No announcement yet.

Book of the Month: SPIES AMONG US

  • Filter
  • Time
  • Show
Clear All
new posts

  • Book of the Month: SPIES AMONG US

    I'd like to see if anyone is interested in starting a regular feature on this forum - perhaps having its own section - to discuss interesting and/or helpful books in our field.

    If so, I'll start the ball rolling with one that I think you'll find not only to be a good read, but also very informative - Spies Among Us by Ira Winkler, from Wiley Press. There's a good chance you might find it in your public library.

    Just as an aside, this book was recommended to me recently by a friend in the intelligence field who knows that my concentration in college was intelligence analysis. I had actually received a courtesy copy of the book shortly after it came out in 2005 - I had flipped through it casually and put it on the shelf, wrongly concluding that it was just a "rehash" of industrial spy information that I'd already seen (and studied intensively) many times before. With this recommendation, I dug it back out and began to see that my snap assessment had been wrong. My only excuse is that I get books all the time and I just can't read all of them.

    Winkler is an ex-NSA security analyst who, since leaving government has earned quite a reputation for himself by doing penetration testing and other forms of "ethical spying" for companies in America and elsewhere. This and his first book, Corporate Espionage are reportedly among the most-stolen, and have been the subject of complaints that he is "teaching real spying techniques". Winkler's answer is that the real industrial agents already know these techniques, and so should people in business (and certainly, in security). Even he will still admit, however, that he has been made aware that his books have been useful even to experienced operatives.

    In short, this book describes many real penetration or "black bag" operations, which he then analyzes in terms of the specific vulnerabilities that he and his team (which includes ex-KGB and other professionals) exploited. This analysis enhances the value of the book enormously. We don't simply have a series of "spy stories", but each story is followed by a practical lesson about what we should be learning from them. By combining the story with the analysis, Winkler has found a style that is tremendously readable and engaging.

    Winkler argues that security should focus on the organization's vulnerabilities, not on preventing specific types of attacks. The security officer who reads this book will be chagrined to find many instances in which someone in his own ranks represented the first, and perhaps the most critical, vulnerability either because he did not do his job (complacency, inattention, etc.) or because he was not properly empowered to do the job in the first place.

    In operation after operation, "getting past the security officer" is the first order of business for one critical reason: Anyone moving confidently around inside the facility - apparently "doing legitimate business" - is usually granted the assumption that "he must belong here". This is an enormous grant of power to an agent. Merely approaching a person from the direction of the inner parts of the facility such as the executive suite (rather than from the other direction) will cause them to draw completely unwarranted conclusions about your "authority" or your "legitimacy".

    Some of what you read will not be new. After all, many spy methods have been used for thousands of years. However, I did find information here that I had not known before, and what is revealing even about the well-known methods is just how they were used and, even more important, how they were sequenced by the operations team.

    Also revealing is the sort of information that an agent might find useful. In one operation, for instance, the ex-KGB agent team member, who was once an expert in China operations for the Soviets, noticed that many of the desks held English-Chinese dictionaries without apparent reason. This intrigued him and led him to search the local area for a "special" Chinese restaurant - namely, one that offered real Chinese food instead of the "Americanized" version. His theory was that such a restaurant might be a gathering point for Chinese operatives.

    Sure enough, he found one where the menu was not printed in English, but entirely in Mandarin, a language in which he was fluent. Obviously, this single fact would discourage many Americans from eating there. As he read the menu (which caused the waiter to become flustered, incidentally), he noticed a rare delicacy that would be hard to find even in New York or San Francisco, let alone a back-water midwestern town..."black duck eggs". You can probably imagine what the conclusion would be: The owner of this restaurant has some sort of influence back in China to be able to offer this dish...and must have some pretty "special" customers who would appreciate it.

    There are little gems scattered throughout the book. For instance, you might learn here the correct way to drive in order to determine whether someone really is following you (not as you might think), but there are many other lessons here that are much more important and useful to you on a daily basis. I would be very surprised if you came away from reading this book without a renewed sense of purpose in executing your orders, and a greater appreciation of the critical role you play in your chosen profession.
    Last edited by SecTrainer; 03-18-2007, 12:11 PM.
    "Every betrayal begins with trust." - Brian Jacques

    "I can't predict the future, but I know that it'll be very weird." - Anonymous

    "There is nothing new under the sun." - Ecclesiastes 1:9

    "History, with all its volumes vast, hath but one page." - Lord Byron

  • #2
    Sounds very interesting, SecTrainer. I'll have to check it out.

    Thanks for the recommendation!


    • #3
      SecTrainer, you have brought to our attention the fact we in the industry do not remember, recall or otherwise practice our ABCs in dealing within the industry.
      We fail to grasp the significance of Sensitivity, Criticality and Vulnerability in security. Most organizations fail horribly in the arena of security education and motivation training.
      We fail to protect what needs to be protected when it needs protection. In many instances, I have learned about sensitivity of information in an elevator when folks are nattering along trying to sound impressive to the other occupants.
      One of the weakest link in the security chain is people. I can remember from my enlisted Air Force service of it having it constantly preached "what you see here, what you say here, what you do here stays here when you leave here."
      A client will spend good money having a TSCM performed and then leave the protected facility vulnerable when the team leaves exists the door. I have noticed people who perform a supposed TSCM, there wasn't anything here rather than stating, we failed to find anything. That doesn't mean it was not there, they failed to find it.
      The little secretary or midlevel manager who goes to the bar and picks up a complete stranger and spends the night with them may have been the victim of a SPUTNIK attack and never suspect or know.
      The WW II slogan, "loose lips sink ships," is as true today as it was then.
      Enjoy the day,