Much hand-wringing and melodrama has surrounded the broad daylight break-in that happened at the North Korean embassy in Spain on February 22nd. Adrian Hong Chang and former U.S. Marine Christopher Ahn are accused of breaking into the embassy, holding several North Koreans hostage, and stealing a tranche of computer hard drives and documents. The alleged culprits left a trail of evidence throughout their sloppy operation and were quickly named by Spanish courts and the U.S. Department of Justice. Ahn was arrested in Los Angeles and is awaiting potential extradition back to Spain. Chang and Ahn were both known for previous anti-North Korean activism under the name Free Joseon.

Accusations, rumors, and conspiracy theories have flown far and wide, beginning with the Spanish courts accusing the CIA of having orchestrated the break-in, a claim they appear to have since backed down from. The entire incident is bizarre and has left a lot of people rightfully asking questions, but was the U.S. government really behind the break in? We can comfortably answer that question: no. Circumstantially, there is no way the intelligence community would have run such an operation a week prior to President Trump’s historic meeting with Kim Jung Un in Vietnam.

Let’s take a deeper look at how the U.S. government runs covert operations.

There are a number of different players within the intelligence community, and a few in the military’s Joint Special Operations Command, who could carry out this type of mission. The CIA and NSA both have technicians who do this type of work. Operators assigned to Delta Force’s reconnaissance detachment or SEAL Team Six‘s Black Squadron could have managed it, as could the Army’s Intelligence Support Activity (ISA). This type of operation would almost certainly be covered by a waived, unacknowledged Special Access Program (SAP).

Such a program would be known to only around 40-to-80 people in the entire world. Only those with a “need to know” would be read on, and the unacknowledged status means that those who are read on are required to lie about the program if asked about it. Saying “no comment” will not suffice, even if asked by a superior who has not been read on to the program. Being a waived SAP means the source of funding can also be further concealed and the Intelligence Committee in Congress may not be made aware of the operation until after it has been completed.

An alternate method that such a mission could be carried out is under the auspices of what is called Alternate Compensatory Control Measures (ACCM), a bureaucratic mechanism through which private contractors can be hired and utilized in a cellular structure. Individual cells in the program will not even be aware of one another and if one cell is compromised, those contractors can be fired and replaced with a new group.

But if the mission called for some sort of Technical Intelligence (TECHINT) requirement rather than just a safe-cracking job, the likely player would have been the NSA‘s Access Technologies Operations Branch working within their Tailored Access Department. These are technicians who reportedly operate alongside the FBI and CIA to plant surveillance devices and gain access to protected information technology assets. Some readers may be familiar with the Scorpion Program which hires former Special Operations soldiers to work as a security element for NSA technicians who climb the telephone pole, so to speak, although this has literally been the case in some instances.

With such a covert operation receiving authorization, one or two technicians would be flown into the target country under an alias and would almost certainly be provided with cover and logistics support from the CIA or State Department. The break-in itself would take place in the dead of night after a careful surveillance had been completed to determine the ideal window of time with the fewest number of personnel on site. In this fictional scenario, they would also likely receive support from a compromised North Korean asset working within the embassy itself.