Actions by foreign individuals or governments sometimes provide a tip-off that classified or otherwise sensitive information has been compromised. Such tip-offs provide valuable counterintelligence clues. If properly reported and investigated, they may lead to identification and neutralization of a foreign intelligence operation.
For example, a Greek official accidentally revealed his knowledge of information that could only have come from a secret communication between the State Department and the U.S. Embassy in Athens. Investigation of this incident led to the arrest of Steven Lalas. Lalas, a communications officer at the U.S. Embassy in Athens, was working for Greek intelligence.
The arrest of numerous CIA agents in the Soviet Union within a short period of time triggered a long investigation that eventually led to the arrest of CIA officer Aldrich Ames. The Soviet navys seeming foreknowledge of where U.S. ships were going was much later found to be attributable to the John Walker spy ring. Unexpected Soviet countermeasures blocked U.S. intelligence ability to exploit certain Soviet communications vulnerabilities. This was, much later, traced to the espionage of Ronald Pelton.
A National Security Council memorandum dated August 12, 1996, subject: Early Detection of Espionage and Other Intelligence Activities Through Identification and Referral of Anomalies, requires that such tip-offs or "anomalies" be reported to appropriate counterintelligence authorities. An anomaly is defined as "foreign power activity or knowledge, inconsistent with the expected norm, that suggests foreign knowledge of U.S. national security information, processes or capabilities."
In other words, whenever a foreign country appears to have protected information that it shouldn’t have, this must be reported and investigated to determine the foreign country’s source.
Here is a list of some of circumstances that, if detected, must be promptly reported to your security or counterintelligence office.1