Tradecraft: Counter-Intelligence Background Checks

(TFC) – Counter-intelligence is critical in many fields. Proper counter-intelligence can stop industrial espionage, it keeps activists safe, it can secure religious organizations, and it is used by governments every day. One of the most important pieces to any counter-intelligence campaign is proper vetting. Performing background checks can be tedious, but it’s the foundation for all other counter-intelligence operations.

The process of checking out a new applicant to any organization is long and boring, but it’s easy.

Step 1: Gather as much information as possible about the applicant. Check social media, news clippings, criminal history reports, and so on. Pay special attention to names of friends. Modern technology has made open-source intelligence gather very easy.

Step 2: Meet with the applicant and ask basic questions that are relevant to the position. Ask the applicant for 5 names to use as references. Take the applicant out to lunch or dinner and simply chat. Tell stories back and forth and pay attention to the names in the applicant’s stories; especially those names that aren’t listed in his or her references.

Step 3: Meet or speak with the five references. These people are going to lie for the applicant. They are friends. These are individuals the applicant wants you to talk to. Ask them for five additional names of people who know the applicant well.

Step 4: Take the names from the applicant’s stories and compare them to the names given by the five references. Any name that appeared more than once is worth speaking with.

Step 5: After speaking with all of the references and additional names, meet with the applicant again and address any issues.

What are you looking for during the above conversations? That depends on why you’re vetting someone. Let’s say you’re checking out someone who wants to join your nonviolent activist group. If you find out from one the applicant’s friends that he gets in a lot of bar fights, he might not be the best fit. If you’re looking for someone to handle large amounts of money, selecting someone with a history of hard drug use probably isn’t a good idea.

If the applicant makes it through the initial screening, the next phase is to feed him harmless information to see if it’s leaked and where it ends up.

The final phase involves a small amount of social engineering. Make certain the applicant gets some kind of trivial dirt (a romantic interest in another member, an old nickname, some embarrassing event in high school, etc) about another member of the organization. The information doesn’t have to be genuine, but the applicant should be very certain that the member would never want this information disclosed. Weeks after the applicant learns of the information, the member should anger the applicant in some way. If the applicant releases the information, they probably can’t be trusted with secrets. If they can’t be trusted with something small, they can’t be trusted with something big.

A special note about compromising information: Everybody has secrets. Everybody has things in their past they aren’t proud of. A checkered past shouldn’t be grounds for immediate disqualification when it comes to handling secrets. Those with secrets of their own are probably better equipped to protect yours than someone with a spotless background. What matters more than past secretive behavior is ongoing secret activities. Someone who is openly homosexual is not in danger of being blackmailed over their sexuality. A person who is still in the closet is a security risk. A person who is in an open relationship is not a security risk, a married person who constantly cheats on their spouse is a risk. When protecting secrets, it’s imperative to know all of the dirty details of the lives of those you are trusting to keep information secure. Because of this, those selected to perform any counter-intelligence activity, including the boring background checks, should be the most trusted people in the organization. They have the keys to everyone’s dirty laundry.