Source recruiting takes a lot of planning and expertise. We know this because it can be dangerous work and because recruitment still fails. Just like with every other topic I write about, we need a methodical and rational way to approach sources, which is presented in the Source Recruitment Cycle (SRC).
Source Recruitment Cycle.
1. Identify potential sources based on intelligence requirements.
Everything about collection always comes back to one thing: intelligence requirements (IR). All collection is directed and need-based. (For a refresher, see Intelligence Requirements.) The first step of source recruitment is a combination of a) knowing and understanding your IRs; and b) identifying individuals (or types of individuals) who may have placement and access to fulfill those IRs. In other words, we need specific information so we find people who have access to that specific information.
To identify these potential sources, make a list of of individuals who could potentially fulfill the IR. For instance, if you needed to know how many sheriff’s deputies are on duty at any given time, who could you ask? The sheriff, the deputies, sheriff’s department administrators, retired deputies, county politicians, or organized crime and drug gangs. Can you think of any others?
2. Assess placement and access for these potential sources.
When we’re assessing placement and access for potential sources, we’re not immediately concerned with whether or not they’ll cooperate. We just want to know if they can provide us the information we need to know. (Cooperation is a subjective term.) So in assessing our list above, we just concern ourselves with the potential that they either a) directly know the information, or b) can acquire the information.
For our list of potential sources, I would reckon that they all would have placement and access to the information. If I had a very long list, then I might rank the top few so I know who to target for recruitment first. Approaching and recruiting sources carries some risk, so we always want to justify the risk for the reward. In any case, along with assessing placement and access, depending on the circumstances and IR, I would probably rank these potential sources in terms of risk. (What we get is a matrix of risk/reward: what’s the risk of contact and recruitment versus the likelihood that the source can answer the IR.) Approaching the sheriff directly for certain information might be riskier than approaching a retired deputy. Approaching Osama bin Laden would have been much riskier than approaching his courier. It may have no bearing in your situation, but the counterintelligence (CI) aspect is always a factor of recruiting and running sources.
3. Judge responsiveness to tasking through personal interaction or building a relationship.
We learn about individuals from interacting with them, and listening to what they’re saying and how they’re saying it, along with reading the messages of their body language. Get to know as much as you can about a potential source before working with him (including Open Source Intelligence – OSINT). That includes biographical information, familial ties, education, religion, politics, hobbies, etc. Knowing as much as you can will make your job of recruitment much easier. When approaching a potential source, you could either introduce yourself or get a mutual friend or acquaintance to introduce you. If you choose to introduce yourself, it can be as simple as, “Hello, I’m so-and-so. I see you work for the sheriff’s department.” Approach the potential source just like you would meet any stranger. (We know much about him; he knows little about us.) And how do you build rapport with a stranger or acquaintance? Shared interests is probably the easiest way. (In a future post, we’ll go into rapport-building and how to craft approaches.)
Once we’ve made contact with our potential source, we begin building rapport and probing for responsiveness. Take a short survey of yourself and your job. If a practical stranger came up to you and started asking about your company’s security policies, or biographical information on your boss, what would you do? You’d probably become extremely suspicious and defensive. The chances that a stranger would walk away with the information would hopefully be low. What if someone you’ve been in contact with a couple times a week and gotten to know, maybe had a beer, played golf, or hung out at the same business convention, asked you the same questions? You’d probably be more willing to open up about the answers to those questions. And if provided the right motivation – money, promotion, etc. – you might even be willing to go collect. If you wanted to get rid of your boss (to fire him, not kill him), and it was possible for you to be promoted, you might go look on his desk phone’s call history (or get the janitor to do it) or search for any signs of wrong-doing, would you not? If you wouldn’t, somebody would. And we need to find that somebody.
So how did we get here? Because we did our research and found what motivates you. We decided that you were suitable for the job, so we got to know you, and gradually brought you in. (We’ll cover recruitment in the next step.)
In judging responsiveness, we need to identify the potential source’s suitability, motivations, and vulnerabilities. Is this person suitable for the task of collecting information for us? Is he mentally able to deal with the added stress; is he competent enough to acquire and deliver the information; and is he trustworthy enough to justify the risk of our meeting?
Back in September, we covered the motivating factors known as MICE/RC. MICE/RC gives you the basics as to why a source might cooperate and give you information; it could be one factor or a combination of multiple factors. The important thing is that you’ve identified what makes your source tick, and many sources will be willing to collect as long as you provide purpose, motivation, and direction. (It’s truly amazing what those three things will make people do.) If the motivating factor for your source is just money, remember that that he might wind up in the pocket of the highest bidder, which may not be you!
And that’s a vulnerability. What are the downsides related to dealing with this individual? If he’s caught or gets into trouble for collecting sensitive information, is he likely to open up about what he’s been doing and for whom? How dangerous might he be as the adversary’s CI asset? What are the second- and third-order effects? When the source’s usefulness has come to an end and it’s time to terminate the relationship, what will he do? After you’ve fulfilled his MICE/RC desires, what will he likely do when you thank him for the last time? Considering that he now knows your face and probably some – hopefully limited – information about you, how damaging could that information be? Is he likely to run to your adversary, and tell them your IRs and methods? Or is he more ideologically bought-in, in which case your secrets are likely safe with him?
We have to survey each of the source’s motivations and identify any vulnerabilities therein, in addition to spotting flaws in personality, morality, or ethics. It may be the case that those flaws and vulnerabilities don’t pose a risk to the mission. On the other hand, I would recommend that if you have any reason to suspect that an individual may be detrimental to the mission, don’t use him. Bad sources waste your time, or worse, compromise your mission or organization.
4. Recruiting the potential source by selling them the opportunity.
There are fundamentally two ways to approach source recruitment – soft and hard. The soft approach is to lay out the problems, hint at the solution, and then have the potential source offer the solution. For instance, if your potential source’s boss was going to be replaced by one of two individuals – David, who he really hates; or Brian, who he really likes – then I would imply that the source target David for information that could sway the decision. If he looked on David’s desk phone call history and saw that he’d been spending hours on personal calls while on the clock (or surfing inappropriate sites on his computer), and that information somehow found its way to the promotion committee, then David would most certainly not be promoted. And we achieved the end goal because we got the ball rolling: “It would be interesting to see David’s office phone or computer history. I wonder if that information could come back to royally screw him.”
The hard is approach is much more direct. Just like you’d approach your boss to ask for or demand a raise, you have to convince a source that it’s in his best interest to cooperate. Possible explanations to your boss are that you’re one of four positions but you contribute 40% of the all the work, or that you raised revenue by 20% this year. If I’m a boss, I won’t want to let you go! That’s the same point we need to get across to our potential sources. We need them to feel like we’re presenting them an opportunity that they can’t refuse.
Ideology in the MICE/RC factors is a strong feeling. If a potential source is a Patriot, then he’s probably going to be more willing to help you dig up dirt on the bad guys, if he knows that the end result will benefit him. Direction, purpose, and motivation. A soft sell may be unsuccessful. Maybe he doesn’t have confidence that the plan will work. If you know that the potential source is trustworthy, you might have to hard sell it: “I’m a member of the organized resistance, and we need you collect this information. You’ll stay completely anonymous/we can guarantee the security of your family/we can help you out with the groceries this month/insert motivational factor here.” In this instance, he really has two choices, which makes our research of what will likely motivate him all the more important.
5. Meeting with and developing the recruited source.
Once the potential source has agreed to collection information for you – you’re collecting Human Intelligence (HUMINT) – comes the much harder part: tasking, developing his tradecraft and communications security (COMSEC) skills, ensuring security (both for him and you), and meeting without being identified or followed.
This is a TON of information and we’ve already covered recruiting, so we’ll save this step for another post.