The weekend before Donald Trump was elected president in 2016, a secret private security initiative called “Operation Baratheon” was scheduled to begin. A PowerPoint presentation laid out the plan for Joel McCollough, a burly ex-Marine bearing a resemblance to “Game of Thrones” character King Robert Baratheon. He had been posing as an opponent of the Dakota Access pipeline at protests in Iowa but was now assigned to travel to North Dakota to collect intelligence on the growing anti-pipeline movement.
There, near the Standing Rock Indian Reservation, thousands were camped out as part of the Indigenous-led resistance to the Dakota Access pipeline. Energy Transfer, the venture’s parent company, had plans to run the Dakota Access pipeline under the Missouri River. Calling themselves water protectors, the people in camp objected to the threat the pipeline would present to the Standing Rock Sioux Tribe’s primary drinking water source.
The effort to stop the pipeline had quickly become one of the most important Indigenous uprisings of the past century in the U.S. And McCollough, working for the mercenary security firm TigerSwan, was a key player in Energy Transfer’s multistate effort to defeat the resistance, newly released documents reveal. TigerSwan took a militaristic approach: To McCollough and his colleagues, the anti-pipeline movement was akin to the insurgencies the veterans had confronted in Afghanistan and Iraq. In line with that view, they deployed the same kinds of subversive tactics used in theaters of war.
One of these tactics was the use of spies to infiltrate so-called insurgents. That was McCollough’s goal when, in November 2016, he drove to North Dakota with an unwitting pipeline opponent. A PowerPoint slide titled “Mission” described exactly what he would do once he arrived: “infiltrate one of the Standing Rock camps.” Another slide, titled “Situation,” listed his adversaries, under the heading of “Belligerents”: “Native American activists, anti-establishment radicals, independent press, protester intelligence cells, camp security.”
TigerSwan’s “False” Denial
The newly revealed documents obtained by The Intercept show how security operations like McCollough’s infiltration were carefully orchestrated and managed by TigerSwan — describing in the security firm’s own words activities that it has repeatedly denied ever took place.
The documents make clear just how far security companies hired by energy industry firms — in this case, TigerSwan and Energy Transfer — will go to protect their clients’ business interests against a growing climate movement, and how much the energy companies are willing to spend for these aggressive defenses: An invoice from December 2017 said TigerSwan had billed Dakota Access LLC, a subsidiary of Energy Transfer, some $17 million up to that point.
For movements like the one at Standing Rock — Indigenous land and water defenders, fighting for territory central to their identity and health, and climate activists, staving off a potential future of chaos and suffering — their actions are a matter of survival. But the same can be said for the energy companies, evidenced by their willingness to deploy war-on-terror-style tactics.
Advocates for the activists, though, say the war-like tactics have created harmful conditions for those exercising their right to dissent. “This level of saturated, coordinated attack between private corporate interests, law enforcement, private security to shut down the climate justice movement particularly in the United States is extremely dangerous,” said Mara Verheyden-Hilliard, co-founder of the Partnership for Civil Justice Fund, which is working with the Water Protector Legal Collective to represent water protectors in a class-action lawsuit against North Dakota law enforcement officials for using high-pressure water hoses and other aggressive tactics at Standing Rock. The suit notes TigerSwan’s close collaboration with the sheriffs’ officials.
The new documents, which are being reported here for the first time, were turned over as discovery material to the North Dakota Private Investigation and Security Board. The board filed an administrative complaint against TigerSwan and its former CEO, James Reese, a retired commander of the elite special operations military unit Delta Force, for operating without a license in the state — alleging violations carrying more than $2 million in fines. TigerSwan responded to the claim in court by saying the firm only provided consultation for the operations.
The security board made the new material public as exhibits attached to a legal filing alleging that TigerSwan’s denials were “willfully false and misleading” and that the documents proved it.
“This level of saturated, coordinated attack between private corporate interests, law enforcement, private security to shut down the climate justice movement particularly in the United States is extremely dangerous.”
In his responses to the board’s allegations, Reese claimed misinformation was to blame for parts of the security board’s lawsuit against TigerSwan, suggesting the culprit was a series of investigative stories from The Intercept: “The board considers one sided news reports from an anti-energy on-line publication a sufficient basis for calling me a liar,” Reese declared. In the same affidavit, Reese claimed the operation involving McCollough had merely been proposed to the firm and, owing to its lack of a security license, not approved by TigerSwan. (At the end of last summer, TigerSwan and Reese signed a settlement with the board for less than $200,000, admitting no wrongdoing.)
TigerSwan’s own reports, however, offer rich detail about the company’s operations — better than any other source to date. (Neither Reese nor TigerSwan responded to a detailed request for comment for this article. Energy Transfer directed questions to TigerSwan and said, “We have no knowledge of any of the alleged activities.” McCollough suggested that some of the TigerSwan documents included as exhibits in the North Dakota board’s filing — which he incorrectly described as “leaked” — may contain inaccurate information, but declined to point to any specific fact he disputed or item he believed to be false.)
WhatsApp chats, invoices, operational plans, and organizational charts, all made public by the North Dakota security board, show how Reese and TigerSwan were making, according to the board, “willfully false and misleading” claims when they said that the company had not carried out private investigation, security work, or infiltration operations in North Dakota. The company documents show instead that TigerSwan at times promoted its “human intelligence” operation as a driving element of its effort to fight pipeline resistance.
“TS personnel have established eight months of relationships with activists,” a presentation titled “TigerSwan Intelligence” stated. The same slide noted that TigerSwan operatives had gotten to know “Anti-pipeline groups in Iowa, Nebraska, Illinois, Missouri, and North Dakota” and “Maintain personal relationships with key leaders.”
“No other company has infiltrated these activist groups on a long-term basis,” another slide said. “Our personnel even now develop deeper ties into activist communities and groups that are international in their reach.”
TigerSwan organized its surveillance work like a full-fledged state intelligence agency but on a smaller scale. The company divided the intelligence operation into teams focused on human intelligence, imagery intelligence, signals intelligence (intercepting communications), and open-source intelligence based on news reports or other publicly available material like social media posts. The TigerSwan teams worked out of “fusion centers” — the same term state law enforcement agencies use to describe a network of post-9/11 information sharing offices — located in Bismarck, North Dakota; Des Moines, Iowa; and Sioux Falls, South Dakota, according to an organizational chart.
The imagery intelligence team included an operative who took photographs of the camps from a helicopter, while the signals intelligence team monitored water protectors’ radio communications. At times, on the radios, TigerSwan operatives would add their own disruptive messages, according to a former member of the intelligence team, who declined to be named out of fear of retribution.
Key to the security operation was the use of infiltrators. “Having TS CI/HUMINT infiltrators on the ground is critical in minimizing lost construction time,” the TigerSwan Intelligence PowerPoint noted, using acronyms for counterintelligence and human intelligence.
The plan for Operation Baratheon describes how the company organized such activities. In advance of McCollough’s election-week trip, TigerSwan meticulously plotted out the mission, compiling a slideshow with the weather forecast, the driving route from Iowa to North Dakota, and a detailed escape plan, including an option for a helicopter evacuation. This calculated approach was new for the company, said the intelligence team member. Recently, a company infiltrator had been hastily removed from the North Dakota camps after his cover was blown, and TigerSwan did not want to be caught unprepared again. Once a day, McCollough was to use code phrases to check in with his handlers on a WhatsApp channel that included six other TigerSwan operatives, according to the documents.
The operation plan warned of certain types of people — referred to as “belligerents” — thought to be dangerous. McCollough, for example, was to be wary of members of the independent press. The former contractor explained the thinking: Independent reporters are “not unbiased,” he said, “and they’re basically an intelligence collection node for whatever movement they’re a part of.”
Framing journalists, camp security, and Native American activists as hostile aggressors was in line with TigerSwan’s view of the protests as an insurgency that must be quelled: “TigerSwan’s counterinsurgency approach to the problem set is to identify and break down the activist network,” the intelligence PowerPoint stated. “TS Intel understands anti-pipeline activists have developed cultural, religious, and ethnic environments which we are uniquely capable of exploiting.”
Framing journalists, camp security, and Native American activists as hostile aggressors was in line with TigerSwan’s view of the protests as an insurgency that must be quelled.
Pipeline opponents have alleged that the counterinsurgency campaign led to civil rights violations. Although the North Dakota security board signed the settlement agreement, at least one other lawsuit against the security firm is outstanding. The suit, which alleges that the closure of the highway passing by the resistance camps infringed on pipeline opponents’ First Amendment rights, says TigerSwan’s close collaboration with police and public officials makes the security firm liable for the abuses.
Water protectors believe that the paltry fines imposed by the security board provide only a semblance/parody of justice. “TigerSwan has not yet been held meaningfully accountable for their actions at Standing Rock,” said Noah Smith-Drelich, an attorney representing water protectors in the highway case. “We’re hoping to change that.”
Infiltrator Chat Logs
Two bearded men wielding swords and wearing wolf skins illustrate the cover of a TigerSwan “Daily HUMINT” report for December 8, 2016. The men represented in the TigerSwan document are úlfhéðnar, a type of elite Viking soldier that goes into a trance-like state as they lead attacks on enemies.
The presentation slides in the HUMINT report offer intelligence on a variety of people, organizations, and other aspects of camp life. The group Veterans for Peace is “a very communist organization,” said one slide. Another, titled “Red Warrior Camp Cell Leader,” tracked the activities of a water protector named Tempeh, who was thought to be involved with a direct action-focused camp. “Tempeh has asked RO” — coded initials for the infiltrator — “to assist him in evaluating weaknesses in the systems for the purposes of exploiting/sabotaging. RO remained non-committal,” one slide said. “Tempeh is also looking for someone to dig up dirt on sex trafficking involving DAPL workers.” The infiltrators, according to the documents, volunteered to collect such information, in an effort to gain the trust of camp leaders.
The slide contained numerous inaccuracies, Tempeh told The Intercept. Tempeh, for example, was close with members of Red Warrior, but he belonged to a separate camp called Heyoka. He said much of the material seemed to be based on rumor or on the kind of directionless brainstorming that occurred around campfires.
The PowerPoint was only the starting point for more than a month of documented spying. The records provided by TigerSwan in discovery show that, the same day the report about Tempeh came in, a human intelligence team member named Logan Davis created a WhatsApp chat group with McCollough and a third member of the TigerSwan team, Zachary Perez, who were both getting ready to enter the North Dakota camps. (Neither Davis nor Perez responded to requests for comment.)
“Joel, first RFI for you,” Davis wrote, using an acronym for request for information, “who belongs to Red Warrior Group.” He wanted the leadership structure, number of members, where they were staying, and a description of their vehicles. He asked the same for Veterans for Peace. Perez, meanwhile, would attempt to gain access to Sacred Stone camp.
“RW is highly guarded,” McCollough replied, referencing Red Warrior camp. “I got extremely lucky meeting Tempeh the way i did.” He asked Davis to get the name of a pimp from law enforcement, so he could “build bona fides” with Tempeh. (Asked about the report, Tempeh did not recall any conversation with McCollough.)
Davis delivered a name and then sent the operatives into action: “Start reengaging your sources. We don’t have the luxury of time.”
The infiltrators did just that, according to the TigerSwan documents attached to the Board’s filing. They attended courthouse support protests, offered to be drivers for direct actions, invited water protectors to crash in their hotel rooms, and provided them with gear. They filed intelligence reports and details of their movements back to Davis, who at times mingled among water protectors himself, and later to other handlers, Nik McKinnon and Will Janisch. (McKinnon and Janisch did not respond to requests for comment.)
The chat logs describe the role Reese, then TigerSwan’s CEO, played in managing the HUMINT operation. “When Jim Reese visited a while ago he said the collectors” — a term for intelligence collectors, including infiltrators — “could have 1k in petty cash,” McCollough told the group, explaining that he didn’t want to use his credit card in front of the pipeline opponents. “I told him 500 would be plenty.”
Throughout December 2016, McCollough developed relationships with various water protectors. According to the TigerSwan chat logs in the North Dakota security board’s filing, he repeatedly referred to them in the chats as “muj,” shorthand for mujahedeen, a reference to Muslim religious fighters. TigerSwan operatives exchanged crude banter about women and racist jokes, including about “drunk Indians.” The chat itself was titled “Operation Maca Root 3,” a supplement known for increasing libido and fertility in men.
As the former member of the TigerSwan intelligence team put it, “At some level you naturally dehumanize the enemy. They do the same thing.” He added, “This isn’t a Brooklyn tech startup, it’s a bunch of mercs in a private chat supposedly.”
Advocates for water protectors noted that such dehumanizing language speaks to the mercenaries’ militaristic approach. “It’s the same type of racism that’s employed by the military in other countries to dehumanize and demonize a population under attack or under occupation,” said Verheyden-Hilliard.
At one point in the chats, Davis indicated ambitions to do more than just observe water protectors’ activities. He flagged the presence of an organization of veteran volunteers called The Mission Continues, telling the chat group, “I can see this being something we can develop and infiltrate rather easily, if not completely take over.”
On a different day, after noting that few supporters turned out at a trial for a water protector, Davis joked, “It’s pretty bad, I’m gonna eat breakfast and think about how much we have destroyed a grass roots movement.”
The assessment of TigerSwan’s efficacy was shared by the former member of the intelligence team: “Demoralization, destabilization, fake crisis, ideological subversion, active measures, or psychological warfare — these had all taken their toll,” he said.
The most active infiltrator in the chat group was McCollough, according to the logs made public in the security board filing. Throughout December and January, he attempted to identify weapons in the camps. He described interpersonal disputes between members of the camp security groups and drug and alcohol use among the pipeline opponents. And he showed a special interest in violence against women. Previous reporting by The Intercept shows that he asked two water protectors for names of women who had been assaulted, claiming he was a journalist writing an article about it; they declined. The chat provides evidence of that approach. “Working on the pirs” — priority intelligence requirements — “with a muj who thinks I’m gonna write an article about the rapes in camp,” he told the chat group at one point.
McCollough floated another idea for obtaining information that water protectors didn’t offer voluntarily. “Can we get micro recorders for a hotel room? If its legal, of course,” he suggested. (In fact, water protectors had found what appeared to be such a device at the hotel and casino back in October.) “Tempeh used the bathroom to have private discussions even when the room was full. If i had had a recorder I could turn on remotely it would have been great.”
“You can do it but can’t be used in court,” the other infiltrator, Perez, responded. “Only with consent or in a ‘public Setting.’”
McKinnon, the handler, jumped in. “It would depend on ‘who’s dwelling’ it is. And what Zach said.”
“If i paid for the room, its mine, right?”McCollough asked.
“Correct,” McKinnon replied.
They were mostly wrong. In North Dakota, using recording devices, even in your own home, would amount to felony eavesdropping in a space like a bathroom, where there is a reasonable expectation of privacy — unless at least one person present agreed to the recording, according to North Dakota’s wiretapping laws.
Tempeh, who remembered seeing McCollough that day in the hotel room, said that operational security was essential to planning nonviolent direct actions and likely prevented McCollough from getting much meaningful information. “If you weren’t in our family, we didn’t talk to you,” he said. “We didn’t even talk around you.”
Vanessa Dundon, a plaintiff in the class-action lawsuit related to the water hoses, was also mentioned in the documents. Dundon, who is Diné, lost vision in one eye after being hit by a tear gas canister at Standing Rock. In the chat logs filed by the security board, McCollough claimed to have spent a night in Dundon’s room, to which Davis replied that he hoped McCollough would “make little martyrs” with her. “Cyclops babies,” Perez replied in the chats, a crass reference to Dundon’s lost eye.
Dundon said she didn’t remember McCollough. “It disappoints me how childish all of the security firms are and that they are in any position of power,” she said. Even as she continues, four years later, to undergo surgeries on her eye, however, Dundon finds humor in the infiltrators’ boorish exchange. “It’s funny in a way,” she said. “Being Native, the way we take in hate or shaming — we turn those things to make them laughable.”
Ultimately, for Dundon and others, it’s their communities’ health at stake. Kandi Mossett, a member of the Mandan, Hidatsa, and Arikara Nation from the Fort Berthold reservation in the heart of North Dakota’s fracking region, developed cancer when she was 20 years old, which she believes was linked to pollution in her community.
Mossett, who was also mentioned in the WhatsApp chats filed by the security board, said the surveillance she and others experienced at Standing Rock has indelibly changed the Indigenous environmental justice movement. “It’s still affecting people four years later with PTSD,” she said. She and others have become more cautious about who they trust and how they use technology. The surveillance, she added, “is a form of trying to shut us up and shut us down. And for most of us, it didn’t work.”
“Proprietary Databases on Activists”
The WhatsApp chats continued into mid-January, though McCollough worked as an infiltrator through the spring, long after the camps closed down in February. The documents obtained by The Intercept leave a paper trail of his work. An invoice dated March 23, 2017, listed him as “HUMINT ND” — human intelligence North Dakota — and an April 2017 image of McCollough at a Chicago meeting of the nonprofit Food & Water Watch appeared in the PowerPoint titled “TigerSwan Intelligence.”
TigerSwan saw opportunity on the horizon: anti-pipeline insurgency everywhere.
By then, the movement at Standing Rock had quieted down, and it was becoming increasingly clear that the counterinsurgency force envisioned by TigerSwan at Standing Rock was no longer needed, even on its own terms. TigerSwan, however, saw opportunity on the horizon: anti-pipeline insurgency everywhere. The internal company documents hint at plans to build out the firm’s own cottage industry of squelching pipeline protests. One presentation, which appears to be a pitch to fossil-fuel companies, lays out the services TigerSwan hoped to provide.
Law enforcement was no match for pipeline opponents, the pitch began. “The activist mindset places them in at the same level as an insurgency, which is outside current law enforcement capabilities,” a slide said. It was TigerSwan’s human intelligence capabilities that truly set it apart from law enforcement, because police had to “rely on warrants to obtain information rather than improvising and having the information freely provided by the activists themselves.” Instead of “turning” activists, a slide said, “We rely on elicitation primarily.”
Unlike law enforcement officers, private security operatives work outside of many constitutional restraints, such as those laid out in First Amendment law, said Verheyden-Hilliard. “When you start to bring in these private entities, they’re also often operating as an illegal proxy force to be a hidden hand to do what official law enforcement may be restricted from doing, which is a lot of what we’re seeing here,” she said. “The fact that you have law enforcement that is commissioned by the state with the authority to use lethal force and to deprive people of their liberty — that law enforcement is being informed in its actions by an entity whose pecuniary interest is in suppressing protest activity.”
Cooperation along those lines was evident in the TigerSwan presentation. “Advanced warning of protester movement allowed TigerSwan security to liaise with local Law Enforcement (LE) in a timely manner,” the documents said.
“They’re also often operating as an illegal proxy force to be a hidden hand to do what official law enforcement may be restricted from doing.”
At fusion cells “set up to imitate military regional operations centers,” analysts combined data from their 24-hour media monitoring with the human intelligence collected on the ground to create maps of networks and detailed profiles of activists.
The product TigerSwan could offer, the presentation said, was more than just former military members who know how to break into a movement. “Utilization of CI/HUMINT” — counterintelligence/human intelligence — “techniques and military fusion cells have allowed TigerSwan to develop proprietary databases on activists,” the presentation stated.
And the data could be reused: “TigerSwan analysts now have a well-developed intelligence picture of key bad actors, the groups they belong to, how they are funded, and where they come from,” the PowerPoint read. “This enormous amount of historical data is proprietary to TS.”
The former intelligence operative scoffed at the idea that TigerSwan’s database contained meaningful threat information. “So there’s a databases of people and things and events that’s so big it really doesn’t mean anything,” he said, but explained the claims: “More threats made them more money. It was just promo to get contracts.”
TigerSwan’s path to expansion, however, was obstructed after The Intercept’s investigations revealed the company’s invasive, militaristic tactics. As its business suffered, TigerSwan fought to evade legal accountability.
Despite the internal company documents included in the security board filing, TigerSwan and Reese have continued to deny they provided private investigative and security services in North Dakota. In June, in response to a list of questions posed by the North Dakota Private Investigative and Security Board with their discovery request, Reese submitted a lengthy affidavit challenging accounts of TigerSwan’s activities. “Did any of OUR employees provide investigative or security services in North Dakota. They did not. Anyone inside the camp providing investigative services were hired by someone else,” Reese wrote on June 24. “HUMINT does not mean they were in the camp. Those assigned as HUMINT were research/reports writers who focused on information from sources along the pipeline,” Reese claimed, even though all three “HUMINT” operatives discussed infiltrating North Dakota camps in real time over WhatsApp.
As for McCollough, Reese declared, “The intercept article alleges he was in ND and spent a few days in the Casino. We understand that he came on his own accord as he was writing an article. Mr. McCullough has had several articles published over the years on a variety of veteran views and activities. TigerSwan hired him for work in Iowa and North Carolina.” Operation Baratheon was “a PROPOSED idea that was NOT APPROVED BY TigerSwan. It was disapproved because TigerSwan was not licensed to do this type of private investigator work and our former military intel analyst were looking at this from their experiences abroad and not domestically.”
As The Intercept has previously reported, McCollough did indeed follow the plan outlined in the document, and the new documents show that TigerSwan managers ran at least one similar operation. (According to an invoice, McCollough billed $450 a day for his work as a human intelligence operative.)
The board’s lawyer characterized Reese’s claims as part of an attempt by TigerSwan “to perpetuate a fraud on this court through their intentional misrepresentation and omissions related to Joel McCollough, Logan Davis, and Zach Perez.” The judge agreed that sanctions would be necessary. For failing to provide full responses to discovery requests, she declared TigerSwan and Reese in default and said the board should apply an administrative fee. TigerSwan asked the board to reconsider, claiming that they had provided substantive answers to the requests and that they stood ready to provide additional information.
With TigerSwan continuing a years-long legal battle in response to the judge’s ruling — the board suggested in a legal filing that “TigerSwan seeks to win this action by attrition” — the two sides reached a settlement in September of this year. TigerSwan agreed to stay out of North Dakota and to pay a fine of $175,000 — a fraction of the standard fines for violations laid out in the North Dakota Private Investigative and Security Board’s complaint — in exchange for admitting no wrongdoing.
The settlement did not, however, prevent TigerSwan from turning over 16,000 documents to the board about its activities at Standing Rock, putting them into the public record. Energy Transfer is now suing TigerSwan and the security board, claiming that the security company breached its contract by providing the material and that the board should return the material. A judge has granted a temporary restraining order preventing North Dakota from providing citizens access to the material.
By the time the administrative case was settled, Reese had already moved on to new ventures. After Trump’s election, a friend of Reese’s at the Washington Examiner published an op-ed suggesting the TigerSwan chief ought to be appointed FBI director. At the same time, Reese fashioned himself into a right-wing pundit, commenting on relations with Russia, mass shootings, and the war in Syria — all through a contributor gig at Fox News, where Trump might see him speak. Though the FBI job never materialized, this summer Reese obtained a U.S. government-approved contract to export oil from the Kurdish-controlled region of Northeast Syria, a deal the Syrian foreign ministry said amounts to the U.S. “stealing” Syrian oil.
Meanwhile, the idea that counterinsurgency tactics should be used to quell domestic uprisings has proliferated. David Kilcullen, a top war-on-terror adviser to the U.S. government, recently wrote that the nationwide uprisings in the wake of George Floyd’s killing might be viewed as an “incipient insurgency.” What happened at Standing Rock reveals the results such logic can produce.
Last month, private security firm Atlas Aegis put out calls for special operations veterans to apply to defend Minneapolis businesses and polling places during the November election from “antifas.” In response, Minnesota voting rights advocates sued the company, and the state attorney general’s office launched its own investigation.
“There has to be a crackdown,” said Verheyden-Hilliard. She said the big question would be whether legislatures would be willing to rein in security companies. “Or do they just want to endorse and support a sprawling paramilitary, law enforcement, surveillance industry that has tentacles throughout the country and can act at the whim of any private corporation?”