Search
  • alhglobalanalyst

Insider Threats and Espionage in Police Departments

Kaitlynn Belmont, Federico Bertola, CICYBER

October 11, 2020


An individual who has the honor of being sworn as a Law Enforcement Officer (LEO) has great responsibility within their respective community. They are at the forefront of upholding the law with powers given to them such as making lawful arrests, using deadly force when necessary, and coming into contact with personal and confidential information. However, for some officers, especially young recruits straight out of the academy, the reality of the job becomes too much to handle. Long hours, low pay, negative feedback from the public, underappreciation and the stressful situations they encounter on a daily basis can cause an officer to involve themselves in criminal offenses. Historically, the offenses ranged from drug deals, and abuses of power for profit but today that threat has transformed into an increased amount of espionage from the influence of foreign service intelligence entities. Members of law enforcement are often targeted by foreign state actors based on race, personal status, issues in relationships, mental stability, impulsive habits such as drinking or gambling; actions which can directly result from the professional issues listed above.


When recruiting a member of a police force, foreign state actors also target individuals with whom they would connect, such as finding someone who speaks their language, has similar connections through Linkedin, shares previous work experience, or has a position within the department that would give them direct access to information. Specifically, they target individuals who can easily be persuaded that their expertise and experience are needed to add value to a foreign group, project, or company. Typically, recruitment occurs through phone and video calls enticing the targeted individual to help their mission and can even plant the prerequisite ideological seeds. Recruiters can also use deceptive means such as through online communication and social engineering as a way to influence an individual into believing they are strictly helping to advance a legal agenda. This causes concern for the release of critical national security information as victims do not always realize their supplemental information crosses over the classified domain, giving an advantage to foreign adversaries about U.S. policies.


Over the past 15 years, China has sustained a long-running and massive campaign of espionage, especially in the United States.[1] What makes their efforts so successful is their system of acquiring agents. The beginning process of grooming potential sources is done by “spotters” who can be university professors, individuals part of a think tank, or even corporations who scope out potential targets but cannot approach the target because of their deep cover. The targets are then passed off to an intelligence officer who starts the next process of assessing potential recruits.[2] In the assessment phase, the officer is responsible for identifying possible motives that the individual may have for agreeing to partake in espionage. Potential motives are often recognized by the acronym M.I.C.E (money, ideology, coercion, ego). The monetary gain influences most of China’s recruits. Then the development of information acquisition occurs, foreign state actors begin to ask targets to fulfill their requests nonchalantly. Some targets are aware that they are close to crossing the line into treason at this stage, and some are not. This leads to the next step of actual recruitment, signified by the request to officially become a spy which is followed by receiving a handler to communicate with on a day-to-day basis. The recruit and handler rely on different forms of modern tradecraft to communicate with one another.


Communication between the foreign state and the agent is a direct reflection of today’s advanced technology. Communication occurs primarily online by way of encrypted means. Specifically, threads of communication occur over encrypted phones which are utilized for both calls and messages, sending unsuspecting emails, and leaving emails in both the draft and spam folders. However, older forms of communication, such as dead drops, are still utilized like in the famous case of former FBI Agent Robert Hanssen, who spied and sent classified information to Russia as a member of the KGB.[3] He was eventually caught in the middle of making a dead drop in Virginia after being put under FBI surveillance due to an ex-KGB agent identifying him as the mole. Online interactions can leave traces even when deleted, especially if paired with intellectual property loss and classified information.


Considering that the New York Police Department is the US’s largest police department, foreign state intelligence would be interested in somebody within the NYPD who could access records, provide traces, and find out who is under investigation. In particular, the foreign insider could provide sensitive information about the police department’s internal operations and could raise the country’s appeal and attraction by facilitating consulate staff participation in public events. Additionally, foreign intelligence could gain information on what the NYPD is doing in terms of surveillance, the databases they have access to, and what they are learning about the State’s UN representatives and consulate officials.


On September 21, 2020, a New York City Police Officer, Baimadajie Angwang, was charged by federal prosecutors with acting as an intelligence asset for the Chinese government due to his activity in providing information about US supporters of the Tibetan independence movement to officials at the Chinese consulate.[4] Angwang’s spying activity in New York persisted since at least 2014, and aimed at different objectives: first, he scouted for potential intelligence sources within the Tibetan community; second, his role was to identify potential threats to China in the New York metropolitan area.[5] Furthermore, Angwang could provide sensitive information about the internal operations of the Police Department to Chinese authorities.[6] Moreover, the NYPD agent aimed at raising China’s soft power through the invitation of consulate officials to Police Department events to gain a deeper reaching of Chinese influence into the police department environment.[7] According to court documents, one of the PRC consular officials, at whose direction Angwang acted, worked for a division of the Chinese United Front Work Department, a Department responsible for neutralizing potential opponents of the PRC and co-opting ethnic Chinese individuals living outside China.[8]


The NYPD Chinese spy, Baimadajie Angwang, in addition to his employment at the Community Affairs Unit of NYPD, was listed as a staff sergeant with the US Army Reserve, in an Airborne Civil Affairs Battalion.[9] As part of his employment with the U.S Army Reserve, Angwang maintained a “SECRET” level security clearance, released by the Department of Defence.[10] He allegedly lied during the submission of a national security clearance background investigation form, denying that he had contacts with a foreign government or its consulate, and by denying that he had close and about having ongoing contact with family in China, some of whom were affiliated with People’s Liberation Army (PLA), the unit of the armed forces of the Chinese government.[11]


NYPD Police Academy Graduates at Madison Square Garden[12]


In the last few years, other spies infiltrating law enforcement of target countries occurred in some countries. In September 2019, Cameron Ortis, Director General of the Royal Canadian Mounted Police National Intelligence Coordination Center, was charged with offenses including obtaining information to give to a foreign entity or terrorist group, communicating or confirming special and secret operational details.[13] Another known case occurred in 2014 when a Polish Officer was sentenced to six years in jail after being found guilty of spying in Poland for Russia; he received payment from Russian intelligence services to give them information about Polish service members they could potentially recruit and access confidential information about Polish security.[14]


According to the National Insider Threat Task Force (NITTF), “an insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems.” [15] Therefore, the NITTF defines the insider threat as “the risk an insider will use their authorized access, wittingly or unwittingly, to harm their organization. This can include theft of proprietary information and technology; damage to company facilities, systems, or equipment; actual or threatened harm to employees; or other actions that would prevent the company from carrying out its normal business practice”. As was evidenced before, one highly valued target that provides a rich source of information is law enforcement agencies as the insider threat in law enforcement organizations poses a significant risk because of the confidential information personnel can access, as the NYPD case highlighted.


To protect confidential information against insider threats, law enforcement organizations have employed several resources to protect their assets which include the building of a robust and secure network to protect and strengthen the servers within the environment due to the importance of network security.[16]


However, the protection of networks and cyber infrastructures is not enough, in fact, it has been underlined by several researchers that the weakest link against the penetration of threats, is the human factor. The fundamental aspects of a counter insider threat strategy for law enforcement agencies need to be based on a combination of preventive and detective measures. It is fundamental that law enforcement adopts insider threat programs that have a mixture of policies, processes, and technologies to provide the necessary balance of prevention and detection, in order to mitigate the impact of insider threats.[17] These programs can help in protecting critical assets, providing security efforts focused on reducing the risk of disclosure, and alteration or destruction of organizations’ critical assets.[18] Additionally, the implementation of an insider threat program for law enforcement agencies should follow other key steps; in particular, it should examine concerning behaviors to recognize and report suspicious activities,[19] monitor personnel activity, and raise awareness among the law enforcement community. Building an insider threat program can help law enforcement organizations detect, deter, and respond to threats resulting from malicious and unintentional insiders. Further, the authorizations all personnel have access to should be extensively documented and limited to reduce the amount of damage caused by potential insider threats.


According to the least privilege principle, every staff member should be given the least amount of access they need to perform their job. In addition, every police department should designate an Insider Threat Working Group, responsible to reduce risk to people, data, systems, and facilities and in order to vigilate on the respect and update of the insider threat program and should implement a training and awareness program.[20] It is fundamental to train personnel on how to detect possible risks or alerting behavior of colleagues: for instance, extremist ideology, an abrupt change in personality, requesting access to information, systems or facilities not associated with their duties, and/or unnecessarily copying or downloading sensitive information.


Insider threats are prevented through a rigorous examination of potential employees for previous allegiances and potential security risks, such as involvement in crime and destabilized homelives. Background checks are, therefore, even in a cybersecurity environment, essential to avoid prior history influencing the performance and allegiance of the employee. In fact, most Local and State Law Enforcement Officers go through extensive background checks/investigations, psychological assessments, and polygraphs to determine if they can take on the duties that give them the extraordinary powers of enforcement of the law. Much of these current checks focus on criminal history and mental/emotional stability. The one difference between a background investigation with a Federal LEO or a State, City, and Local LEOs is that there is no counterintelligence investigation being conducted. Many Federal LEOs are asked questions about foreign influence and foreign preference and any ties to any countries or people of concern are investigated. Instead, State, City, and Local LEOs are never asked these questions nor are they investigated on a counterintelligence level which could determine if they were susceptible to being targeted by a Foreign Intelligence Service. With the new threat of LEOs being targeted, Law Enforcement Agencies must begin to rethink their background investigation process and make it more equivalent to getting a Federal Security clearance like those given to those who work for the Federal Bureau of Investigation for example. There are some State, City, and Local LEOs who are given Federal Security Clearances if they are working on joint task forces with Federal Agents, but this number is small. All Law Enforcement Agencies must take the threat of Foreign Intelligence Services targeting their officers and paying them to spy on their country as a real threat.


However, background checks do not prevent the fermentation of treasonous behavior during employment. In concordance with their access to classified and essential intel, employees must be monitored during and after employment, including foreign visits and examining financial situations and marital stability. Behavior at work must also be taken seriously, as displays of anger, movement in areas the employee does not have access to, uncomfortable action around fellow employees, and questioning fellow employees about work outside of their tasks, indicate potentially treasonous behavior. In fact, LEOs are very vulnerable for a number of reasons, which include frustrations with the job, feeling a lack of appreciation, and desires to make more money. There are also some officers who do fall into heavy alcohol abuse and personal relationship issues such as marriages, long term relationships, and sometimes family ties being strained because of the emotional and mental demands of the job. Suicide is a major concern in the law enforcement community. Any lack of mental, emotional, or personal stability leaves an officer susceptible to being targeted by Foreign Intelligence Services operatives who can exploit these issues and influence an officer to betray their country.


It is clear that the insider threat is a subtle threat that can be hidden in the seemingly safer maze of police institutions, and for that reason, every police department should try to implement these measures in order to detect, deter, and defeat this insidious menace to national security and foreign interference on nation-state sovereignty. Law Enforcement Agencies must go beyond the initial background investigation process being changed. Additionally, they must also develop an Insider Threat Program that continuously monitors officers to ensure that officers are not falling into financial trouble or dealing with other issues that leave them susceptible to being targeted by a Foreign Intelligence Service.


The Counterterrorism Group advises institutions, organizations, and individuals within the law enforcement sector to regularly screen employees for insider threats and conduct thorough screenings of employees and partners to identify any connections with foreign intelligence and institutions. Convenient and safe methods for employees to report suspicious behavior should be established and encouraged across law enforcement organizations, and insider threat programs should be established in each police department.

________________________________________________________________________The Counterterrorism Group (CTG)

[1] “China's 5 Steps for Recruiting Spies”, Wired, Oct 2018, https://www.wired.com/story/china-spy-recruitm ent-us/

[2] Ibid

[3] “Robert Hanssen”, FBI, n.d, https://www.fbi.gov/history/famous-cases/robert-hanssen

[4] “NYPD officer charged with spying on Tibetan immigrants for China”, The Guardian, September 2020 https://www.theguardian.com/us-news/2020/sep/21/new-york-police-officer-china-tibetan-immigrants-spying-charges

[5] “N.Y.P.D. Officer Is Accused of Spying on Tibetans for China”, The New York Times, September 2020 https://www.nytimes.com/2020/09/21/nyregion/nypd-china-tibet-spy.html

[6] Ibid.

[7] Ibid.

[8] “New York City Police Department Officer Charged with Acting As an Illegal Agent of the People’s Republic of China”, Department of Justice, September 2020 https://www.justice.gov/opa/pr/new-york-city-police-department-officer-charged-acting-illegal-agent-people-s-republic-china

[9] “New York City Police Department Officer Charged with Acting As an Illegal Agent of the People’s Republic of China”, Department of Justice, September 2020 https://www.justice.gov/opa/pr/new-york-city-police-department-officer-charged-acting-illegal-agent-people-s-republic-china

[10] Ibid.

[11] Ibid.

[12] "NYPD Police Academy Graduates at Madison Square Garden" by diana_robinson is licensed under CC BY-NC-ND 2.0

[13] “Indicted Canadian intelligence official had access to allies’ secrets, official says”, The Washington Post, September 2019 https://www.washingtonpost.com/world/the_americas/accused-canadian-intelligence-official-had-access-to-allies-secrets-rcmp-commissioner-says/2019/09/16/5f0474f0-d89b-11e9-a1a5-162b8a9c9ca2_story.html

[14] “Polish Officer Jailed for Being a Russian Spy”, Newsweek, September 2016 https://www.newsweek.com/polish-officer-jailed-spying-russia-465017

[15] “Insider Threat Mitigation”, Cybersecurity & Infrastructure Security Agency, n.d https://www.cisa.gov/insider-threat-mitigation

[16] Cole, E. “Insider Threats in Law Enforcement”, SANS, September 2014

[17] Ibid.

[18] Ibid.

[19] Ibid.

[20] “Insider Threat Mitigation”, Cybersecurity & Infrastructure Security Agency, n.d

https://www.cisa.gov/insider-threat-mitigation

26 views

© The Counterterrorism Group (CTG) - 2020 - This website and all of its contents are copyrighted by The Counterterrorism Group, Inc. 2020. Any use, reproduction or duplication of the contents of this website without the express written permission of The Counterterrorism Group (CTG) is strictly prohibited.

Interested in joining us? Learn more