LN324-91

                              CHAPTER XVI

                       ESPIONAGE INVESTIGATIONS

INTRODUCTION:

     As counter intelligence special agent you must have specific knowledge
of the aspects of an espionage investigation to get security information for a
Commander of the Armed Forces responsible for the safety of his command. You
as espionage agent must always have in mind that all information must be
developed in detail, even though the information is favorable or unfavorable
for the SUBJECT.

GENERAL FACTS:

     A.    Preliminary Sheet (Figure 1).

     1.    Review the preliminary sheet (PS), found in the control office for
the investigation requirements. The PS has specific leads or leads that must
be investigated.

     a.    A PS has collected information during an investigation and could:

     (1)   Require a development of more investigative leads.

     (2)   Identify a source that will provide additional information about
the case or leads about additional sources that could have information.

     b.    Areas of interest in the PS are: (Figure 2)

     (1)   Block 1, SUBJECT: Contains information about the identity of the
SUBJECT of the investigation.

     (2)   Block 4, TYPE AND REASON FOR THE INVESTIGATION: Contains the
specific leads or the leads that must be developed. This block also contains
information of history and special instructions that will help the special
agent in the requirements to develop the leads.












                                  137

LN324-91 (c) SIGNATURE BLOCK: Make sure that each PS is signed with the signature of the official in charge of the case or authorized person. (d) BLOCK 8, CONVINCING DOCUMENTS: Identify all convincing documents that are not considered necessary to the development of the required leads. 2. Review the initial report prepared by the personnel of the Armed Forces (AF) involved or who have knowledge of the incident or situation. NOTE: With the exception of obtaining the initial details of the incident and submitting the priority report, only elements of counter intelligence are authorized to investigate SEAAF cases without the approval of the higher department. 3. Start the espionage investigation when you have the approval from the higher control office, based on the leads originated from various information sources, including: a. Reports from confidential sources. b. Reports from other intelligence agencies, security, or police agencies or national guard. c. OPSEC evaluations, CI technical inspections or reviews. d. The review of refugees, border crossers, displaced persons, PGE and other similar groups. e. Routine security personnel investigations. B. Identify the type of security investigation that you will conduct. 1. Incident investigations a. These are activities or specific actions. b. Implications are suspected from acts of espionage. 138
LN324-91 c. This case will be kept as Type of Incident during the investigation, although, the identity of the person implied will be established at a later date. 2. The Personal SUBJECT investigations. a. Imply one or more known person. b. They originate allegations about the specific activities of the person. c. This case will be kept as personal SUBJECT investigation, although information has developed about an act or specific activity. 3. Investigative jurisdiction. The jurisdiction for the CI section will take place according to the SOP laws. C. Review of legal statutes which applied to the espionage acts. 1. Espionage - Is the act of obtaining, giving, transmitting, communicating or receiving information regarding the national defense with the intention or reason to believe that the information is going to be used to harm a national government or for the benefit or advantage of a foreign country. a. Any person or persons with legal or illegal possession, access, control over, has been given confidential information regarding the national defense, which the person in possession has reason to believe the information could be used to harm the national defense and for the benefit or advantage of a foreign country, voluntarily communicates, transmits, or tries to communicate, or transmit this information, to any person who is not authorized to receive it, is guilty of an espionage act. b. Any person or persons in charge, or in legal possession and control over national defense information, who by negligence allows the same to be lost, stolen, displaced, destroyed, or removed from the place of safekeeping, or gives this information in violation of faith and trust, is guilty of a espionage act. 139
LN324-91 D. Review the operative methods (OM) of the hostile intelligence agents regarding the activities of the espionage acts. 1. Review the types of hostile operations. a. Legal Operations. Involve espionage networks which are controlled by a representative from the foreign country who is official charge and is sanctioned by the host country. Frequently, the person possibly has diplomatic immunity, and is not subject to inspections, detentions, or trials for ilegal activities committed. b. Ilegal Operations. Involve espionage networks that are not in direct contact or relations with the foreign country. Most of these persons are native of the country or of another country. Ilegal operations are more difficult to detect and have the advantage that the operation is continued during war time or in countries that do not have diplomatic relations. 2. Review the control methods of the hostile intelligence. a. The centralized control procedures require approval from the central headquarters from all the espionage activities. Many countries for security reason regarding the espionage activities have a central control point. b. The internal control method. Involve operations conducted totally within the host country. All hostile agents are controlled by a general headquarter or by a residence that has been established in the same country. This method is the most outstanding in the external method. c. The external control method. Involve operations conducted within the host country controlled by another country. This is the safest method to control personnel. 3. Review the type of hostile agents used in a hostile operation. a. Penetrating Agents have direct access to the information required by the hostile country. 140
LN324-91 b. Recruited agents in massive form are badly trained and belong to echelon of low category; these agents are infiltrated within the country in great numbers when there are favorable opportunities within that country. c. Confusion agents are used to deceive the intelligence agencies to waste their efforts in useless investigations. d. Provoking agents are used to provoke the intelligence agencies to take inappropriate actions for their disadvantage. e. Sleeping agents are kept inactive for a long time until the hostile country has a mission for them. 4. Review the espionage network used by the hostile country. a. The single system of agents involves collective intelligence efforts from a person. These agents operate only with the support of the administrative personnel, but only one person is involved in the collective operations. b. The echelon system are networks that provide security when great number of agents are being used in operation. Only the leader of the network knows the identities of all the members of the network. Contact is initiated only by the higher echelon and code names are normally used. There is no lateral contact because the members of the network do not know each other. c. The cell system could be simple or complex depending in the number of agents that each cell has. The members of a cell know the identities and the places of each member involved in espionage acts. They have the liberty of coming in contact with each other and as minimum a member of a cell keeps contact with the supervisor. It may or may not be that they have arrangements for unilateral contacts. d. The echelon network could degenerate in emergencies in a cell type system. Unilateral contact could develop and a member of a segment could be instructed to establish contact with members of another segment. 141
LN324-91 NOTE: Most of the hostile intelligence services use more than one espionage network to cover or operate in the same area. 5. Review the hostile recruitment methods a. Acquisition techniques are used to find a person who has been coerced or made to accept recruitment by force. b. The analysis of sources/potential recruits makes a detailed study of the files and information of past history to identify the potential the person has as agent and his reactions to contacts or possible methods of contact. The motivation of the recruitment also is determined (ideology, money, coercion and selfishness). c. The recruitment by contact is used to obtain contact with the person and through him obtain his cooperation and involve him in espionage acts. The contact could occur in the person's own country or while the person is traveling in a communist country. The customary way of hostile agents is to allow another person to make the contact and not to involve the agents that did the consecutive process and the analytical steps. NOTE: The "Small Hook" is the favorite method used by the hostile intelligence service to prepare the potential agent. In this method, the subject is requested to provide innocent information and material of no value to intelligence or classification. 6. Review of the hostile camouflage method. a. The natural camouflage is the way of legal residence or entry to a country, the use of a real name frequently, occupation or legal ways. The local persons who are recruited normally operate under the natural camouflage because they have established in the community and are employed in the country. b. The artificial camouflage involves the fabrication of history and position of an agent and the falsification of identification documents in a way that matches the fabrication of history and camouflage history. 142
LN324-91 7. Review the hostile communication method. a. Conferences are normally kept to the minimum, but when used, these conferences take place in public areas so as not to arouse the public curiosity. b. Official messengers are used to transport information to the control official. Diplomatic bags are considered as the safest method to carry material obtained for espionage acts. c. The post is used to carry information, using codes, secret writing and microfiche. d. Radios or communications systems are mainly used during operations in war time, but instructions could be transmitted to agents using lateral communication systems at any time such as CB radios or Motorola. The communications through cryptographic systems are used to transmit messages in a safe way. e. "Mail drops" are hidden secret places used to transmit or safekeep information and material. Most of the services of hostile intelligence put considerable emphasis in the use of "mail drops". NOTE: Always keep in mind that mail drops could be done by a middlemen and moved to another mail drop to provide necessary security to the controlling officer. 8. Review the Financing Method for espionage activities. a. Limited or unlimited resources are normally available for espionage operations to the hostile agent. b. The financial resources will come from the hostile country. c. The financial resources will be obtained by organizations or hidden business. d. The financial resources will we obtained by ilegal activities (black market, drugs, etc). 143
LN324-91 e. The financial resources or money of the target country are transferred to the country by diplomatic bags, official messengers, or by hostile agents. f. Bank accounts are established in the target country for the access of the agent. E. Prepare an interrogatory plan (Figure 2) NOTE: Depending on the type of investigation that will be conducted, the available time, the investigation plan could require only a mental study, or could be a written formal document requiring approval previous to the continuation of the investigation. 1. Plan an investigative agenda detailed for each step of the operation to: a. Define the requirements of the information. b. Define the pertinent aspects to be considered. c. Prevent unnecessary investigative efforts. 2. When the plan develops, consider: a. The reason or purpose for the investigation. b. The assigned phases of investigation. c. The investigation type (open, covered). d. Priority and suspension time. e. The restrictions or special instructions. f. A definition of the problem. g. The methods and sources that could be used (review of files, interviews, etc.) 144
LN324-91 NOTE: There is no fixed procedure that could be recommended for treatment of an espionage investigation. One must determine the specific method to each individual case based upon the circumstances of the case. h. The coordination requirements. 3. Update the investigation plan. a. When new data is discovered. b. As a result of continuous analysis. F. Conduct an investigation of the incident based upon the type, if appropriate. 1. Go to the incident's place. 2. Protect and safeguard the incident place giving appropriate orders and isolating the place physically. All non-authorized persons must be taken out of the place. 3. Find out the circumstances of the incident by visual observation to determine the investigative approach that will be most appropriate. 4. Identify and segregate the witnesses. 5. Obtain photographs of the place, if required, provide a series of photographs to give the maximum amount of useful information and to help the reviewer to understand what had happened. 6. Search the place and collect evidence, if appropriate. Evidence is defined as articles or material found in connection with the investigation or that could help establish the identity of the person or circumstances that caused the incident, in general, facts that will help uncover the events. 7. Control the evidence obtained. G. Coordinate and conduct ties with other investigation agencies. Coordination is a continuous activity during many of the espionage cases. H. Interview the witnesses. 1. Conduct interviews of witnesses in the place, if appropriate, to obtain all the pertinent information. 145
LN324-91 2. During investigations of the subject, conduct interviews of all the witnesses who could have pertinent information or knowledge of the case. NOTE: The most time-consuming part of the investigation is the interview, because through the interview we obtain the greatest part of the information sources. I. Conduct the review of files. J. During investigations of incident type, it will be desirable to make contact with the confidential sources for any information that comes to your attention. NOTE: Information regarding the espionage incidents or the present espionage investigations will be limited only to few persons and only to persons who need to know the information. K. Conduct the investigative analysis of the facts of the case. Although, an investigation is basically a collection of facts, the secondary function is also important; the analysis of the facts. The analysis is established in the review and comparison of facts from the case to develop a hypothesis and come up with conclusions regarding the identity of the suspects, circumstances surrounding the incident, and future actions. NOTE: There are no established procedures to analyze the information from the case to come up with a solution. One method could work as well as another method. All must include the basic function of review, comparison, and hypothesis. 1. Review all information available of the case. a. Placement and correlation of all information. b. Examine the information to identify the pertinent facts. c. Determine the dependability of the information. d. Determine the truth of the information. 2. Compare the information already known. (Figure 6) a. Compare the available information with the legal espionage elements. (1) Identify the information that supports or show the legal espionage elements. (2) Identify the holes in the information that could be completed with further investigations. 146
LN324-91 b. Compare the information obtained from witnesses to the information from other witnesses or sources. c. Identify the possible suspects by comparison of the information. (1) Identify persons with connection to the incident. (2) Identify the "opportunity" forpossible suspects. ("Opportunity"--the physical possibility that a suspects has of committing espionage acts). (3) Develop information to prove the motive of each suspect. (4) Develop information that proves the intent of each suspect. (5) Develop all the circumstantial evidences and associations of each suspect. NOTE: In cases of personal subject, the suspect, or possible suspect, is identified therefore. Therefore all efforts are directed to identify his connections in espionage acts, his opportunities, motives, and intents. Show all information and evidence in terms of elements of required evidences to support the charges. 3. Show one or more hypotheses. Hypotheses are theories that explain the facts and that could be examined in later investigations. The best hypotheses are selected to resolve the problem between the information available. a. Apply inductive or deductive reasoning to show the hypotheses. 147
LN324-91 (1) Inductive reasoning involves moving the specific and the general. Develop generalities, from observations that explain the relationship between events under examination. (2) Deductive reasoning involves procedures from general to specific. Starting with the general theory and applying it to the particular incident to determine the truth contained in the theory of the incident. NOTE: In both processes, the steps must follow a logical manner point by point. b. If you come to a point where the deductive reasoning is not productive, consider using the intuition. Intuition is the quick, unexpected act which clarifies a problem when the logical process and experimentation has stopped. Intuition must not be ignored, particularly in difficult cases where little progress is evident. c. Put your hypothesis to a test of considerations of probability, additional information of the witnesses and other known facts. d. Eliminate various possibilities systematically considering each hypothesis between: (1) The opportunity (2) The motive (3) Observed activities (4) Corroboration of the alibi. e. Select the best hypothesis based in the consistency with the known facts and the high degree of probability. f. Examine the hypothesis objectively. g. Modify and refute the hypothesis if contradictions to the evidence are discovered. 4. Determine the direction of the future investigation activities. 148
LN324-91 a. Identify future actions that will examine or verify the selection of the hypothesis. b. Ask approval from the higher control office to complete the identified actions. L. Conduct vigilance, if appropriate. M. Conduct interviews of the SUBJECT, if appropriate. N. Conduct interrogations of the SUBJECT, if appropriate. 0. Prepare the appropriate reports. P. Consider an investigation successful when: 1. All information and pertinent material or allegations from the case are discovered. 2. The physical evidence available is completely handled. 3. All witnesses were appropriately interviewed. 4. The suspect, if he allows, is interrogated in an effective way. 5. The report of the case was understood, clear and detailed. 149
LN324-91 EXAMPLE #1 PRELIMINARY SHEET _____________________________________________________________________ PRELIMINARY SHEET DATE/START OF INVESTIGATION _____________________________________________________________________ 1. SUBJECT 2. DATE NAME: RANK, RANK NUMBER IDENTITY BADGE: 3. CONTROL NUMBER: PLACE/DATE OF BIRTH: _____________________________________________________________________ 4. TYPE AND PURPOSE OF INVESTIGATION: 5. LEADS TO BE VERIFIED: 6. INFORMATION FROM HISTORY: 7. SPECIAL INSTRUCTIONS: ______________________________________________________________7.AGENCY REQUESTING INFORMATION AGENCY PREPARING REPORT ______________________________________________________________ OFFICE OFFICE ______________________________________________________________ SIGNATURE (AUTHORIZATION) SIGNATURE (AUTHORIZATION) ______________________________________________________________ PERSON'S NAME NAME OF AUTHORIZED PERSON ______________________________________________________________ ADDITIONAL DOCUMENTS ENCLOSED ADDITIONAL DOCUMENTS ENCLOSED ______________________________________________________________ 150
LN324-91 EXAMPLE #2 INVESTIGATIVE PLAN 1. REASON FOR INVESTIGATION: 2. TYPE OF INVESTIGATION: LIMITED 3. INVESTIGATION WILL BE CONDUCTED: DISCRETELY (Safety will be t h e main factor during the invest igatio n). 4. PRIORITY: 5. SPECIAL INSTRUCTIONS: a. b. 6. INFORMATION GIVEN: 7. SEQUENCE OF INVESTIGATION: a. Conduct review of local files. b. Examine the subject's military and medical files. c. Interview the following persons: (1) Carry out the review the neighborhoods (2) Carry out the review of the financial or credit reports. NOTE: The plan mentioned above must have flexibility, it is only a guide. Each case must be treated individually. Your plan could be similar, shorter or longer, but this will depend upon the requirements dictated in the Preliminary sheet. 151