The Team House - Chasing Russian, Chinese, & North Korean Spies | Glenn Chafetz | Ep. 344
Episode Date: May 3, 2025Glenn Chafetz is the Director of 2430 Group, a non-profit, non-partisan institution that produces and disseminates research on state-sponsored espionage against the U.S. private sector. Glenn has more... than 30 years experience in government, academia, and the private sector. He spent most of his career at CIA, where he served multiple overseas tours, including three as Chief of Station. He was also the Agency’s first Chief of Tradecraft and Operational Technology.Find Glenn here: ⬇️https://www.2430group.org/https://www.linkedin.com/in/glenn-chafetz-464bb318b——————————————————————-New merch, patches, and stickers! ⬇️https://theteamhouse-shop.fourthwall.comSupport the show here:⬇️https://www.patreon.com/TheTeamHouse___________________________________________________Subscribe to the new EYES ON podcast here:⬇️https://www.youtube.com/@EyesOnGeopoliticsPod/featured—————————————————————-Today's Sponsors:Mando ⬇️https://shopmando.comPromo code "TEAMHOUSE" for 40% off your starter pack.GhostBed⬇️https://www.ghostbed.com/houseFOR 10% off! ___________________________________Jack Murphy's new book "We Defy: The Lost Chapters of Special Forces History" ⬇️https://www.amazon.com/We-Defy-Chapters-Special-History-ebook/dp/B0DCGC1N1N/——————————————————————To help support the show and for all bonus content including:https://www.patreon.com/TheTeamHouse-AD FREE AUDIO-AD FREE VIDEO-Access to ALL bonus segments with our guestsSubscribe to our Patreon! ⬇️https://www.patreon.com/TheTeamHouseOr make a one time donation at: ⬇️https://ko-fi.com/theteamhouseSocial Media: ⬇️The Team House Instagram:https://instagram.com/the.team.house?utm_medium=copy_linkThe Team House Twitter:https://twitter.com/TheTeamHousePodJack’s Instagram:https://instagram.com/jackmcmurph?utm_medium=copy_linkJack’s Twitter: https://twitter.com/jackmurphyrgr?s=21Dave’s Twitter: https://twitter.com/dave_parke?s=21Team House Discord: ⬇️https://discord.gg/wHFHYM6SubReddit: ⬇️https://www.reddit.com/r/TheTeamHouse/Jack Murphy's memoir "Murphy's Law" can be found here:⬇️ https://www.amazon.com/Murphys-Law-Journey-Investigative-Journalist/dp/1501191241The Team Room Reading Room (Amazon Affiliate links):⬇️ https://jackmurphywrites.com/the-team-room-reading-room/Intro music by https://www.youtube.com/user/RemixSample"Karl Casey @ White Bat Audio"Want to sponsor the show?Email: ⬇️theteamhousepodcast@gmail.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-team-house--5960890/support.
Transcript
Discussion (0)
Hey guys, our show is sponsored by Ghost Bed. Check them out. Please, they make awesome mattresses,
awesome pillows, awesome bedding. Ghostbred provides high quality and super comfortable award-winning
mattresses crafted in the U.S. and Canada. Did you know that 60% of the U.S. adults report being too hot
when they're trying to sleep? That's me. I'm a sweaty little baby. That's why we designed all of our
products with cooling features so you stay comfortable and asleep all night long.
pair any of our mattresses with Ghostbed's award-winning adjustable base and get the ultimate sleep experience.
Ghost bed rules the family-owned business, $60,000 plus five-star reviews.
They have sleep experts on staff with 20 plus years of experience.
If you have any questions, you can hit them up and ask them, you know, maybe what kind of mattresses work for you.
20-plus year warranty.
That's two times the industry standard.
Free shipping and returns on mattresses.
Most of the products ship out within 24 hours.
they have in-house customer support and sleep experts chilling in plantation Florida.
It rules.
It's the best.
They give you 101 nights risk-free to make sure that these beds are right for you.
If you don't like it after 101 nights, you could send it back full refund.
When you purchase a ghost bed mattress, your comfort guaranteed.
I'm reading it right now and it's capital letters guaranteed.
Okay.
They do the right thing and they're a great company.
If you're not sure which ghost bed's right for you, like I said before, you could take their mattress quiz online or you can give a call to one of their sleep experts and they'll help you with exactly what you possibly could need, what works for you and what doesn't.
And the best news about this is Team House listeners and viewers.
You get an extra 10% off sitewide for a limited time.
You just go to ghostbed.com slash house and use the code house at checkout.
One more time, that's ghostbed.com slash.
House with the code house H-O-U-S-E at checkout for an extra 10% off site-wide.
I want to thank GhostBed for their continued support.
I want to thank all the fans that listen and watch for their continued support.
Without you guys, we are nothing.
So thank you for supporting the show.
And thank you for supporting the companies that help support the show.
Ghostbed.com slash house for 10% off.
Made in the U.S., made in Canada.
Shout out to our brothers in Canada.
They rock. Check them out. I love Ghostbed. Thanks, guys.
Special operations. Covert Ops. Espionage. The Team House. With your hopes, Jack Murphy and David Park.
Hey, folks, this is episode 344 of The Team House. I'm Jack Murphy with our guest on the show today, Glenn Schaffetz.
Glenn had an incredible career going from college professor to state department diplomat to CIA officer
with eight tours overseas, three as chief of station, and then became the chief of tradecraft at CIA.
And today works in the private sector teaching corporations how to do counterintelligence against,
we'll get into foreign adversaries.
So excited to talk to Glenn today about all this stuff.
Before we jump into it, just a quick shout out.
Our friends at Casa Carabaeo Cigars, please check them out at CasaCaraBeo.com, a veteran-owned business that we're very happy to support whenever we can.
Glenn, thanks for joining us and welcome to the show.
Pleasure to be here, Jack.
So take us from the top.
Tell us a little bit about how you grew up and how that kind of began to take you towards a life of governmental service.
Yeah, it's a pretty simple story.
When I was in college, I had to decide what I wanted to study.
It was the middle of the Cold War.
For your older listeners, they will remember the 1980s.
You used to see bumper stickers, nuclear war, let's get it over with.
Everything was about the Soviet Union, nuclear arms,
nuclear arms reductions, arms control negotiations, the fall of the Berlin Wall.
So I studied international politics and Russian studies and Russian language.
I didn't know what I wanted to do after I graduated from college.
And like many good college students who don't know what they want to do, they stay in college.
So I applied to graduate school.
Stayed in graduate school and finished a PhD in international politics.
with a concentration in Russia, in Russian studies.
And from there, I taught college.
I taught mainly at the University of Memphis.
I spent some time at the University of Virginia
where I got my degree and did some time
at University of Georgia and a postdoc at Stanford's Hoover Institute.
And really enjoyed that life.
And then I was talking to,
one of my mentors who said, you really don't know anything until you spend some time
practicing what you study and urged me to do a rotation in the United States government.
And so I applied for one of these fellowships where I spent a year as an arms control negotiator.
And I never left government after that.
Was that at the United Nations?
No, I was assigned to a now defunct agency of the United States government called the Arms Control and Disarmament Agency.
And we did negotiations at the United Nations in New York, as well as the conference on disarmament in Geneva and the United Nations office in Vienna.
but these these negotiations can take place all over the world this was this like salt one salt two that era
uh it was it was after the salt era i was in the late 90s and it was the era of um uh the landmine ban
the comprehensive nuclear test ban uh fizzile material cut off if you haven't heard of some of these
things. That's because they never happened. So we spent a we spent a lot of time negotiating and
not much time getting anywhere. So that was that was one of my jobs at what later became the
State Department. Acta was folded in to the State Department in 1999. And I also went overseas,
and it was when I was serving overseas, I had a really good friend who was a CIA station chief.
who talked fancy to me and said,
I think your talents are being wasted as a diplomat.
You'll have a lot more fun on our side.
You should apply.
So I did.
But you were in the State Department for like a full seven years, I think you said.
Seven years, yeah, that's correct.
Was all of that in arms control?
No, I did some arms control.
I did a job where I was a senior aide for a senior official where I coordinated meetings among the State Department,
the NSC and the Pentagon, which was as unfun as it sounds, but I learned a lot from that.
I mean, one of my favorite stories from that job is we used to have to prepare.
prepare the State Department for this once-a-week meeting between the Secretary of State,
the NS National Security Advisor, and the Secretary of Defense.
And when Colin Powell became Secretary of State, our SOP for this memo,
as you go around the whole building and you say,
what would you like the Secretary to talk to the Pentagon and the NSC,
out. And it's this big, long exercise. And it's very contentious and everybody wants to get their
talking points in. If people really saw how it worked, they'd be horrified. And the briefing package
for the secretary was half an inch or an inch thick. And I'd only done it for Powell's predecessor.
And then Powell's staff came back to me and said, the secretary wants it to be shorter.
She said, okay, we'll make it shorter.
And so it became progressively shorter, quarter of an inch.
Now, the secretary wants it on one page.
Wow, one page from a whole briefing book down to one page.
And then finally, to make a very long, sorted story short, the staff said,
the secretary can handle the meeting without any notes.
It's fine.
So different leaders have different styles.
and and pal style was very anti-bureaucratic.
Just tell me what it is, people, what points people want me to make.
I'll decide whether I want to make them, and that'll be that.
And I really, I really was thrilled about that because it shaved about 20 hours a week off of my work week.
Right.
Yeah.
Instead of playing back and forth with it all the week.
Right, right.
And if anybody's any spent any time in the,
policy bureaucracy, people can fight about really tiny things.
Yeah, we don't want the comma there, we want the comma here.
Don't use the word happy, use the word glad.
That's, that's, that was going from teaching policy to watching policy made.
See it how the sausage gets made.
It's not pretty.
So, somebody recruits you into the, or gets you interested in applying to the agency.
I think you used the right term there, Jack.
He pretty much recruited me into the agency.
Tell us how that process worked for you.
Well, I think it's different now.
We were friends, but we also worked together.
For people who aren't aware, the State Department, the agency, the Defense Department,
when it works well together, they all work well together.
The best way of putting it is the State Department asks for non-classified information from host country
and that which the host country will not provide to the State Department, the CIA will steal.
And so you have to coordinate what is it that each agency acquires among the types of information that policymakers need.
So you do have to do some coordination among the different agencies.
So we were working together and I was friends with this particular officer who's chief of station where I was posted.
And he said, what's the favorite part of your job that you do?
Is it making copies for the ambassador?
Is it taking notes at meetings being an overpaid stenographer?
John, which was his first name, had a very, uh,
direct way of insulting the work of junior state department people.
And fair enough.
And I said, no, my favorite part of the job is going out and talking to the locals and
seeing what I can find out.
He said, well, what if I could get you a position where that's all you did and you don't
have to do the other stuff?
And I said, sounds great to me.
And that started the process.
So I filled out an application.
I was selected for interviews.
I had to, I was overseas at the time, so I had to go back to Washington and do those interviews.
I was offered a conditional offer of employment, sat down with my wife and talked about what it would mean.
She said, I don't see any big difference in terms of we're going to be overseas, we're going to be overseas, you're going to be doing work that you like.
She asked me a few questions, most of which I couldn't answer.
and not that I didn't that I refused to answer.
I just didn't know yet what I was getting into.
I wouldn't change a thing,
but I think John made it sound like the transition
was a little easier and a lot more seamless
than it ended up being.
So I was offered a position.
I resigned from the State Department.
I went back at the end of my tour,
my State Department tour, I went through training and then I was off to my first assignment as a newly trained, newly minted case officer in the CIA.
So what year did you go to the farm?
That was 2005.
Okay. Okay. So now we're in the post-9-11 era.
Yes.
Shit is gotten pretty hardcore by that time frame.
Yes, so certainly the war on terrorism was the main thing, and I had to do my part in that as we all did.
I did two war zone tours, one in the Horn of Africa and one in South Asia.
You can figure out what those countries are.
My main interest at the time was recruiting Russians, was working against Russians.
I had at the time a pretty good Serbo-Croatian.
I had decent Russian and I had serviceable French.
I can't speak any of them well or hardly at all right now.
But I think that was something that appealed to.
the agency at the time because getting people trained up in language is always a priority
and has always been a priority for the for the agency.
Hey guys, it's Jack.
I want to tell you guys about the sponsor for today's show.
It's Mando.
Mando makes a whole series of male grooming products.
They are unique in that there are a deodorant that you can use all over your body
on armpits if you like, but also wherever else you may deem.
you may deem necessary. And I have been using these products for about three months now. I've been using
the body wash. It's bourbon leather. I've been using their bar of soap, which I really enjoyed,
and also their deodorant. And so I exercise a lot and get very sweaty, so I need a deodorant
that's going to do the job. And Mando has come through for me. You know, the body wash was great. I
actually used all of that and need to reorder some more.
The bar of soap is also very cool.
It was very smooth, actually.
So I hope you guys will go and check them out.
They have a starter kit that's up there, and they have a special deal for Team House viewers.
So the starter pack is perfect for new customers.
It comes with a solid stick deodorant, cream tube deodorant, two free products of your choice,
like mini body wash and deodorant wipes and free shipping.
As a special offer for listeners, new customers get $5 off a starter pack with our exclusive
code. That equates to over 40% off your starter pack. Use code team house at shopmando.com.
That's S-H-O-M-A-N-D-O.com. Please support our show and tell them we sent you.
Smell fresher, stay drier, and boost your confidence from head to toe with Mando.
The irony in that is I always thought, since I was coming from the agency, into the agency from the
state department that I would be a relatively deep state department covered officer. And when I got to the
agency, they said, no, you will be, you'll be declared to the locals. I said, but, but everybody
knows me already is state department. And they told me, no, no, they don't. They think your agency.
they thought you were agency before.
And I found this really shocking.
And then I realized later, most foreigners think everybody's agency.
It doesn't really matter what they do or how they behave.
And when you look at countries like Russia and China, which most of their overseas personnel, are in fact intelligence officers,
they're simply projecting that we do the same thing.
So the irony is I went from.
from the State Department to the agency
and the foreign targets thought I was agency the whole time.
So what are you allowed to say about, you know, your first tour abroad?
Well, I was declared to the locals.
I did not, I was, I was not in an embassy facility.
We worked a lot of issues having to do with,
it was in the Balkans.
We worked a lot of issues having to do with,
suspected terrorist networks in the Balkans, financing in the Balkans.
There was also a large Iranian presence in the Balkans, and so we spent a good bit of time on that target as well.
The one thing I think a lot of people don't understand in terms of the difference between the State Department on the one hand and the agency on the other overseas is the State Department's
99% focused on the bilateral relationship where the embassy is located.
So if you're in Baserkistan, the State Department is concerned with
Berserkistan.
That's not the case for the agency.
The agency is really focused on global threats to the United States.
And in any given location, depending on the presence, you're focused on Russia, China,
Iran, and North Korea.
Right.
as well as nonproliferation and terrorism, counter-narcotics and some other topics.
But for me, most of my focus was on those four targets.
I remember once I was talking to my mom, and I told her I was going to this very lovely, advanced, democratic, western European country.
And she said, you're going to spy on our friends?
He said, no, I'm going to spy with our friends.
I'm still going to spy on Russians, Chinese, Iranis, and North Koreans.
It was hard for her to grasp why we were in places like, and not that I was there, but England and France and Germany.
Right, right.
And also a lot of the stations in Africa, I mean, you're really looking for Russians and other targets.
Yeah, I did two tours in Africa, both as a chief of station.
we were not remotely interested in collecting on the locals.
So like, let's get into some funny, you had mentioned before the show,
some funny case officer stories and different experiences that you had.
And I know we can't necessarily talk about what country you were in at that time,
but I think we can talk around it a little bit, right?
Yeah.
What people don't realize is that it's like any other.
job, right? It's not, it's not what they see on TV or the movies. It's like the military. It's the
same thing. You have your moments of levity. You're with your friends. You spend a lot of time in an office.
And even the job has its lighter moments. For us, one of the things that was interesting is we always wanted to do whatever we
could to talk to potential targets and potential recruits. The United States had no problem with its
officers talking to Russians or Chinese or Iranians or North Koreans, but their governments had a very
different view. And they were told, if you see an American, American means CIA, you don't want to
talk to that person, particularly alone, because you could get in trouble. And so we spent a lot of time
trying to find these targets alone, and they spend a lot of time not or trying not to be found.
And as I was telling you earlier, I had one place that I lived where I lived,
catty corner across a park from a particular Russian we would like to talk to.
So every morning and every evening, I walk my dog by that guy's house.
So if you think about your average teenager stalking, you know, potential romantic interest,
not that I encourage that, it's a very similar kind of dynamic.
And so I happened to run into this guy at a reception.
And I said, hey, you know, I walk my dog by your house sometimes.
We should we should have a cup of coffee or a drink and have a chat.
And he said, yeah, I know you walk your dog every morning.
and every night, same place.
And there's a reason that we don't have a chat,
and there's a reason that you never see me outside,
and there's a reason I never invite you in,
and he turned around and he walked away.
And he made clear that I wasn't going to get that invitation.
So as I was walking out of the reception,
I said, you could drop by my place if that's easier,
but he was not taking me up on that.
How do you, like, try to get around?
I mean, obviously that guy was probably a lost cause, but I mean, you're dealing with some very hard targets.
People have a pretty good idea of who you are and what you represent.
How do you try to get around that, you know, those walls that are kind of immediately up?
Yeah, that's a great question, Jack.
In every case is different.
In some cases, it's quite useful they know who you are.
You've gotten that out of the way.
And if they know who you are and they're willing to talk to you particularly alone,
you've gotten a good way towards where you want to go with that target.
In other cases, you can't be more open about what your real job is because they would never, ever talk to you.
And in many cases, you can't even be an American and talk to them.
So you have to find a way, without going into too much detail, you have to find a way of finding some way for that target to want to talk to you.
or talk to somebody who can get you the information that you want to get.
But every case is different.
It's a great question.
It's really the question is how do you get somebody who doesn't want to necessarily reveal information
or doesn't want to reveal information under certain circumstances to part with that information?
And that's what the agency is paid to figure out.
You had another story about you were trying to follow a North Korean to see what hotel he was going to stay in?
Yeah.
So this was one where we didn't want to work with the locals.
We could have worked with the locals to figure this out.
We wanted to keep this to ourselves.
The North Koreans were not resident in the country where we were stationed.
And we knew, never mind how.
we knew this person was only staying in town one night and we really wanted to talk to this guy.
And he came in on a ferry and we really messed this up.
I should have been driving.
The case officer working for me should have been the passenger.
So he dropped me off so that I could keep eyes on when the ferry came in and I could find the North Korean.
so we could figure out when we could get him alone and make the approach to talk to him.
And he got off the ferry.
He was met immediately by a phalanx of staff with official North Korean cars.
And we couldn't find a place to park.
Traffic was too hot.
And the tip we received was too recent in order to set up earlier.
So this was, it was really quite a cluster.
So the younger officer is driving.
I'm in the passenger seat.
I said, I'll just get out on foot.
It's downtown.
I don't think the car can get very far.
I know that there's a section where there's a huge number of hotels that foreigners like and it's nearby.
I had overestimated or underestimated the distance on that.
I'll just see if I can catch a tram or keep eyes on the car.
And I always tell people, the job is not like the movies.
I've never run.
I've never jumped.
I've never hit anybody.
I've never, I hardly ever carried a weapon except in the war zone.
I never fired it in anger.
It's a job that involves a lot of planning.
It's an intellectual job.
It's a planning thinking job.
But there I was in the middle of this West European capital city with this North
Korean and we there are 20 hotels within two blocks I really need to find out what this hotel is so the
car gets into traffic and I have no other way of following him except to run so there I am you know in a
sport jacket and jeans running down the middle of the street chasing this uh North Korean in this
Mercedes, way out of shape. You know, I'm, I'm way past 40 at this point, way out of shape.
And people are looking at me going, look at that crazy guy, just running down the street.
I was going to say, this must be like a fairly permissive country. Otherwise, there'd be like
counterintelligence guys like batonning you in the street, right? No, no, no. This was a,
this was a friendly West European country. Yeah, yeah, yeah. With a lot of blonde-haired, blue-eyed, tall people,
I am not blonde-haired.
I am not blue-eyed and I am not tall.
And it's one of those countries
where they take one look at you
and it looks like you got an American flag tattooed
on your forehead.
I think no.
And they're probably saying,
look at that crazy American
just running down the street.
Boy, they exercise in the weirdest clothes
and at the weirdest times.
But that's the kind of goofy stuff
that happens.
And of course, you know, you get back to the station.
I run into all these.
hotels and I ask, hey, is this person under this name just checked in? And I'm huffing and puffing and
I'm covered in sweat. And it's not my finest hour. So that's that's that's that's one of those
stories I get back to I get back to station. I tell the story in the next day. I have a pile of
running shoes stacked at my at my office door and a and an and an application for a gym membership.
Because people really enjoy other people's failures and embarrassments, particularly at that time I was the chief of station.
So it was good fun.
Did you ever catch up with that North Korean dude?
We did not.
We found the hotel, but we can never get them alone.
Ah, okay.
A conversation with that kind of target in a crowd is not what you want.
And that's usually on purpose.
They do that.
They've got a two-person rule generally.
This person had something like a seven-person rule.
So we found him.
We found what hotel he was in.
We tried to set up on him,
but we really only had about 20 hours to do it.
And again, as I think I've mentioned,
that the job of case officer,
the job of the CIA is mostly failure.
You are trying again and again and again to get people who have secrets to give them to you
in a way that protects that transaction and protects them.
And so I don't think it's an exaggeration to say that the failure rate is much higher than 99%.
This is, it's a bit of a job.
joke at times where we compliment each other saying, wow, you'd be a really good CEO, you're
used to failure. But there's truth. There's truth in the insult. There's truth in the joke is you have to be
mentally and emotionally resilient. You try and you try and you try and you figure out different
ways, different scenarios, different people to get in front of the people who have the
information that you need to serve the U.S. national security interest, in most of those cases,
you will not succeed. More than that, you have to do it in a way that can be explained and doesn't
always look like what it is. Anybody can walk up to any Russian and say,
hi, I am a U.S. intelligence officer.
Please give me your secrets.
I'll pay you a lot of money.
That's not a recipe for success.
You're not going to get too many people saying yes to that.
So there's an art to it.
And you learn the techniques when you go through training.
And then you figure out the art by your personality.
in your experience.
But you would,
you had mentioned earlier, Jack,
it's a bit,
it's a bit like dating.
Yeah.
That's a fair,
that's a fair comparison.
You wouldn't,
you wouldn't walk up to an object
of romantic interest
and say,
hi, I'll give you a ton of money
if you marry me.
You're not,
you're not generally going to meet with success.
And if you do,
perhaps not,
that's not the person that you want to marry.
Yeah, you're asking 100 girls out on a date and one of them says yes.
Yeah.
Yeah.
So it's a real challenge.
And I think what I liked about it was you spend a lot of time planning.
You execute the operation.
If it goes well, you get another meeting.
If it goes well, it will lead to something.
But really, most of your time doing this, again, why it doesn't make it.
great TV or movies.
Most of your time doing this is the planning and then the write-up of what the meeting went like
and whatever intelligence you got.
And that's just not gripping entertainment.
Well, let's talk about some other stories about the Russians.
Like you had one where you were playing tennis with Russians to try to pitch them.
Yeah.
You try to meet targets and potential targets in any kind of situation where you can foster some kind of communication that's natural.
That doesn't look like you're doing what you're doing.
One of the things that I really liked and that other officers liked were athletic events.
I don't golf.
So I would play tennis and I'd look for the places where Russians and other targets played tennis.
And a lot of countries have various diplomatic clubs and diplomatic activities.
And in this one place, we had a diplomatic tennis tournament.
And my opponent was a Russian intelligence officer, whom I knew through research very well.
I was very excited to see that the draw put us against each other.
I to this day think that that was accidental if it wasn't kudos to whoever arranged that.
So we played our match and we sat down with a whole bunch of other people.
It was very natural.
And we're having a drink after playing.
And I mentioned to this Russian intelligence officer that I thought that we lived in the same neighborhood.
And he started to laugh a little bit and said, yes, I expect that.
we did. It might be because I walked by his house every day, every morning and every night with my dog.
Different Russian intelligence officer, by the way, from the one I was talking about. But my dog walks were
my go-to M.O. And I mentioned offhand, hey, we should play tennis sometime, not just in the tournament.
He said, yeah, that would be great. So later I ran into him in the neighborhood.
And I said, how about that tennis?
And he nodded noncommittally.
And I said, what about, what about this Friday after work?
And he said, Friday's no good for me.
Friday, I'm busy.
And I said, Saturday?
She said, no, no, Saturday won't work.
Sunday?
He said, let me save you some time, Glenn.
I'm never going to be available for tennis with you.
Never.
We can play never.
I appreciate how hard you work, but that's not going to happen.
And he smiled and he bid me a good day and that was that.
But again, you know, it's like Wayne Gretzky said,
you miss 100% of the shots you don't take.
That doesn't really make much sense.
But I get what he's trying to say is if you don't try to set up a meeting
in some sort of natural way, you're never going to get those meetings.
Well, yeah, he understands how they.
the game is played. He understands how the game is played, but what was really interesting to me is
at no point ever in my career did I ever see a Russian or a North Korean or an Iranian or Chinese
ever try to set up a one-on-one with an American. They're much more afraid of engaging with us than we are
with that. Oh, because they're afraid that if they try to recruit, that their own people are going to get
turned or something like that.
they just don't trust their people.
They don't trust their people.
They don't trust their people to meet one-on-one with not just Americans,
with anybody from a democratic country.
Paranoia.
They're paranoid.
And I think justifiably that if you can get one of them alone,
you can make progress.
And if you can't get them alone, you can't make progress.
So they understand that.
But it speaks to, I think, which system is superior.
And I always took solace in that.
That there are many more defectors from Russia, China, North Korea, and Iran to the United States, than vice versa.
Yeah, yeah.
There's a few.
There's a few.
And it's the same way.
There's many more people who will, from the United States, who,
who can engage one-on-one with officers from those other countries, then vice versa.
They always, whenever I had the chance to talk to them, it was always in groups.
And they always made sure that anything that we were going to be at together had more than one Russian.
Because even if their behavior is loyal to Russia, we'll call it, or loyal to the Putin government,
I wouldn't necessarily call that loyal to Russia.
Even if their behavior is loyal to the Putin government,
if they're alone, they have to defend that behavior.
And they face a lot of questioning and a lot of distrust
if they ever allow themselves to be alone with Americans.
And so they took great pains to avoid that,
including jumping off of moving buses and running through.
Tell us that story.
Yeah, I was on a, I was on a, I was on one of these shuttles from a, from a plane coming from a third location into the city where we were both stationed.
And the Russian saw me on the, on the, on the, on the, on the bus and jumped off while it was moving to get away from me because he had assumed I had arranged this in order to, to follow him and get in front of him.
that was
remarkable. I don't know what
he was afraid of. It was a bus full of people
and it was going to a crowded terminal.
But it just shows you the level of paranoia and nervousness
that they have about being seen anywhere
as being alone with Americans.
We had another one where it was quite the opposite.
We found out through various means
that a couple of Chinese targets were going to be on a tourist boat in a city where we were stationed.
And they knew us, so we had to be careful that they couldn't see us on the boat.
So we paid a couple of bucks to the deckhand to let us know right exactly when the boat was shoving off.
and we ran and jumped on the boat just as it was pulling away from the dock
so that the objects of our interest could not leave before we had time with him.
So that was lovely.
We got three officers in front of three potential targets over the course of three hours on this tour.
You had another story about approaching some Chinese intelligence officials, right,
where the wife started freaking out on you?
Yeah.
Yeah, that one was.
That one was with partners.
They had set it up for me.
They said, look, it's too sensitive for us to approach a Chinese intelligence officer because
of our bilateral relations.
But I know that you've been looking to do this.
Wink, wink, wink, nod, here in our country.
We're willing to help you do this.
So they were essentially saying yes to a request that I had made many times.
times. So they assisted me. I had a, I had an earpiece. They had an earpiece. They directed me to where
this person was. And his wife was also an intelligence officer. They were shopping in a,
in a secondhand store. And I, and I happened to bump into them at the second floor of this
very fancy secondhand store. I can, I can tell you some European secondhand stores are very nice.
And I pretended as if we had met before.
Again, like dating.
Haven't we met somewhere before?
I mean, it's a cheesy line.
And he said, no, I don't think so.
And I made up the place where we had met.
And he was curious that he started to engage me.
And the only reason I was able to talk to him is he was on the upstairs and his wife was on the downstairs.
Well, she was far sharper than he was because she can't.
upstairs to get him and saw us chatting and not even half a second.
She started yelling at the top of her lungs, no, no, no, no, no, no, no, no.
Maybe 10 times.
No, no, no, no.
And almost pulled her husband off his feet so that he fell down the stairs.
He really had to catch himself.
Very subtle.
And he had no idea what was happening.
And then I heard her berating him.
in what I can assume is Mandarin, which I don't speak.
And what I also heard in my earpiece was our partners laughing.
Yeah, they thought this was really funny.
And so then we had the after action.
And after that, on every whiteboard in station and every answer I got from station,
any question I had was written or said no, no, no, no, no, no in five or six different languages.
They really loved you.
Sorry?
They really loved you.
They loved to break in your balls.
Yeah, they did.
Well, that's the culture, right?
Yeah, yeah.
It's similar, I think, in the special operations world.
Sure.
In a lot of the corporate world, it's, I took it with the spirit with which it was intended.
Yeah, there was a lot of no, no, no, no, no on the whiteboard after that.
So we've talked a lot of the, a lot of these funny stories about, you know, the failures.
As you said, you have to have thick skin and be able to tolerate failures.
Do you have any where you can talk about, you know, where you were like, okay, did the job right today, brought home the bacon, got the cheddar, you know, that you can talk about it all?
Yeah, it's a great, it's a great question.
Jack, and the line we all toss out, and we're all programmed with this, is the world finds out about our
failures and seldom sees our successes. And we just have to keep it that way. I would say that
there were enough successes that it leavened the failure. They're hugely satisfying because
they are so rare.
I would love to be able to brag
about what we
did.
I will say to the people
listening and and paying attention,
we have the successes.
We do. Some of them are in the history books.
They're just decades old.
And that's for a reason.
But what fascinates me is this job changes in the way that we do it.
It changes because of technology.
It changes because of politics.
But the fundamentals never change.
You have allies, you have adversaries, you have countries in between.
They keep certain information secret.
They spend a great deal.
of money and effort to keep it secret.
And it's information that we need for our policymakers,
our defense department, our war fighters,
in order that they can succeed.
And I think one of the things that always kept us going,
and we hardly ever talked about,
was we believed that we were doing critical work,
and we understood that we had to endure many, many, many failures,
between successes,
but those successes really made it worthwhile.
And you would get,
you'd get your recognition inside, right?
I have great appreciation for the end of that movie, Argo,
where Mendez says, hey, can I bring my kid to the ceremony?
You can actually bring your kids to the ceremony.
He just can't take the metal home with you.
And the other thing that I found funny about that is I heard, and I have no confirmation that it's true.
But I heard because people like to razz me about my State Department background,
that the line that Downey, the deputy director for operations, told Mendez,
at the end of that successful operations,
he says in the movie, if you want applause, join the circus.
And I'm told that the real line from the deputy director of operations was,
if you want applause, join the State Department.
You know, we know that like the, obviously sometimes, you know,
you work an asset or a source who may not have the access or may be lying.
and kind of fizzles or isn't what you hope.
But have there been times where somebody was just a bonanza that you couldn't even imagine
where what they had access to was like so much more than what you were expecting?
Yeah.
Yeah, that's a great question.
How do you know that what your asset is giving you is true?
And we spent a lot of time and effort on that.
It's a critical question for everything that everybody does.
How do you know that what you're getting is real?
This is, it goes for business information.
It goes for journalism.
Especially when you have in intelligence, people who deliberately mislead you.
And we know that our adversaries do this.
They produce, they will give you real information in order to give you mostly fake information.
And that is an art and a soul.
onto itself, the paradox is this.
The more secret the information,
the more valuable the information,
the harder it is to validate.
So for example, if we were to get,
and I'm making this up,
the personal secretary to Vladimir Putin,
who takes notes at all of his meetings,
and is the only person in common,
at all of these meetings, that would truly be a bonanza
to get the perceptions, plans, intentions
of one of America's most dedicated adversaries.
How do you validate information
that only one or two people have?
So what you have to do is you have to test the veracity of the asset.
You have to test the identity of the asset.
You have to test the consistency of the asset.
You find ways of
looking, do they tell the truth in other situations? It's not easy and there's no,
there's no fail-safe method of doing that. If on the other hand, you have lots of methods
for corroborating what an asset will give you, then how valuable is that asset? So that's that
balance all the time that you have to do in counterintelligence and ask you. And
asset validation to find out, is this person who the person says? Does the person have the
position? Is the information true? Is this person telling the truth to you? And there's different
ways of doing that. And most of them are not particularly arcane or secret cops know how to do this.
Lawyers know how to do this. Journalists know how to do this. All kinds of investigators.
and due diligence practitioners in the in the finance and corporate world know how to do this.
There's there's going to be a trail.
I think the biggest the biggest asset that we can have in that case is always to be skeptical,
always to be to be willing to test your hypotheses.
We have this saying among case officers, don't fall in love with your.
asset. Don't fall in love with your source. And it's not a literal warning, although also good
advice. Don't fall in love with your source. Can't do that either. You have to treat any information
that you get that's secret protected information from a clandestine source with skepticism.
And that's why when we put out the intelligence, we put out conditions.
on the intelligence. This is a new source, not validated. This is a trusted source,
validated over time whose reporting has been tested against predictions that has been
turned out to be true. So every policymaker will see a source description and a byline
that says something about this source provided this information firsthand, which is, of course,
the gold standard, not second hand, not third hand, for sure,
and had natural access to this information.
And you look at all of those conditions.
If you tell, if you come to me, guys,
and you say you have intelligence on the order of battle of Berserkistan,
but you're not from Berserkistan,
you've never been to Bezorkistan.
You can't explain to me what the chain of custody for that information is.
Then I have to treat that with disbelief.
And we've had cases like that where people said,
I remember I was in East Africa,
and we had a source who claimed to have information
from a particular terrorist group.
And we knew that that terrorist group was,
was one clan
of this
ethnic group
and the source wasn't that clan
it just wasn't believable
how did you
I don't even know how you would have gotten
to the place where that clan
operates and survived
let alone get access to that information
and it's not a perfect science
sometimes we're wrong
in that we disbelieve things that are true
and sometimes we're wrong in that we believe
things that turned out
not to be true. But in general, I think the agency, more so than any other institution in the United
States government, with my bias, obviously, was very willing to test its assumptions about the validity
of the information that it collected. Can you tell us a little bit about your wartime tours and
kind of how that differed from the time you spent in, you know, Western Europe?
Yeah, those are very different kinds of jobs, for one thing.
Counterterrorism and traditional what we call FI, foreign intelligence,
they're different disciplines.
You are collecting different types of information.
You have different kinds of sources.
it's much more tactical and far less strategic.
It is closer, I think, to tactical military intelligence
than it is to strategic foreign intelligence of the kind
that the CIA and NSA and other organizations practice
against peer competitors in a geopolitical sense.
It's very focused on here are the actors.
Here are their capabilities.
Here's their location.
We're going to provide that to the military to take the appropriate action.
It's much more day-to-day.
It's much more tactical.
And it's much more restricted.
I was not a paramilitary officer.
I did not leave the compound all that often.
I met contacts usually in the compound who were brought in by others.
And that has its own limitations that it imposes on what you can do.
Getting somebody clandestinely in a compound and out of a compound has its challenges.
So it's a much different experience.
I'm glad I got to do it.
I learned a lot from doing it.
We got to work with the military a lot more closely in many cases
than we would have and did in some of the strategic FI efforts that we made.
So it's almost like you're in a different agency.
Yeah.
It's a different task.
It's a different set of skills.
it's much more debriefing.
Yes, you're still recruiting.
Yes, you're still finding and developing assets,
but it's more compressed.
Recruiting a hard target, as we say,
a Russian, Chinese can take anywhere from,
if you're lucky, months to years.
recruiting assets in a counterterrorism sense is days to weeks.
We've been told before by other people on the show that there was kind of a rift in the agency
over this kind of tactical intelligence versus, you know, the CIA out there doing the FI
that they're born and bred to do outside of the paramilitary.
Did you fall on either side of that in terms of,
Did you feel that maybe the agency had too many resources, like, dedicated to these things
where it really wasn't their typical wheelhouse?
Or did you feel that...
Yeah, it's a great question.
I don't know that I'd agree that there was a rift.
Okay.
You're always going to get people who have their preferences.
mine was
strategic
FI against hard targets
but it's not up to the agency to decide
who the targets are that's up to the
policymakers. Right. To say this is
what we want to collect on
and we salute
and
and we proceed
according to what the policymakers
need and want
I think
and my own personal opinion
that the agency is much more set up for strategic FI.
That said, I think the agency did a good job
in the tactical acquisition of intelligence
in those war zones and for counter-terrorist purposes.
I think, I think, again, personal opinion.
This is Glenn Chaffetz on a soapbox, you know, as a taxpayer.
I think that the terrorism mission is more aligned for military intelligence.
And the FBI, because in many cases, terrorism is crime.
It is crime.
And they're very good at it.
And that I still say we.
It's an old tick.
I'm no longer we.
I haven't been since 2019, but I think the CIA's greatest strength is in collecting that strategic FI against peer competitors.
Whether the United States government spent too much of its resources, of its blood and treasure on the counterterrorism mission is really a political question,
not a question for intelligence.
My view is I would rather spend most of our money going after countries.
This is a political statement, a political judgment, going after countries that can destroy America,
rather than going after countries who can kill Americans.
Right. It makes sense. Yeah.
And not that we ignore that second one.
I just thought that DOD was very good at that and FBI was very good at that.
And China and Russia didn't go away during that time.
Neither did Iran and North Korea.
Right.
And you only have a finite amount of money that you can spend and talent that you can dedicate to certain missions.
My particular preference was the strategic mission.
I wouldn't say it was a rift.
There was no, I don't think there was any, I never saw.
any conflict.
And I think everybody did their part on the global war on terrorism.
I didn't see anybody say, I'm not doing that.
Yeah.
No leaders said, I'm not going to use my people for that.
Everybody did their part.
They understood that this was the decision of the civilian leaders of the government.
And the CIA works for the president.
the president's team and works for the policymakers,
provides intelligence for the State Department
and the Defense Department and the Treasury Department
and the White House, the agency doesn't determine its own priorities.
Right.
And, I mean, there's really a testament to the men and women of the CIA
because it's not the military.
They can say where they'd like you to go,
but people can refuse.
Like, they're not under the UCMJ, right?
Yeah.
And they still fill those positions.
People still volunteered and rogered up for those positions.
Yeah, it's a great point.
You can turn down that job, and it might not be great for your career,
but you're not going to jail.
Right.
If you don't go to Iraq or Afghanistan or Somali or Syria
or any of the places where we had people in active war zones.
So you're absolutely right.
you join the military you don't have to say where you're going
I think some people to be frank loved it
some people I met loved the war zone
they they thrive there
certainly the paramilitary officers
I'm not going to say that they loved it but they were
this was their thing
it's not their only thing
but collecting intelligence and lethal environments is what
they're uniquely trained for
and they're really impressive
people because they can do it all. They can do the
FI and they can do the paramilitary
work and they can do the
CT work. They're really
amazing. They speak foreign
languages. They're really amazing people.
I
think some people
got a taste of
the war zone and decided that this
is what they liked more.
So
as far as my own
experience was to each his own, I think we always had enough people to staff, to staff the war zones.
And we always had enough people to do the FI mission.
And from there, you had a domestic assignment with national resources.
Yeah, I can't tell you where.
I can tell you that I worked closely with FBI, and that was really fun.
I had some great friendships there.
That's also a different discipline because in abroad, you're the DNI rep when you're the chief of station.
You are in charge of all human operations in the country.
When you're in the United States, you operate according to the patience and sufferance of our brethren in the FBI.
And that was very, very.
illuminating. And maybe your listeners know, maybe they don't know. The CIA can operate in the
United States. It cannot operate against Americans. And that's the distinction. The CIA officer can
engage with foreign targets in the United States. You simply have to coordinate that,
in essence, get permission and support from the local FBI field office in that regard.
So that was great. I got to see the FBI operate both in the United States and abroad.
There were cases where we had the FBI abroad because we had Americans who were operating
with terrorist groups and they had committed crimes.
and the FBI came over and dealt with those Americans.
And I have to say, I would be disingenuous to claim that CIA always got along with FBI in every case, every time.
That's famously not true.
And I certainly had my share of those experiences.
But that was a minority of my experiences.
I was very impressed with the professionalism and dedication
and skill of the FBI in the cases that I worked with them in the United States and abroad in the war zone.
And then you ended up as the chief of tradecraft. And that was a new position, right?
It was a new position. Tell us about how that position got instituted, why it came about.
And what year was that? That was 2018, I believe.
We had had trade craft positions throughout the DO in training and in particular subject areas.
And a lot of people came before me and did the intellectual spade work.
I stood on the shoulders of much more creative, much more dedicated, much more knowledgeable people.
What happened is we had all these different groups who were looking essentially at technological and commercial changes and the implications for our business.
And principally what we're talking about are cameras, smartphones, cheap data, and ever more powerful computing capability.
and as we started examining our operations, we realized that we could not use the old tradecraft in the same way.
And so the leaders of the DO at the time decided that they needed to have an office.
It was originally in the DO, I think it's a separate.
separate center now. But when I did it, it was it was part of the office of the DDO, that they needed to have an office that examined the implications of all these technologies and commercial behaviors. And I'll use Google as an example to say, what does this mean for how we do our business? How is it that we can find people who have information?
communicate with those people, keep them safe, acquire that information, and communicate that information without being known.
And so I was charged with coming up with a plan for how that would affect recruiting, training, facilities, you know, particular practices that we engaged in, funding.
where we put people travel, you name it, if it's affected by the collection of data,
if it's affected by cameras, if it's affected by cell phones, if it's affected by the cars that you
drive, what does this mean for what we do? And it was, I'm glad I got to do it. I had originally
planned to retire after my last post overseas.
DDO and his deputies convinced me that this would be a really interesting job to do.
And so I did it as my last tour before I retired and then turned it over.
Just as I took it from smarter, more knowledgeable people, I turned it over to them.
But the agency had been doing, and the DO had been doing a lot of work on this for a long time.
One of the things that was really fascinating to me when I first started.
in that job is I went to our in-house journal, which is called Studies and Intelligence.
And I found articles about this from the 1950s, 1960s. People saying, okay. And then when cell phones
first came out, what are we going to do about this? Or when, you know, in 1980, I think a megabyte of
of data, a gigabyte.
I can't remember my stats.
You guys will have to go on Google and correct me.
I think maybe it was a gig of data, a meg of data.
I can't remember my stats.
Took up the space of a refrigerator.
Yeah.
And probably cost a few million dollars.
Now it takes up the space of a quarter of my pinky nail and costs a few pennies.
Now, if you can collect the 23 sextillion,
bytes of data on where you guys go and where I go and what we do every day and what we look up on the net and what we buy and who we talk to.
For pennies on the dollar, that's going to have obvious implications for people trying to do things in secret.
And that's really what we looked at.
And they're still looking at because this technology is really,
really transformational in terms of privacy.
And if the commercial world could recognize that, we had to recognize.
It's evolving quickly.
I mean, super quickly, too.
Yeah.
Can you get a little deeper into what we now call ubiquitous technical surveillance,
the biometrics, the constant surveillance and so on?
And, like, what that means for the intelligence community that, like,
these old school methods of having, like, forged documents, like, in a spy movie in the 50s,
It's just not going to work anymore.
And to add to that, you know, the DO and DSNT used to be like these two separate things.
And it almost seems like your position straddled those two worlds.
Yeah, it's a great point.
In fact, I had a counterpart in the DST, and we worked very closely together.
And it was really amazing to me when we started working together.
We had a, what do you want to call it, a task force where it was, where it was,
where it was the whole agency working on this, not just the D.L.
And I think that still exists.
And also other agencies, because you can't do data in a vacuum.
So, yeah, the implications, I think, are pretty evident if you start going, for example,
through a typical day that each one of you might have, right?
you wake up and you look at what's the first thing you do you look at your cell phone well when you
when you do that everything that you look at that's recorded and that's transmitted to somebody so
here we are we're what is it they're looking at what's their news site that they look at okay we're
going to all of this of course is to sell you ads and as as whenever i talk to the to the representatives
from all these companies they'd say of course it's to make your life better right right and i'd say
it doesn't make my life better, Mr. Tech Company.
It really complicates it a lot.
But I would think about this a lot in my civilian life
because that's easier to talk about.
So I remember my wife and I one day
when we were still living on the East Coast,
we traveled up to New York City
where my daughter was working at the time.
And I just started thinking about what was recorded
as we left our house.
We lived in Arlington not too far at the time from Clarendon Metro.
We walked with our suitcases across a few streets down to Clarendon Metro.
I counted probably 25 cameras on the way to the metro.
We get in the metro, there's cameras.
I'm sure there's microphones, there's Wi-Fi.
We get on the train, there's cameras.
We've paid to get on the train, so that's recorded.
Right.
We get to Union Station.
We go in Union Station.
We grab a bite to eat.
I pay cash.
My daughter, when she was younger, thought I was part of the Sopranos
because I buried cash all the time.
And try and pay cash now in most places that you go to.
You'll find it's very difficult.
I think something like only 2% of all transactions in the United States are cash now.
I read that again. Correct me on the Google, if that's incorrect. But most of what you pay for right now, you don't pay for in cash. You use electronic means. That's all recorded immediately. One moment that struck me more than any other, more than getting on the train up to New York, is we get to Penn Station in New York. And I use my credit card because the machine wasn't taking cash. I used my credit card to buy two subway cars.
so that we could go up to my daughter's apartment, which was about 50 blocks north.
When I put the credit card in the machine, I immediately got a text message on my phone
from the credit card company saying, hey, are you trying to buy two tickets at the same time?
Because that was weird for them.
That stood out.
Right.
You should buy one.
Also, you're in Washington.
Why are you buying subway tickets in New York?
Now, that was immediate.
I'm scared if that happens to me five years later.
That was immediate that somebody in an automated sense knew where I was, what I was doing,
how much money I was spending, how I was traveling, where I was going at every single moment.
Now, I don't think I have to reveal anything about the intelligence implications for you and the listeners
to understand what that means about trying to be in secret.
I would have my kids just as an exercise in protecting their own privacy
watch a TV show and say,
what are all the things that are given away this person's location and activities at this time?
Right.
Look at a car right now that has 2,000 to 3,000,
if it's a sophisticated EV, maybe more microprocessors in it,
collecting data on you, taking pictures of where you're going
and taking pictures of the inside of the car.
it knows your weight on the seat, it listens to all your conversations. That has huge implications
for people who try to meet in secret. And the most serious of those is it has stolen the immediacy
of time from intelligence operators. And let me put that another way. If I wanted to meet Jack
secretly in 1990.
I would ditch my cell phone if I even had one.
I would have no electronics on me.
I would make sure I wasn't on any camera.
There wouldn't be any cameras, really.
There wouldn't be too many.
I'd make sure nobody was following me.
I'd make sure Jack did the same thing.
We'd have our meeting.
I would go home.
He'd go home.
I'd relax, pour myself a bourbon,
and know that my operation succeeded.
ubiquitous technical surveillance has changed that.
I have no idea after I get home and Jack gets home how much of that was recorded.
If I walk out of my house without my cell phone, someone who's interested in me is going to know that.
Because as one tech executive told me, the only people who don't carry cell phones are drug dealers,
undercover cops and intelligence officers.
Maybe they're getting younger and younger on that as well.
Yeah.
Well, and the other thing is, you know, like early 2000s,
like when you're talking about biometrics and facial recognition,
all you had to worry about was like Vegas and Heathrow, right?
And now you can go online to like, you know, Pimey's or whatever
and gain access to, you know, near,
intelligence level or law enforcement level facial recognition stuff.
Well, exactly.
You have no idea.
When you cross a border, particularly in airport,
you're going through hundreds of meters of collection.
Wi-fi collection, cell site simulators, iris scanners,
facial recognition.
They've done all these experiments.
The news has done all these experiments
on the age of commercial economic surveillance
where they demonstrate this.
And then you have, of course,
these sites like PIME eyes
where you can go and look somebody up.
And the days of trying to look like Marlon Brando
by stuffing cotton in your mouth.
Yeah.
Those are over.
If they can do facial recognition while you're wearing a medical mask, that's not a chance that I would want to take.
You know, and the other thing is, is it, you know, when you talk about aliases and that kind of stuff, and, you know, and we've had like ATF guys on and they talked about the alias process and aging their accounts and things like that, how do you age a Facebook account?
How do you age?
Like, how does, you know, sure, somebody's got a credit card that has, you know, a 10 or 15-year history so that it's not a brand-new card, but then they don't have any social media presence?
Yeah, I don't.
I don't know the answer to that.
Yeah.
I really don't.
A really good point based off of that is the difference, I think, in the approach recommended on social media for people.
who join the IC.
It used to be when I joined the agency,
nobody had Facebook, nobody had InstaFace,
I'm joking, Instagram, any of that stuff.
I think that made sense when it first came out
because it was new.
But if you're purporting to be one thing,
and you're another thing.
And the first thing is normal.
People of that age, say, coming out of college or graduate school now in their mid-20s or early 30s, they're going to have a significant social media presence.
And you can't backdate that.
You have to look like what you are.
I would argue now that cover is dead and that you have to operate in the real.
And that adds all kinds of implications.
That's a very, like, interesting concept, like not traveling under alias, you're going to have to be you.
And not say that you're an intelligence officer probably, but I am an American citizen.
I have this real name.
And you're going to have to approach people like that.
Yeah, I don't want to get too much into it.
But I just think that the old ways of doing things where you went to a building where,
there's a record of you going to that building and you have a bunch of colleagues and it's a there's a record of where those colleagues work
you can do work in that regard there's tasks that you can do with that identity but you have to understand that
identity is if not known knowable right right and that is very limiting that's very challenging so for the
What we had to figure out, what they have to figure out is, how do you do that job where anybody who goes to that building, who has a record doing that work or has a cohort, a population cohort who does that work?
How do you work against the most challenging targets in that regard?
There's ways to do it.
You just have to think very, very hard, and that's what their job is.
It takes things that you could plan in a few days and makes them things that you have to take a few months to do.
Do you think that the U.S., not just from a personal privacy or anything like that,
but from a security and intelligence standpoint, would benefit from something like Europe's like GDP,
you know, the privacy, portability stuff, and being able to erase your online presence, basically.
Yeah, that's another consumer economic question that it's got obvious intelligence implications.
I'm skeptical about how much we can put back in the bag.
It's out.
My view, just as a citizen concerned with privacy, tends to,
lean towards the European view.
It's ironic that people who stole secrets for a living in the Central Intelligence Agency
are the most privacy-focused people I've ever met.
Right.
My kids think I'm nuts.
And again, I have accounts and I'm on the Internet now.
I'm not a hermit.
I tend to be probably
less out there than
some people, but there are others who are
far more restrictive
than I am. I just think that our
data is ours, and
it doesn't belong to a third company
or a second company.
And the idea that
somebody can make money
on my data without my permission
strikes me as just wrong.
But that was our first, that was
our first principle, right? When we
started this back in the bad old late 90s and early 2000s. That was the model. What really
drives me crazy, I'll tell you, without naming the newspaper company, is I pay a subscription to a
newspaper so that I can read it online and they still collect and sell my data. Right. I thought
I paid a subscription, so I didn't have to do that. Yeah. And I think everybody would be better off,
not just the intelligence community,
if we could ratchet that back
so that we had a model
that was not based on
third parties
owning our data.
Do you have an opinion about
you know,
not necessarily 23 and me specifically
because of what they've recently gone through?
But for instance,
I'm adopted.
I've always been curious about my heritage.
I don't know anything about my biological
parents, but I never wanted to do one of those test kits because they never guaranteed the privacy
of your information.
And now basically, not only with that, but also with, you know, the pregnancy testing, a lot of
that is Chinese-owned, you know, things like that, that they have DNA samples of everybody.
Yeah.
Yeah.
It's only going to get worse.
Yeah.
The capability for collecting that data and for stealing that data, right, how many days can you go without a story about a Russian or a Chinese hack of patient data from a hospital or a study or some sort of health care facility?
the information that is available on all of us is terrifying when it's all aggregated.
And the ability to get it depends really only on the amount of money and effort that those who want to acquire are willing to put in.
So, and I happen to think that it's as dangerous to have private companies have your data guys as it is foreign governments.
And in many cases, they're the same.
I mean, when you look at these companies in China,
they're all subject to direction from the Communist Party of China.
So when you talk about a private company in China,
you're really not talking about a private company like you are in the United States.
Companies don't suffer really any great sanction or fine for mishandling data.
I think the thing that I love about GDPR is,
It's got teeth.
And from my conversations with people in the tech industry in the United States,
they'll hire 50 people to comply with GDPR because the highest fine that GDPR imposes on companies
that violate its regulations is 5% of total annual revenue.
That's billions of dollars for a company like Google or billions of dollars.
The fines from the SEC and other regulators in the United States are peanuts,
they're in the millions of dollars.
I mean, if you look and see fines on telecoms for data breaches,
I think I got out a calculator once, and it was 0.003% of previous.
It's token, yeah.
Well, and even with the private company, I mean, Jack and I were both subject to the OPM,
reach, which, or two breaches, I guess.
All right.
Everybody who had a security clearance, you know, all of a sudden, there goes all of
our data.
And, like, you know that those SF ADA sixes and those forms are not, they're not shallow.
Correct.
Correct.
And it would be bad enough if these were one-off events, but we're giving up all that
data every single day.
Yeah.
Every time we go on the computer, every time we use.
our apps every time we travel, every time we get in a car.
I mean, if you look at what's collected on you in modern cars,
it makes the cell phone look like,
makes a cell phone look like a Dixie Cup connected with a string.
So nobody has to, again,
one of my favorite quotations is from a guy who writes about this name,
Mike Yagley,
who says, I didn't hack your data,
I didn't steal it, I didn't intercept it,
I bought it.
As I'm given to understand,
both the Chinese government
and the Russian government
can buy data as well as anybody else
and get that information that's on all of us.
And if you think about that in terms of particular military units,
if you think about that in terms of particular officers,
If you think about that in terms of known and unknown intelligence officers,
it's really quite a challenge for us to operate without our adversaries knowing what we're doing.
Yeah.
Yeah.
Where are you driving to every morning, you know, and from?
And, I mean, even wasn't it the New York Times that did that article, Jack, on they bought the information on the Secret Service
and were able to track the movements,
the Secret Service and the movements of the president.
Yes.
Yeah, the New York Times has done a number of those commercial intelligence studies.
And I remember just having a conversation with a tech exec a few months ago.
He said, yeah, I don't know how you guys do what you do anymore because I can,
my company alone can tell you where you live,
what kind of car you drive,
what your license plate is,
what your VIN number is.
I mean,
I remember somebody who worked in the tradecraft
comes into the office one morning
and told me its car announced to her
as she pulled into the agency,
now pulling into CIA headquarters.
Again, I think it's,
Any car after 2003 is collecting data on you.
2025, it's a lot of data on you.
I made a tongue in cheek recommendation one time
as chief of tradecraft that all COs should be issued,
their choice of a 1968 Camaro, 66 Mustang, 72 GTO.
my my counterparts in the DS&T said yeah that would solve that problem but you might stand out
a little bit more just because of your choice of car and I said well we need to get these for
for everybody in government and sprinkle them around the world as well I was I was joking but
you can't go back you can't go back to to a non-data non-compute non-censor environment you have to
figure out how to how to operate in those terms. I do think to your earlier point, you could
change laws and regulations so that the companies that have our data take its protection a lot
more seriously. Right. Because right now they don't. And it's what one of my friends call
security theater. They pretend to guard the data and the government pretends to find them.
So you retired in 2019, went into the private.
sector and took this knowledge and this skill set into the private sector to help corporations defend
against Russia and China and other potential threats. Could you tell us a little bit about sort of
like what the difference was as far as going from, you know, government to private sector?
And I mean, the threats are still there. Or were they different and how you defend against them?
Were they different? Yeah. It's a hard question to answer. First thing is I didn't take
any particular knowledge with me
to the private sector. The private
sector has more knowledge about
ubiquitous technical surveillance and its
capabilities.
Because they do it.
Hands down,
the private sector was the teacher
and the government was
the student when it came to UTS.
You name
any of the big,
it's not just any of the big, hundreds of
companies, not just Google and Amazon
and Facebook and Apple and
Microsoft, hundreds of companies are much more sophisticated in their ability to track and know what people are doing with those commercial tools than the United States government is.
And I would debate somebody in any setting on that.
So really, I started learning that when I was still in government, that the experts on this are in the private sector.
what I took to the private sector was a mindset, not any particular knowledge, because I think
the private sector was really good on the technology and the techniques and the threats
of the technology and the techniques.
What I took from government was my understanding that China and Russia and North Korea and Iran
and other state actors are attacking the U.S.
private sector. And they don't make a distinction between private sector information and government
information. They want it all, particularly China, which is the apex predator in this space. It's
responsible for something over 80%, probably closer to 90% of the thefts. There is no meaningful
distinction between the government of China and Chinese companies when it comes to theft, for example,
trade secrets and other IP, those companies are obligated to supply whatever aid and information
the CCP wants through Article 17, or the 2017 Article 7 of its Intelligence Act and other
legal requirements. So this idea that we're the private sector, we're safe, we're too small,
We're too esoteric. Nobody wants to steal from us.
That's something that I could say, hey, read this FBI circular. It's public. This is not secret information.
Keith Alexander was talking about this 20 years ago.
And nobody was listening that the private sector is as much as the government, a target of commercial, of espionage as the government is.
commercial espionage, governmental espionage.
It's espionage.
Right.
The second thing that was really astounding to me was how uninterested the private sector was in this.
And it took me a while to figure that out.
And what I learned was because they weren't looking at it, they weren't working at detecting it.
Because they weren't detecting it, they weren't reporting it.
Because they weren't reporting it, nobody.
knew the scale.
So imagine guys, you live in a neighborhood in which every house is being burgled every day
for a significant portion of its total net worth, but nobody detects it because it's
information, not stuff, and they won't learn about the loss of that value for some weeks,
months, or years.
So they don't detect it, they don't report it.
Because it's not being detected or reported, everybody else thinks the neighborhood
safe, so they're all leaving their doors and windows unlocked. So it keeps going on. And it's this
vicious cycle that really struck me. And so one of the things we've worked on is trying to improve the
ability of companies to detect theft, to track where their IP is, to look to see if there's an
unknown competitor who's got a product out based on their IP, and then to value that theft, and then to
report it. And we still have a long way to go on that because
companies regard that kind of business counterintelligence, business security as a cost center,
not as a revenue generator.
I believe if they understood the actual level of theft, they would change their minds.
For example, we think based on a very cursory examination of data that the losses are in the trillions,
not the hundreds of billions as the FBI reports.
So, I mean, I'm happy to go into that more if you want.
It's interesting because, I mean, my thought would have been that corporations are very protective of their proprietary data.
And like, if me or you were to approach somebody who works at Google, like, hey, can you share your source code with me or whatever?
They're going to be like, hell no, that's protected information.
Okay, Jack, now imagine you have 50 people calling 50 people at Google.
Yeah.
Calling them up on the phone and some of them are real customers, but that's not their main job.
Or they're calling up a company and pretending to be an investor or they're real investors.
Or they're a supplier or they're a contractor.
We've done experiments like this where we call people on the phone and ask for,
and they give it to us.
They have policies and procedures in place.
I just don't think that most companies are very good at them.
I think some of the bigger ones are better.
I think, again, not every company can afford a security shop.
Not every company can afford to hire experts to advise them
on how best to protect their IP.
A lot of companies convinced themselves
were too small,
so we're immune to this.
Nobody would be interested.
A lot of companies we've seen,
oh, I hired this guy.
He was my friend.
Sure, of course.
I knew he was a PRC citizen,
but we went to college together.
And then they're shocked
when this person downloads all the IP
onto a couple of drives
and gets on a plane
and starts an identical company outside of Shanghai,
which is a real case that I'm citing.
So I think that the private sector has a long way to go.
I mean, in most cases, the private sector doesn't do a great job of even valuing its IP.
It's tough to value, so they don't put it on the balance sheet.
So if you're not doing that, if you're not tracking it to see if other companies,
particularly outside the United States are making products like yours or pirating yours,
it's difficult to track.
There was a case we found out about this wasn't the United States.
It was Australia where somebody called up the headquarters and complaining about a product
breaking and the headquarters got the unit number, the identity code off the particular product.
It was a metal detector and said, we don't have that code.
And so they started peeling back the onion and found out they didn't make the metal detector, even though it was their IP.
An entire Chinese company was stood up.
The company is called Kodan.
This was in the press.
Was stood up to pirate their IP.
And if they hadn't gotten this call, this would have gone.
So they lost all their China revenue to this pirate.
So this is the kind of thing that we're really.
interested in and and less people think, oh gosh, this is just going into business, this has
nothing to do with national security. I would respectfully suggest they're wrong. This is,
this is the battle. Right. This is how Russia and China attacked the United States via our private
sector. This is hybrid warfare. This isn't just preparation for some sort of traditional kinetic
contest in the South China Sea, this is how China degrades the United States.
It's also, you know, in a lot of ways, it's also an economic issue that the government is going
to have to figure out because when the companies, especially the smaller companies, when they
get breached. So I did a short stint like eight months working for a digital forensics
company.
And when these companies get reached, they hire attorneys who let them, who then hire a
forensics company to find out what their liability is to, you know, anybody who may have
been in their database or whatever.
So they're paying these companies hourly, you know, to figure out what did they access
and what is their liability.
That's all they want to know.
So, you know, there was one case where we found a threat actor
that had never been reported on.
You know, they were doing the dark web, you know,
negotiations with them.
And this, and there were, but they don't,
they don't want to know the TTPs and we're not getting paid.
You know, the company isn't going to take on that.
Hey, let's pay these guys an hour.
or whatever to figure out all the TTPs of this new thing,
what are the reporting channels of it, all these other things.
So basically, it dies once that company knows what did they touch, what did they ex-fill,
you know, maybe how did they get in, like are we still compromised?
And that's it.
It just dies.
Exactly.
Their concern is liability and compliance.
Right.
It's not security.
Right.
And it's not prevention.
And these forensic companies, they're not going to pay out a pocket to keep, you know, to keep their guys on the clock to figure it all out.
Correct.
That's what that's not, that's, that's not the mission.
Right.
Right.
And it's, and it's, and it's not its, it's, it's not its model.
And so the, that, one of the tragedies here is none of that information is shared.
Correct.
One of that information is if you're lucky enough to detect the breach in the first case,
very few companies then take the next step to report that.
They don't report it to law enforcement.
They don't report it to regulators.
They don't report it to the press.
They have them.
Now in cyber, they have a material.
obligation, they have a legal obligation to report cyber breaches because of recent laws.
However, my understanding is the way the law is written, it says if it has a material effect on the value to investors,
well, how many times can we say we don't think that has a material effect?
Right.
And when I've had conversations again, not naming anybody's name or company, what I've had,
conversations with many security officers, they say, oh, heavens, no, we're not, we're not reporting
a breach. We're not reporting a suspected breach. We're not reporting a suspected insider. That's just
going to result in questions. It's embarrassing for them. Difficulties with our investors.
Yeah. Yeah. And generally, I mean, a lot of times they don't even know they've been breached
until it pops up on some dark, you know, on some, you know, breach forum.
with the data for sale.
Right. And even then, it could be months or longer.
And many of these companies are not hiring or doing themselves
the due diligence to check the Deep and Dork Web.
Right.
To see if that data is missing,
to see if their IP is for sale,
to see any of that information.
So no one's checking competitors to see if they're selling
exactly the same IP.
They're worried about themselves.
Right.
And I think
I think
this is not just
a legal compliance issue.
It's not just a security issue.
I think it's a national security issue
because it's degrading
the U.S. industrial base.
Do you feel as though the United
States, because I agree with you, I feel
like this is a form of asymmetrical
warfare. It is.
That our government needs to treat it
such that they need to stop looking at it as a criminal act and as and more as a as a type of warfare.
Do you think that the government, do you think, first off, do you think that that is a little
overboard, my, you know, my opinion on it?
And do you think that the government would ever catch up with that idea that, you know,
maybe one of these, you know, APTs needs to get a hellfire.
And it might change the dynamics.
It is, I think, the question right now on how the United States responds to really what has been a,
at least a two-decade-long assault by certainly China and Russia, also.
now North Korea and occasionally Iran, but certainly China and Russia, every week are attacking
U.S. infrastructure, U.S. companies, U.S. people, U.S. finances using a variety of means,
not just cyber, but humint, predatory finance, a variety of, a variety of, a variety of,
of means to
degrade,
steel,
and infiltrate U.S. infrastructure.
And
the point that
undergirds your larger point
about warfare
is that
essentially China and Russia,
via their methodology, have boiled
the frog.
And we've just realized it.
Because what they've done has been
and professional
really one has to respect what they've done as we detest it and call for action.
If this had been done kinetically, we would be at war.
Right.
They have shut down health care.
They have shut down transfers of energy.
They've shut down pipelines.
They have shut down electrical grids.
They are infiltrated.
they've shut down telecom.
They have infiltrated every single part of the infrastructure.
They have stolen trillions of dollars of value of U.S. assets.
And because they have done it incrementally, slowly, quietly,
stealthily, and via so-called private,
plausibly deniable methods they've gotten away with it.
But nobody in the government believes that APT 41 or any of these other fancy bear or any of
these other actors is operating without the support.
Right.
Or at least a task in approval.
Right.
Russia and China could shut down these groups immediately if they wanted to.
Right.
Right.
And I think we've, I think we've shown.
publicly that in both cases these groups are operating not just with the tacit support,
but in many cases at the behest of their governments.
Yeah.
Do you get a sense that the government, because, you know, the ransomware, the breaches, the
stealing, like, that's the stuff that we see.
Right.
But we also know.
that, you know,
if we look at the solar wind stuff,
like that's the stuff that we see.
But a smart intelligence operation,
it's the stuff that you don't see.
I mean, do you,
are they concerned that they're in the systems
and they're just not moving?
They're not doing anything where it's critical.
Are they in government systems?
Yes.
Are they just sitting there?
Yeah, I don't know the answer to that.
I certainly believe.
I'm not asking you if you think they are,
but what I'm asking you is,
do you get a sense that the government is looking at this
in a sense of like, you know, what we see,
we're worried about what we see,
but what is it that we don't see that we really need to be concerned with?
I think CISA and the FBI and the other commerce,
the other actors who are involved
in this well-recognize that we're only seeing the tip of the iceberg.
This is this is about this comment about the private sector believes that it's a couple
of $100 billion worth of theft.
It's in the trillions.
Yeah.
So people record $220 to $600 billion a year in losses from Chinese theft of IP alone.
We think that's $5.7 trillion.
And the reason we think that,
and the reason the FBI believes it's a lot bigger
than what it sees is the point that I mentioned
just a few minutes ago,
which is these companies are not detecting,
reporting everything that happens to them.
The FBI is very good on this.
I mean, they know that they're only seeing a portion
of what's happening,
and they're really trying to get the private sector
to cooperate. The FBI doesn't have the authorities to do pre-crime.
Right. Yeah. We have a Fourth Amendment. That's a good thing. I support that. We all support
that. Constitution of the United States. That's great. The FBI also has, I think, last time I checked,
10,100 special agents to cover the entire United States, all of its missions, including these
these attacks on the private sector from Russia and China via hacking and other methods of infiltrating
infrastructure and stealing IP and stealing data. So there's no way you could triple the FBI budget,
which I would support, and you still wouldn't come close, which means that in this national
security contest between the United States and its adversaries, Russia and China, the private sector
are participants, and they need to understand that. They don't, in many cases, understand that.
They say, whoa, our job is to make widgets or whatever it might be. We have a great, knowledgeable,
cheap labor force in China, and we have a great research relationship with China, and we have a lot of
buyers in China, okay, fair enough, but you understand that each one of those relationships also
imposes a risk of loss on those companies. And I think you start to see that. So, for example,
Apple iPhone sales are declining precipitously. Chinese EVs are the number one selling
EVs. I think these companies from the United States that did business in China traded short-term
profits and revenue for a lot of long-term pain. And that's not to say that everybody can keep
IP secret forever, but we don't hand it over Willie-nilly to two countries that are basically
dedicated to the destruction of the United States.
Right.
These are, by the way,
I shouldn't have to say, none of us should have to say,
it's different doing business with a country like France and Canada and Mexico and Great
Britain who don't have nuclear weapons pointed at us.
Right.
From doing business with China and Russia who do.
Or even India, like, you know.
Right.
Yeah.
Glenn, where can people go to find you if they want to procure your services, so to speak?
Where would they go?
Yeah, thanks for asking.
My main gig right now is I am the director of 2430 Group.
And 2430 Group is a nonprofit research, educational and advisory institution.
We do research on these questions.
some of it very, very detailed.
We do advise companies on this.
We're a non-profit.
We want to make sure that everybody is aware
that there is a significant overlap
between the financial business interests
of the U.S. private sector
and the national security of the United States.
They are not unrelated,
and they're not at cross purposes.
And one of our taglines that we use all the time is counterintelligence is good business.
You as a business will do well.
So if you don't contact me at 2430 group, there's others who do this.
Contact somebody and learn what your vulnerabilities are, how to assess those, and how to mitigate.
And you're a social media skeptic, it sounds like, but are you on LinkedIn?
in places like that. I am on LinkedIn. I have made my I have made my compromises with modernity
guys. It's the only one I'm on. I'm not on any of the others because I think professionally
it's it's really required. Dee, do we have any questions for Glenn? Okay. No. So that's that's
pretty much it unless you had anything else that jumps out at you, things that you'd really like to
talk about before we get going today.
I know I I guys I want to I want to thank you for having me on and as you can tell I I really am very
enthusiastic about this top topic of how our adversaries weaponize data and commercial espionage
to attack the United States and I think anybody who's listening who's in the private sector
who hasn't thought about these issues,
I really appreciate that you guys
give some attention to it.
Yeah, absolutely.
And thank you for coming on the show tonight.
Yeah, we really appreciate it.
Thanks, guys.
We'll have some links down in the description
for folks out there who want to get in touch with Glenn
and see some of his work.
So you guys can check that out.
And otherwise, we'll see all of you next week.
Hey, guys, it's Jack.
I just want to talk to you for a moment
about how you can support the show.
if you've been watching it, enjoying it,
but you'd like to get a little bit more involved
and help us continue to do this.
You can check out our Patreon.
It is patreon.com slash the Teamhouse.
And for $5 a month,
you can get access to all of these episodes
of the Team House ad-free.
The same goes with our affiliated podcast,
Eyes On, with Andy Milburn,
Jason Lyons, Mick Mulroy.
That one, you will also get all of those episodes
ad-free.
And you support the,
channel and the show and we really appreciate it. The Patreon members are literally what has helped
this company, this small business survive, especially during our early years. And you are what
continues to help this thing going even as we navigate the turbulent world of YouTube advertising.
So we really appreciate all of you guys. There's going to be a link down in the description to
that Patreon page. And there is also going to be a link to our new merch shop. So if you
If you guys want to go and get some Team House merchandise, we got stickers, and we also have
patches.
And I should mention, if you sign up for Patreon at $10 a month, we will mail you this patch
as well.
So we really appreciate that.
But they're also for sale on the merch shop.
And additionally, they got T-shirts up there, water bottles, tote bag, coffee mugs, all that
good stuff.
So please go and check them out and support the show.
we really appreciate it, guys. Thank you.