorg of een diplomatieke vertegenwoordiger in Nederland persona non grata verklaren, om ongewenste buitenlandse inmenging tegen te gaan.

Ook zet het kabinet in op maatregelen om de weerbaarheid van betrokken gemeenten en gemeenschappen te verhogen als het gaat om ongewenste buitenlandse inmenging. Het gaat hier zowel om het creëren van bewustwording als het ondersteunen van gemeenten en gemeenschappen bij de ontwikkeling van een handelingsperspectief om ongewenste buitenlandse inmenging die de integratie kunnen belemmeren tegen te gaan.

Ongewenste buitenlandse inmenging blijft een actueel thema (motie Becker2, waarover u voor de zomer wordt geïnformeerd en financiering als modus operandi van statelijke actoren 3), maar ook vanwege ontwikkelingen in andere landen en veranderingen in de migratiestromen. Dit rechtvaardigt een onverminderde inzet op dit onderwerp.

1 Onder meer via de volgende Kamerstukken:

  • –  Beantwoording Kamervragen over het bericht dat de Turkse president Erdogan campagne wil voeren in het buitenland voor de Turkse presidents- en parlementsverkiezingen in juni,TK, vergaderjaar 2017-2018, 2591
  • –  Antwoorden Kamervragen over het bericht ‘Russische trollen ook actief in Nederland’ /ingezonden 7 sept 2018. Kamerstuk nr 14250
  • –  Brief sancties Iran, 8 januari 2019, Tweede Kamer, vergaderjaar 2018–2019, 35 000 V, nr. 56
  • –  Tweede Kamer, vergaderjaar 2018–2019, 32 735, nr. 209
  • –  Beantwoording Kamervragen over het bericht «So werden Erdogan-Kritiker in Deutschland per App denunziert» ) Tweede Kamer, vergaderjaar 2018–2019, Aanhangsel

2  Motie van het lid Becker c.s. over een contrastrategie ten aanzien van ongewenste diasporapolitiek, Tweede Kamer, 30821-56.
Kamerbrief Integrale aanpak Problematisch gedrag en ongewenste buitenlandse financiering van maatschappelijke en religieuze instellingen, Tweede Kamer, 2018-2019, 29614 nr. 108

2. Beschermen democratische processen en instituties

Het tweede accent van de aanpak richt zich op het tegengaan van het ondermijnen van de democratische rechtsstaat door statelijke actoren. Via verschillende maatregelen wordt hier op ingezet:

Tegengaan politieke beïnvloeding door staten Al eerder werd in het kader van ongewenste buitenlandse inmenging aangekondigd dat wordt ingezet op het vergroten van de weerbaarheid van – met name lokale – politieke ambtsdragers. Daarbij richten we ons op twee lijnen, te weten (1) het beschermen van politieke ambtsdragers (hierbij gaat het om het zorgdragen voor de veiligheid en integriteit van politieke ambtsdragers) en (2) het toerusten van politieke ambtsdragers (gericht op het versterken van de kennis, kunde en het handelingsvermogen van politieke ambtsdragers) om ondermijning van de democratische rechtsorde effectief tegen te kunnen gaan. Verder vindt rondom het handelingsvermogen en het verhogen van transparantie in het politiek-bestuurlijke domein een verkenning plaats naar de wenselijkheid en mogelijkheid van een registratieplicht voor lobbyisten. De Verenigde Staten, Australië en Canada, kennen al een dergelijke registratieplicht.

Veilige verkiezingen Acties van statelijke actoren kunnen schade toebrengen aan de politieke en bestuurlijke integriteit wanneer deze onafhankelijke volksvertegenwoordiging, besluitvorming of rechtspraak compromitteert, of wanneer er twijfel is over de vrijheid, eerlijkheid en anonimiteit van verkiezingen. De democratische samenleving komt onder druk te staan, wanneer inmengingsactiviteiten bijdragen aan een gebrek aan acceptatie van de legitimiteit van de overheid of een gebrek aan solidariteit in de samenleving, polarisatie en enclavevorming. Of wanneer intolerantie verspreid wordt en vrijheden beperkt worden. Verschillende departementen en operationele en lokale partners dragen, onder coördinatie van de minister van BZK, tezamen zorg voor veilige verkiezingen vanuit de eigen verantwoordelijkheid. Binnen het Europees verkiezingsnetwerk worden kennis en expertise tussen de lidstaten en de instellingen uitgewisseld. Het kabinet heeft daarbij met name oog voor de onderkenning van bijzondere signalen, ongewenste beïnvloeding en desinformatie.

Tegengaan desinformatie De verspreiding van desinformatie met als doel de democratische rechtsorde te ondermijnen en te destabiliseren is een reële dreiging. Deze dreiging manifesteert zich veelal online. Het kabinet ziet de verspreiding van desinformatie als een probleem waarbij van verschillende partijen in de samenleving gevraagd wordt dat zij hun verantwoordelijkheid nemen, zoals private actoren, de media en wetenschap4. De inzet van het kabinet is daarbij met name gericht op het tegengaan van heimelijke beïnvloeding van de publieke opinie door statelijke actoren (of actoren die aan statelijke actoren zijn te relateren). Belangrijke uitgangspunten voor het kabinet bij het zoeken naar een juiste reactie zijn onder andere dat waarborging van de vrijheid van meningsuiting en vrije pers, democratie en rechtsstaat voorop staan en de focus op campagnes in plaats van individuele nieuwsberichten. Wanneer echter sprake is van een bedreiging van de economische of politieke stabiliteit of nationale veiligheid door inmenging van statelijke of daaraan gelieerde actoren, is een reactie van de overheid gegrond.

In de brede aanpak5 wordt gewerkt aan maatregelen om voorbereid te zijn op desinformatie, signalen te herkennen, deze te duiden, mogelijke proportionele respons te formuleren en indien gewenst uit te voeren zonder afbreuk te doen aan de eerdergenoemde vrijheden. Doordat desinformatie zich veelal online manifesteert, stopt het niet bij de grens. Nederland hecht daarom waarde aan internationale samenwerking en kennisuitwisseling op dit onderwerp. In dat kader verwelkomt Nederland het Europese Actieplan Desinformatie, zoals ook uiteengezet in het BNC-fiche Actieplan Desinformatie (d.d. 25 januari 2019). Een voortvloeisel uit het Actieplan is de Nederlandse deelname in EU-verband aan het Europees Verkiezingsnetwerk en het Rapid Alert System (RAS). In het Europees Verkiezingsnetwerk wordt de overkoepelende aanpak van desinformatie en bescherming van verkiezingen besproken en kennis uitgewisseld tussen lidstaten en EU-instellingen. Het RAS verbindt analisten en beleidsmakers uit EU-lidstaten en de StratCom Taskforces van EDEO om real time informatie uit te wisselen als er sprake is van desinformatiecampagnes. Het Nationaal Crisis Centrum van de NCTV vervult de rol van nationaal Point of Contact voor het RAS, het ministerie van BZK vervult een dergelijke rol voor het Europees verkiezingsnetwerk waarbij alle relevante departementen zijn aangesloten.

4 Kamerbrief van de minister van BZK inzake desinformatie en beïnvloeding verkiezingen (13 december 2018) 5Tweede Kamer, vergaderjaar 2018-2019, 30821, nr 51

Tevens is Nederland lid van de informele ‘International Partnership to Counter State Sponsored Disinformation’ waarin onder meer de VS, het VK, Baltische en Noordse staten vertegenwoordigd zijn. Het partnerschap heeft tot doel analyses en rapportages over de verspreiding van desinformatie te delen en samenwerking richting techbedrijven te faciliteren.

3. Aanpak Economische Veiligheid Een derde accent is gericht op economische veiligheid. Hieronder vindt u de resultaten van de analyse die is uitgevoerd naar kwetsbaarheden in vitale sectoren alsmede de aanvullende beheersmaatregelen die van belang zijn om de risico’s voor de nationale veiligheid op het gebied van economische veiligheid verder te beperken.

Sectorale ex-ante analyses In het Regeerakkoord heeft het kabinet de bescherming van vitale sectoren aangekondigd, na zorgvuldige analyse van risico’s voor nationale veiligheid. In deze analyses is er bijzondere aandacht voor de risico’s als gevolg van veranderende zeggenschap.6 Het doel is om potentiële risico’s voor de nationale veiligheid per vitale sector te identificeren, en om daarbij te bepalen in hoeverre het bestaande instrumentarium van de overheid voldoende waarborgen biedt. In deze brief deel ik de uitkomsten van de sectorale ex-ante analyses met u en daarbij kom ik tegemoet aan de motie-Van den Berg c.s.7 en de motie-Graus.8

Uit de analyses blijkt dat vrijwel alle vitale sectoren op enigerlei wijze beschermd zijn tegen ongewenste zeggenschap. Daarbij is er een divers beeld van de mate en aard van de bescherming. Een aantal sectoren is in overheidshanden. De Nederlandse overheid kan daardoor (mede) bepalen aan wie en onder welke voorwaarden een bedrijf wordt verkocht. Daarbij worden ook nationale veiligheidsbelangen meegewogen. Een aantal sectoren worden beschermd door sectorale wetgeving. Uit de analyse op telecommunicatie blijkt dat in deze sector ongeadresseerde risico’s bij verandering in zeggenschap bestaan. Het kabinet heeft al in een eerder stadium besloten hier direct actie op te nemen en heeft inmiddels een wetsvoorstel over ongewenste zeggenschap in de telecommunicatiesector ter consultatie aangeboden aan uw Kamer9. Conclusies sectorale ex-ante analyses:

  •   De vitale sectoren, de inzet politie, inzet defensie, de nucleaire sector, openbare drinkwatervoorziening, vitale kerende en beherende objecten en de mainports Schiphol en Rotterdam zijn (grotendeels) in handen van de overheid. Voor een groot deel betreft dit kerntaken van de overheid, waarvan de zeggenschap van de overheid niet verandert. De risico’s voor de nationale veiligheid als gevolg van verandering van zeggenschap zijn hier daarom niet van toepassing.
  •   De vitale sector energie is voor wat betreft de transport- en distributienetwerken in handen van de overheid. De energielevering is verspreid over meerdere aanbieders, wat de risico’s verkleint. Daarnaast heeft de Minister van Economische Zaken en Klimaat de taak en bevoegdheid om een eventuele verandering van zeggenschap binnen de gas- en energieproductie te beoordelen.10 De risico’s voor de nationale veiligheid als gevolg van verandering van zeggenschap zijn daarom voldoende beheerst.
  •   De vitale sector telecommunicatie kent nationale veiligheidsrisico’s als gevolg van veranderende zeggenschap, die nog onvoldoende kunnen worden beheerst door wettelijke normen te stellen en daar toezicht op te houden. De risico’s voor de nationale veiligheid als gevolg van verandering van zeggenschap zullen daarom geborgd worden met aanvullende wetgeving.
  •   De vitale sectoren betalingsverkeer en chemie kennen strenge normen, en bijhorend publiek toezicht, om respectievelijk de integriteit van gegevens en de fysieke veiligheid te borgen die de belangrijkste risico’s voor de nationale veiligheid vormen. De risico’s voor de nationale veiligheid worden daarmee voldoende beheerst binnen deze sectoren. Uit de analyses blijkt dat de continuïteit en inzetbaarheid van (vrijwel) alle vitale processen, zowel in handen van overheid als bedrijfsleven, sterk afhankelijk zijn van private ondernemingen die goederen, diensten of technologie leveren. Dat betekent dat er kwetsbaarheden kunnen ontstaan bij aanbesteding en toelevering. Het kabinet neemt daarom de volgende maatregelen. 6 Regeerakkoord ‘Vertrouwen in de toekomst’, paragraaf 2.4. 7 Tweede Kamer, vergaderjaar 2016-2017, 29 826, nr. 84. 8 Tweede Kamer, vergaderjaar 2017-2018, 34 775 XIII, nr. 116. 9 Tweede Kamer, vergaderjaar 2018-2019, 35 153, nr. 5 10 Zie de Elektriciteitswet 1998 en de Gaswet.


A. Oprichting Taskforce Economische Veiligheid

Er is een Taskforce Economische Veiligheid opgericht waarin, onder voorzitterschap van de NCTV, de balans tussen nationale veiligheidsbelangen en economische belangen nader verkend wordt, casuïstiek kan worden besproken en economische en veiligheidsbelangen integraal worden gewogen. Momenteel staat de Taskforce in het teken van de kwetsbaarheid van 5G telecommunicatienetwerken en welke maatregelen nodig zijn om risico’s te beheersen.

B. Betere benutting en aanscherping van huidige wet- en regelgeving ter bescherming van nationale veiligheid

Nederland beschikt over een aantal instrumenten die (beter) kunnen bijdragen aan de bescherming van nationale veiligheidsrisico’s bij private ondernemingen. Het betreft onder meer private juridische beschermingsconstructies, sectorale regelgeving, contractuele afspraken, de Ondernemingskamer en het aanwijzen van vertrouwensfuncties. Het kabinet is bezig met een evaluatie en aanscherping van huidige wet- en regelgeving, zodat deze beter kunnen worden benut.

C. Beschermen van nationale veiligheid bij inkoop en aanbesteding

Het kabinet zal de nationale veiligheidsrisico’s die door de afhankelijkheden kunnen ontstaan verder in kaart brengen en bezien hoe deze mogelijke risico’s bij onder andere inkoop en aanbesteding beheerst kunnen worden. In 2018 is voor veilige inkoop en aanbesteding binnen het rijk een instrumentarium ontwikkeld en ingevoerd door het kabinet. Op dit moment wordt bezien hoe dit ook ingezet kan worden binnen onderdelen van de vitale infrastructuur en mede overheden. Het kabinet gaat daarnaast de mogelijkheid van het neerleggen van nationale veiligheidsrichtlijnen voor het gebruik van producten en diensten binnen de Rijksoverheid, vitale infrastructuur en medeoverheden actiever inzetten. Ook werkt het kabinet in het kader van inkoop en aanbesteding aan de Nationale Cyber Security Agenda (NCSA) aan aanvullende cybersecurity- criteria bij inkoop van eigen ICT-middelen door de overheid. Bij deze eisen zullen ook economische veiligheidsoverwegingen worden meegenomen om de weerbaarheid tegen statelijke actoren te verhogen.

D. Beschermen nationale veiligheid bij overnames en investeringen

In de EU wordt ingezet op een verdere versterking van het samenwerkingsmechanisme op het gebied van buitenlandse investeringen. Enerzijds is er tot een raamwerk besloten voor de toetsing door individuele lidstaten van buitenlandse investeringen aan nationale veiligheid of de openbare orde. Anderzijds faciliteert en verplicht de verordening tot het uitwisselen van informatie tussen lidstaten en de Europese Commissie. De verordening vraagt om het realiseren van een samenwerkingsmechanisme waarvoor ook in Nederland processen voor onder andere informatie- uitwisseling moeten worden ingericht. Het raamwerk legt geen verplichtingen op voor een investeringstoets maar stelt wel kaders voor lidstaten die een toets wensen te implementeren.

Binnen dit Europese kader werkt het kabinet aan een uitwerking van een investeringstoets. Dit is een instrument ‘of last resort’ voor nationale veiligheidsrisico’s waarbinnen ruimte is voor maatwerk. Bestaande sectorale wetgeving zal daarbij het uitgangspunt zijn. Op deze manier krijgen, binnen het Europese kader, ook de nationale beleidswensen over de inhoud en reikwijdte van een breder beschermingsmechanismen plek. In de uitwerking zal gekeken worden naar overkoepelende ‘parapluwetgeving’ waar ook bestaande en toekomstige sectorale wetgeving goed op aangesloten is. Hierbij is het uitgangspunt dat een verbod in het kader van de investeringstoets alleen daar wordt ingezet indien er geen alternatieve effectieve beschermingsmaatregelen voor handen zijn.

Initiatieven die raken aan dit thema Naast deze set aan maatregelen om nationale veiligheidsrisico’s beheersbaar te maken zijn er nog een aantal andere initiatieven die onder andere raken aan dit thema. Hierbij staat de beschikbaarheid van kritische technologie en kennis centraal. Ongewenste kennis- en technologieoverdracht kan plaatsvinden in geval van bijvoorbeeld faillissementen en overname van start-ups en het risico van ongewenste kennis- en technologieoverdracht via de weg van (academisch) onderwijs en onderzoek. Er wordt onderzocht op welke manier de kennisregeling kan worden uitgebreid naar andere risicolanden en bijvoorbeeld opleidingen waar zeer specifieke technische kennis kan worden opgedaan11.

11 Zie tevens Kamerbrief, ‘Verscherpen toezicht op studenten en onderzoekers uit risicolanden’, Tweede Kamer, vergaderjaar 2018-2019, 30821, nr.70

Met een verkenning naar digitaal financieel economische spionage is het beeld ten aanzien van deze dreiging aangescherpt, en is bezien welk instrumentarium, complementair aan de maatregelen uit zoals de Internationale Cyber Strategie en de Nationale Cyber Security Agenda, van toepassing is om deze dreiging te mitigeren. Aanvullend instrumentarium, zoals bijvoorbeeld vergroting van het bewustzijn van deze dreiging, wordt in de verschillende beleidsterreinen opgenomen, zo ook in de aanpak tegengaan statelijke dreigingen. Het gaat hier ook om het inzetten van internationale samenwerking en diplomatieke instrumenten (inclusief attributie) zoals die in het kader van de EU Cyber Diplomacy Toolbox en om het benutten van bestaande WTO procedures ter zake waar opportuun.



Dutch govt intelligence tasks for AIVD and MIVD, 2019-2022 (in Dutch: “Geïntegreerde Aanwijzing Inlichtingen en Veiligheid” aka “GAI&V” aka “GA”)

[TEMPORARY NOTICE, 2019-04-26: until this notice is removed, minor changes may be to improve spelling/grammar/legibility. The current post is 99-100% camera-ready.]

This post provides information about the tasking of the Dutch intelligence activities in 2019-2022 based on recent official public documents. The “Geïntegreerde Aanwijzing Inlichtingen en Veiligheid 2019-2022” policy (aka “GAI&V” aka “GA”), which literally translates to “Integrated Instruction on Intelligence & Security 2019-2022”, describes the Dutch cabinet decisions on tasking of the Dutch intelligence & security services AIVD (general / non-military) and MIVD (military) for 2019-2022. The GA has a public body and a secret appendix. The remainder of this post is based on:

Side note: Dr. Paul Abels, professor of intelligence at Leiden University and former AIVD official, has warned that the introduction of the GA — first seen in 2018 — comes at the risk of politicization of intelligence, because the GA is established by the cabinet, and hence prone to politics (at least in theory; no claim is made that the present GA has characteristics of intent to misuse intelligence for political purposes).

[Related reading: Annual Report 2018 of the Dutch General Intelligence and Security Service (AIVD) (unofficial full translation)]

Translation of the Note of Explanation that accompanied the GA (some parts omitted or slightly adapted for readability):

The GAI&V, or GA for short, is established by the prime minister, i.e., the minister of General Affairs; the minister of the Interior; and the minister of Defense. The GA determines what investigations the AIVD and MIVD are to carry out, divided by countries, regions and themes, and it lays down a planning and priorities. The GA does not only determine what investigations the AIVD and MIVD each need to carry out, but also what investigations must be carried out in joint effort by both services, as per the cooperation laid down in Article 86 of the Intelligence & Security Services Act of 2017 (“Wiv2017”).

The GA is made for a period of four years and evaluated annually. The classified appendix of the GA describes intelligence objectives, agreements for cooperation between the AIVD and MIVD, and an elaboration on the desired scope and depth of investigations.

The topics of investigation are determined to gather intelligence that is hard or impossible to obtain via other means, for instance diplomatic channels, to support the Dutch government in establishing foreign policy and in international negotiations. This concerns information that is crucial to national security and is only available at foreign intelligence & security services, or that can only be obtained by the AIVD and/or MIVD. This means the activities of the AIVD and MIVD are complementary to existing tasks of the ministry of Foreign Affairs and its representations abroad (e.g. Dutch embassies abroad). The foreign intelligence task must not be assessed in a narrow sense of immediate use for the Dutch government. Joint European efforts, efforts in allied context, and efforts in international law are taken into account when answering the questions whether and to what extent a certain theme is in the interest of national security. The intelligence yields can be used in bilateral and multilateral cooperation with other countries, insofar possible within the legal framework.

The ability to detect and identify developments that are unknown or not readily visible is of importance to the government, in order for the government to be able to investigate how to respond to sudden, unexpected developments or (imminent) incident in foreign countries, and regarding the response of foreign governments to terrorist threats; or to prepare for civil missions in which the Netherlands participates.

The investigatory themes relate to the ‘a-task’ of the AIVD (national security) and to the ‘a-task’ and ‘c-task’ of the MIVD (security & readiness of the Dutch military; and protecting and promoting the international rule of law).

The unstable and less predictable security environment of the Netherlands is an expression of globally changing power relations, where power and initiative shift to countries who have a different look on the world than us. The threat mostly comes from countries with big geopolitical ambitions. Foreign states are seeking for information to modernize their armed forces, to strengthen their economy, to influence political decision-making or to create strategic dependencies, to thereby increase their geopolitical position. To achieve such objectives, they carry out espionage. This can involve classical espionage, but also digital espionage, and increasingly often a combination of both. Hacking provides a means to sabotage, to use acquired information in decision-making or to influence public opinion. Foreign corporate takeovers and foreign investments are used to create strategic dependence on them.

The terrorist threat in the Netherlands is still an important investigatory theme for the AIVD and MIVD. This threat stems mostly from the global jihadist movement. The AIVD and MIVD carry out intensive investigations into jihadist and radicalized persons and organizations, both domestically and abroad. They also investigate citizens who turned foreign fighter, and returnees. Partner organizations are informed so that they can take measures, leading for instance to possible arrests and criminal prosecution of returnees.

Furthermore, developments in various weapon programs in “countries of concern”, such as North Korea, Iran and countries in the Middle East pose an increasing threat to international security. This involved the development and proliferation of WMDs, means of transportation (ballistic missiles), and chemical and biological weapons. The MIVD investigates military-technological developments in foreign countries, so that the Dutch armed forces can be prepared en protected adequately against existing and future threats.

The AIVD and MIVD investigate developments within right-wing extremism to get insight into radicalization of persons and groups inspired by right-wing extremism. Left-wing extremists are often active in multiple areas, often in changing groups (‘opportunity-based coalitions’), and sometimes operate internationally. Acts against the ministry of Defense from left-wing activist and/or left-wing extremist persons and groups are mainly focused on four themes: recruitment of new employees, the defense industry, the potential storage of nuclear weapons, and the involvement of Defense in execution of the policy on asylum and aliens.

From the outlines of the MIVD year plan for 2019 (note: this is mostly about the MIVD, but touches on themes relevant to both AIVD & MIVD):

Investigation into foreign countries

The investigation into foreign countries offers the Dutch government and armed forces information and perspectives for acting in conflict prevention and management. In 2019, the MIVD will conduct investigations into Afghanistan, Mali, Syria and Iraq. The deployment of Dutch soldiers in enhanced Forward Presence (eFP) is also supported by the MIVD. In addition, the MIVD, together with the AIVD, is investigating the political and socio-economic crisis in Venezuela and the possible impact on the Kingdom of the Netherlands.

Counterproliferation and proliferation of military technology

Weapons of mass destruction pose a major threat to international peace and security. The Netherlands has signed treaties aimed at preventing the proliferation of such weapons. The AIVD and the MIVD are jointly investigating countries that are suspected of working, or contradicting them, to develop weapons of mass destruction and their means of delivery.

The MIVD also investigates military-technological developments in other countries and the proliferation of high-quality military technology and weapon systems to crisis areas, so that the Dutch armed forces can be properly equipped against existing and future threats.

Espionage and foreign influence

Espionage, influencing and sabotage pose a serious and growing threat to the Netherlands and its allies. States that have major geopolitical ambitions are looking for information to modernize their armed forces, to strengthen their economy or to influence political decision-making. This may involve classic espionage, but also digital espionage and, increasingly often, a combination of both. Hacking offers opportunities for sabotage and influencing political and administrative decision-making or public opinion through the use of hacked information. Countries also try to obtain information or create strategic dependencies through takeovers or investments.

Radicalization and extremism

The investigation into phenomena of radicalization, of whatever form, among Defense personnel will be continued in 2019. The aim of this investigation is to identify undesirable behavior in a timely manner. The MIVD advises on measures to be taken to identify and deal with these threats. Promoting awareness and understanding requires constant attention.

Outlines of other tasks and objectives in 2019

In addition to the priorities described above, other tasks and objectives for 2019 are given below.

Security screenings

The MIVD has the task of conducting security investigations, as laid out in the Wiv2017 and in the Security Investigations Act (Wvo). Since 1 October 2018, the AIVD and MIVD have been working together in the Security Investigations Unit (UVO). This implements the Dessens Committee’s recommendation to form a joint organization for security investigations. In 2019, the policies on security investigations by the AIVD and MIVD will harmonized, as recommended by the Review Committee on the Intelligence and Security Services (CTIVD).

Regulation of general security requirements for defensie industry companies (ABDO)

The ABDO regulation requires that Defense industry companies are screened. The Ministry of Defense is dependent on third parties for the implementation of large-scale projects and carrying out certain tasks. In addition to the mandatory screening, the MIVD will also carry out investigations in 2019 into espionage and cyber activities that foreign powers may develop against the Defense industry. An important point for attention in this regard are companies that are actively involved in the replacement of defense equipment. The Ministry of Defense will collaborate more closely with the Netherlands Industries for Defense & Security Foundation (NIDV) in the field of cyber security, with the objective of strengthening the (digital) security of the Dutch defense industry and making defense companies more aware of the threat.

Colocation of AIVD and MIVD

As stated in the annual plan letter from the AIVD that was sent to your House on 21 December 2018 (Parliamentary Papers, 30 977, no. 153), there have been a number of developments that have led to a new study into the physical integration of the joint housing at Frederik Barracks and financial consequences. This study takes a little more time than expected. We will inform you about this shortly.

Readers who understand Dutch may also be interested in taking a look at the FY 2019 budget plans for the Dutch MoD, published on 18 September 2018.