“The Counterintelligence Chief” – with FBI Assistant Director Alan Kohler
Andrew Hammond: Welcome to "SpyCast," the official podcast of the International Spy Museum. I'm your host, Dr. Andrew Hammond, the museum's historian and curator. If you seek intelligence on intelligence, you've come to the right place. We're fascinated - in fact, obsessed - by this topic. Coming up next on "SpyCast"...
Alan Kohler: Oh, yeah, yeah. That unit - that exact unit exists.
Andrew Hammond: OK.
Alan Kohler: It's a parallel unit to the criminal serial killer unit. And we use them extensively. So, for example, when I was a supervisor in New York, we had the Ghost Stories cases - the Russian illegals cases up there. We brought the behavioral analysis folks up to New York. We've been looking at these subjects for years. Now we're finally going to get to get in front of them and talk to them. How should we do this? Can we approach it this way? Should we use this wording? There's a lot of psychology that goes into it. And that helps me, as a supervisor, pick the person that's going to go in the room.
Andrew Hammond: Alan Kohler is the FBI assistant director for counterintelligence. This means that he's in charge of the division of the FBI that takes the lead on all counterintelligence investigations across the U.S. government. He was formerly the special agent in charge of the Washington Field Office's counterintelligence division, which, along with New York, has traditionally been one of the premier destinations for counterintelligence work for obvious reasons. The U.N. is in New York; the U.S. government is in D.C. He took part in the FBI's response to the 9/11 attacks and served as the FBI's assistant legal attache in London. In the rest of this episode, Alan and I discuss China as the largest counterintelligence threat against the United States, the difference between counterintelligence and counterespionage, the sting operation against a Maryland couple trying to sell nuclear secrets, the behavioral analysis unit - not for serial killers, but for spies - and the importance of imagination in counterintelligence work.
Andrew Hammond: If you're new to the show, please subscribe to ensure you get your weekly high-level debrief. If you're already a member of the "SpyCast" community - and we truly, truly appreciate your support - please consider leaving us a five-star review. The original podcast on intelligence since 2006, we are imitated but never intimidated. We are "SpyCast." Now, sit back, relax and enjoy the show.
Andrew Hammond: Well, I'm really pleased that we finally made this happen, Alan. So I just wanted to start off, can you tell our listeners a little bit more about your job? So the assistant director for counterintelligence - one of the first things that I think about when I think about your job is that it just sounds like a lot of agita.
Alan Kohler: (Laughter).
Andrew Hammond: It sounds like a lot of stress. You're sitting there on a Sunday afternoon with your roast chicken and potatoes, you get a phone call and you're just like, oh, my goodness, I have to go into the office. So tell us a bit - little bit more about your role and what kind of pressures you have.
Alan Kohler: Yeah, that's about right. I feel like every hard thing comes to my division when it doesn't have a good spot anywhere else. Yeah, so assistant director for counterintelligence division. So I - my division handles all the nation-state threats that are not cyber-related. So everything comes to me. So I'm responsible for all of the FBI's work countering Russia, China, Iran, North Korea, espionage cases, media leak cases and then sort of oversight and supervision of field offices. So all the agents and analysts that work counterintelligence in the field report up through their chains of command into headquarters. And we provide the guidance, and rating and metrics of how they're doing.
Andrew Hammond: OK, wow. And I know that the National Counterintelligence Security Center, they're part of ODNI, and they also have a, obviously, counterintelligence component. Can you just tell our listeners how both your job and the NCSC relate to one another? You're more operational; they are more policy and so forth. Is that correct?
Alan Kohler: Yeah, that's the easiest distinction. I think NCSC is a great partner for us. They provide the sort of overarching guidance. They write the national counterintelligence policy. What the FBI does is essentially enforces that policy and puts it into action. And we do that now through the National Counterintelligence Task Force, where NCSC, through a collaborative effort, will work on the national strategy that gets pushed down to the task force. And we lead that. And it's a conglomerate of 50 other U.S. government agencies. And then we develop lines of effort and put it into action.
Andrew Hammond: OK. And the assistant director for counterintelligence at the FBI - you're responsible for counterintelligence across the government, right?
Alan Kohler: Correct. Well, we're the lead counterintelligence agency...
Andrew Hammond: Sorry, that's the right way to - yeah.
Alan Kohler: ...In the United States, yeah. So anything that happens in the U.S., we're going to have a hand in or we're going to be coordinating strongly with. Nothing really happens now without work with partners. And there are several other agencies that have counterintelligence responsibilities. But there's also agencies that have strong investigative authorities that we partner with to get our job done. But we, essentially - we don't just handle U.S. government. We don't handle internal FBI. We handle everything that happens inside the U.S.
Andrew Hammond: So an example of that would be NCIS or - for the Navy, or the Office of Special Investigations for the Air Force - they also do counterintelligence investigations, but yours are the lead agency for everything that takes place within the country.
Alan Kohler: Right. So with the military services in particular, they would be the lead if, for example, there was a counterintelligence concern on a Navy base or a Navy ship. NCIS would be the lead agency on that, and we would be co-case on that one. But generally, most of the activity that happens inside the U.S. is going to be led by the FBI in the counterintelligence world.
Andrew Hammond: OK. I'm not trying to get you into trouble or to say, you know, I'm the boss. I'm in charge of everyone. I'm just trying to get a sense of where the - where your responsibilities begin and end. So that's a helpful illustration.
Alan Kohler: We have a very wide remit inside the FBI generally and in the counterintelligence world, very wide as well. And there's not a lot that doesn't fall into either a full ownership by the FBI or an assist to another agency.
Andrew Hammond: And tell us a little bit more about the counterintelligence task force. What is that?
Alan Kohler: So the counterintelligence task force just turned three years old. And it is an acknowledgment that the FBI needs to work on the counterintelligence world. We need to work better with our partners. We - in counterintelligence, we sort of suffered from a culture of secrecy where we did not share a lot of what we did and a lot of the information we had, for good reason. But however, just because of the nature of the threats - the global nature, the expansiveness of it - we can't do this alone. I think everybody realizes that. And we need the whole of government approach to counter the whole of government attacks that we're receiving. It's putting smart people from a bunch of agencies in a room, figuring out the right way to use our collective resources and abilities to counter the threats.
Andrew Hammond: And field offices - we're talking about those FBI offices across the country where business is conducted out of, right?
Alan Kohler: Correct. We have 56 field offices around the country in all the major cities you'd expect.
Andrew Hammond: And can you give our listeners just an example of a case that they can hang their hat on that will help them understand what you do? It doesn't have to be one that's under you currently, but maybe one from earlier in your career or one that you're able to talk about. Give us an example of what you do and maybe one that interacts with another agency so we can get a sense of how you work together to do something.
Alan Kohler: Oh, sure. Well, I'll give you a recent example from just this past year and a half, which was - we called it our Timberwolf investigation, but it was an espionage case focused on Jonathan and Diane Toebbe. And Jonathan was a naval engineer who worked for naval nuclear reactors. And we investigated him because he was attempting to pass naval nuclear secrets to a foreign government. And we ran what's called an undercover operation or in term of ours, a false flag operation against him where an undercover FBI agent pretended to be an intelligence officer of another country.
Alan Kohler: And in doing so, he started to pass classified information to us through a series of dead drops, which are secret drops. And we did it around Washington, D.C., and up in Maryland and West Virginia. And we collected tons of evidence and video and fingerprints and DNA of him leaving classified documents behind. And we ultimately arrested him last year. And he and his wife were just recently convicted and sentenced to significant time in prison as a result.
Andrew Hammond: Wow. One of the things that I love about our show is that there's people that range from people that are working these issues and other agencies through to just the average person on the street that loves a good spy story. So for all the people that are not up to speed on this, just give them a quick - what is counterintelligence, and what's counterespionage, and is there a difference?
Alan Kohler: Great question, and I think the term counterintelligence, I think, depending on the agency asked, you're going to get different stories. And in the FBI, counterintelligence - you know, sometimes referred to it as big-C counterintelligence, referring to the division, and little-C counterintelligence, which is sort of a way of doing business and a way of thinking about things that needs to permeate through the entire agency. But for the FBI, counterintelligence encompasses all activity that we do to counter nation-state threats. And that - for us, we have - counterespionage is a subset of counterintelligence.
Alan Kohler: So I would say counterespionage - the easiest way to say it is that is the traditional spy story. That is a foreign agency or a foreign government recruiting an American to pass them classified information. And that would be someone who is quite literally violating the economic - or the espionage statute. And we work that as, as we call them, espionage cases. Everything else outside of that, we would fall under the broader counterintelligence bucket. And within that, there are - we have economic espionage cases and counterproliferation cases, tech transfer. We have critical infrastructure cases that we're trying to protect, and then a myriad of other things that we worry about.
Andrew Hammond: And could you give us one of the examples of the ones that is not counterespionage, but it is counterintelligence? So maybe the economic espionage or the critical infrastructure?
Alan Kohler: Sure. So, well, I would say for the traditional counterintelligence would be our bread and butter that we grew up on back in the Cold War, which is following intelligence officers around Washington, D.C., right? That is what the FBI's counterintelligence division got really, really good at over the years. And we got really, really good at essentially following people and keeping an eye on people who live in buildings inside the United States. But the threat has significantly morphed. And the information that we need to protect now is way beyond just government classified information. It's housed in other government agencies. It is the secret to a process or how to build a widget that's housed inside of a company. And those are the things that we need to protect now. So there is - I'll give you an example of another case that we had finish up - resolve this year was Xu Yanjun, who was an MSS officer, that we finished along...
Andrew Hammond: That's a - sorry. That's a Chinese intelligence agency?
Alan Kohler: Yes.
Andrew Hammond: The Ministry of State Security?
Alan Kohler: Correct, right. We had a long-running investigation of Xu. And he was arrested in Belgium as part of an FBI request, extradited to the U.S., tried and convicted. And now he's serving a lengthy prison term. But he had been running a series of people inside the United States to get information out of GE Aviation to help the aviation industry in China. And that is a case that - you know, we are working very hard to protect industry trade secrets because that really impacts businesses. But not only that, it gives our adversaries, in some cases, economic and military advantages. And we need to stand in the way of that.
Andrew Hammond: It seems to me that maybe the job was a little bit easier for some of your predecessors because now the threats are so diffuse and they're all over the place. Maybe back in the, quote-unquote, "golden era of espionage" when it was, like, D.C., New York, you know, a few critical cities, you know, then the threats were much more concentrated. But now that it's all over the country, it's more spread out. Is that how it seems to you?
Alan Kohler: Oh, yeah. I would never I would never tell my predecessors that their job was easier. But I think you're right in saying that. The threat vectors that we face now are much more diverse and complex than they were even 20 years ago, right? So, for example, when I got in the FBI in 1996, huge focus of our counterintelligence program was on Russia. We were just coming out of the Soviet Union. Russia was trying to figure out how it was going to reconstitute its intelligence services and how they're going to be targeted against us. And we still continue to have a big push against Russia. China was this thing that everybody sort of knew about, and we were trying to figure out how to grapple and get our hands around it, but it wasn't, by any stretch of the imagination, worked the way we do it now.
Alan Kohler: And now, certainly with, again, the changes in our posture and realizing that it's not just classified information we need to protect, we need to protect the economic advantage of the United States and our economic national security. Our focus on protecting industry secrets has been a game changer for us. And now almost 50% of our work is focused on China inside the counterintelligence division because it is far and away the largest threat that we have. It's the largest strategic adversary that we're going to face over the next 50 years. And they're coming at us at an order of magnitude greater than almost every other country - almost every country combined.
Andrew Hammond: Wow. That also leads me on to something that I was really intrigued by. So if over on the one hand, you have, OK, people are involved in espionage - it could be China, it could be Russia, it could be Iran, it could be anybody - there's certain things that you do. It all looks the same. It may be from a different country, but it's all pretty similar. And then over here, on the other hand, you have, no, actually, there's a very specific Russian way of doing intelligence or there's a very culturally informed Chinese way of doing intelligence. So I just wondered, you know, FBI counterintelligence, you are, like, probably the best source to go through for this because you're watching - it's like watching the same football team over and over and over. And you - eventually, you learn some of their stock plays and some of the ways that they do things. So I just wondered, which one of them do you think's the best descriptor? Do you think that they can probably all be lumped together and there's not that much difference? Or do you think that it's actually, if you watched the game close enough, there's very different ways that they conduct - they do things?
Alan Kohler: Yeah, that's a really - I've never thought about it that way, but that's a good way to say it. I would say they're both football teams, to use your analogy, but they're - have different styles of offense and defense, right? So Russia, for example, continues to use its U.S.-based diplomats, undercover intelligence officers, for operational acts. They're still very operational. We put a tremendous amount of resource into countering what they're doing. China, to the contrary, the - our assessment is that the majority of their threat coming from China is actually emanating from mainland China. Intelligence officers either luring people to China, or traveling out or cyber - through cyber-means, attacking us directly from their offices. I would say that they approach it - both agencies, both countries - approach it from a sort of a strategic national security perspective, where they are making these decisions through diplomatic, economic and military and intelligence avenues for their strategic national security.
Alan Kohler: But what's different between Russia, China and the United States is sort of that our set of values is different and our needs are different. And that causes them to make different decisions. While Russia and China work differently, it's really important for us to not just take, hey; here's how we worked Russia for the last 50 years. Let's just pick up that model, drop it on top of China and think that it's going to work because it's not. And I think every agency or - every agency and every country that we go up against does it a lot the same. And they all have nuanced differences and significantly different skill sets. And we need to be cognizant of that when we plan our operations against any and all of them.
Andrew Hammond: A moment ago, Alan mentioned the Ministry of State Security officer Xu Yanjun, the first Chinese intelligence officer ever to be extradited to the United States. In our collection at the International Spy Museum, we have the handcuffs that were used to arrest another Chinese spy, Chi Mak. Mak was a Chinese-born, naturalized American citizen who conspired with four family members - his wife, his brother, his sister-in-law and his nephew - to export sensitive military technology to the People's Republic of China.
Andrew Hammond: Chi and his wife were extremely frugal Maoists and ate their meals off newspapers and washed their car using the mops, towels and free water at the gas station. They threw investigators by disappearing into the lumber section of the local hardware store in Los Angeles County every Saturday at the same time, then reappearing, having never bought a thing. Was this a dead drop, a way of passing items between two individuals using a secret location? No. As they later discovered, this was the hour when the lumber section offered free coffee. He was sentenced to 293 months in federal prison after a joint FBI-NCIS investigation. These handcuffs are not currently on display at the museum, but if you come, you can see the handcuffs used to arrest Aldrich Ames, Robert Hanssen, John Walker and the Russian 10, among others.
Andrew Hammond: For motivations for conducting espionage - so you mentioned a couple of cases. So here at the Spy Museum, you know, we use one of the - just for our guests, we use one of the classic acronyms - money, ideology, coercion, ego, MICE. And I'm wondering, like, since you joined the FBI, has the ideological motivation for espionage fallen off because foreign Americans say - are you going to say, yeah, I am spying because I believe in some ultranationalist, semi-failed state called Russia? I mean, that's not a big ideological motivation.
Andrew Hammond: Or China - I mean, the current Chinese system, if you want to call it that, is - I mean, it doesn't exactly conform to traditional understandings of communism. So I can't see an ideological driver there. I mean, maybe there is sometimes. But has that ideological power fell away for nation-state actors? I mean, obviously we had the war on terror, and then, you know, people really believed some of the things that they believed then about foreign nation-states. Like, that ideological motivation to spy on your own country - it doesn't seem to be there as much. What's your view as someone that's on the inside?
Alan Kohler: Yeah. I think that there's a lot of ways to think about this, and we've all heard the MICE acronym. And I think that is a good - generally a good way to look at it. But it's also a hard - it's a very hard predictor because everybody who is - you know, everybody who has an ego and needs money is not going to be a spy, right? And this is the challenge. It's how do you find the ones that do get to that point where they're going to spy? I think right now, when we look across the world, we - and this is a danger that we have in counterintelligence that we always talk about avoiding. We look at a place like Russia, for example, and we say, how can those Russians not be mad at their government? And how can they not be running to us, telling us how angry they are, right? And same thing in Iran - like, we're saying to ourselves, shouting at the TV screens, doesn't everybody see what is happening in Iran? And how are they not revolting against their regime right now? And it just doesn't work like that, right?
Alan Kohler: The process to - that a person comes to betray his or her country is an arduous, painstaking, very personal process. And it's a decision that the person arrives at through much soul-searching and tough decision-making about the security of himself and his family and his future. And we do see a change in motivations of the people that we talk to, generally. They're not necessarily revolting against communism anymore, right? They're more looking out for the future of their family, where they're looking - taking a hard look at the countries they live in and realize, hey; this probably isn't where I want my kids or my grandkids to grow up. I've seen America. I know what it is. It's not what our regime and what our country is telling us it is. And, you know, I want a part of that. And that's what we - that's what more we see. And our job - you know, a huge part of our job in counterintelligence division and in the counterintelligence workforce in the FBI is to recruit people from these other countries. And a big part of that is, you know, we're trying to find those individuals that are disenfranchised and upset and maybe ideologically more inclined to want to be with the United States. But they're very hard to find.
Alan Kohler: So our approach has been essentially to think about it more broadly - right? - where if you look at the motivating factors of recruitment over the years and the people who have eventually worked with us - and this is - goes back - if you analyze Americans who have worked for the Russians, for example, or Russians or Chinese or Iranians who have worked for us. There's always that one crisis moment where the people come to a decision and they have to make a decision to get out of whatever problem they're in. And at that moment, they're considering the options that are in their heads already. And if we haven't put ourselves into their heads as an option for them by that point, it's already too late.
Alan Kohler: So what we're trying to do is we're trying to have as many touches with individuals of interest early and often in our time with them, positive interactions. So when they think of the FBI or they think of the U.S. government, they have a OK, that's - that guy - you know, people are telling me these guys are eight foot tall and mean with fangs, and he actually wasn't such a bad guy. And then when they get that personal crisis two years, three years down the road, they think, you know what? What are my options here? Hey; you know, I remember that FBI guy was always nice to me in New York. Maybe I'm going to try and call him. And that is what works. And that is what we're trying to do. And, again, a big part of our job is to recruit the people who are trying to recruit us.
Andrew Hammond: So imagine there's one of those people listening to this podcast...
Alan Kohler: Hope so.
Andrew Hammond: ...Who's like (laughter), this guy Alan seems like a really nice guy. I'm at that decision point, and I'm ready to, you know, show my cards. But what's the best thing for them to do? Are they going to be thinking to themselves, well, I would love to just phone the Washington field office, but my phone's probably bugged or...
Alan Kohler: (Laughter).
Andrew Hammond: ...It's probably been intercepted. Or if I walk in there, you know...
Alan Kohler: Yeah.
Andrew Hammond: ...My host country is going to see me. Like, how did they establish contact?
Alan Kohler: Yeah. So, Andrew, I think in a couple of sentences there, you basically summed up the art of our job and the challenge of the job. So when we talk about recruiting in the FBI, we talk about the lighthouse approach, which to us means essentially if you can have a mental image in your head, we build a lighthouse up on top of the hill, and we shine a light down on safe paths that others can take to get to us. That's really how we look at it. We're trying to present ourselves always as secure, professional and always available. And we're really trying to send the message to these foreign intelligence officers who might want to get in touch with us that, No. 1, they have value, No. 2, the FBI is interested and, No. 3, they should be looking for those paths to contact us either that we have set up or that they can develop on their own.
Alan Kohler: But if you're asking for specific advice, I really can't give specific advice because each one of these choices is very individual. The bottom line is the person who wants to get in touch with us or is thinking about it - they know their security situation far better than I do, and they would know the best way to get in touch with us. And that could be anything from as simple as walking into a field office, or probably more likely is they have identified somebody in the U.S. - either a U.S. government employee or somebody else that they trust - that they could ask to get put in touch with the FBI. And that is the most likely scenario that we see. So just let me wrap up real quick, though. And this is a message for any foreign intelligence officers that are considering working for the FBI. I want you to know that you have more value than you think to the FBI. And we would love the chance to talk to you and figure out how we can work together.
Andrew Hammond: And how does it go...
Alan Kohler: Thanks for letting me have that sales pitch.
(LAUGHTER)
Andrew Hammond: Yeah, absolutely. And how does this go, like, for your job as assistant director for counterintelligence? So it seems that there is a defensive component. Like, we want to protect U.S. government secrets. But then there's also this, well, let's recruit people, the best form of defense is attack sort of idea. So is that structure definitely within your office? Are those two separate departments, or is this the same people that are doing both? Or how does that kind of shake out?
Alan Kohler: Yeah, good question. So to make sure we have it coordinated, we have all of that done by the same groups. And as you can imagine, I have people who are focused on Russia, people focused on China and others. And we have a very robust offensive counterintelligence capability inside the FBI. And our technical capabilities are unrivaled in most cases. And our job - and I've heard it said before, and I'll repeat probably a phrase you've heard before, but we're not going to arrest our way out of a problem. And I'll give you an example. In counterintelligence division, we have 6,000 cases, investigations. And those run the gamut of espionage cases, contact cases and everything in between. We probably only do 100 to 120 indictments and arrests a year.
Alan Kohler: So, you know, if that - if I set my measures of effectiveness as how many arrests I've done, it's not going to work. My job is not to arrest people. My job is to neutralize the threat. And there's a number of things that we can do. That means we - arresting is absolutely one vector. Neutralizing through double agent operations, recruitments, false flags - absolutely something else. If we can set the adversary off running in a direction that we want them to run while we run in a different direction, that is a great thing. And we do that kind of work every day, and it's really about what significant impactful operations can we do that inflicts the most cost and friction into what our adversary's trying to do because remember; we're not going to beat China here. Nothing I do is going to make China go away or their intent to do what they do is not going to go away. Russia is still going to have an intelligence service on Monday no matter what I do on Friday, right? Our goal is to just continually slow them down while we continually protect the things that are letting us and our society move forward. And it's - we're pushing them back while we're also helping ourselves push forward. And that is what we continually strive to do.
Andrew Hammond: So it's not a destination. It's an ongoing journey.
Alan Kohler: Yes. This is - it's the infinite game concept. We're in this for the long haul. No one's going to win or lose. It's just we have a series of finite battles that we go through. And we're trying to win as many of them as we can.
Andrew Hammond: (Laughter) That sounds like a good plan. So you mentioned double agent operations and recruitment and so forth. So just to clear this up again for some of our listeners that are not familiar with this, so they hear that the CIA can't - despite what they see on all of it, doesn't run intelligence operations inside the United States. They do stuff beyond the water's edge. But then we also hear that the CIA has counterintelligence officers or counterintelligence offices in the country. So just clear that up for our listeners. Like, what are the CIA doing and not doing in this country? And what are the FBI doing and not doing? And how did both of them differ?
Alan Kohler: That's a good question. So I think you probably know that the CIA has domestic offices. And they do - I'd probably defer to CIA to answer about that.
Andrew Hammond: Yeah, yeah, sure.
Alan Kohler: But they have a - CIA has a legitimate and significant domestic responsibility to do certain things that are supportive of their overseas mission. And all that is done in coordination with the FBI. Similarly, the FBI has legitimate operational considerations and activity overseas. And all that is done in coordination with CIA. I would encourage you and your listeners to think of - not to draw a hard line that FBI only works inside the U.S. and CIA only works overseas. It's more of the FBI's the lead agency in the U.S. and CIA is the lead agency overseas. And we coordinate with each other whenever we sort of cross that international boundary line. There's a ton of work that we do together, almost none of which I can talk about here.
(LAUGHTER)
Alan Kohler: But great partners for sure.
Andrew Hammond: So earlier this year, we had on an FBI legate. So that's one of the FBI agents whose out at an embassy. This one, Kathy Stearman, was in Beijing and New Delhi. So that's a good example there. So she would report to the station chief, the head CIA officer within the embassy, but here in the United States, then it's the FBI that takes the lead. And the CIA will not report to them, but they will defer to them.
Alan Kohler: Yeah, I think report to is probably not the right word.
Andrew Hammond: Yeah, yeah, yeah, yeah, though I don't...
Alan Kohler: So...
Andrew Hammond: ...Want you to make your job...
(LAUGHTER)
Alan Kohler: So for example, one of my previous jobs - I was an assistant legal attache in London, right? And my dedicated remit was cyber and counterintelligence. And most of my job was facilitating interaction between FBI field offices and MI5 or the British intelligence and police services. And I would coordinate with the station as needed. And similarly, when there's a T2MC office here in the U.S. who has something they need to do, they're going to be coordinating with the FBI office. It's not - it's more - it's not a report to you type of a thing.
Andrew Hammond: Sure. Sorry.
Alan Kohler: It's more of a - there's an MOU that sort of governs how we engage with each other overseas and in the U.S.
Andrew Hammond: Yeah. What was it like when you found out you were getting that London posting? Was that, yes?
Alan Kohler: Yeah, it was great. It was one of those points in my careers where I was at a crossroads and didn't know which way I wanted to go. And I applied for it and got it. And I didn't really think I was going to get it. I didn't think they were really going to give it to me until I actually got on the plane and landed. And then I was like, yeah, I don't think they can take it away now.
Andrew Hammond: So another thing that I wanted to ask was with the term counterintelligence, we often hear of this - and it's a bit of a cliche now. We hear of this wilderness of mirrors, you know, this idea that after a while, it's difficult to tell where reality begins and something that is nonexistent ends. So think about Peter Wright, British MI5 counterintelligence officer. It seems to me the after Philby defected - if you read his book "Spy Catcher," it's almost like he - the first half of his career, he's this brilliant technical and counterintelligence officer. And in the second half of his career, he's just chasing ghosts. He's looking for things that don't exist. He's basically just going all over the place.
Andrew Hammond: And you see something similar, I think, with James Angleton. And interestingly, Philby is also a connector there because they were friends. And then Philby defects. And Angleton - we don't need to get into all of that, but he's got a particular reputation with regards to counterintelligence in the '70s. So how - for your job, how do you stop going into that wildness of mirrors, you know? How do you stop seeing ghosts where they're not there and those sorts of things?
Alan Kohler: No, I do know what you mean. And this is a conversation we've had - we have this conversation often. I think - there's a couple of things that I believe has helped me in the FBI avoid going down some of those pitfalls. Number one is we are - the FBI is very much grounded as a law enforcement organization - or we grew up as a law enforcement organization. So there's an incredible attention to detail and facts. And there's not a lot of time put into, I'd say, pondering the what ifs - right? - where we'll look at the facts and then follow the facts where they logically lead. And that usually leads us to where the facts point, right? It's Occam's razor, right? What appears it - what it appears to be is most likely what it is. We constantly, however, follow the mantra, trust but verify. So when we get information from people or through microphones or through SIGINT or whatever, we don't always trust that information. We try and verify and vet it to the best of our ability so that we can rely on it and make a good decision. I think what happens is you start getting into the point where you absorb massive amounts of information with varying degrees of confidence levels. It's just mush. And you can't make a decision out of it. And you get overwhelmed, and you can start seeing things inside that data that don't exist.
Alan Kohler: So what we try and do is, hey, before we make a decision - you know, for example, if we're going to do a search on somebody, man, we have to be really tight on our facts, right? If we were just solely an intelligence agency and we wanted to take an action, you can sort of go on a, hey, we think this is the best thing to do. But our culture demands that we get the facts right. We can articulate what we're doing, how we're doing it and why we're going to do it, the way and when and how. And then we execute, collect more data. Then we do it all over again. So I think that keeps us grounded. Honestly, for me, it's my family, as well. I met my wife when we were 18 years old. She's totally unimpressed with the FBI thing. I've got three kids that make fun of me when I go home. And I'm able to check out of the whole counterintelligence world, which has been a big help for me personally.
Andrew Hammond: So for our listeners - so we've got counterintelligence. Just give them a brief overview of some of the other major things the FBI does because, sometimes, this gets lost, like, the counterintelligence part of what the FBI does. So there's counterintelligence, counterterrorism, law enforcement.
Alan Kohler: Yeah. So exactly right. So I think when people think of the FBI, they don't think of counterintelligence, right? They think of bank robbers and kidnappings and those sorts of things.
Andrew Hammond: John Dillinger, Bonnie and Clyde...
Alan Kohler: John Dillinger, all that kind of thing. And that is still a huge part of the FBI that is very much our bread and butter, law enforcement around the country, around the world. Probably the best in the business by far. And that is a huge chunk of the FBI. That's over half of what the FBI does - is traditional criminal work. Then there's our cyber division, which handles both criminal and national security cyber intrusions. There is a counterterrorism division which obviously handles all our CT - both international and domestic terrorism. My division, which - as you said in your first question, handles basically all the other stuff, the hard stuff that no one else wants to do.
Alan Kohler: We have a weapons of mass destruction division that does a lot of our counterproliferation work and supports my division a lot. And we have several others - I would say supporting divisions. The director of intelligence that manages the analyst workforce. We have an Operational Technology Division that's sort of the FBI's version of Q - comes up with our kit that we install in things and our other tools that we get to use - and CIRG, which is our critical incident response group, which does a lot of things - among them, has our hostage rescue team, manages our SWAT teams. But mostly, for me, what they do is they provide surveillance resources, both ground units and airplanes.
Andrew Hammond: You heard Alan say earlier that China is, quote, "the largest strategic adversary that we're going to face over the next 50 years." So let's get the skinny on Chinese intelligence in, like, say, 60 seconds. The first of the two big civilian agencies is the Ministry of State Security, or MSS, which is foreign intelligence collection responsibilities like the CIA and domestic counterintelligence responsibilities like the FBI. The other is the Ministry of Public Security, or MPS, which is China's national police force responsible for internal security sort of like the FBI mixed with Homeland Security but not quite, since most of its counterintelligence responsibilities were handed over to the MSS. On the military side, the focal point of the PLA's intelligence lies with the General Staff department. The second department, or 2PLA, manages human intelligence operations, or HUMINT, roughly equivalent to the Defense Intelligence Agency or DIA in the United States. The third department manages signals intelligence, or SIGINT, roughly equivalent to the NSA. And the fourth department is responsible for electronic intelligence, or ELINT, which focuses on signals that do not contain speech or text, such as radar and radio waves. Sure, you may have to hit that go back 30 seconds button a couple of times, but this is important.
Andrew Hammond: What are the lanes of responsibility like? Do you report to the director, or is there a - do you have to go up to the Hill and testify to Congress? What's your relationship like with the NSC, the White House? Help us understand, like, how you knit into the rest of the apparatus above you.
Alan Kohler: Yeah, good question. So I think a lot of my day is time management struggles with all those things, right?
Alan Kohler: So my direct boss is the executive assistant director for the national security branch. And she right now manages the counterterrorism division, counterintelligence, weapons of mass destruction and the Terrorist Screening Center. So she has all four of those divisions that she's responsible for. The EAD reports directly to the deputy director and then the director. So in my position inside the FBI, I meet with the director every morning and the deputy director. We talk about what's going to happen during - you know, what happened yesterday, what's going to happen today, what's going to happen next week. And we do that five days a week. When I get back to my desk and I get to my job, we - I have - probably half of my time is working with my deputies, helping run the division, and the other half of my time is outward-facing, whether it's with counterparts in other agencies, visiting with the Hill, giving briefings. There's White House engagements with the NSC. Most of that is handled by executives who work for me, but there are some things that I end up going to.
Andrew Hammond: And best of all, coming on "SpyCast."
Alan Kohler: I get to go to "SpyCast." Yeah. It's all good.
Andrew Hammond: (Laughter) And a couple of the parts of the FBI that some of our listeners will have heard of - so whenever I'm going to do an interview, I always ask someone that doesn't know much about this business - like, I tell them who I'm going to interview and then say, what question would you like to ask? So I mentioned this interview to someone, and they said, so if "The X-Files" actually existed, would that be in counterintelligence, or would that be in another part?
(LAUGHTER)
Andrew Hammond: So if you don't mind indulging me and my friend.
Alan Kohler: I - the way I say it is like this. I - my division handles foreign counterintelligence. That's not the kind of foreign that I worry about.
Andrew Hammond: Not extraterrestrial? OK (laughter).
Alan Kohler: No, no.
Andrew Hammond: And another thing - and this is my own thought. So if you have a behavioral analysis, you know, which is another part of the FBI that many of our listeners will heard of - have heard of, you've got a behavioral analysis unit that looks at the evidence, the patterns of, say, a serial killer, and over time, you can start to use that information to anticipate or to identify and arrest serial killers. Can you do the same thing for spies? Or does this same type of unit exist for spies, where people are like, you know, listen; here's what Ames done. Here's what Hanssen done. Here's what Philby done. Here were some of the patterns. Here's some of their behaviors. Here's what we can look for in the future. Does it work like that, or does that type of unit exist?
Alan Kohler: Oh, yeah. Yeah, that unit - that exact unit exists.
Andrew Hammond: OK. Wow.
Alan Kohler: It's a parallel unit to the criminal serial killer unit.
Andrew Hammond: OK. Wow.
Alan Kohler: And we use them extensively.
Andrew Hammond: I never knew that. What's it called? And where does it live?
Alan Kohler: It's the Behavioral Analysis Unit.
Andrew Hammond: OK.
Alan Kohler: I don't remember its - there's a behavioral - BAU 1, BAU 2. I can't remember which one it is.
Andrew Hammond: OK.
Alan Kohler: We use them extensively. So, for example, when I was a supervisor in New York, we had the Ghost Stories cases, the Russian illegals cases up there. And in the run-up towards the arrests, which we did in June of 2010, we brought the behavioral analysis folks up to New York and to the other field offices and said, hey, look; we, you know - we've been looking at these subjects for years, in some cases almost a decade. And now we're finally going to get to get in front of them and talk to them. How should we do this? Can we approach it this way? Should we use this wording? Should we wear a tie, or should we not wear a tie? You know, there's ways to address them. Do we call them mister? Do we call them by their first name? There's a lot of psychology that goes into it, and that helps me, as a supervisor, pick the person that's going to go in the room. Do I pick a male, female, older guy with gray hair or a younger agent? There's a lot of factors that go into this. And behavioral analysis came up, did an awesome job for us, gave us some really good recommendations, and that really made our interviews very successful, I thought.
Andrew Hammond: And the people, the staff of the Behavioral Analysis Unit, are some of them FBI agents, or is it mainly Ds in psychology and so forth? Yeah, what's the...
Alan Kohler: It's both.
Andrew Hammond: What's the staffing like? A bit of both?
Alan Kohler: Yeah. So on the counterintelligence side, there's the staff that come up. They - and they either have - they're either agents with CI experience or, in some cases, psychologists. And we also have senior agents that are - still work cases in field offices that travel as part of the program. So you'll have sort of a psychologist show up with a bunch of senior agents to guide you through that interview process that you may not have gone through yourself, and they just give some great advice.
Andrew Hammond: That's really fascinating. And for your job as well, one thing that I wanted to ask you - you just mentioned New York there. So you were in New York, and I believe you were also in the D.C. field office. So as I understand it, there's a bit of a New York-D.C. field office rivalry because D.C., the capital city, the World Bank, the IMF, all the embassies; New York, the U.N., all of the consulates and so forth up there. And I don't want to disparage either one, but tell us about some of the differences between both cities and doing counterintelligence in both cities. Yeah. You have been at both, so you're a great person to ask.
Alan Kohler: Yeah. No, that - right. I do get involved...
Andrew Hammond: (Laughter).
Alan Kohler: I've been in both offices. I spent six or seven years in both offices, and I do get caught in the middle of the which-one-is-better argument often.
Andrew Hammond: So there is a rivalry, then?
Alan Kohler: (Laughter) Oh, yeah. A little bit, yeah.
Andrew Hammond: Yeah (laughter).
Alan Kohler: So I started my career in Washington, D.C. And Washington - very much like New York, there's tremendous opportunities in the counterintelligence world. As you can imagine, for me, that - for my division, a lot of our significant resources and cases are run out of both of those offices because that's where our targets are. There's a lot of people that travel in and are posted to those locations. In Washington, D.C., there's sort of a dynamic being close to the center of government, close to FBI headquarters. You sort of get some sticky cases that normally wouldn't come other people's way, and you get - as a result, you get some really good experiences there that may not be afforded to others in other field offices.
Alan Kohler: The New York field office - similarly, you get excellent opportunities. I mean, both offices have better cases than you could imagine and better opportunities than you could ever hope for in the counterintelligence world. New York is just harder to work in. Just physically getting around the city is a chore. There's a certain camaraderie in New York that they're - we're all in this together. We made it into New York, and we survived the day and got home and came back the next day - that I don't know if exists in other field offices. But both places, I have to say, are excellent counterintelligence places to work, and I respect the heck out of the people that are putting their time 'cause they're both hard places to work.
Andrew Hammond: So you mentioned that earlier China, Russia, Iran and North Korea, and you mentioned that China was 50%. Between the four of them, are we talking about that pretty much gets us to 90%, or is there a figure you could put on it?
Alan Kohler: Yeah, I would say - so I'd say between China, Russia and Iran, that is going to be 75% of our work, roughly - or the country's threats work. And then there's a smattering of other threat countries and issues that we deal with that constitutes the other quarter.
Andrew Hammond: And you've been involved in counterintelligence for quite a while now. So I was also wondering, how has the digital age affected counterintelligence - like, from the FBI perspective? So, you know, we think of the movies and Watergate, the flower pot in the window, which is a signal that, you know, we should meet at a specific place. And I was speaking to someone, and they said, well, you can just - now you can go to a computer game where people can join in from all over the world, so there can be hundreds of thousands of people in there. And you put the flower pot in there, and then, you know, no one ever - there's another layer of distance between you and arranging the meeting because there's no flower pot. So how did - yeah, how does the - how has the FBI adapted to that or - yeah, just give me your take on the evolution of counterintelligence because of the digital cyber era.
Alan Kohler: So I would say the concepts of espionage have not changed, right? It's the technology that's been applied to that has changed dramatically. So if you look at, for example, in the foreign influence sphere - right? - the Soviets had active measures and disinformation campaigns forever, and they would work very hard to convince an editor to put one article into a newspaper in Europe and hope that it gets picked up in the United States. And that would be a big success for them. Now, the internet allows them to have access to the world, and they just have to figure out how they get it online with a certain amount of legitimacy, use their botnets to push it out to the rest of the world, and it's just really that much easier now. Technology has enhanced that capability of Russia than the Soviet Union.
Alan Kohler: So that's one way that the technology has sort of changed, at least in the active measures and disinformation world. On the regular, traditional espionage and tradecraft, the problems that we're facing, No. 1, are - it's not - again, it's not about printing out classified documents and sticking them in a briefcase and walking out. It's just not. Although that does happen, and it still happens. And it's funny, you said - if we use the flower pot example, we used exactly that - a signal in a window - in that case just last year. So...
Andrew Hammond: OK.
Alan Kohler: ...The old-school stuff still works...
Andrew Hammond: It still works, yeah.
Alan Kohler: ...But it's - the technology allows the adversaries to interact with many more people than they used to be able to. And then a significant complicating factor for us is the encryption piece - that ubiquitous and easily available encryption makes our job very hard. And if you have the ability to steal information digitally, encrypt it, post it on the internet where anybody in the world could have access to it, our ability to trace that is much harder. We can still do it, but it's much, much harder.
Andrew Hammond: It is kind of incredible to me to think about some of the changes - for example, Daniel Ellsberg photocopying the Pentagon Papers and sneaking them out. And then you have someone like Snowden or Chelsea Manning, who can get an order of magnitude more information onto a tiny little thumb drive and just walk out with it in one hour or so. It's just incredible to me, the volume. But then also, if you're a systems administrator, you're at the crossroads of all of this information, but you could still be pretty far down the institutional hierarchy. But you're able to get access to all of this information. You may even be able to access more information more broadly than the director of the organization. It's pretty incredible to me, the volume and the accessibility up and down the hierarchy.
Alan Kohler: Yeah. Yeah, you're absolutely right. So there's a - Richard Clarke's book, "Cyber War," talks a little bit about this in the introductory - introduction part, where he says that, you know, the expansion of the internet is much like the expansion of nuclear weapons many years ago - right? - where we built all these weapons, put them out in the world, then we realized, oh, my gosh, now we've got this problem that's everywhere. And we have to control it, and people are trying to attack it. And we have this internet that's built on trust, and it gives people access to things that we didn't quite realize, right? So I think we're all starting to realize, hey, we've got this Internet of Things now, where my smartwatch is connected to my phone, which is connected to my home Wi-Fi. It pings off every Wi-Fi that I walk by. And the implications of all that, I don't think we - all of us really understand that.
Alan Kohler: And when you talk about how a system administrator, for example, needs to have access to the system to fix it or reset a password, but that, you know, rather troublingly, also gives that system administrator access to everything. So you need a system administrator, but how do you then not give them access to the system so he can't betray the system? That's the eternal challenge that we face. And just the - again, technology - the digital age has made that a risk on a scale, to your point, of where someone like Snowden can just steal everything versus someone having to sneak into the photocopier and do it late at night. It's a volume threat right now that we're working our way through.
Andrew Hammond: Wow. It also seems to me that, in the modern age, especially with the Internet of Things that you just mentioned - you know, the assistant director for counterintelligence or the FBI - you really don't want someone that talks in their sleep if they have, you know, Alexa or Siri or something...
Alan Kohler: I don't have Alexa...
Andrew Hammond: ...That could be...
Alan Kohler: ...In my house...
(LAUGHTER)
Alan Kohler: ...Nor do I have TikTok on my phone.
Andrew Hammond: What makes a good counterintelligence officer? Are they made, or are they created? Or is it a bit of both? Or - if there's someone that's listening to this and they think, I fancy a little bit of that counterintelligence game - that sounds like a rewarding job - what skill set are you looking for? What kind of qualities are you looking for? Or is it just the qualities that you look for in an FBI agent? Obviously, you know, integrity and service and so forth - but is there something specifically that would make a good counterintelligence agent as opposed to a good FBI agent?
Alan Kohler: Yeah. So for me, it's two things that I want in the agents that work for me. One is, in my mind, an agent's only as good as his or her ability to talk to people. So your ability to communicate, have a conversation like we're having right now, relate to people at a personal level - you have to be able to do that to be a good agent because all - our job is entirely getting people to tell us information to help us do our jobs. And it's to do that in a way of competence that conveys trust and gets people to come to us and help us. We're only as good as our reputation, and our reputation's at risk every day when we interact with the public if we do it the wrong way.
Alan Kohler: So in counterintelligence, I need people who can talk to people - both Americans who are looking to help us, our foreign partners, liaison agencies that are helping us out and our adversaries. And the second skill that I need is imagination. In counterintelligence, you will go as far as your imagination allows you to go. And the great part about this work is, No. 1, there's plenty of it - so we have job security, for sure - but that, when you're given a case or an investigation and a challenge and you're being told, hey, this person or this entity is trying to harm the United States - figure it out, right? And here, you know, Mr. Case Agent, here is the best analytic support in the world. Here are the best technical tools, the best surveillance folks and the best partners that you could ever work with, and then it's your job to use your imagination and all those tools to apply it against the adversary.
Alan Kohler: So the more imaginative you can be and the more creative you are so that you come at the adversary from a different angle, in a way that he or she isn't expecting it - 'cause remember, they've been watching us for 100 years, as well - that's how you're going to be successful. So we need to innovate and be creative and still, at the - at day one, we're only as good as our ability to talk to people. So that's what I'm looking for.
Andrew Hammond: And final question, Alan - thanks so much. This has been so enjoyable. If there's someone out there that's listening, and they think to themselves, I want to do my part. I want to be a good citizen. So obviously, you don't want 360 million people running around pretending like they're counterintelligence officers for the FBI - you know, leave it to the pros. But what kind of advice would you give to someone - I mean, maybe this is particularly applicable for people living in Washington, which is known as a city of spies, and you see reports - there's 10,000 spies in Washington and so forth. But how would someone know if they're seeing something suspicious enough to do - see something - what should they do? So I'm trying to get people to help you rather than you getting 10,000 calls where people are like, I saw, you know, E.T. at the bottom of my garden or something like that. So how would a citizen who wants to help you - what advice would you give them?
Alan Kohler: Yeah, so that's a really good question. So the kind of work that my division counters isn't something you're just going to see on the street corner, that the average citizen is going to - you're not going to be a bystander to espionage. Or if you are, you're not going to know it when it happens.
Andrew Hammond: If they're good.
Alan Kohler: If they're good, right. What I need people attuned to is just being aware of what's important to our adversaries and to the United States, right? So particularly in the Washington area, but really around the country, there's factories that make components that go into the missiles that go on the planes that protect our troops overseas. There's a military base there where people work out of, a building that makes semiconductor chips or drives the internet - these are critical things for us - or water treatment facilities, right? These are critical things that keep America working and keep our economy going and protect the United States. And I need people to be aware of how important it is that we protect those things, right? I mean, we all saw how devastating COVID was, right? But if - again, it's the old adage, and it's probably beaten - said too much is, you know, if you see something, say something.
Alan Kohler: You're not - in counterintelligence world, you're not going to see it on the street, but you're going to see it in your office. You're going to see weird behavior from maybe foreign diplomats or delegations coming in. You're going to see people downloading documents and emailing them. And it's those types of things that we just need people to raise awareness to their security officers. Just give a call to the FBI. You can send us an email on the website, and we'll look into it. And a lot of times these things flesh themselves out, and sometimes they end up being huge causes of concern for us that we only know about - right?
Alan Kohler: So I think this is important for people to realize - we don't have a big database of everything that's happening in the world. We only know, a lot of times, that bad things are happening because good citizens and bystanders say, hey, FBI, this weird thing just happened. I've got this scientist that came in at 2 o'clock in the morning. He never does that - downloaded some stuff, and then he was kind of acting weird, right? That's the kind of thing that people - everybody knows that's weird. They need to say something about that because that's - they're the first line of defense for espionage, corporate espionage, that we are working very hard to protect. And we only know it if people come forward and tell us.
Andrew Hammond: I was just thinking of a good example there. It's the - "Bridge of Spies," Rudolf Abel, the...
Alan Kohler: Yeah.
Andrew Hammond: ...Kid that picks up the quarter, I think it is, and it's basically used by a Russian spy for tradecraft. And it gets reported, and eventually, he gets rolled up.
Alan Kohler: Right. Right. Exactly right.
Andrew Hammond: Yeah. Maybe you can explain it better than me if you can remember (laughter).
Alan Kohler: So there was - so, yeah. Abel was caught because his hollow nickel that had a microdot in it was found by a newspaper boy and turned it over to the police. It made its way to the FBI. And that became part of our - a clue that we ended up honing in on Abel, and he was arrested. I don't remember the year - 1950s, maybe late '40s.
Andrew Hammond: Yeah, '50s, sometime in the '50s. And a microdot is just a tiny piece of photographic film where you can keep a lot of information in a very small place.
Alan Kohler: Yeah. Interesting coda to that story - the paper boy who found that nickel reached out to us about a year and a half ago and said, hey, can I get my nickel back?
Andrew Hammond: (Laughter).
Alan Kohler: He's now an 80-something-year-old man. And we ended up pulling the nickel out of the FBI museum, and we gave it back to him.
Andrew Hammond: Oh, wow.
Alan Kohler: Yeah.
Andrew Hammond: (Laughter) Well, thanks ever so much. This has been so interesting. Alan, it's been a pleasure speaking to you.
Alan Kohler: Great. Thanks for having me.
Andrew Hammond: Thank you.
Andrew Hammond: Thanks for listening to this episode of "SpyCast." Please follow us on Apple, Spotify or wherever you get your podcasts. Coming up on next week's show...
Aliza Bran: Most places have a niche, but I think what's really cool about our content is that everyone likes spy stuff. You have kids. You have adults. You have former intelligence practitioners. You have young college students on first dates. You have everything. It really allows for a lot of creativity in picking who to reach out to with what ideas. And that's a lot of fun for me.
Andrew Hammond: Join us next week for this episode with our super-engaging media relations manager, Aliza Bran. She makes the rest of us at Spy look good.
Andrew Hammond: If you enjoy the show, please tell your friends and loved ones. If you have feedback, you can reach us by email at spycast@spymuseum.org or on Twitter at @INTLSpyCast. If you go to our page at thecyberwire.com/podcasts/spycast, you can find links to further resources, detailed show notes and full transcripts. I'm your host, Andrew Hammond, and you can connect with me on LinkedIn or follow me on Twitter at @spyhistorian. My podcast content partner is Erin Dietrich, and you can follow her at @erinpubhist. The rest of the team involved in the show are Mike Mincey, Memphis Vaughn III, Jo Zhu, Emily Coletta, Afua Anokwa, Elliott Peltzman, Tre Hester and Jen Eiben. This show is brought to you from the home of the world's preeminent collection of intelligence- and espionage-related artifacts, the International Spy Museum.
