Ex-Government Agents Are the PIs of Choice for Big Business
- December 19, 2007
- by PInow Staff
In early September 2006, a vice president of Wal-Mart sent a highly personal email to his boss through what he thought was a safe email account. “My Gmail is secure,” Sean Womack assured Julie Ann Roehm, the company’s senior vice president for marketing communications. “Write to me. Tell me something, anything…. I feel the need to be inside your head if I cannot be near you.”
Roehm had persuaded the company to hire Womack only three months before. “I hate not being able to call you or write you,” she replied. “I think about us together all of the time. Little moments like watching your face when you kiss me. I loved your voicemail last night and love the idea of memory and kept thinking/wishing that it would have been you and I there last night.” Then she signed off, saying she had to take her two children to the park.
Unfortunately for Roehm and Womack, who were both married to other people, their intimate email exchanges would become public in a legal dispute between Roehm and their employer. Wal-Mart learned about the relationship while investigating Roehm for accepting gifts from an ad agency that received a huge contract with the retailer. Ultimately, Wal-Mart fired both execs for violating company policy and later accused them of carrying out a love affair on company time.
Largely overlooked in the furor was the role that Wal-Mart’s internal security department had played in digging up the salacious details. This department, a global operation, was headed by a former senior security officer for the Central Intelligence Agency and staffed by former agents from the C.I.A., the Federal Bureau of Investigation, and other government agencies. (See our Spy Slang guide) A person familiar with the episode said in an interview that an ex-C.I.A. computer specialist was involved in piecing together the email evidence—which included copies of Womack’s private Gmail messages, provided by his estranged wife—and that another former government agent had supervised the overall investigation.
Ex-government agents appear to be Wal-Mart’s investigators of choice. The retailer has emailed job listings to members of the Association for Intelligence Officers as well as posted ads on its site seeking to hire “global threat analysts” with backgrounds in intelligence. The job description for the analysts, who would have reported to a former Army intelligence officer, entailed collecting information from “professional contacts” to gauge threats from “suspect individuals and groups.” In practice, their responsibilities would have extended to gathering information about Wal-Mart employees, suppliers, and customers; Wal-Mart monitors shoppers for suspicious or potentially criminal activity. A Wal-Mart spokesman said the company does not comment on security matters.
Roehm sued the retailer for breach of contract over her firing but dropped her case in November. She has denied all wrongdoing, including the affair.
Sam Morgan, Roehm’s lawyer, declined to discuss the suit. But corporate espionage is becoming almost as sophisticated as government spying. Morgan said, “There is no right to privacy in the private-sector workplace.”
Roehm and Womack were unwittingly drawn into a new world of intrigue in which rivalries between superpowers have been replaced by global competition among the titans of capitalism, where companies use the most advanced techniques available to scrutinize competitors and employees alike. From New York and London to Moscow and Beijing, today’s corporations are venturing into a netherworld populated by former agents who have been schooled in the arts of detection and deception by the C.I.A., the F.B.I., Britain’s secret services, and the former Soviet Union’s K.G.B. Instead of probing for state secrets or recruiting government ministers as double agents, these latter-day George Smileys are selling their old skills and contacts to multinationals, hedge funds, and oligarchs. They’re digging up dirt on competitors, ferreting out internal corruption, and uncovering secrets buried in the pasts of job applicants, boardroom rivals, and investment targets.
The best estimate is that several hundred former intelligence agents now work in corporate espionage, including some who left the C.I.A. during the agency turmoil that followed 9/11. They quickly joined private-investigation firms whose U.S. corporate clients were planning to expand into Russia, China, and other countries with opaque business practices and few public records, and who needed the skinny on international partners or rivals.
These ex-spies apply a higher level of expertise, honed by government service, to the cruder tactics already practiced by private investigators. One such ploy is pretexting—obtaining information by pretending to be somebody else. While private detectives have long posed as freelance reporters or job recruiters to get people to talk, former agents have elevated pretexting to an art.
At Diligence, a New York private-investigation firm founded by former C.I.A. and British agents, ex-intelligence officers have taught newcomers how to construct false identities by using fake business cards, creating phony websites, and directing incoming calls to cell phones reserved for each separate identity. “You are establishing a cover, like in the C.I.A.,” said a former Diligence employee, adding that there are people who know investigators only by their phony identities.
Similarly, ex-agents have helped popularize the use of G.P.S.-based monitoring devices and long-range cameras for following people around. One corporate-espionage technique comes straight from the C.I.A. playbook. In the constant search for the slightest edge, some hedge funds and investment companies have turned to a handful of private-investigation firms for a tactic that seems to fall between science and voodoo. Called tactical behavior assessment, it relies on dozens of verbal and nonverbal cues to determine whether someone is lying. Signs of potential deception include meandering off topic rather than sticking to the facts and excessive personal grooming, such as nervously picking lint off a jacket. This method was developed by former lie-detector experts from the C.I.A.’s Office of Security, which administers polygraph tests to keep agents honest and verify the stories of would-be defectors.
Don Carlson is the former chief executive of a Boston research-and-analysis firm, Business Intelligence Advisors, where ex-C.I.A. agents have turned the human-lie-detector technique into a business tool. Carlson said hedge fund managers have hired ex-C.I.A. polygraphers from B.I.A. to sit beside them as a company executive delivered a rosy business forecast. The former agents were supposed to signal the manager if they sensed that the executive was dissembling. Carlson said he is convinced that human lie detectors work, though others scoff at the notion.
B.I.A. did not return calls. But I was told that Cascade Investment, the vehicle set up by Microsoft founder Bill Gates to handle his wealth, was among the B.I.A. clients resorting to the human lie detector. Gates relied on B.I.A. investigators to analyze security risks in foreign countries that he and his wife, Melinda, plan to visit. Gates also employs a former C.I.A. agent as head of his personal security team.
Most of the ex-agents’ activities, from surveillance to lie detection, are perfectly legal. In the wake of the 2006 Hewlett-Packard scandal, detectives used pretexting to obtain the private telephone records of company directors, employees, and journalists. In an effort to track leaks to the media, federal law was tightened to prohibit using fraudulent means to obtain telephone records. Financial records were already off-limits. But federal law doesn’t forbid assuming a false identity to get other information—an area that ex-spies exploit.
Still, a few techniques favored by the spies-for-hire do appear to violate privacy statutes. One of these involves using “data haunts,” extreme methods of electronic monitoring such as tracking cell-phone calls and gathering emails by relying on secretly installed software to record computer keystrokes. An ex-C.I.A. agent described a group of his former colleagues who set up shop offshore so that they could tap into telephone calls—a practice prohibited by federal law—outside U.S. jurisdiction. “They call themselves the bad boys in the Bahamas,” he said.
Even some of the legal methods are controversial within the industry. Certain old-school firms won’t stoop to dumpster diving or stealing garbage—which is usually legal as long as the trash is on a curb or other public property—because they consider it unethical. They say that the prevalence of former intelligence agents in the field and the rise of unscrupulous tactics have tarnished a business that often struggles with its reputation. One longtime investigator complained that he recently lost business to some ex-C.I.A. officers who promised a potential client that they could obtain the phone and bank records of a target—something that is illegal in most cases.
The investigator told me that nearly every major security firm employs ex-agents, though most don’t break the law.
“But plenty of people are worried about the potential damage to all of us when someone gets caught,” the investigator says.
Penetrating the secret world of corporate espionage has never been easy, and spies are trained to leave no tracks. Still, when disputes like the Wal-Mart case become public, it’s increasingly likely that former intelligence officers are lurking in the background. For instance, in March 2007, Oracle, the software company, filed suit in San Francisco federal court against German rival SAP, accusing it of systematically and illegally downloading thousands of pieces of proprietary software. According to a source involved in the case, Oracle’s documentation featured an analysis by forensic computer experts who used to do top-secret work for the federal government. SAP’s chief executive, Henning Kagermann, acknowledged in July that “inappropriate downloads” had occurred, although he maintained that Oracle was not seriously harmed. The suit is pending.
Another federal case involving former intelligence operatives traces its roots to the central-Asian nation of Uzbekistan and the family of its autocratic ruler, Islam Karimov. In a July 2007 libel suit, the owners of the New Jersey export company Roz Trading complained that they were the victims of an elaborate campaign staged by GlobalOptions Group, a New York corporate-security firm that used to describe itself on its website as a “private C.I.A., Defense Department, Justice Department, and F.B.I.” Its advisory board included William Webster, the former head of the C.I.A. and F.B.I., and James Woolsey, another former C.I.A. chief. Ex-intelligence agents studded its roster of investigators. Its chief executive at the time of the alleged libels was Neil Livingstone, a former consultant to the Pentagon and State Department.
GlobalOptions’ client was a Swiss firm that the lawsuit alleges was controlled by the dictator’s daughter, Gulnara Karimova. The suit contends that Global-Options sought to discredit Roz’s principals, including Karimova’s ex-husband, by setting up websites that falsely accused them of tax evasion, bribery, and fraud.
Livingstone declined to comment. He left GlobalOptions in late 2006 and founded another firm, ExecutiveAction, which also employs former intelligence officers and bills itself as a “McKinsey & Co. with muscle.” A GlobalOptions spokeswoman said the company doesn’t comment on pending litigation, that it no longer fashions itself as a private C.I.A., and that it has dropped the description from its website.
Private investigation has long attracted former government workers, but until recently, they were usually cops. In the 1980s, Kroll, an investigation behemoth with 4,800 employees and offices in 33 countries, became one of the first private-investigation firms to hire C.I.A. agents. The practice spread with the cold war’s end, which put a lot of spies on both sides of the iron curtain out of work.
Mike Baker, a former counterinsurgency officer, left the C.I.A. in 1998 because he felt the agency had become risk-averse and reactive. “The collapse of the Berlin Wall had an impact,” Baker said. “The cold war was over.”
After the September 11 attacks, agents held responsible for the intelligence failure or disenchanted by the debacle migrated to private firms. With business clients expanding beyond Western Europe into volatile regions like the Middle East, these companies needed investigators with the knowledge to ask the right questions and the connections to get the answers, requirements often met by ex-C.I.A. operatives. The $150,000 to $200,000 salaries these organizations offered—well above C.I.A. pay—were alluring, especially for baby boomers facing the costs of their children’s college tuition and their own retirement. Soon, almost every big-time investigative firm had at least one former C.I.A. agent on its payroll, and many had half a dozen or more.
It’s unclear from C.I.A. statistics whether the agency is losing more and more people to private firms, as it doesn’t track where ex-officers find employment. The C.I.A. attrition rate, which covers retirements, resignations, and firings, has hovered around 6 percent a year for more than a decade but improved in fiscal 2007 to 4.6 percent.
Some who have left the C.I.A. say that disenchanted veteran agents with 10 to 15 years’ experience are departing for the lucrative private sector. “Old-timers, good guys who love the place, are leaving because the culture is broken,” said Robert Baer, the former undercover operative who was the model for George Clooney’s character in Syriana. “The place is total frustration, and there is the question of money. After 25 years, when your wife or husband couldn’t work because of what you do, and the kids are in college, you can’t make it on your C.I.A. salary.”
Shortly after being promoted for leading a C.I.A. counterterrorism team that captured an Al Qaeda leader in Pakistan, John Kiriakou quit the agency in 2004, burned out by the punishing workload. “I love the agency. I loved my career there. But at the same time, if you want to have a strong marriage and relationships with your children, the agency is not the place to work,” said Kiriakou, who doubled his salary by taking a job gathering corporate intelligence for a private firm.
Some big names have also left the C.I.A. for the world of corporate espionage in recent years. Robert Grenier, the agency’s former head of counterterrorism, now works in Kroll’s Washington office. Stephen Kappes, who spent 12 years overseas as an undercover operative and speaks Farsi and Russian, went to work for the security firm ArmorGroup International before returning to the agency as deputy director in mid-2006. Jack Devine, a 32-year veteran who once ran the agency’s foreign operations, set up the Arkin Group with New York lawyer Stanley Arkin almost 10 years ago.
“The private sector has virtually all the same techniques as the government,” Devine told me. A favorite haunt for former American spies is the elegantly appointed dining room of the Ritz-Carlton Tysons Corner in McLean, Virginia, a short drive from the cafeteria they used to patronize at C.I.A. headquarters in Langley. The large room, with its tables spaced well apart, swallows the hushed conversations. Leaving the C.I.A. for corporate espionage is a “growth business,” an agent-turned-investigator told me over breakfast there, indicating half a dozen other diners who had made the same career move. “Everyone has hung out a shingle.”
The influx of spies into the corporate sector isn’t limited to Americans. Firms relying on former British intelligence operatives have sprung up in London, the financial center of Europe. Trident Group, based in Arlington, Virginia, was started by former K.G.B. and Russian military officers. Trident works for blue-chip American and British companies, including the law firms Baker & McKenzie and Latham & Watkins, helping them navigate the tricky shoals of the Russian business environment.
Trident president Yuri Koshkin, a former officer in the Soviet military, is a naturalized American citizen—a status granted to him because the U.S. government deemed it in the national interest, as it often does with would-be citizens who are well educated or exceptionally talented. Koshkin and a Russian lawyer started Trident in 1996, just as the oligarchs were rising on the scene, but Koshkin says he was leery of “Russian business people who could not explain the source of their money.” He decided not to work for them. “The concept was to provide services to Western companies in Russia,” he explained in his office, which commands a view across Georgetown to the white walls of the Russian embassy. “We had to take care of our reputation,” Koshkin says.
On a Sunday evening in the fall of 2006, Mark D’Anastasio, the head of Emerging Markets Communications, a public relations firm in Washington, and a former Moscow bureau chief for BusinessWeek, carried his trash to the curb in front of his suburban Virginia home, as he had done weekly for years.
Before the garbage truck started plying the route, while D’Anastasio and his family were still sleeping, a short, red-haired young man named Patrick pulled up in a car outside the house. He jumped out, grabbed the trash bags from D’Anastasio’s container, tossed them into the car’s backseat, and sped off into the night. The garbage grabbing went on for several weeks. Sometimes Patrick would do it; sometimes another employee of Diligence would.
Old habits die hard at Diligence, whose alleged hijinks embody the danger of turning spies and their bag of tricks loose on the corporate world. Mike Baker, the former C.I.A. counterinsurgency officer, and Nick Day, a short-timer at Britain’s domestic intelligence agency, MI5, established Diligence in London in 2000. The pair had met in the 1990s through their old jobs and later joined a British company that investigated corporate fraud.
Eager to cash in on what looked like a potential boom in demand for their talents, they formed Diligence. “When we first started, Nick and I were literally walking down a street in London trying to figure out how to get the money for a couple of mobile phones,” Baker, a lean man with short graying hair, recalled recently.
Soon, however, Diligence had not only mobile phones but also offices in London and Washington and a roster of gold-plated clients that included Enron, oil and pharmaceutical companies, and law firms. They had staffed up with investigators with intelligence, military, and journalism backgrounds and were, Baker said, “hyperaggressive at getting business.”
The firm expanded swiftly after a 2001 merger with Barbour Griffith & Rogers, a high-powered Washington lobbying group. In early 2005, B.G.R. partners sold their interest in Diligence. So did Baker, who left to start his own firm.
Day took over as chief executive and embarked on a hiring spree. According to insiders, Day, who declined to comment on Diligence’s specific operations and methods, hired a handful of veterans from the C.I.A. and elsewhere and also enlisted a number of eager but inexperienced recruits.
“He carried his modus operandi from the intelligence world and introduced it to the private sector,” explained one former Diligence employee who, like most others, spoke on condition that he not be named. Another former employee said Day’s mantra was “Let’s be creative.”
The ex-spies schooled the young guns in the art of espionage. One former Diligence investigator described participating in a surveillance-training exercise in New York using Gretchen King, a young woman in the New York office, as what the C.I.A. veteran referred to as the rabbit. The object was to keep the rabbit under watch without letting her know she was being followed. Her job was to lose her pursuers. In the exercise, 10 investigators in radio contact trailed King through Grand Central Terminal and into various shops on Manhattan’s East Side.
Current and former employees said Diligence’s ex-spies also held classes in using false identities to obtain confidential information. Ex-employees said it wasn’t unusual for an investigator to have five or six cell phones, each representing a different identity, on his or her desk. And while ex-C.I.A. and former MI5 agents were old hands at such deception, the new initiates sometimes got confused and answered a phone with the wrong name.
On occasion, Diligence investigators were dispatched to collect garbage from a target’s home or office. In some cases, two former employees said, Diligence hired off-duty or retired police officers to take trash so that they could wave their badges and fend off any awkward questions.
In the spring of 2005, Nick Day and others at Diligence began plotting a secret mission, code-named Project Yucca, to penetrate KPMG, the multinational accounting firm. Diligence sought to gather information on behalf of one of its biggest clients, Alfa Group Consortium, a Russian conglomerate. Private Diligence communications, court records, interviews, and confidential reports by outside private investigators tell a story of corporate espionage run amok.
Alfa Group was embroiled in a fight with IPOC International Growth Fund, a Bermuda-based investment company with ties to a senior government minister in Moscow. The stakes were high—control of a Russian telecommunications company worth billions of dollars.
The Bermudan government had appointed two auditors from KPMG to examine IPOC’s business operations in the spring of 2004. Diligence was looking to infiltrate KPMG’s investigation. “We are doing it in a way that gives plausible deniability,” Day wrote in an internal memo.
It soon became clear what “plausible deniability” meant. According to confidential Diligence materials and interviews with former and current employees, Gretchen King—the rabbit from the surveillance lesson—and another young woman from the New York office were sent to Bermuda to pose as conference planners working for White & Case, a prominent New York law firm. They contacted KPMG’s offices and, under the pretense of organizing a legal conference, obtained a list of employees. Databases fleshed out the list, and a couple of workers with access to the IPOC investigation were identified. One, a British accountant named Guy Enright, was selected as a potential leaker.
Day flew to Bermuda and telephoned Enright, using the fake name Nick Hamilton and implying that he was from the British secret service. After several calls and meetings, Enright agreed to provide confidential information that he thought was being used in a British inquiry into IPOC. Day persuaded Enright to deposit sensitive auditing records and other documents in a container hidden beneath a stone near a beach. King accompanied Day at least once, calling herself “Liz from Langley,” according to a later lawsuit. A Diligence insider said neither Day nor King claimed outright to be government agents, relying instead on what he characterized as tradecraft to give that impression. To ensure that Enright was not a double agent, Diligence investigators trailed him from his meetings with Day and King and poked through the trash at his Bermuda home.
Court files and documents show that Alfa paid Diligence $25,000 a month plus expenses through B.G.R. When Day prevailed on Enright to turn over a draft of the report KPMG was submitting to the Bermudan government, Diligence was rewarded with a $60,000 bonus, according to a person familiar with the records.
But then Diligence’s escapades blew up in its face. In September 2005, someone—fingers are pointing to a disgruntled former Diligence executive—tipped off KPMG to the snooping. (The former executive’s lawyers declined to comment.) Copies of Diligence emails and other records detailing the operation mysteriously turned up at a KPMG office in New Jersey.
On November 10, KPMG filed a federal lawsuit in Washington, accusing Diligence of fraudulently obtaining confidential documents. Diligence settled the suit in June 2006, paying $1.7 million to KPMG, according to a February 2007 BusinessWeek article. Day said that Diligence is “constantly reviewing its methodologies and policies” to ensure that they are both legal and “operationally effective.”
Meanwhile, word that Diligence employees had been taken for British agents had reached the British embassy in the U.S. According to a former Diligence investigator, it dispatched an intelligence officer to chide Day and other senior Diligence officials and caution them against further misrepresentations. But a former employee says that, before parting, the intelligence officer confided that he found Diligence’s work very interesting and wondered about job prospects there.
Undaunted, diligence turned its attention to Mark D’Anastasio’s trash. The former Moscow bureau chief for BusinessWeek had done some consulting for Russian telecommunications minister Leonid Reiman, who is believed to be the secret owner of IPOC and is a longtime nemesis of Alfa Group, Diligence’s client.
The Diligence insider acknowledged that the firm nabbed D’Anastasio’s garbage for several weeks but said a subcontractor handled the task. According to a former employee, Diligence higher-ups boasted that they had gleaned valuable information from the trash.
When I spoke with D’Anastasio recently, he said he’d heard that Diligence had some interest in his activities but wasn’t aware that it had gone that far. D’Anastasio, whose own public relations firm sometimes works with ex-spies and other private investigators, referred to the members of the profession as “sewer rats.” Stealing his trash “is just the kind of thing they would do,” he added. “It’s no-holds-barred, and they do whatever they need to do.”