This week, I turn my attention to the concepts of denial and deception and their application to intelligence. Next week I will discuss how cyberdefenders can incorporate deception to confuse and delay an attacker.
Denial and deception have long been tools used in foreign intelligence, often quite effectively. The use of denial and deception can significantly hinder intelligence analysis, which can have far-reaching consequences. The intelligence analyst must be aware of denial and deception tactics and employ effective countermeasures to mitigate or decrease the impact. The intelligence analyst that knows himself, his adversary, the situation, and the information channels is better prepared to counter denial and deception efforts.
Obstructing the Opponent’s Collection Efforts
Denial of intelligence is the blocking of information to hide the truth from analysts. The goal of denial is to interfere with and impede the intelligence collection. Sound operational security practices, such as disseminating information only as needed or encryption of messages can assist in denial. The Japanese employed many measures to deny intelligence leading up to the attack on Pearl Harbor. Radio communication between ships in the task force was forbidden, members of the ships’ crews did not know their destination until after departure, and the pilots and crews knew nothing of their ultimate target during training [1].
Knowledge of the adversary’s collection capabilities allows the denier to enact countermeasures against intelligence collection. One means of doing this is through disclosure of the adversary’s collection agents or practices. Since intelligence collection often relies on secrecy, the loss of secrecy decreases the effectiveness of collection. The impact of information not collected on the analysis can be great. This is especially true when the analyst is erroneously confident of the collection and bases the analysis on incomplete information, unaware that critical data is missing.
Deception is the Art of Causing the Opponent to Deceive Himself
Deception is providing misleading information to the adversary. A mixture of denial and truth often underlies deception. Deception must be believable to be effective and so it will often include elements of truth. However, denial ensures the complete truth remains unknown. On this foundation of truth and denial, the deceiver can develop a deception that appears to be highly desirable and genuine. Operation Fortitude from World War II (WWII) is a classic example of the use of deception [2]. This operation created fake armies, one in the north and one in the south, to divert German attention away from Normandy, the real site of the Allied invasion. The deception continued even after the Allied forces landed in Normandy, making the Germans believe that Normandy was the diversion from a pending attack from either the north or south. The truth of a pending attack and the effective denial of the actual plans were keys to the success of the deception.
Terrorist organizations have traditionally relied heavily on denial to maintain the secrecy of their organizations and operations. However, now organizations such as Al Qaeda and Islamic State in Iraq and Syria (ISIS) use deceptive propaganda via the Internet and social media to recruit others to their causes. The State Department Center for Strategic Counterterrorism Communications (CSCC) is devoted to analyzing and countering terrorist propaganda messaging. The CSCC received attention for the release of a fake ISIS recruiting ad on YouTube [3]. The video has graphic images, informs recruits that they can learn “useful skills” such as “blowing up mosques” and “crucifying and executing Muslims,” and ends with the message “Travel is inexpensive because you won’t need a return ticket!” A State Department spokesperson stated, “We believe countering our adversaries in this space is critical. We must contest the space by confronting distortion with reality and lies with the truth.”[3]
Countering Deception – Situational Awareness
Bruce and Bennett outline four counter deception principles – knowing yourself, knowing your adversary, knowing your situation, and knowing your channels [1]. Denial and deception are most successful when they reconfirm the target’s own expectations. Knowing yourself is the understanding of your own biases, including the “seeing what we expect to see” bias. Operation Fortitude exploited this bias in Hitler. Hitler expected to see the invasion coming in a different location so the fake armies reinforced his belief.
It is also critical to know your adversary, including its means, motives, and culture. The capabilities of the enemy to deceive, including the use of technologies and communication methods, must be understood. Knowing the adversary also requires an understanding of the adversary’s motives. These motives can include recruitment, prestige, planning of attacks, and concealing capabilities. The deception can have multiple motives as in the case of the ISIS propaganda videos that seek to recruit and to build prestige in its ranks.
It is important to continually evaluate and analyze the situation to look for cues of deception. Critical thinking should be used in analyzing the situation, including evaluating alternative analysis of the situation. At the same time, one must understand that routine denial and deception measures, such as the adversary’s operational security measures, will continue regardless of the situation.
Knowledge of the information collection channels is the fourth counter-deception principle. The analyst must understand his collection capabilities and limitations. It is also important to understand the degree to which the channels are vulnerable to denial and deception. Lastly, the analyst must be able to recognize the compromising of the channels and the impact of the compromise.
Denial and deception are an integral part of foreign intelligence. History has many examples of the effective use of denial and deception, such as Operation Fortitude during WWII. When employed effectively, built on a foundation of truth and denial, deception exploits the target’s own biases. The analyst must be aware of the use of deception and follow counter-deception principles, including knowing oneself, the adversary, the situation, and the channels.
About the author: Donnie Wendt is an information security professional focused on designing and engineering security controls and monitoring solutions. Also, Donnie is an adjunct professor of cybersecurity at Utica College. Donnie is currently pursuing a Doctorate of Science in Computer Science with a research focus on security automation and orchestration.
References
[1] Bruce, J. B. and Bennett, M. (2008). Foreign denial and deception: Analytical imperatives. In R.Z George and J. B. Bruce (Ed.), Analyzing intelligence: Origins, obstacles, and innovations (pp.122–137). Washington, D.C., USA: Georgetown University Press.
[2] Murphy, B. J. (2005). Patton’s ghost army. Retrieved from: http://www.americainwwii.com/articles/pattons-ghost-army/
[3] Berger, J. (2014). State Department enters propaganda war with ISIL. Retrieved from: http://www.military.com/daily-news/2014/09/09/state-department-enters-propaganda-war-with-isis.html