U.S. authorities spent a great deal of time interrogating Yemeni-national Salim Ahmed Hamdan at the U.S. detention facility in Guantanamo Bay, Cuba. Although he had worked only as a chauffer and bodyguard, interrogators zeroed in on Hamdan, assuming that his eyes and ears had been open while his boss met with associates and discussed the business of the day. Though not a "big fish" — he likely was not a decision-maker — Hamdan nevertheless was a juicy catch for counterterrorism agents wanting information about his former employer: Osama bin Laden.
The results of that interrogation have not been revealed, so it is unknown how much information Hamdan overheard from bin Laden and his associates, though it is known that his work with bin Laden began during the Soviet war in Afghanistan. The case, however, raises an important question: How much attention is paid to low-level employees who surround a top leader, whether that leader is a terrorist, a business executive or a government official?
Anyone who employs workers to perform common tasks puts himself or herself at risk of being exploited in a number of ways: through the keys that provide access to information and valuables in the home or office, to valuable written information left in the trash or on a desktop, to conversations overheard. In the United States, it is normally easy to mitigate the risk of important information escaping via employees, through the use of extensive background investigations and examinations of personal information and affiliations.
However, those who travel to foreign countries face a higher risk because the integrity and the motives of workers cannot always be tested easily, and because it is much more difficult to do accurate — if any — background checks on so-called "local hires." The company CEO who hires a local limousine driver to transport executives to meetings abroad, therefore, risks unintentionally revealing company secrets. Individuals acting for their personal benefit certainly pose a risk, but that risk increases when one is traveling to a country where corporate espionage abounds, or where counterintelligence value is great, such as China and France. The suicide bombing of a U.S. military mess tent in Mosul, Iraq, on Dec. 21, 2004, is one example of the dangers posed by local service hires. The bomber in that case, an Iraqi employed by the military in the service sector, killed 20 Iraqi and U.S. military personnel. The attacker might not have had a map of the entire facility or understood all of the operations taking place within the compound, but the small bits of information available to him helped him to piece together a picture of the security strengths and weaknesses of the base — thus enabling him to cause mass destruction. This is an extreme example, but it serves to highlight the vulnerabilities exposed by employing locals, especially in the undeveloped world. Oftentimes when operating in the third world, local employees are hired through a trusted proxy agent, who usually is a local as well. This situation is ripe for exploitation by groups or individuals who are looking to damage a specific organization, individual or government — either to cause physical harm in the form of kidnapping or facility destruction, or to cause economic damage, as in the case of espionage. Intelligence gathering — for future destructive use — is, of course, another area of concern, as was likely the case in Mosul prior to the attack. It often is logistically impossible to employ only one's own personnel in operations throughout the globe, making reliance on local hires a virtual necessity. This is when operational security becomes extremely important. Employers must take care not to assume that a local cleaning person, contract limousine driver or guide, for example, has no negative motivations. Local militant and intelligence-gathering groups are well aware of this vulnerability and likely will attempt to exploit it; just as foreign intelligence agencies routinely debrief maids and limousine drivers. STRATFOR has direct knowledge of cases in which lax security measures in this area caused serious consequences, but the scope of the problem cannot be known fully because companies are reluctant to bring these cases to the attention of authorities — especially foreign authorities — for many reasons, including privacy. However, extreme diligence is required when operating in an unknown environment, and everyone in the organization should be made aware of the vulnerabilities exposed by hiring locals.