Chapter Two
My getting this assignment had been largely coincidence. I’d finished a job in Greece, nothing big, just surveillance on an anti-globalization group with a history of violence which had recently relocated to the greater Athens area from Germany. While no job can safely be considered routine, that one had been close to that mythical level of risk. After a couple months of easy work mapping out the locations, contacts and habits of the group and its main associates, my team mates and I had completed our report to the USG (US Government) client and gone our separate ways. I was taking a bit of downtime visiting historic sites in the Peloponnese when I got a call on the global phone I reserve for business.
The screen showed “Steve (InSol)”, which meant it was coming from a friend who was one of the owners of a small government contracting firm by that name. InSol, I mean, not Steve. The job I’d just completed was for them although I also worked on occasion for a few other similar firms. I answered and after a few moments of polite chit chat, Steve asked if I would please check my Hushmail account as soon as possible. InSol had another job in the general area and he wanted me to take a look at it. I agreed to check the details within an hour and after another round of polite goodbyes, we signed off. There was an internet café just down the street from the small hotel in which I was currently residing and I headed there, cold Mythos in hand, to see what was up. A few minutes later I had run some basic checks on the computer with the programs resident on a flash drive I carried, signed into my Hushmail account and was reading Steve’s message.
After a short greeting and congrats on the job we’d just finished, Steve got straight to the point.
We’ve been approached by DIA and asked to look at a problem which has developed in Pristina, Kosovo. One of their sections which had an interest in the funding of extremist groups through narcotics and human trafficking activities had an agent handler assigned there. The handler, work name George HANNA, had developed a source within a specific organized crime group with ties to both the larger Serbian Mafia and several Islamist organizations. It appeared that the latter were using the established smuggling networks of the mafia to move people and weapons into Europe. The take was good, not only providing insight into operational activities but also to the financial and patronage ties which enabled the organizations to operate. HANNA was building a large data base with the potential to support interdiction operations. He was also sharing the network activity intel with various European partners.
Unfortunately, HANNA and his source, a young Albanian male named Luli Gashi, were murdered last week. It appears that they were hit during a meet in an effort to eliminate the source and his handler. It’s not clear if the hit team knew HANNA’s actual affiliation as he was operating under cover as a public relations officer working out of the US Embassy in Pristina. What interests DIA in this is that two days after HANNA’s death, a new communication was received that exactly matched the communications methods he had established for his source. Since the source is also dead it seemed likely that this new communications was the mafia attempting to smoke out any additional threats. This became much less likely when the information was examined. It turns out to be highly damaging to the interests of this specific group as well as partially verifiable. Since then two more communications have been received, each showing equal levels of placement and access and each providing accurate information. While the information has so far only detailed mafia activity, it shows P&A that would potentially permit tasking targeting the Islamist nexus. The new source is unidentified and unvetted and is demanding a face to face. Needless to say, DIA is reluctant to risk someone on what may well be a trap so they have turned to us. We’re contracted to send someone in, attempt to identify the source if possible, assess the possibilities for recruitment and subsequent tasking of the source and examine the possibility that this is an extremely sophisticated counterintelligence ploy by the mafia and/or an Islamist cell. The USG does not want to risk its personnel in something as uncertain as this, particularly when a low cost, low risk alternative exists. In order to provide the needed distance, the initial effort is being outsourced to us to do the legwork and field verification. No reply has been made to the demand for a meet…you will need to make that response yourself through the established channel. We can offer only logistical support and the USG will abide by the SOP for these contracts. If you accept this assignment, I’ll send a file with the communications plan and some additional details.
Please let me know within 24 hours if you want this one.
There was a bit more verbiage outlining the pay and time frame for the job. It was fairly standard for this level of skill and risk, one thousand US per day plus expenses, minimum of thirty days. There were also the usual disclaimers and insurance provisions. It sounded interesting, gave me a chance to re-visit a place of which I had fond memories and maybe do a dis-service to some folks I really didn’t like very much. I doubted that DIA or anyone in the DOD gave much of a shite about prosecuting criminals but was damn certain that Al Qaeda inspired Islamist groups were using criminal networks to penetrate national borders. I’d had some experience in dealing with this type of combined threat in more volatile areas of the world and knew from that experience about the frequent intertwining of extremism and continuing criminal enterprise. The crooks didn’t care about politics, just money and the use of even the most flimsy false flag in conjunction with a sizable amount of cash would create compliance. As for the terrorists, they were happy to set aside their hatred for expediency and the chance to kill a different group of infidels. Obtaining a source which was able to provide solid information on this marriage of convenience would be extremely useful in preventing another London or Madrid.
Light a candle, curse the darkness.
Of course, lighting a candle also casts shadows but it’s an imperfect world at best. Anything that fucked with the Serbian Mafia and the criminal elements which were strangling Kosovo was good with me. Kicking the Jihadists in the crotch, even indirectly, was the bonus plan. I sent an immediate reply to say I was on board and shortly thereafter received the file with the communications plan and other relevant case info.
The world in which I work and the role played by companies like InSol is a complex one, not well known to the public at large. There exists a sort of grey marketplace, inhabited by official government agencies and private companies, where various intelligence operations and support activities are conducted. This grey market is where information, often raw intelligence, sometimes RUMINT but always something someone wants kept secret, is exchanged. It is also where one goes to find small, privately held companies who will, for a reasonable fee, transport cargo, provide an office and backstopped legend for a Non-Official Cover (NOC) intelligence officer, facilitate the operational logistics requirements of secret operations and otherwise give value for money while maintaining complete deniability. This is because these companies and the people who run them are themselves the creation of government. The owners are retired former intelligence officials or otherwise connected and thus known and trusted. The various intelligence agencies of the US depend upon these companies to do things under broadly worded contracts, or even those which are deliberately misworded, which the governmental agencies are either not permitted to do themselves or which would create unwanted scrutiny or attribution if exposed.
For example, the CIA is forbidden by law to operate on American soil except under very strict guidelines which are carefully monitored by its arch-rival in domestic security affairs, the FBI. Should CIA wish to approach a terrorist financier who lives in the US and whom the CIA would like to recruit as a source, it may do so under existing law and with the administrative oversight of various branches of government. If the recruitment was successful, something made increasingly difficult by multiple agency supervisors having to sign off on every aspect of the development, the source would in all likelihood be run jointly. This would also mean that various levels of staffing on both agencies would be aware of
and have access to the “take” or product provided. Naturally, they would then share it as their agencies interests dictated. This, of course, increases the risk of unknown exposure to both the source and any operations based wholly or in part on his information. What is known by many is…known by many and not all of them will ultimately turn out to have the same interests you do. If, however, the CIA wishes knowledge of the financier’s affairs and connections to remain an agency secret due to its potential impact on other operations, it may elect to hire a private firm to make the approach and recruitment on its behalf. This avoids messy reporting requirements, keeps the information compartmented and the initial handler, a private contractor, can easily transition the new source to CIA control after a suitable period. If the operation was exposed the testimony would sound something like “Senator, to the best of my understanding we became aware that the subject might have information of national security value during other unrelated business dealings. It seemed our duty to put him in touch with national security and in order to do so discretely I contacted an old friend from my days of service with “X” agency…”
Another example in the foreign arena might be a private telecommunications firm providing say, cell phone infrastructure expertise to a foreign government. One whose population includes a significant terrorist element which targets Americans but where the government also lacks the will or capacity to root them out. The telecom would be approached by a government representative from anything except the intelligence community. Most likely the representative would be someone whose regulatory and inspection powers (and perhaps ability to provide government contracts) the telecom wishes to keep friendly. This person would strongly suggest that a specific sub-contract be given to a small privately held firm which has some expertise in communication infrastructure and security. This firm’s personnel, under cover as security or technical experts, then map out the nodes and vulnerabilities of a specific comms system, install technical collections devices and perhaps, identify and recruit assets within the local employee pool. These can then be turned over to official government intelligence agency personnel who reap the fruits of the effort without having to do the hard, dangerous work of assessment, development and recruitment under the noses of the local counterintelligence folks. The list of services provided runs on to quite a bit; everything from provision of security personnel at black sites, rendition teams for unauthorized (read not on the books) apprehension of persons of interest to national security and the conduct of surveillance and other operational support activities where the governmental entity itself either cannot operate or lacks the personnel to assign. The private company and its personnel take a considerable risk in that should anything go wrong, they will take the fall and be portrayed as having exceeded their scope of work, exercised poor judgment and perhaps incurred criminal liability. The companies are a beard, cut outs, someone who can be thrown to the wolves if needed and this additional risk is something for which they are highly compensated.
This may all seem a bit extreme. After all, the laws are set up to protect us, right? Intelligence agencies should share information and circumvention of government oversight is a Bad Thing. Reasonable people may differ on all these points but the fact remains that in the shadow wars we wage to keep our enemies at bay and our citizens protected, there are more grey areas than black and white ones. This is especially true when the shifting of political winds often make an action which is completely legal and supported today an illegal atrocity tomorrow. Those government agents who act in good faith tend to find themselves the political scapegoats of those who do not. Careerism and political advantage permeate the system and create a risk adverse atmosphere in which the mission to defeat the nation’s enemies is overtaken by the desire to have a comfortable retirement. Our intelligence agencies are largely bureaucracies and function with all the individual pride and attention to mission one gets from the Post Office. Things get done, eventually, and without anyone taking a risk that might alter their career trajectory or raise questions. When a real risk is taken, it is usually by a policy maker staking his political future on his decision as President Obama did with the raid to kill Bin Laden. This means that passing the buck, kicking it upstairs and generally delaying until the crisis is passed or expanded beyond individual levels of responsibility is the norm. Of course, innocent people die, opportunities are missed and our enemies are strengthened while the delay goes on but “hey, no one can blame me” is the mantra of the bureaucratic survivor. The few committed individuals who try to buck this system and are willing to take the risks required to prevent atrocity or increase security are slowly ground down. Or they leave and start a small privately held company which is utilized to take exactly the risks our government employees should take but will not. It isn’t perfect, it has all the dangers inherent in secret activities in a liberal democracy and there are abuses as in any such field. It is, however, exactly like Churchill’s famous quote about democracy itself…the worst option except for all the others.
The personnel providing the service at the sharp end are all hired on a consultant basis, have a previous track record within the community and are usually former intelligence or special operations personnel with an intelligence background. The vetting is extensive and community centric. That means reputation is all. Yes, an active appropriate level clearance is mandatory but is merely a qualifier. No one gets hired for even a small consulting gig unless they have several people vouching for them, their discretion and skill set. This continues all the time and one’s professional reputation is always scrutinized and weighed when a potential contract is being staffed. Generally the work comes to you as the operations managers like Steve know who does best with what kind of work. It ain’t like the movies but it ain’t like bland, risk averse, zero defects CYA government service either. I’ve done both and life in the cold is much more invigorating than life in a restricted carefully padded environment where anything effective is shunned as possibly creating a problem in some unforeseen way in the future. I’d seen the results first hand in the Middle East and SW Asia as young Americans were loaded into body bags when we could have stopped many of the attacks but were stymied by the careerism and a lack of understanding by conventional command, military and civilian. Moving beyond that to a sphere where I could operate with the mission truly coming first was like coming home after a year in the sandbox. Paying for this freedom with an increased personal risk was fine by me. As a buddy used to say, it’s only illegal or immoral if you’re doing it for the wrong people or the wrong reasons. Some may scoff at what they see as ethical relativism. I figure that I and my colleagues have paid for that right in blood…ours and that of our country’s enemies. Those who don’t understand this are generally those whom we have fought and bled to protect. Their innocence, while touching, isn’t germane to the real world. Out beyond the light of our comfortable campfire of wealth and ease prowl monsters to whom we are merely objects of frantic hatred stoked by ignorance and demagoguery. Throwing rocks at the sheepdogs patrolling the night and keeping the wolves at bay is a pastime of the peaceful. They can’t tell the difference, often don’t want to know and anyway, the sheepdog scares them. Still…being a dog out in the cold and dodging the occasional rock hurled by those I protect is what I choose. I’d never regretted that choice before and certainly didn’t then as I downloaded the file onto my stick, wiped the browser clean and made my way back to my hotel.
The file, labeled KVSPARROW in the delightful way of cryptonyms everywhere, provided some interesting reading. The first part was background information concerning HANNA’s tasking, the various organized crime groups in which he was interested and some in depth analysis on the ones he had selected for targeting. After that came info on the Islamist organizations suspected or known to be using various mafia groups to facilitate transportation issues. Last was info on the original source, Luli Gashi, information which HANNA had put together as part of the targeting, development and vetting proces
s. The file was largely intact, although there were signs of redaction here and there. The last section was the most heavily edited. Here were details of reporting by Gashi, priority intelligence requirements (PIRs) which indicated intelligence gaps and other information which, in the wrong hands, would be useful to analysts for the opposition. This section had been carefully redacted so little was available aside from assessments of Gashi’s information and notice that this or that piece, itself absent, was confirmed through other reporting. The parts I really needed were the details of the communications plan, emergency contact procedures and fall backs. Most of this was still in the file although some info had been deleted and the police investigation file added. It was obvious that HANNA had been using USG facilities at the US Embassy in Pristina to do some communications, at least the electronic variety. And that was the most important piece since the new source, KVSPARROW, was using the electronic communication system HANNA had set up to continue transmitting excellent intelligence.
Like most good clandestine communications systems, the plan was simple in design but somewhat complicated in execution. The objective of clandestine activities is to deny knowledge of the true activity, in other words, to keep the action secret. This often means hiding in plain sight. Invisible inks, and their modern electronic descendant steganography for example, are designed to help a written communication remain clandestine. If intercepted and casually examined, the communication appears to be genuine and the real communication is kept secret. The fact of the communication occurring is not disguised, the true message is. This is the essence of clandestine as opposed to covert. (Covert activities are those where the activity is not secret but its sponsor is. This is part of the reason why private intelligence services exist…they provide a level of deniability which is often of primary importance when the activity involved either cannot be disguised or is discovered.)
HANNA’s communications plan was a good one and quite simple. He had established a local email address which he had shared with Gashi. The email address was set up through a server in Pristina and to all appearances was a genuine Hotmail account. Gashi would travel to an internet café or use another computer with internet access, plugging in a small thumb drive like mine which, in addition to serving as a thumb drive, also held hidden programs which erased or blocked keyloggers and other spyware. This software was all commercially available and while perhaps unusual could be explained away as concern for the prevention of identity theft. Once the software was activated, Gashi would access the Hotmail account, type a message to that account and save it in Drafts. He would then exit and go about whatever other browsing he wished. A message from HANNA would be delivered the same way. Attachments could be added and saved with the draft. This was still not completely secure as the actual message typed was vulnerable to interception however it was only likely to be intercepted if Gashi was already under considerable suspicion, enough to make other physical forms of communications equally dangerous. Use of a system such as Hushmail or Opolis Secure Mail which are designed for privacy would have been better from the standpoint of secure communication but a dead giveaway if anyone checked and found Gashi was using such a site. It would raise questions of why he needed such secrecy whereas a regular Hotmail account was common and would raise no suspicion until or unless he did so in some other manner. A further layer of security was added by the message drafts all using a prearranged code. A message about a relative, for example, meant new information was available to be transmitted and was in an attached file, hidden through the use of steganography. One about vacation plans requested a meet. Others were set up to cover the major eventualities anticipated in a case officer/agent relationship. If a hostile party had enough suspicion to determine that Gashi’s email activity at this address was suspect then steganography detection software would only confirm that suspicion as the message attachment itself would be encrypted. Anyone looking over Gashi’s shoulder or otherwise observing him would not be aware that the message he typed meant anything aside from what it appeared to be.
I assumed that the use of physical meetings was something HANNA had determined was useful for handling Gashi. The record indicated that they met about once per month, something I would ordinarily question. The more often the source and handler were together, the more often the opportunity arose for observation and compromise. (Many of the most likely opportunities for compromise lie in the transition points between clandestine and covert activity. Almost all operations veer back and forth between the two and these points have to be carefully considered in operational planning.) In fact, it was at one of these meetings that both HANNA and Gashi were killed. I was a little concerned about this sequence of events and could see why it seemed like a come on from the opposition, most likely the Serbian Mafia working as a cat’s paw for a Jihadist cell. If the communications system was compromised, then it would be easy to send information, even valuable information, in order to first determine if the other end of the net was being monitored and then request a meet. At that point an ambush or kidnapping would be pretty much standard procedure for either group. I didn’t really blame the DIA for not wanting to send someone into this.
On the other hand, if the communications were not compromised, then the ambush had probably occurred due to some other element of Gashi’s activity raising suspicion. This begged the question of who was using it now, however. There was no indication in the file that Gashi was running a sub-net or that he had any support system in place which might account for someone else having the comms plan. Compromise had to be assumed. The real question was the party involved. If it was a confederate of Gashi’s, someone he trusted and had not revealed to HANNA, then we might be in business. If it was indeed the mafia then I was in for a very interesting ride. According to a report from DIA, the ambush had been a straight elimination event, no attempt to kidnap or interrogate anyone. Several guys with AK 47s had popped up and fired a full magazine apiece into the car where HANNA and Gashi were sitting. Then one of them walked up and put two rounds into each head with a Tokarev. This meant whoever was behind it didn’t need or want to know anything more. They only wanted to eliminate a threat.
This also most likely meant that if they had the comms plan and were now using it as a sort of dangle, they had to have obtained it from Gashi prior to killing him, as getting it from HANNA was a very remote possibility. He could have been compromised through some party who suborned him or otherwise gained this information but there was nothing in the file to indicate anything of that nature. I’d keep it in mind but only because it made sense to be aware of the possibility, however remote. And if DIA had any suspicions of that nature it would make sense for them to share them with us. This left Gashi as the most reasonable means whereby the comms plan and the meet were compromised. That would most likely be through force, threat of force or surveillance which created suspicion sufficient to warrant action. Gashi was, according to HANNA’s reporting, very nervous and somewhat paranoid, which meant he was very watchful when going to an internet café to transmit. He used several in random order which would greatly increase the difficulty of obtaining a way to intercept his email drafts. That level of sophistication, while not unheard of nor beyond the reach of their pocketbook, was unusual for the Serbian Mafia and would probably be outside of a regional Jihadist cell’s ability as well.
The bottom line was that there simply was not yet enough data to decide. It seemed reasonable, however, to proceed on the belief that Gashi was compromised elsewhere than the comms and that a party unknown to HANNA had either enjoyed Gashi’s confidence or had in some other fashion learned of his activity and elected to continue. This was the positive side which DIA hoped we’d pull out of the fire without getting burnt or exposing their chestnuts to public view. If we did not assume this as a start point, there was nothing to do but accept the info coming in until it dried up. That wasn’t what DIA wanted as it looked as if the information was very valuable and not something the mafia would dangle jus
t to set another ambush. The KVSPARROW take so far had resulted in one foiled assassination in Serbia and the seizure of a large shipment of heroin in Italy. Somebody was giving away the store and while DIA didn’t understand who or why, they certainly wanted to know and to set up a long term relationship. Which meant I was heading back to Pristina on an interesting mission that promised to be diametrically opposite my little cakewalk in Greece.
Good enough. Too much cake makes you fat and slow anyway.
I packed my gear and clothes, nothing indicative of my profession of course, and spent the rest of the night reviewing the file, pondering the implications and determining how I’d proceed. I had a car, a BMW 325i with proper papers for crossing borders which I’d rented using a work name and ID. I figured on driving the ten or so hours north in the morning, checking into a hotel and spending a day getting reacquainted with Pristina. With that in mind I dropped off to a deep and peaceful sleep, looking forward happily to being operational again.