At your last counterintelligence briefing with your Facility Security Officer or government sponsor, did they cover how not to place yourself into the targeting matrix of a foreign intelligence service? Foreign intelligence entities are continually building their dossiers of government employees – and some are making the task quite easy.

They know what the designation of Q, L, TS, SCI, TK, G, HCS mean, and what type of information each compartment is designed to protect. An example of how we are collectively making the hostile intelligence service’s work easier can be demonstrated in the following exercise, where this writer did some very basic research to identify individuals with potential access to U.S. nuclear technology and/or facilities.

The National Counterintelligence Executive warns of the Chinese interest in U.S. nuclear technology. Thus, it doesn’t take a rocket scientist to figure out that perhaps the Chinese are trying to determine the identity of every individual with access to U.S. nuclear technology, research and development, and national security plans and intentions.

The Chinese can take many paths to achieve their targeting goals.

Using sleeper agents

They can use the services of sleeper agents – those who have been sent to the U.S. for education, stayed, became citizens and maneuvered their way into positions of interest and access. In 2017 we saw the guilty plea of Allen Ho ( aka Szuhsiung Ho ), who did just that – he worked for 20 years within the U.S. nuclear research programs and is alleged to have identified numerous colleagues and their access. He pleaded guilty to “conspiracy to unlawfully engage or participate in the production or development of special nuclear material outside the U.S. (China).” This path is both time consuming (many years) and expensive.

Using poor OPSEC to their advantage

The Chinese can also scour the publicly available databases of jobs, harvest the content, create their own fictitious bait jobs and wait for applicants – they have had good luck with this approach, as evidenced by their successes in acquiring sources with CIA, Department of State and Department of Defense. They can also simply search for those who advertise they are working in the industry of choice, at a facility of interest.

A quick search on LinkedIn showed approximately 150 open positions require a “Q” clearance. Juxtapose that search with one on those who advertise their having a “Q” clearance and we see over 400 individuals (with bios and photos) sharing their possession of a “Q” clearance, and by extension their access to classified information pertaining to the U.S. nuclear program.

Then there is the online resume site Indeed. We found an individual who posted their availability: Shift Manager / Shift Technical Advisor (“Q” Security Clearance) – Knoxville, TN UPF Project (“Q” Security Clearance). Now the existence of the UPF (Uranium Processing Facility, Oak Ridge National Laboratory, TN) is not a secret. The “Q” security clearance is also widely known and not in and of itself classified.

Perhaps the most concerning of all is when a search of the gig-work site UpWork produced five pages of individuals (photos included) with a security clearance, and what they expected to be paid for their side-gig – $17, $34.50, $100 – all within the budget of every hostile intelligence service.

Once the intelligence officer has their list of prospective sources, they then throw the names into the intelligence hopper to have their analysts pull all available information on each individual. Pulling the available info from the corpora of personal information already in their possession. If it is China that would include – OPM breach, Ashley Madison, Equifax, Anthem, etc. A stack ranking of based on access and susceptibility is made and then espionage machine is put in motion.

OPSEC down the foreign intel target drain

While technically not in violation of the National Industrial Program Operating Manual (NISPOM) with the posting of the presence of a clearance, putting context around that clearance violates the tenets of good Operational Security (OPSEC).

It’s always nice when the target is half-way down the assessment process by declaring a need, demonstrating their access, and putting their shingle out to be approached with an offer for a side gig. Remember, the target is selected by the hostile service, and you can’t opt-out: you can only make it more difficult and know how to react when they come to your door.