shielding them from adversary intelligence services after he took
them abroad. They also continued to take him at his word when he
said he had destroyed all the NSA documents before going to Russia.
Despite such protestations of patriotic loyalty, U.S. intelligence
officials could not so easily dismiss the possibility that the missing
documents still existed. After all, a U.S. intelligence worker who is
dedicated to protecting America’s secrets from its adversaries does
not ordinarily steal them.
The NSA, the CIA, and the Department of Defense therefore
had little choice but to assume the worst had happened: Russia and
China had obtained access to the “keys to the kingdom.” Whatever
the extent of the actual damage, it was up to Alexander’s replacement,
Admiral Michael Rogers, both to restore morale and to rebuild
the capabilities of America’s electronic intelligence in the wake of
the massive breach. According to a national security staff member
in the Obama White House, that job would take more than a decade.
The NSA had failed to protect vital assets. This intelligence failure
did not happen out of the blue.
Epst_9780451494566_2p_all_r1.z.indd 186
9/29/16 5:51 PM
c h a p t e r 18
The Unheeded Warning
The NSA— the world’s most capable signals intelligence organization,
an agency immensely skilled in stealing digital data— had
had its pockets thoroughly picked.
— cia deputy director michael morell, 2015
In april 2010, the CIA received a stark reminder of the ongoing
nature of Russian espionage. It came in the form of a message
from one of its best- placed moles in the Russian intelligence service.
This surreptitious source was Alexander Poteyev, a fifty- four- yearold
colonel in the SVR, which was the successor agency to the first
chief directorate of the KGB. While the FSB took over the KGB’s
domestic role in 1991, the SVR became Russia’s foreign intelligence
service. Its operation center was in the Yasenevo district of Moscow.
The CIA had recruited Poteyev as a mole in the 1990s when he had
been stationed at the Russian embassy in Washington, D.C. That it
could sustain a mole in Moscow for over a decade attested to its capabilities
in the espionage business. After he returned to Moscow, still
secretly on the CIA’s payroll, he became the deputy chief of the SVR’s
“American” section. This unit of Russian intelligence had the primary
responsibility for establishing spies in the CIA, the FBI, the
NSA, and other American intelligence agencies.
The SVR’s last known (or caught) mole in U.S. intelligence was
Epst_9780451494566_2p_all_r1.z.indd 187
9/29/16 5:51 PM
188 | how america lost its secrets
the CIA officer Harold Nicholson, in 1996. Before it could expand its
espionage capabilities, it needed to build a network of Russian agents
in the United States. For this network, it needed to groom so- called
illegals, or agents who were not connected to the Russian embassy.
This so- called illegals network was necessary because presumably
all Russian diplomats, including the so- called legal members of Russian
intelligence, were under constant surveillance by the FBI.
Advances in surveillance technology in the twenty- first century
made it increasingly difficult to communicate with recruits through
its diplomatic missions. To evade it, the “American” division of the
SVR was given the task of placing individuals in the United States
disguised as ordinary Americans. Their “legend,” or operational
cover, could be thin because they would not be applying for jobs in
the government. Their job was simply to blend in with their community
until they were called upon by the “American” department
in Moscow to service a mole who had been planted in U.S. intelligence
or other parts of the U.S. government. Until they were activated
by such a call, they were classified as sleeper agents. Unlike the
SVR’s “legal” officers, who were attached to Russian embassies as
diplomats and were protected from arrest by the Treaty of Vienna,
the SVR’s illegal agents lack diplomatic immunity. According to
Pavel Sudoplatov, who defected from the KGB in the Cold War, the
sole job of such sleeper agents was to “live under cover in the West
awaiting assignments for the Center.” One assignment that justifies
the expense of maintaining such agents is to service a penetration,
after one is made, in the U.S. intelligence establishment. While waiting
to be activated for such a job, sleeper agents were instructed to
build every detail of their cover identity so as to perfectly blend in
with Americans.
To build this American network of sleeper agents took the better
part of a decade. In 2005, the SVR’s “American” section in Moscow
had begun methodically installing them in the United States.
Almost all were Russian citizens who had assumed new identities to
better blend into their communities.
The CIA learned of this sleeper program through Poteyev soon
after it began. The issue was how to exploit this knowledge. When I
was writing my book on international deception, James Jesus Angle-
Epst_9780451494566_2p_all_r1.z.indd 188
9/29/16 5:51 PM
The Unheeded Warning | 189
ton had pointed out to me that “the business of intelligence services
requires understanding precisely the relationship of their opposition
to them.” His view, though his opponents inside the CIA would
call it with some justification an obsession, was that an intelligence
service had to focus on the moves of its rivals. To accomplish this
“business” in the first decade of the twenty- first century, the CIA
had to establish why its new opposition, the SVR, was laying the
foundation for an espionage operation. What were its priorities in
the resumption of the intelligence war? Its inside man in the SVR,
Poteyev, provided it with a tremendous advantage in this relationship.
He knew the links in a sleeper network that the SVR believed
was safely hidden from surveillance. If they were followed, when
they were activated, they could expose whatever recruits the SVR
had in the American government. The CIA duly shared this information
about the sleeper ring with the FBI, which had the responsibility
for the surveillance of foreign agents in the United States.
The FBI, for its part, kept the Russian sleeper agents under tight
surveillance— an operation that grew in complexity and expense as
more SVR agents arrived in the United States.
Meanwhile, in Moscow, Poteyev was following the unfolding
operation. Part of his SVR job was to continue preparing these
“Americans,” as they were called by the SVR, for their assignments.
Some had been sent as couples, others as singles. One of the singles
that Poteyev personally handled was Anna Kushchyenko. She
was a strikingly beautiful Russian student who changed her name
to Anna Chapman by briefly marrying a British citizen she met at
a rave party. After taking his name, she left him. After completing
her training in Russia, she was sent by the SVR to New York City
to establish herself as an international real estate specialist. Other
“Americans” under Poteyev’s watch became travel agents, students,
and financial advisers. In all, Poteyev identified to the CIA twelve
such sleeper agents. The cost of FBI surveillance of them over the
years became sizable. According to a former FBI agent, around- theclock
surveillance on the movements and communications of a single
individual can cost over $10,000 a day.
When the CIA received Poteyev’s message in 2010 warning that
Russian military intelligence had asked the SVR to activate some of
Epst_9780451494566_2p_all_r1.z.indd 189
9/29/16 5:51 PM
190 | how america lost its secrets
its sleeper agents for a highly sensitive assignment, that suggested
Russian intelligence had found a possible source who could supply
it with valuable information. According to a former CIA intelligence
official who later became involved in the case, the assignment
involved preparing these agents to service a potential source in the
NSA at Fort Meade, Maryland. If true, it suggested that Russian
intelligence either had found or was working on a means of penetrating
the NSA.
In 2010, the NSA division that handled such security and espionage
threats reportedly initiated a counterespionage probe at the
NSA’s Fort Meade headquarters. According to a former NSA official,
“They [were] looking for one or more Russian spies that NSA [was]
convinced resided at Fort Meade and possibly other DoD Intel offices,
like DIA.” Because the NSA’s cryptological service had in 2010
thirty- five thousand military and civilian contractor employees, the
search for a possible leak was no easy matter. According to a subsequent
note in the NSA’s secret budget report to Congress, it would
require “a minimum of 4,000 periodic investigations of employees
in position to compromise sensitive information” to safely guard
against “insider threats by trusted insiders who seek to exploit their
authorized access to sensitive information to harm U.S. interests.”
According to a former executive in the intelligence community,
that amount of investigation far exceeded the budgetary capabilities
of the NSA. So while the investigation found no evidence of
SVR recruitment, it remained possible that Russian intelligence had
found a candidate in the NSA.
Meanwhile, in June 2010, to preempt such a leak in U.S. intelligence
and avoid any potential embarrassment that could result, the
FBI decided it could no longer engage in this sort of an intelligence
game with the sleeper network. It arrested all twelve sleeper agents
identified by Poteyev. After receiving a great deal of public attention
(which led to their inspiring the FX series The Americans), the
sleeper agents were deported to Russia. This move had both advantages
and disadvantages. The main advantage was that it severed any
communication link between the putative person of interest in the
NSA and Russian intelligence via the sleeper agents. The main disadvantage
was that it eliminated the possibility that FBI surveillance
Epst_9780451494566_2p_all_r1.z.indd 190
9/29/16 5:51 PM
The Unheeded Warning | 191
of the illegals might lead the FBI to a possible recruit in the NSA or
elsewhere.
The preemptive arrests also had an unforeseen consequence.
They resulted in accidently compromising Poteyev. When Chapman
returned to Moscow after a spy exchange, she was taken to
a well- publicized dinner with Putin. Afterward, she informed her
debriefer at the SVR that only Poteyev had been in a position to
know the password that an FBI agent had used to try to deceive
her into believing she was speaking to an SVR officer. This brought
Poteyev under immediate suspicion. Tipped off by the CIA to the
FBI’s error, Poteyev managed to escape by taking a train from Moscow
to Belarus, where the CIA exfiltrated him to the United States.
Poteyev had been saved from prison— or worse— but he was no longer
useful to the CIA as a mole. Without the services of Poteyev in
the SVR in Moscow, U.S. intelligence was unable to find out further
details about the mission to which Poteyev’s sleeper agents were to
be assigned. All it had discovered was the history of the preparations
for a major espionage revival. It now knew that the SVR had
installed plumbing in America and that one or more agents in this
network had been activated to handle a possible recruit in the NSA.
But without anyone left in the sleeper network to follow and without
an inside source in the SVR, it had no further avenues to fruitfully
pursue. The revelation of the sleeper agents had little if any
other intelligence value.
The NSA’s own security investigation turned up no evidence of a
leak at Fort Meade in 2010. That of course doesn’t mean there hadn’t
been one. The Russian intelligence service had demonstrated in the
past that it was well schooled in covering its tracks in operations
against U.S. communications intelligence. For example, CIA counterintelligence
had learned from a KGB defector in the early 1960s
that Russian intelligence had penetrated the cipher room at the U.S.
embassy in Moscow and, because of this operation, the KGB was able
to decipher crucial communications. Even so, it failed to find either
the perpetrator or any evidence of his existence for more than half
a century. The operation was only definitively revealed by the Russian
spymaster Sergey Kondrashev in 2007. Tennent Bagley, who
headed the CIA’s Soviet bloc counterintelligence at the time, lately
Epst_9780451494566_2p_all_r1.z.indd 191
9/29/16 5:51 PM
192 | how america lost its secrets
wrote in his book that the ability of Russian intelligence to conceal
this penetration for more than half a century “broke the record for
secret keeping.”
This Russian ability to penetrate U.S. intelligence was not entirely
defeated by America’s implementation of more sophisticated security
procedures, such as the polygraph examination and extensive
background checks. In 1995, eleven years before Snowden joined it,
the CIA’s inspector general completed a study of the KGB’s use of
false defectors to mislead the U.S. government from the end of the
Cold War in the late 1980s through the mid- 1990s. It found Russia
had dispatched at least half a dozen double agents who provided
misleading information to their CIA case officers.
Because the KGB operation went undetected for nearly a decade,
the disinformation prepared in Moscow had been incorporated into
reports (which had a distinctive blue stripe to signify their importance)
that had been provided to Ronald Reagan, George H. W. Bush,
and Bill Clinton. Even more shocking, in tracing the path of this
disinformation, the inspector general found that the “senior CIA
officers responsible for these reports had known that some of their
sources for this information were controlled by Russian intelligence,”
yet they did not inform the president and officials receiving
the blue- striped reports that they included Russian misinformation.
What the CIA director John Deutch called “an inexcusable lapse”
also reflected a form of institutional willful blindness in U.S. intelligence,
borne out of a bureaucratic fear of career embarrassment so
well described in Le Carré’s spy novels. Detecting intelligence failures
has, if anything, become even more difficult in the age of the
anonymous Internet.
The Snowden breach demonstrated the NSA had few if any failsafe
defenses against would- be leakers of communications intelligence.
In the new domain of cyber warfare, conventional defensive
rules do not apply. “There are no rivers or hills up here. It’s all flat.
All advantage goes to the attacker,” General Hayden said in an interview
in 2015 with the publisher of The Wall Street Journal. His point
was that because there are no defensive positions, the United States
in cyber warfare must rely on an aggressive offensive. If fully successful,
such an offensive would so deeply penetrate the defenses of
Epst_9780451494566_2p_all_r1.z.indd 192
9/29/16 5:51 PM
The Unheeded Warning | 193
an adversary’s intelligence organization that it could not mount any
of its own surprise cyber attacks. It would also make it difficult if not
impossible for adversary services to recruit a spy in the NSA. For
example, the CIA penetration of the SVR in 2010 prevented it from
using its sleeper network against U.S. targets. “The best defense
in this game may be an overwhelming offensive,” a former intelligence
official said to me. “But that strategy only works if we can
keep secret sensitive sources.”
Central to this offensive strategy was the NSA’s National Threat
Operations Center in Oahu. It employed threat analysts to surreptitiously
monitor the secret activities of potential enemies, mainly
China, Russia, and North Korea. A large part of their job was to
make transparent to the United States the hostile activities of the
Russian and Chinese services so that they posed little if any intelligence
threat to America. This strategy worked so long as the NSA
guarded itself, but it also raised the issue, as the Roman Juvenal
famously warned, “Quis custodiet ipsos custodes?” (Who will guard
the guards themselves?)
Less than three years after the NSA had received the Poteyev
warning, instead of guarding secrets, Snowden stole them. Despite
all the measures the NSA had taken to protect its vital secrets, a
lowly civilian employee had walked away with the lists of secret
NSA sources in China and Russia and then gone first to China and
then to Russia. In the hands of their intelligence services, these stolen
lists had the potential to totally upend the NSA’s offensive strategy.
Because Russia and China have an intelligence treaty for sharing
such spoils between them when it is to their mutual advantage, it
had to be assumed that if either country had acquired the secrets
from Snowden, they would be shared between them, altering the
balance of power between the communications intelligence services
of the United States and its adversaries.
Following the Snowden breach, both China and Russia had
immense successes in breaking through the defenses of U.S. government
networks, including the reported breaches in 2014 and 2015 of
U.S. personnel files and background checks. When I asked General
Hayden in June 2015 if these successes were made easier by those
documents compromised by Snowden, he replied, “Even though I
Epst_9780451494566_2p_all_r1.z.indd 193
9/29/16 5:51 PM
194 | how america lost its secrets
cannot make a direct correlation here, unarguably our adversaries
know far more about how we collect signals intelligence than they
ever did before [Snowden].”
If Snowden could cause such massive damage, so could other civilian
trainees at the NSA. Someone in the chain of command had to
take responsibility. General Alexander tendered his resignation on
June 30, 2013. “I’m the director,” he said, falling on his sword. “Ultimately,
I’m accountable.” Because President Obama did not want
the head of the NSA resigning in the midst of the Snowden crisis,
he asked him to stay on for another six months. He then appointed
Rogers to be his replacement. Meanwhile, it had become undeniably
clear to the review committee appointed by President Obama in
2013 that the NSA’s own defenses had catastrophically failed. If so,
this change was the equivalent of rearranging the deck chairs on the
Titanic after it hit the iceberg.
Epst_9780451494566_2p_all_r1.z.indd 194
9/29/16 5:51 PM
part three
THE GAME OF NATIONS
I learned that just beneath the surface there’s another world,
and still different worlds as you dig deeper.
—david lynch, on his 1986 film, Blue Velvet
Epst_9780451494566_2p_all_r1.indd 195
9/30/16 8:13 AM
Epst_9780451494566_2p_all_r1.indd 196
9/30/16 8:13 AM
c h a p t e r 19
The Rise of the NSA
There are many things we do in intelligence that, if revealed,
would have the potential for all kinds of blowback.
— james clapper, director of national intelligence, 2013
In the game of nations, which often is not visible to public
scrutiny, the great prize is state secrets that reveal the hidden
weaknesses of a nation’s potential adversaries. The most important
of these in peacetime is communication intercepts. It was just
such state secrets that Edward Snowden took from the NSA in the
spring of 2013. Before that breach, America’s paramount advantage
in this subterranean competition was its undisputed dominance in
the business of obtaining and deciphering the communications of
other nations. The NSA was the instrument by which the United
States both protected its own secret communications and stole the
secrets of foreign nations. The NSA, however, has an Achilles’s heel:
It is dependent on civilian computer technicians who do not necessarily
share its values to operate its complex system. Because of this
dependence, it was not able in 2013, as it turned out, to protect its
crucial sources and methods.
Snowden exposed this vulnerability when he walked away with
the aforementioned descriptions of the gaps in America’s coverage
Epst_9780451494566_2p_all_r1.indd 197
9/30/16 8:13 AM
198 | how america lost its secrets
of the communications of its adversaries. Even though the Cold War
had been declared over after the collapse of the Soviet Union a quarter
of a century earlier, the age- old enterprise of espionage did not
end with it. Russia and China still sought to blunt the edge that the
NSA gave the United States. The Snowden breach therefore needs to
be considered in the context of the once and future intelligence war.
The modern enterprise of reading the communications of other
nations traces back in the United States to military code- breaking
efforts preceding America’s entry into World War I. The invention
of the radio at the end of the nineteenth century soon provided the
means of rapidly sending and getting messages from ships, submarines,
ground forces, spies, and embassies. These over- the- air messages
could also be intercepted from the ether by adversaries. If they
were to remain secret, they could not be sent in plain text. They
had to be sent in either code, in which letters are substituted for one
another, or, more effectively, a cipher, in which numbers are substituted
for letters. Making and breaking codes and ciphers became
a crucial enterprise for nations. By 1914, the U.S. Army and Navy
had set up units, staffed by mathematicians, linguists, and crossword
puzzle solvers, to intercept and decode enemy messages. After the
war had ended in 1918, these units were fused into a cover corporation
called the Code Compilation Company, which moved to new
offices on Thirty- Seventh Street and Madison Avenue in New York
City.
Under the supervision of the famous cryptographer Herbert O.
Yardley, a team of twenty code breakers was employed in what was
called the Black Chamber. Yardley arranged for Western Union,
which had the telegraph monopoly in America, to provide the Black
Chamber with all the telegrams coming into the United States. “Its
far- seeking eyes penetrate the secret conference chambers at Washington,
Tokyo, London, Paris, Geneva, Rome,” Yardley wrote about
the Black Chamber. “Its sensitive ears catch the faintest whispering
in the foreign capitals of the world.” But in 1929, at the instructions
of President Herbert Hoover, Secretary of State Henry Stimson
closed the Black Chamber, saying famously, “Gentlemen should not
read each other’s mail.”
The moratorium did not last long. With war looming in Asia and
Epst_9780451494566_2p_all_r1.indd 198
9/30/16 8:13 AM
The Rise of the NSA | 199
Europe, President Franklin D. Roosevelt reactivated the operation
as the Signal Security Agency. It proved its value in breaking the
Japanese machine- generated cipher “Purple.” In June 1942, using
deciphered Japanese messages to pinpoint the location of the Japanese
fleet at Midway, America won a decisive naval victory in the
Pacific. Germany’s Enigma encoding machines, with three encoding
wheels, proved more of a challenge. Initially, British cryptanalysts
led by the brilliant mathematician Alan Turing succeeded in building
a rudimentary computer to decipher Germany’s messages to its
submarines and bombers, but in 1942 Germany added a fourth set of
encoding wheels, escalating what was essentially a battle of machine
intelligence. The U.S. Navy then contracted with the National Cash
Register Company to build a computing machine capable of breaking
the improved Enigma, and in May 1943 it succeeded.
By the time the war ended in 1945, the United States had over
one hundred giant decryption machines in operation. This unrivaled
capability to read the communications of foreign nations, which
remained one of America’s most closely guarded secrets, was transferred
to the Army Security Agency based at Fort Meade, Maryland.
Then, on October 24, 1952, President Harry S. Truman greatly
expanded its purview and changed its name to the National Security
Agency.
The NSA was given two missions. The first one was protecting
the communications of the U.S. government. The main risk was that
the Soviets would find a way of breaching U.S. government channels
of communications. The second mission was intercepting all the
relevant communications and signals of foreign governments. This
latter mandate included the governments of allies as well as enemies.
The president, the other intelligence services, and the Department
of Defense deemed what was relevant for national security. Even
though the NSA remained part of the Department of Defense, its
job went far beyond providing military intelligence. It also acted as
a service agency to other American intelligence services. They prepared
shopping lists of foreign communications intelligence targets
for the NSA to pursue.
As the Cold War heated up in the 1960s, the NSA provided intelligence
not only to the Pentagon but to the Department of State, the
Epst_9780451494566_2p_all_r1.indd 199
9/30/16 8:13 AM
200 | how america lost its secrets
Central Intelligence Agency, the Treasury Department, the Atomic
Energy Commission, and the FBI. With a multibillion- dollar “black
budget” hidden from public scrutiny, the NSA’s technology directorate
invested in state- of- the- art equipment, including supercomputers
that could break almost any cipher, antennas mounted on geosynchronous
satellites that vacuumed in billions of foreign telephone
calls, and other exotic capabilities. It also devised stealthy means of
breaking into channels that its adversaries believed were secure. This
enterprise required not only an army of technical specialists capable
of remotely intercepting even the faintest traces of electromagnetic
signals, hacking into computers, and eavesdropping on distant conversations
but also special units called “tailored access operations,”
to plant listening devices in embassies and diplomatic pouches. The
NSA also organized elaborate expeditions to give access to or even
penetrate physical cables in enemy territory. In 1971, for example,
the NSA sent a specially equipped submarine into Russia’s Sea of
Okhotsk in Asia to tap through Arctic ice. The target was a Russian
cable four hundred feet below the surface that connected the Russian
naval headquarters in Vladivostok with a missile testing range.
In 1980, President Ronald Reagan gave the NSA a clear mandate
to expand its interception of foreign communications. In Executive
Order 12333, he told the NSA that “all means, consistent with applicable
Federal law and this [Executive] order, and with full consideration
of the rights of United States persons, shall be used to obtain
reliable intelligence information to protect the United States and its
interests.” It did not restrict any foreign country, either an adversary
or an ally, from its surveillance.
The NSA’s target soon became nothing short of the entire electromagnetic
spectrum. “We are approaching a time when we will
be able to survey almost any point on the earth’s surface with some
sensor,” Admiral Stansfield Turner, the former director of central
intelligence, wrote in 1985. “We should soon be able to keep track
of most of the activities on the surface of the earth.” Bobby Ray
Inman, a former director of the NSA and deputy director of the CIA,
argued that the “vastness of the [American] intelligence ‘take’ from
the Soviet Union, and the pattern of continuity going back years,
Epst_9780451494566_2p_all_r1.indd 200
9/30/16 8:13 AM
The Rise of the NSA | 201
even decades,” greatly diminished the possibility of Soviet deception
so long as the NSA kept secret its sources.
The NSA did not rely entirely on its own sensors for this global
surveillance. It also formed intelligence- sharing alliances with key
allies. The most important was with the British code- breaking service,
GCHQ, which had achieved enormous success in World War II
in using computers to crack the German Enigma cipher. This alliance
expanded to include Canada, Australia, and New Zealand in the socalled
Five Eyes Alliance. Because over 80 percent of international
phone calls and Internet traffic passed through fiber- optic cables in
these five countries, the alliance had the capability of monitoring
almost all phone and Internet communications.
The NSA also established fruitful liaisons with the cyber services
of Germany, France, Spain, Italy, the Netherlands, Portugal, Israel,
Japan, and South Korea, which were often willing to provide the
NSA with access to telecommunications links in their countries.
These long- term allies greatly strengthened the NSA’s hand in other
ways in the intelligence war. For example, the so- called James Bond
provision of the British Intelligence Services Act of 1994 allowed
officers of the GCHQ to commit illegal acts outside Britain, including
planting devices to intercept data from computer servers, cell
phones, and other electronic targets. And, as Snowden’s release of
documents revealed in 2013 and 2014, these foreign allies fully
shared their information with the NSA.
Of course, the liaison between the NSA and its allies was a twoway
street. In 2013, none of these other countries had a global network
of geosynchronous sensors in outer space and under the ocean
that could monitor signals from missile launching, submarines,
military deployments, nuclear tests, and other matters of strategic
importance to them. Nor did these allies have the cipher- breaking
capabilities of the array of NSA supercomputers. The NSA had
assiduously built these means at a cost of over half a trillion dollars
and employed tens of thousands of linguists who could translate
almost any dialect or language of interest.
Even though these allies had their own cipher services and local
capabilities, they depended on the NSA to provide them with a large
Epst_9780451494566_2p_all_r1.indd 201
9/30/16 8:13 AM
202 | how america lost its secrets
share of their signals intelligence. From the perspective of defending
themselves from potential threats, the deal that these allies had with
the NSA was mutually advantageous.
The NSA’s overseas intelligence gathering was not limited to
adversary nations. With the exception of the Five Eyes allies, it
gathered data that was deemed important by the president and the
Defense Department in friendly countries. These operations had
been approved by every American president and funded by every
American Congress since 1941. After all, even in the realm of allies,
activities take place that run counter to American interests. The 9/11
conspiracy, for example, was hatched in Hamburg, Germany, and
financed in Dubai and Saudi Arabia.
Nor were American allies unaware of the reach of the NSA. “Yes,
my continental European friends, we have spied on you. And it is
true we use computers to sort through data by using keywords,”
the former CIA director James Woolsey wrote in The Wall Street
Journal in 2000. “Have you stopped to ask yourselves what we are
looking for?” Whether or not it was appreciated by other countries,
the global harvesting of communications intelligence by the NSA
was hardly a secret.
As the NSA expanded further, it delegated part of its work to
regional bases, including ones in Utah, Texas, Hawaii, and Japan. The
paramount task of the NSA remained monitoring the channels of
communications that an adversary might use. The vast proliferation
of these channels in cyberspace, which included e- mail, social
media, document sharing, and other innovations of the Internet age,
greatly complicated this task. Even so, this challenge was not insurmountable,
because most of the Internet actually traveled through
fiberglass landline cables that crossed the territories of the United
States, Britain, and Australia. So the NSA found the technical means,
including voluntarily gaining access to major Internet companies, to
“harvest” vast amounts of this Internet data. America’s other intelligence
agencies quickly recognized the value of the communications
intelligence gleaned from foreign telecommunications. John E.
McLaughlin, who was the CIA’s acting director in 2004, described
the NSA as nothing less than the “very foundation of U.S. intelligence.”
It served as a “foundation” for the CIA because intercepted
Epst_9780451494566_2p_all_r1.indd 202
9/30/16 8:13 AM
The Rise of the NSA | 203
communications intelligence allowed the CIA (and other U.S. intelligence
services) to test and verify the reports of their human sources
in foreign countries. Moreover, because of the immense amount of
foreign data that the NSA vacuumed in through its global sensors,
it provided the CIA with an effective means for discovering new
targets in adversary nations.
By the first decade of this century, the NSA’s surreptitious efforts
to render the Internet transparent to U.S. intelligence had earned it
a new set of enemies. They were the previously mentioned hacktivists
who were attempting to shield the activities of Internet users
from the intrusions of government surveillance. They employed
both encryption and Tor software to defeat that surveillance. But the
NSA did not conceal that it was intent on countering any attempt to
interfere with its surveillance of the Internet. It built back doors into
encryption and worked to unravel the Tor scrambling of IP addresses.
It made leading hacktivists targets. Brian Hale, the spokesman for
the director of national intelligence, disclosed that the United States
routinely intercepted the cyber signatures of parties suspected of
hacking into U.S. government networks.
Following the 9/11 attacks on the Pentagon and the World Trade
Center, the surveillance of the Internet became an integral part of
the Bush administration’s war on terrorism. In October 2001, Congress
expanded the NSA’s mandate by passing the USA Patriot Act.
As I described earlier, Section 215 of the act directly authorized
the NSA, with the approval of the FISA court, to collect and store
domestic telephone billing records. The idea was to better coordinate
domestic and foreign intelligence about al- Qaeda and other jihadist
groups. This put the NSA directly in the anti- terrorist business.
It also necessitated the NSA vastly increasing its coverage of the
Internet.
The mantra in government in this post- 9/11 intelligence world
became “connect the dots.” Congress through this act essentially
demolished the wall between domestic and foreign intelligence
when any NSA activity related to foreign- directed terrorism. It further
made the NSA a partner with the FBI in tracking phone calls
Epst_9780451494566_2p_all_r1.indd 203
9/30/16 8:13 AM
204 | how america lost its secrets
made from phones originating outside the United States by known
foreign jihadists. If these calls were made to individuals inside, the
NSA was now authorized to retrieve the billing records of the person
called and those people whom he or she called. These traces were
then supplied to the FBI. The new duties also increased the NSA’s
need to create new bureaucratic mechanisms to monitor its compliance
with FISA court orders. Rajesh De, the NSA’s general counsel at
the time of the Snowden breach, described the NSA as becoming by
2013 “one of the most regulated enterprises in the world.” Grafted
onto its intelligence activities were layers of mandated reporting to
oversight officials. Not only did the NSA have its own chief compliance
officer, chief privacy and civil liberties officer, and independent
inspector general, but the NSA also had to report to a different set
of compliance officers at the Department of Defense, the Office of
the Director of National Intelligence, and the Department of Justice.
Additionally, the Department of Justice dispatched a team of lawyers
every sixty days to review the results of “every single tasking decision”
approved by the FISA court.
According to De, just assembling these reports involved thousands
of hours of manpower. In addition, the president’s Oversight Board
required that the NSA’s Office of the General Counsel and inspector
general supply it every ninety days with a list of every single
error and deviation from procedure made by every NSA employee
anywhere in the world, including even minor typing errors. These
requirements, according to De, inundated a large part of the NSA
legal and executive staff in a sea of red tape. Yet this regulation could
not undo surveillance programs such as the one Snowden revealed
of Verizon’s turning over the billing records of its customers to the
NSA, because the NSA was in compliance with the FISA court order
(even though, as it turned out in 2015, the FISA court might have
erred in interpreting the law).
The NSA’s focus on surveillance might have led to the neglect of
its other mission: protecting the integrity of the channels through
which the White House, government agencies, and military units
send information. This task had been made vastly more difficult
by the proliferation of computer networks, texting, and e- mails.
To protect government networks from cyber attacks, the Penta-
Epst_9780451494566_2p_all_r1.indd 204
9/30/16 8:13 AM
The Rise of the NSA | 205
gon belatedly created the U.S. Cyber Command in 2009. In it, the
cyber- defense units of the army, navy, marines, and air force cyber
forces were merged together and put under the command of the
NSA director. General Keith Alexander became the first director
of this new command. One problem for the Cyber Command was
separating attacks by civilians, including criminals, hacktivists, and
anarchists, from cyber warfare sponsored and supported by adversary
states. Because foreign intelligence services often closely imitated
the tools of civilian hackers, and were even known to provide
them with hacking tools, it was not easy for the Cyber Command
to unambiguously determine if the ultimate perpetrator of a cyber
attack was state sponsored. For example, the identification of North
Korea as the principal actor behind the attack on Sony in December
2014 appeared to be a rare success, but many cyber- security experts
believed that it might be a false trail used to hide the real attacker.
Clues could be fabricated in cyberspace to point to the wrong party.
The job of the Cyber Command was to prevent such an attack. To
this end, it planted viruses on hundreds of thousands of computers
in private hands to act as sentinels to spot other suspicious viruses
that could mount such an attack. Private computers had become
a new battleground in the cyber wars. It also built a capability to
retaliate. Still, cyber attacks, which were launched through layers of
other countries’ computers, could not be unambiguously traced back
to the true perpetrator.
This escalation by the Cyber Command set the stage for expanded
forms of warfare in cyberspace. “The Chinese are viewed as the
source of a great many attacks on western infrastructure and just
recently, the U.S. electrical grid,” General Alexander said in explaining
the need for this consolidation. “If that is determined to be an
organized attack, I would want to go and take down the source of
those attacks.” The same retaliation would presumably be used
against Russia, Iran, or any other adversary. Dominance of cyberspace
itself now became part of the NSA’s mandate.
Even so, the most important job of the NSA remained intercepting
secret information from Russia, China, Iran, and North Korea.
To this end, it had an annual budget of $12.3 billion and some thirtyfive
thousand military and civilian employees. In 2013, James Clap-
Epst_9780451494566_2p_all_r1.indd 205
9/30/16 8:13 AM
206 | how america lost its secrets
per, director of national intelligence, justified the secret intelligence
budget by saying in an open session of Congress, “We are bolstering
our support for clandestine SIGINT [signals intelligence] capabilities
to collect against high priority targets, including foreign leadership
targets,” and to develop “groundbreaking cryptanalytic capabilities
to defeat adversarial cryptography and exploit Internet traffic.” It
was no secret to Congress, even before Snowden, that the NSA was
attempting to monitor the Internet. What was a closely held secret
before Snowden revealed it was that the NSA had found a way in
2007 to intercept Internet traffic before it was encrypted.
Through all this tumult, the heart of the NSA’s activity remained
its five- thousand- acre base at Fort Meade, Maryland. It commanded
the most powerful mechanism for intercepting communications that
the world had ever seen. No other country came close to its technology
for intercepting information. The NSA not only was able to
intercept secret information from potential adversaries but also— at
least until the Snowden breach— managed to conceal these means
from them. As long as these adversaries remained blind to the ways
in which their communications were being intercepted, deciphered,
and read by the NSA, they could not take effective countermeasures.
Consequently, the NSA had the capability to provide the president
and his advisers with continuous insights into the thinking and
planning of potential enemies.
Keeping its sources and methods secret was no easy task. The
NSA’s technicians had to deal with continuous technical challenges
to provide a seamless harvesting of data from a wide range of communication
devices, including telephones, computers, and the Internet.
It required continuous intra- agency communications between
the NSA’s own intelligence officers and a growing number of civilian
technicians. It even had its own “Wiki- style” network through which
they could discuss problems, called the NSANet. Because it could
not tightly control access to this technical network, it expunged any
mention of the sources and methods from the material circulated on
the classified NSA network. Instead, it stored them in discrete computers,
called compartments, which were disconnected from other
computers at the NSA. These compartments could only be accessed
by a limited number of analysts and NSA executives who had a need
Epst_9780451494566_2p_all_r1.indd 206
9/30/16 8:13 AM
The Rise of the NSA | 207
to know about the data they contained. These compartments were
the final line of defense against an inside intruder.
In 2009, Snowden, as we know, found his way into the NSA
through a temporary job with an outside contractor that was working
for the NSA’s Technology Directorate to repair and update its
backup system. Four years later, by maneuvering to get hired by
another outside contractor with access to the NSA’s sources and
methods, he was able to steal secrets stored in isolated computers
bearing directly on the ongoing intelligence war. Snowden also
copied from these compartments in a matter of weeks, as has been
previously mentioned, the NSA’s Level 3 sources and methods used
against Russia, Iran, and China. The Snowden breach demonstrated
that the NSA’s envelope of secrecy was at best illusory.
After this immense loss, the NSA’s sources inside these adversary
countries were largely compromised, even if they were not closed
down. Once these adversaries were in a position to know what channels
the NSA was intercepting, they could use these same channels
to mislead U.S. intelligence. A former top intelligence official told
me, “The queen on our chessboard had been taken.”
The NSA moved to mitigate the damage and find new ways of
obtaining unexpected intelligence. In June 2014, the new NSA director,
Rogers, had to confront flagging morale that, according to General
Hayden, was near paralyzing the intelligence service. Rogers
recognized that as a direct result of the Snowden breach, “the nation
has lost capabilities against adversaries right now who are attempting
to actively undermine us.” But even with that loss, he observed,
“the sky has not fallen.”
As in the Chicken Little fable he cited, the world had not ended
for the NSA. Nor had it ended for the multibillion- dollar outsourcing
enterprise it superintended. The NSA might have lost many
of its sources, or “capabilities,” but Rogers held out hope that new
sources could eventually be found to replace them. Compromised
codes, after all, could be changed. New technological methods could
be devised. New vulnerabilities could also be targeted in enemy territories.
Although repairing the damage might take many “decades,”
according to Michael McConnell, the vice- chairman of Booz Allen,
the new director had to get on with that task. McConnell, a for-
Epst_9780451494566_2p_all_r1.indd 207
9/30/16 8:13 AM
208 | how america lost its secrets
mer NSA director himself, pointed out that the NSA director’s “first
responsibility is to be the chief cheerleader.” Rebuilding the NSA
capabilities assumed, however, that there would not be another
Snowden- sized breach.
The question remained: How could the NSA’s vaunted secrecy
have been so deeply penetrated by a mere analyst in training at a
regional base in Oahu? The perpetrator himself could not be asked if
he was in Moscow pointing to the “incompetence” of the NSA in his
Moscow interviews. What was known, though, was that the young
man who had taken the “queen” from the board had gained entry to
the NSA’s secret chambers through the back door, a portal opened to
him by the NSA’s reliance on outside contractors.
Epst_9780451494566_2p_all_r1.indd 208
9/30/16 8:13 AM
c h a p t e r 20
The NSA’s Back Door
You have private for- profit companies doing inherently governmental
work like targeted espionage, surveillance, compromising
foreign systems. And there’s very little oversight, there’s very
little review.
— edward snowden, Moscow, 2014
Prior to snowden’s theft of NSA documents, the single most
shattering blow to the confidence of the U.S. intelligence community
was the 1994 exposure of Aldrich Ames as a long- serving
Russian mole in the CIA. Ames, it will be recalled, had been a highranking
CIA officer, working at the CIA’s Counterintelligence Center
Analysis Group, before he was arrested by the FBI. He had also
worked as a mole for Russian intelligence.
In a plea bargain to avoid a death sentence (he was sentenced to
life imprisonment), he admitted that he had successfully burrowed
into the CIA and had worked there for over nine years on behalf of
the KGB. His description of his sub- rosa activities as a mole was part
of the plea bargain. This stunning revelation shook the CIA leadership
to its core. Until then, CIA executives steadfastly denied that it
was possible that the KGB could sustain a mole in American intelligence.
The Ames arrest also led the NSA to reassess its own vulnerability
to penetration. Could there be an Ames inside the NSA?
Epst_9780451494566_2p_all_r1.indd 209
9/30/16 8:13 AM
210 | how america lost its secrets
The question was considered by the NSA’s National Threat Operations
Center, the same unit from which Edward Snowden later
stole a huge trove of secret documents. According to a report in 1996
titled “Out of Control” (later released by the NSA), the danger of
an Ames- type penetration could not be excluded. Even though the
“threat officer” who wrote this report was not identified by name,
his analysis proved incredibly prescient. He said that the NSA’s drive
to enhance its performance by networking its computers would
result in the intelligence services’ putting “all their classified information
‘eggs’ into one very precarious basket.” The basket was the
computer networks run by technicians called system administrators.
He pointed out that the NSA was becoming increasingly dependent
on such networked computer systems, and he predicted that the
NSA’s “Aldrich Ames,” as he put it, would be a “system administrator,”
which was the position that Edward Snowden held nearly two
decades later at Dell when he began stealing secrets.
The NSA’s system administrators were, as the threat officer
pointed out, very different from the traditional military employees
at the NSA. They were usually civilians who effectively served as
repairmen for complex computer systems. Moreover, many of them
had not been directly hired by the NSA. Instead, their recruitment
had been privatized to outside contractors.
This outsourcing had deep roots tracing back to World War II. Ed
Booz and Jim Allen, the founders of Booz Allen Hamilton, obtained
contracts to help manage ship construction from the U.S. Navy.
After the war ended, they sought contracts for their firm in classified
work. These contracts grew in size as the NSA needed more
and more system administrators and other information technologists
to manage the computer networks. These system administrators
needed to be given special privileges to do their service job. One
such privilege allowed them to bypass password protection. Another
privilege allowed then to temporarily transfer data to an external
storage device while they repaired computers. These two privileges
greatly increased the risk of a massive breach. Seeing them as the
weak link in the chain, the threat officer wrote in the report that
“system administrators are likely to be increasingly targeted by for-
Epst_9780451494566_2p_all_r1.indd 210
9/30/16 8:13 AM
The NSA’s Back Door | 211
eign intelligence services because of their special access to information.”
Before the computerization of the NSA, the threat officer noted,
code clerks and other low- level NSA communicators had been the
targets of adversary intelligence services. But the increasing reliance
on computer technicians presented foreign intelligence services
with much richer targets. He predicted that they would adapt their
recruiting to this new reality. Specifically, he argued that adversary
intelligence services would now focus their attention on system
administrators. “With system administrators,” he said, “the situation
is potentially much worse than it has ever been with communicators.”
The reason, he explained, was that “system administrators
can so easily, and quickly, steal vast quantities of information.”
He further suggested that because system administrators are
often drawn from the counterculture of hacking, they are more
likely to be vulnerable to an adversary service using a fake identity
for its approach, or a “false flag.” A “false flag” was a term originally
applied to a pirate ship that temporarily hoisted any flag that would
allow it to gain proximity to its intended prey, but in modern times
it describes a technique employed by espionage services to surreptitiously
lure a prospect. False flags were a staple used by the KGB
in espionage recruitment during the Cold War. They were usually
employed when a target for recruitment was not ideologically disposed
to assisting the intelligence service. To overcome that problem,
recruiters hide their true identities and adopt a more sympathetic,
bogus one.
In 1973, the KGB, working through one of its agents in the U.S.
Navy, used the false flag of Israel to recruit Jerry Alfred Whitworth,
who served as a communications officer with a top secret clearance
for the navy. Like many other KGB recruits, Whitworth came from
a broken family, dropped out of high school, took technical courses,
and got a job as a communications officer. He was not disposed to
working for Russia. But he was willing to steal enciphered and
plain text cables to help in the defense of Israel. After he was thoroughly
compromised by his espionage work, he was told by the KGB
recruiter that he was actually working for Russia, but by this time
Epst_9780451494566_2p_all_r1.indd 211
9/30/16 8:13 AM
212 | how america lost its secrets
he was too deeply compromised to quit. He continued his espionage
work for another eight years. (Whitworth, who was arrested by the
FBI in 1985, was convicted of espionage and sentenced to 365 years
in prison.)
The Internet provided an almost ideal environment for false flags
because its users commonly adopt aliases, screen names, and other
avatars. The threat officer explained how easy it would be for the
KGB to adapt such a false flag when dealing with a dissident system
administrator working for U.S. intelligence. As the threat officer
pointed out in his report, the KGB had used false flags in the late
1980s to surreptitiously recruit members of the “German Hanover
Hackers,” a community of anarchistic hackers who breached computer
networks for fun and profit. Until then, these hacktivists stole
corporate and private passwords, credit card information, and other
privileged documents as a form of freelance espionage. Because of
their fervent anti- authority ideology, the KGB disguised its recruiters
as fellow hacktivists. The KGB succeeded in getting the Hanover
hackers to steal log- in account identifications, source codes, and other
information from U.S. government computer networks.
The weak link of system administrators became increasingly relevant
as the NSA moved further into the digital age. By the beginning
of this century, its growing networks of computers were largely
operated by civilian technicians, including system administrators,
infrastructure analysts, and information technologists, who were
needed to keep the system running. Despite the warning by the
threat officer, the NSA became more and more reliant on these outsiders
as it reorganized to meet its new mandates for surveillance of
the Internet in the war on terrorism.
The NSA had to compete with technology companies, such as
Google, Apple, and Facebook, for the services of experienced IT
workers. Though Booz Allen had been providing technically trained
specialists to the government since the 1940s and ’50s, congressionally
imposed salary caps put the NSA at a disadvantage to private
firms in its recruitment efforts. As a result, it increasingly contracted
with private firms to find talent, especially in the rush for data-based
intelligence following 9/11. Booz Allen, to meet increased demand,
recruited civilian technicians from many unconventional areas,
Epst_9780451494566_2p_all_r1.indd 212
9/30/16 8:13 AM
The NSA’s Back Door | 213
including the hacking culture. Ex- hackers who lacked (or shunned)
employment opportunities in the corporate sector were suitable
candidates for the system administrator jobs that these firms had
contracted to supply the NSA. In the rush to expand, little heed was
paid to the 1996 warning that this hacking culture might provide
a portal to anti- government hacktivist groups. The NSA became
so enamored with this new computer technology that it neglected
the security implications of employing outsiders to service it. “All
of us just fell in love with the ease and convenience and scale [of
electronic storage],” General Hayden, who headed the NSA at the
time, said to The Wall Street Journal in 2015. “So we decided to take
things we used to keep if not in a safe, at least in our desk drawer,
and put it up here [in a computer network], where it’s by definition
more vulnerable.” Making matters even worse, as has previously
been discussed, the NSA stripped away much of the so- called stovepiping
that insulated highly sensitive data from the NSA’s other
computer networks. FBI Director Mueller, in his “Statement Before
the Senate Committee on Homeland Security and Governmental
Affairs,”described a decade of post–9/11 intelligence reorganization
thus: “One of the first steps was to centralize control and management
of counterterrorism operations at headquarters to avoid the
‘stove-piping’ of information on terrorism cases in the 56 individual
field offices across the country.” Here the NSA was merely following
the recommendations of the 9/11 Commission to make their data
more accessible to other agencies concerned with potential terrorist
attacks, but as a result, the inner sanctum of the NSA became more
open to its new army of civilian technicians.
By 2013, much of the job of managing the NSA’s classified computers
had been handed over to a handful of private companies: Booz
Allen Hamilton, which handled the most highly secret work; Dell
SecureWorks; Microsoft; Raytheon; and IBM. In many respects,
these five companies acted less like management consultants and
more like temporary employment agencies in finding for the NSA
the computer specialists who had the necessary security clearances.
The NSA found that the universe of independent contractors was
governed by very different considerations from that of intelligence
services. Unlike intelligence services, their fate depended on turning
Epst_9780451494566_2p_all_r1.indd 213
9/30/16 8:13 AM
214 | how america lost its secrets
profits. Because the value of their contracts was largely limited by
competitive bidding, their business plans were predicated on their
ability to minimize the costs of fulfilling these contracts. Their principal
cost was the salaries they paid their independent contractors.
Their business plans therefore depended on finding large numbers
of computer technicians in the private realm willing to work at an
NSA base at relatively low wages. This task became more difficult as
many potential recruits could find higher- paying employment with
more of a future in the burgeoning private sphere. But the companies
could also increase their revenue streams by getting additional
contracts, which, in turn, meant recruiting even more workers.
Such a business plan could hardly afford to give the highest priority
to the low probability of a security risk. In the private sector,
there is usually an unambiguous external measure of failure. An
automobile company such as General Motors can measure the performance
of its executives by reckoning its change in net income.
With secret intelligence work, the metrics for failure are far less
clear. This curious aspect of secret work was part of the advice given
to a White House lawyer in the Obama administration seeking a
position with the NSA in 2012, who was told that among the advantages
of working for a super-secret agency was that if one errs or
has a failure, “it stays secret.” The Snowden case showed that not all
failures stay secret.
The NSA can certainly quantify the amount of data it is intercepting,
but it obviously cannot count the intelligence that it misses. The
a priori proposition in the intelligence game is that “what is successfully
hidden is never found.” But one failure that cannot be hidden
is a security breach in which a perpetrator uses NSA data to publicly
expose the NSA’s sources.
Until the Snowden breach in 2013, the NSA had experienced only
one such public failure. It was the capture by North Korea in 1968 of
the USS Pueblo, which had been carrying out highly sensitive electronic
communications interception for the NSA. The Pueblo crew
failed to destroy the NSA’s encoding machines, which were flown
to Russia several days later. It was a horrible, costly breach. The
Snowden breach was much worse because, among the thousands of
Epst_9780451494566_2p_all_r1.indd 214
9/30/16 8:13 AM
The NSA’s Back Door | 215
documents he stole, he selected lists of the NSA’s secret sources in
adversary nations.
The Snowden breach was a failure that directly traced back to the
NSA’s largest and most trusted contractor, Booz Allen Hamilton,
calling into question the vexing issue of privatizing secret intelligence.
Booz Allen, like other private firms that did work for the government,
was in the business to make money. Indeed, it had found
government contracts so much more profitable than its work in
the private sector that it sold its private sector unit to Price Waterhouse.
The profitability of government work led the Carlyle Group’s
private equity fund to acquire a controlling stake in Booz Allen in
July 2008. By 2013, it had increased its revenue by more than $1.3
billion by expanding its government contracts. Even more impressive,
its operating profit on these contracts had doubled. It did not
need to increase its core internal staff to achieve these profits, it just
had to hire outside contractors. In 2008, Booz Allen claimed 20,000
employees on its internal staff; in 2013, it claimed fewer than 5,000.
The resulting “reduced headcount,” according to its January 30,
2013, quarterly report, greatly decreased its costs for incentive pay.
It mainly accomplished this reduction by expanding the number of
outside contractors it employed, 8,000 in these five years, by one
Wall Street analyst’s calculation. They were employed as system
administrators, infrastructure analysts, computer security specialists,
and other “geek squad” jobs at the NSA and other government
agencies. Their main qualification was their prior security clearances
(which as mentioned earlier saved Booz Allen the expense of vetting
them and also the loss of income while waiting many months for a
clearance).
Snowden therefore was highly desirable for Booz Allen from an
economic point of view. Even though he had no prior experience as
an infrastructure analyst, and he had been detected being untruthful
about his degree in computer sciences, he not only had a SCI security
clearance but was willing to take a cut in pay. In keeping with
the Booz Allen business plan, such a recruit provided another cog in
its profit machine.
Not only had the NSA outsourced much of its computer opera-
Epst_9780451494566_2p_all_r1.indd 215
9/30/16 8:13 AM
216 | how america lost its secrets
tions to private companies, but the Clinton administration in 1996
had privatized background checks for government employees
requiring security clearances. The idea, backed by Vice President
Al Gore, was to reduce the size of the federal government by outsourcing
investigating the backgrounds of millions of government
applicants for jobs. The task had previously been performed by the
FBI, but it was assumed that a profit- making business could do it
faster and more efficiently. The private company named U.S. Investigations
Services was purchased in 2007 for $1.5 billion by Providence
Equity Partners, a rapidly expanding investment firm founded
in 1989 by graduates of Duke, Brown University, and the Harvard
Business School. So like Booz Allen, USIS was backed by a hedge
fund determined to make money by systematically cutting the cost
of a service previously carried out by the government.
But such outsourcing had drawbacks. For one thing, unlike the
FBI, USIS lacked the investigative clout to gain entry to certain government
agencies. A Congressional review found that the privacy
act permits disclosure of government agency records to the private
firm if they are part of a “routine use of the records,” but intelligence
agencies did not consider all such requests to be “routine. For example,
when it did the background check on Snowden in 2011, it could
not get access to his CIA file. The “derog” in his file might have set
off alarm bells, as might the fear that he had been threatened by an
internal investigation over his alleged computer tampering in 2009.
The FBI might have learned this about Snowden if it had done his
background check.
The lack of adequate oversight was another problem. USIS closed
cases and cleared applicants without completing an adequate investigation.
According to a U.S. government suit filed in 2014, USIS
had prematurely closed over 665,000 investigations in order to get
paid for them more quickly. Because the more cases it completed
each month, the more money it received from the government, the
lawsuit alleged that USIS employees often “flushed” or ended cases
before completing a full investigation to meet corporate- imposed
quotas for getting bonuses. One employee, in an e- mail cited in the
government’s complaint, said they “flushed everything like a dead
goldfish.” As a result, some information specialists entering the NSA
Epst_9780451494566_2p_all_r1.indd 216
9/30/16 8:13 AM
The NSA’s Back Door | 217
through the back door of outside contractors were not fully vetted.
(On August 20, 2015, USIS agreed to forfeit $30 million in fees to
settle the lawsuit.)
USIS was also open to sophisticated hacking attacks by outsiders.
In August 2014, the Department of Homeland Security’s counterintelligence
unit discovered such a massive and persistent breach
in USIS that it shut down its entire exchange of data with it. The
intrusion into USIS records in this case was attributed to hackers in
China most likely linked to the Chinese intelligence service. Such
massive intrusions dated back to 2011. USIS’s lack of security in its
website left a gaping hole through which outside parties, including
Chinese and Russian hackers, could learn both the identity and the
background information of specialists applying for jobs at the NSA.
These private companies also did not sufficiently protect the personal
data of their independent contractors working at the NSA.
The hackers’ group Anonymous took credit for the successful 2011
attack on the Booz Allen Hamilton servers. It also cracked the algorithms
used to protect employees. It next injected so- called Trojan
horse viruses and other malicious codes into Booz Allen servers
that allowed it future entry. If amateur hackers such as Anonymous
could break into the computers of the NSA’s largest contractor, so
could adversaries’ state espionage services with far more advanced
hacking tools. From these sites, China or Russia could obtain all the
job applications and personal résumés submitted to contractors such
as Booz Allen. It could then compile a list of the best candidates to
do its bidding.
These deficiencies in the private sector were compounded by
the failure of security in the government’s own Office of Personnel
Management. It used a computer system called e- QIP in which
intelligence employees, including outside contractors, updated their
computerized records to maintain or upgrade their security clearances.
For example, Snowden updated his clearance in 2011. To do
so, these employees constantly updated their financial and personal
information. As it turned out, there was a major hole in the e- QIP
system. It has repeatedly been hacked by unknown parties since
2010. In 2015, the U.S. government told Congress that China was
most likely responsible, but Russia and other nations with sophis-
Epst_9780451494566_2p_all_r1.indd 217
9/30/16 8:13 AM
218 | how america lost its secrets
ticated cyber services could have also participated in the hacking. In
any case, the records of over nineteen million employees, including
intelligence workers, became available to a hostile intelligence service.
This breach would allow hostile services to obtain a great deal
of information about independent contractors working at the NSA.
They could then use this data to follow the movements of any of
these intelligence workers they deemed of interest.
Despite all the potential flaws in it, the outsourcing system continued
in place. It even featured a revolving door through which Booz
Allen hired retiring executives from the intelligence services, such
as the former NSA director Michael McConnell; James Woolsey, a
former director of the CIA; and the retired general James Clapper,
who later served as director of national intelligence.
The cozy relationship between the private firms and the NSA
notwithstanding, the NSA leadership operated as if it were unaware
that outsourcing could create a security problem. As far back as
2005 General Hayden, then the departing head of the NSA, had
been warned of one such vulnerability in a memorandum written
by a counterintelligence officer at the NSA. Like the earlier 1996
report by the threat officer, this memorandum noted the NSA had
ceded responsibility for managing its secret systems to outsiders and
warned that the NSA’s reliance on them to manage its computers
had opened a back door into the NSA. In addition, it warned that
once an outside contractor managed to slip in through this back door,
he could easily jump from one outsourcer to another. This was what
Snowden did when he moved from Dell to Booz Allen Hamilton in
2013.
Despite its security flaws, outsourcing seemed to provide a number
of advantages to the NSA. For one thing, it provided a means for
circumventing the budget restrictions imposed by Congress on hiring
new employees. In addition, because private companies had less
rigid hiring standards, it greatly expanded the pool of young system
administrators by tapping into computer cultures that would be
antagonistic to working directly for the government. Finally, it drew
less on NSA resources. Because these information technologists
were only temporary employees, they were not entitled to military
Epst_9780451494566_2p_all_r1.indd 218
9/30/16 8:13 AM
The NSA’s Back Door | 219
pensions, paid medical leave, and other benefits. It was a system that
effectively replaced military careerists with freelancers.
The irony of the situation was that the NSA had surrounded its
front doors with rings of barbed wire, closed- circuit cameras, and
armed guards, but for reasons of economy, bureaucratic restrictions,
and convenience it had left the back door of outsourcing open to
temporary employees of private companies, even though it might
take some time for them to gain entry to its inner sanctum.
“It was not a question of if but when one of the contractors would
go rogue,” the former NSA executive who wrote the 2015 memorandum
told me. Snowden answered that question in 2013. Even more
extraordinary than the theft itself was the reaction to it by the NSA.
It turned out that there was no cost of failure levied against the outside
contractor Booz Allen, which had employed Snowden when he
bypassed its security regime to steal the keys to the kingdom. Even
though the counterintelligence investigation showed Snowden stole
documents from compartments to which he did not have access, the
NSA did not penalize Booz Allen. Instead, its revenues and profits
from government contracts markedly increased between 2013 and
2015.
Nor did the NSA alter its reliance on private contractors. The back
door to the NSA remained wide open. Outsourcing to private companies
has become an all but irreplaceable part of the intelligence
system in America, Snowden’s actions, and the risk of future similar
actions, notwithstanding.
Epst_9780451494566_2p_all_r1.indd 219
9/30/16 8:13 AM
c h a p t e r 21
The Russians Are Coming
The collapse of the Soviet Union was a major geopolitical disaster
of the century.
— vladimir putin
In the first invasion of a European country since the end of
the Cold War, Russian military forces moved into the Crimea and
other parts of eastern Ukraine in February and March 2014. Unlike
with previous Russian troop movements, such as those into Poland,
Hungary, Czechoslovakia, and East Germany during the Cold War,
the weeklong massing of Russian elite troops and sophisticated
equipment for the move into Ukraine almost totally evaded detection
by the NSA’s surveillance. Never before had the NSA’s multibilliondollar
armada of sensors and other apparatus for intercepting signals
missed such a massive military operation. According to a report in
The Wall Street Journal that cited Pentagon sources, Russian units
had managed to hide all electronic traces of their elaborate preparations.
If so, after more than half a century of attempted penetrations,
Russia had apparently found a means of stymieing the interception
capabilities of the NSA.
Putin had firm ideas about restoring Russia’s power in the post–
Cold War era. A formidable KGB officer before he became president
Epst_9780451494566_2p_all_r1.indd 220
9/30/16 8:13 AM
The Russians Are Coming | 221
of the Russian Federation in 2000, he made no secret that his goal
was to prevent the United States from obtaining what he termed
“global hegemony.” His logic was clear. He judged the breakup of
the Soviet Union in 1991 to be, as he put it, “a geopolitical disaster.”
He argued that the breakup had provided the United States with the
means to become the singular dominant power in the world.
He sought to prevent that outcome by moving aggressively to
redress this loss of Russian power. He upgraded Russia’s nuclear
force, modernized Russia’s elite military units, and greatly strengthened
Russia’s relations with China. The last measure was essential
because China was Russia’s principal ally in opposing the extension
of American dominance. Yet there was still an immense gap between
them and the United States in communications intelligence.
Since the breakup of the Soviet Union, the NSA had continued to
build up its technological capabilities, while Russia teetered on the
edge of collapse in the early 1990s. But as previously mentioned,
the NSA’s legal mandate had been limited by Congress to foreign
interceptions (at least prior to 9/11). As a result, it was required to
separate out domestic from foreign surveillance, a massive process
that not only was time- consuming but could generate dissidence
within the ranks of American intelligence. It also could not legally
use its surveillance machinery to monitor the telephones and Internet
activities of the tens of thousands of civilian contractors who ran
its computer networks— at least not unless the FBI began an investigation
into them.
Here the Russian intelligence services had a clear advantage. They
had a lawful mandate to intercept any and all domestic communications.
In fact, a compulsory surveillance system called by its Russian
acronym SORM had been incorporated into Russian law in 1995.
It requires the FSB and seven other Russian security agencies to
monitor all forms of domestic communications including telephones
(SORM- 1), e- mails and other Internet activity (SORM- 2), and computer
data storage of billing information (SORM- 3). Not only did
Russia run a nationwide system of Internet filtering in 2013, but it
required its telecommunication companies to furnish it with worldwide
data.
The NSA also had to deal with many peripheral issues other than
Epst_9780451494566_2p_all_r1.indd 221
9/30/16 8:13 AM
222 | how america lost its secrets
the activities of Russia and China. It was charged with monitoring
nuclear proliferation in Iran, Pakistan, and North Korea, potential
jihadist threats everywhere in the world, and much else. The
Russian foreign intelligence service, the SVR, could put its limited
resources to work on redressing the gap with its main enemy: the
United States.
Nevertheless, Putin had to reckon with the reality in 2013 that
Russia could not compete with the NSA in the business of intercepting
communications. And if the NSA could listen in on all the
internal activities of its spy agencies and security regime, the ability
of Putin to use covert means to achieve his other global ambitions
would be impaired. In the cold peace that replaced the Cold War,
Russia had little hope of realizing these ambitions unless it could
weaken the NSA’s iron- tight grip on global communications intelligence.
One way to remedy the imbalance between Russian intelligence
and the NSA was via espionage. Here the SVR would be the
instrument, and the immediate objective would be to acquire the
NSA’s lists of its sources in Russia. If successful, it would be a game
changer.
Such an ambitious penetration of the NSA, to be sure, was a tall
order for Russian intelligence. Most of its moles recruited in the
NSA by the KGB had been code clerks, guards, translators, and lowlevel
analysts. They provided documents about the NSA’s cipher
breaking, but they lacked access to the lists of the NSA’s sources and
methods. These meager results did not inhibit Russian efforts. For
six decades, ever since the inception of the NSA in 1952, the Russian
intelligence service had engaged in a covert war with the NSA.
The Russian intelligence service is, as far as is known, the only
intelligence service in the world that ever succeeded in penetrating
the NSA. A number of NSA employees also defected to Moscow.
The history of this venerable enterprise is instructive.
The first two defectors in the NSA’s history were William Martin
and Bernon Mitchell. They were mathematicians working on the
NSA’s decryption machines who went to Moscow via Cuba in 1960.
The Russian intelligence service, then called the KGB, went to great
lengths to get propaganda value from their defections. It even organized
a ninety- minute press conference for them on September 6,
Epst_9780451494566_2p_all_r1.indd 222
9/30/16 8:13 AM
The Russians Are Coming | 223
1960, at the Hall of Journalists and invited all the foreign correspondents
in Moscow. Before television cameras, the defectors denounced
the NSA’s activities. Martin told how the NSA breached international
laws by spying on Germany, Britain, and other NATO allies.
Mitchell, for his part, suggested that the NSA’s practice of breaking
international laws could ignite a nuclear war. Indeed, he justified
their joint defection to Russia in heroic whistle- blowing terms,
saying, “We would attempt to crawl to the moon if we thought it
would lessen the threat of an atomic war.” The NSA review of the
case, however, assessed that little damage had been done, because the
NSA quickly changed the codes they had compromised. It noted,
“The Communist spymasters would undoubtedly have preferred
Martin and Mitchell to remain in place as moles, since their information
was dated as of the moment they left NSA.”
The next NSA defector was Victor Norris Hamilton, a translator
and analyst at the NSA. He arrived in Moscow in 1962, and like
Mitchell and Martin he claimed the status of a whistle- blower. This
time, the KGB provided a newspaper platform. Writing in the Russian
newspaper Izvestia, Hamilton revealed the extent of U.S. spying
on its allies in the Middle East.
None of these three 1960s defectors revealed what, if any, NSA
secret documents they had compromised. Nor did any of them ever
return to the United States. Martin changed his name to Vladimir
Sokolodsky, married a Russian woman, and died in Mexico City on
January 17, 1987. Mitchell vanished from sight and was reported to
have died in St. Petersburg on November 12, 2001. Hamilton, after
telling Russian authorities stories about hearing voices in his head
because of an NSA device implanted in his brain, was consigned to
Special Psychiatric Hospital No. 5 outside Moscow.
There were also KGB spies in the NSA who were caught or died
before they could defect. One of them was Sergeant Jack Dunlap.
He was found dead of carbon monoxide poisoning in his garage on
July 23, 1963. Although there was no suicide note, his death was
ruled an apparent suicide. NSA classified documents were later discovered
in his house. After that, NSA investigators unraveled his
decade- long career as a KGB mole. Dunlap had been recruited by the
KGB in Turkey in 1952. The standard KGB tool kit for recruitment
Epst_9780451494566_2p_all_r1.indd 223
9/30/16 8:13 AM
224 | how america lost its secrets
was called MICE. It stood for Money, Ideology, Compromise, and
Ego. The KGB used the first element, money, to compromise Dunlap.
After he was compromised, it exploited him by getting him to steal
NSA secrets. He had access to such secrets because he became the
personal driver to Major General Garrison Coverdale, the chief of
staff of the NSA. After Coverdale retired, he became the driver for
his successor, General Thomas Watlington. These positions afforded
him a security clearance and, even more important, a “no inspection”
status for the commanding general’s cars that he drove. This
perk allowed him to leave the base with secret documents, have them
photocopied by his KGB case officer, and then return them to the files
at the NSA base before anyone else knew they were missing. He also
used, likely at the suggestion of the KGB case officers, his “no inspection”
perk to offer other NSA employees a way of earning money.
He would smuggle off the base any items of government property
that they took. Once he had compromised them through thefts, he
was in a position to ask them for intelligence favors. This NSA ring
could not be fully investigated because of his untimely death. Other
than the packets of undelivered NSA documents found in his home,
the investigation was never able to assess the total extent of the KGB
penetration of NSA secrets. (Angleton suspected Dunlap was murdered
by the KGB in what he termed a surreptitiously assisted death,
to prevent Dunlap from talking to investigators.)
The Russian intelligence services continued recruiting mercenary
spies in the NSA for the duration of the Cold War. The KGB successes
included Robert Lipka, a clerk at the NSA in the mid- 1960s,
who was caught in a sting operation by the FBI and sentenced to
eighteen years in a federal prison. Ronald Pelton, an NSA analyst,
was recruited after he retired from the NSA. After he was betrayed
by a KGB double agent in 1985, he was sentenced to life imprisonment.
Finally, there was David Sheldon Boone, an NSA code clerk,
who between 1988 and 1992 provided the KGB with NSA documents
in return for $60,000. Boone, sentenced to twenty- four years
in prison, was the last known KGB recruitment of the Cold War.
During the Cold War, Russian intelligence service officers operated
mainly under the cover of the embassies, consulates, United
Nations delegations, and other diplomatic missions of the Soviet
Epst_9780451494566_2p_all_r1.indd 224
9/30/16 8:13 AM
The Russians Are Coming | 225
Union. As “diplomats,” they were protected from arrest by the terms
of the 1961 Treaty of Vienna Convention on Diplomatic Relations.
Their diplomatic cover, however, greatly limited their field for finding
potential recruits outside their universe of international meetings,
diplomatic receptions, UN organizations, scientific conferences,
and cultural exchanges. They therefore tended to recruit their counterparts
in adversary services.
In this regard, the successful entrapment of Harold Nicholson
in the 1990s is highly instructive. From his impressive record, he
seemed an unlikely candidate for recruitment. He had been a superpatriotic
American who had served as a captain in army intelligence
before joining the CIA in 1980. In the CIA, he had an unblemished
record as a career officer, serving as a station chief in Eastern
Europe and then the deputy chief of operations in Malaysia in 1992.
Even though his career was on the rise and he was a dedicated anti-
Communist, he became a target for the SVR when he was assigned
to the CIA’s elite Russian division. Because the job of this division
was to recruit Russian officials working abroad as diplomats, engineers,
and military officers, its operations brought its officers in close
contact with SVR officers. Nicholson therefore was required to meet
with Russian intelligence officers in Manila, Bucharest, Tokyo, and
Bangkok and “dangle” himself to the SVR by feigning disloyalty to
the CIA.
As part of these deception operations, Nicholson supplied the
Russians with tidbits of CIA secrets, or “chickenfeed,” that had been
approved by his superiors at the CIA. What his CIA superiors did
not fully take into account in this spy- versus- spy game was the
SVR’s ability to manipulate, compromise, and convert a “dangle” to
its own ends. As it turned out, Russian intelligence had been assembling
a psychological profile on Nicholson since the late 1980s and
found vulnerability: his resentment at the failure of his superiors
to recognize his achievements in intelligence. The Russians played
on this vulnerability to compromise him and then converted him to
becoming its mole inside the CIA.
Nicholson worked for the SVR first in Asia; then he was given a
management position at CIA headquarters, which is located in Langley,
Virginia. Among other secret documents, he provided the SVR
Epst_9780451494566_2p_all_r1.indd 225
9/30/16 8:13 AM
226 | how america lost its secrets
with the identities of CIA officers sent to the CIA’s special training
school at Fort Peary, Virginia, which opened the door for the SVR to
make other potential recruitments. Meanwhile, it paid him $300,000
before he was finally arrested by the FBI in November 1996. (After
his conviction for espionage, he was sentenced to twenty- three years
in federal prison.) The CIA postmortem on Nicholson, who was the
highest- ranking CIA officer ever recruited (as far as is known), made
clear that even a loyal American, with no intention of betraying the
United States, could be entrapped in the spy game.
When it comes to recruiting moles in a larger universe, intelligence
services operate much like highly specialized corporate “headhunters,”
as James Jesus Angleton described the process to me during
the Cold War era. He was referring to the similar approach that corporate
human resource divisions had with espionage agencies. Both
headhunt by searching through a database of candidates for possible
recruits to fill specific positions. Both types of organizations have
researchers at their disposal to draw up rosters of potential recruits.
Both sort through available databases to determine which of the
names on the list have attributes that might qualify or disqualify
them for a recruitment pitch. Both also collect personal data on each
qualified candidate, including any indication of his or her ideological
leaning, political affiliations, financial standing, ambitions, and vanities,
to help them make a tempting offer.
But there are two important differences. First, unlike their counterparts
in the private sector, espionage headhunters ask their
candidates not only to take on a new job but also to keep their
employment secret from their present employer. Second, they ask
them to surreptitiously steal documents from him. Because they are
asking candidates to break the law, espionage services, unlike their
corporate counterparts in headhunting, obviously need to initially
hide from the candidates the dangerous nature of the work they will
do. Depending on the targeted recruit, they might disguise the task
as a heroic act, such as righting an injustice, exposing an illegal government
activity, or countering a regime of tyranny. This disguise is
called in the parlance of the trade a false flag, as mentioned earlier.
By using such a false flag, the SVR did not need to find a candidate
who was sympathetic to Russia or the Putin regime. In its long
Epst_9780451494566_2p_all_r1.indd 226
9/30/16 8:13 AM
The Russians Are Coming | 227
history dating back to the era of the czars, Russian intelligence had
perfected the technique of false flag recruitment, through which it
assumes an identity to fit the ideological bent of a potential recruit.
Russian intelligence was well experienced with false flags. It first
used this technique following the Bolshevik revolution in 1917 to
control dissidents both at home and abroad. The centerpiece, as later
analyzed by the CIA, was known as the “Trust” deception. It began
in August 1921 when a high- ranking official of the Communist
regime in Russia named Aleksandr Yakushev slipped away from a
Soviet trade delegation in Estonia and sought out a leading anti-
Communist exile he had known before the revolution in Russia. He
then told him that he represented a group of disillusioned officials in
Russia that included key members of the secret police, the army, and
the Interior Ministry. Yakushev said that they all had come to the
same conclusion: the Communist experiment in Russia had totally
failed and needed to be replaced. To effect this regime change, they
had formed an underground organization code- named the Trust,
because the cover for their conspiratorial activities was the Moscow
headquarters of the Municipal Credit Association, which was a trust
company. According to Yakushev’s account, it had become the equivalent
of a de facto government by 1921.
The exiled leader in Estonia reported this astonishing news to
British intelligence, which, along with French and American intelligence,
helped fund this newly emerged anti- Communist group.
Initially, British intelligence had doubts about the bona fides of the
Trust, as did other Western intelligence services sponsoring exile
groups. But they gradually accepted it after they received intelligence
reports confirming its operations from many other sources,
including Russian officials, diplomats, and military officers who
claimed to have defected from the Soviet government. Because these
reports all dovetailed, they recognized the Trust as a legitimately
underground organization.
Once the Trust had been established in the minds of the Western
intelligence services, it offered them as well as exile groups the
services of its network of collaborators. These services included
smuggling out dissidents, stealing secret documents, and disbursing
money inside Russia to sympathizers. Within a year, exile groups in
Epst_9780451494566_2p_all_r1.indd 227
9/30/16 8:13 AM
228 | how america lost its secrets
Paris, Berlin, Vienna, and Helsinki were using the Trust to deliver
arms and supplies to their partisans inside Russia. The Trust also
furnished spies’ and exiled leaders’ fake passports, which allowed
them to sneak back into Russia to participate in clandestine missions.
It even undertook sabotage and assassination missions paid for
by Western intelligence services. As they learned of police stations
being blown up and political prisoners escaped from prisons, these
agents and dissidents came to further believe in the power of the
Trust.
By the mid- 1920s, no fewer than eleven Western intelligence
services had become almost completely dependent on the Trust for
information about Russia. They also sent millions of dollars into
Russia via couriers to finance its activities.
But suddenly exiled leaders working in Russia under the aegis
of the Trust began to vanish. Then top Western intelligence agents,
including Sidney Reilly and Boris Savinkov, were arrested, and their
networks were eliminated. Instead of the Communist regime collapsing,
as the Trust had predicted, it consolidated its power and
wiped out all the dissident groups. Finally, in 1929, the Trust was
revealed by a defector to be a long- term false flag operation run by
the Russian intelligence service. Even the Trust building, rather than
being the cover for a subversive conspiracy, was the headquarters
for the Russian secret police during this eight- year operation. The
secret police had provided the documents fed to Western intelligence,
briefed the agents who pretended to defect, published the dissident
newspapers the Trust distributed, fabricated the passports it supplied
exiles, blew up Russian buildings, and staged jail breaks to make the
deception more credible. It also collected the money sent in by Western
intelligence services, which more than paid for the entire deception.
Because it was running the show, it could offer those lured into
the trap an opportunity to work for it as double agents. The alternative,
if they refused, was to face a firing squad.
Even after the Trust itself had been fully exposed, the Russian intelligence
service continued to succeed with other false flag deceptions.
During the Cold War, it set up a fake underground in Poland called
WIN, modeled on the Trust. It set up false flag groups in Ukraine,
Georgia, Lithuania, Albania, and Hungary. It also had agents mas-
Epst_9780451494566_2p_all_r1.indd 228
9/30/16 8:13 AM
The Russians Are Coming | 229
querade as members of the security services of Israel, South Africa,
Germany, France, and the United States to recruit unwitting agents.
These deceptions became an integral part of the recruitments of the
Russian intelligence services.
Penetrating the NSA and getting access to files from its stovepiped
computers was a far more difficult challenge for the SVR.
Approaching CIA officers, such as Nicholson, was relatively easy
because it was part of the CIA officers’ jobs to meet with their adversaries.
NSA officers, on the other hand, did not engage in “dangles”
or even attend diplomatic receptions. They had no reason, other than
a sinister one, to meet with a member of the Russian intelligence
service. Furthermore, unlike CIA officers, who, like Nicholson, are
often posted in neutral countries where they can be approached in a
social context, NSA officers work at well- guarded regional bases and
are not part of the diplomatic life. Because a known employee of a
foreign diplomatic mission could not even approach an NSA officer
without arousing suspicion, the SVR would need to use an intermediary,
called an access agent, whose affiliations were not known
to the FBI. Such an operation would require establishing a network
of illegals in America, as the SVR did after Putin became president.
Even then, the intermediary would have to find a plausible pretext
to approach the target without revealing his actual interest. Such
complex operations at the NSA, as far as is known, only yielded a
few low- level recruits.
The emergence of computer networks in the 1990s greatly
expanded the SVR’s recruiting horizon. It offered a new penetration
opportunity at the NSA: civilian technologists working under contract
for the U.S. government. Many of these civilians at the NSA,
especially the younger ones, as we know, had been drawn from the
hacking and game- playing culture; some had even taken courses on
hacking techniques. They presented the SVR with inviting targets
for recruitment. As was previously mentioned, Russian intelligence
had considerable experience in Germany with hacktivists, who
tended to be anarchists. There were also supporters of the libertarian
movement. The common denominator was often their resentment,
expressed in their postings, of the United States and its allies
attempting to limit the downloading of copyrighted music, movies,
Epst_9780451494566_2p_all_r1.indd 229
9/30/16 8:13 AM
230 | how america lost its secrets
and software on the Internet, all of which fell under the rubric of
“freedom of the Internet.” They also vocally objected to the NSA’s
using built- in back doors in its software to read their encrypted
messages. Such people were not difficult to find on the Internet.
The donors to Ron Paul’s libertarian election campaign (including
Snowden) were a matter of public record.
Even if there was no shortage of hacktivists who believed the surveillance
of the Internet by the NSA was an evil worth fighting, the
SVR still had to find a plausible way of approaching members of
this counterculture without offending them. Clearly, the SVR could
no longer use out- of- date Communist and anti- capitalist ideology
as a lure. Russia was far more authoritarian than the United States
when it came to the Internet. One viable alternative for the SVR was
custom- tailoring false flags to appeal to hacktivists.
For this purpose, the Internet provided a near- perfect realm.
Because it is a place where true identities cannot easily be verified,
intelligence services could employ a protean kit of disguises to
assume false identities to entice potential dissidents into communicating
with them. The KGB’s earlier efforts to use hacktivist groups
in Germany had produced little if any intelligence about the NSA
because of the stovepiping it used to isolate its computers from networks
that could be hacked into from the outside. It will be recalled
that the NSA threat officer had cited these failures in his 1996 report
on NSA vulnerability. He also said that efforts of the Russian intelligence
services to use false flag recruitments provided the KGB with
“a learning experience.” The KGB had learned that hacking by itself
could not breach the NSA’s protective stovepiping. He predicted that
its next logical move would be to “target insider computer personnel.”
This false flag recruitment would aim at, in his view, system
administrators, computer engineers, and cyber- service workers who
either were already inside the NSA or had a security clearance that
would facilitate getting jobs with NSA contractors.
Even with an appropriate false flag, the task of finding such a
“Prometheus” required obtaining a database of those working at
the NSA. There were some five thousand civilian technicians at the
NSA of all political stripes. Hacking into the personnel records of
the intelligence workers seeking to renew their security clearance
Epst_9780451494566_2p_all_r1.indd 230
9/30/16 8:13 AM
The Russians Are Coming | 231
was a place to begin. The Internet provided the SVR with just this
opportunity. As you will recall, holes in the security of the computer
networks of the U.S. Office of Personnel Management and
USIS and the websites of the companies supplying the NSA with
independent contractors had made the background checks on American
intelligence workers available to the Chinese, and presumably
other adversary intelligence service hackers, since 2011. If the SVR
had access to this personnel data, the research for a candidate would
be greatly facilitated. From the 127- page Standard Form 86, which
each applicant for a security clearance submits, the SVR could filter
out intelligence workers employed by the NSA by their educational
background, employment history, affiliations, and foreign contacts.
It could then search this data for candidates with a possible hacktivist
profile.
This data could next be crossed with a list of individuals the SVR
knew were in contact with high- profile activists who were part of the
anti- surveillance movements. This would include core participants
in the Tor Project, WikiLeaks, Noisebridge, CryptoParties, the Freedom
of the Press Foundation, and the Electronic Frontier Foundation.
(Snowden, for example, had been in touch with members of all
these groups in 2012 and 2013.)
The SVR would have little problem monitoring even encrypted
communications with leading figures in the anti- surveillance world.
These activists, despite secrecy rituals such as putting their cell
phones in refrigerators, remain visible to a sophisticated intelligence
service such as the SVR. All the defensive tactics of Laura Poitras,
including PGP encryption, Tor software, and air- gapped computers
(computers that have never been connected to the Internet), did not
keep secrets about her sources entirely to herself. Snowden, at a time
when he was stealing NSA secrets in February 2013, went to great
lengths to impress on Poitras the need for operational security about
his contacts with her, but that injunction did not prevent her from
telling at least five people about her source, including Micah Lee, the
Berkeley- based technology operative for the Freedom of the Press
Foundation; Jacob Appelbaum, the Tor proselytizer; Ben Wizner, the
ACLU lawyer; Barton Gellman; and Glenn Greenwald. “It is not me
that can’t keep a secret,” Abraham Lincoln joked. “It’s the people I
Epst_9780451494566_2p_all_r1.indd 231
9/30/16 8:13 AM
232 | how america lost its secrets
tell it to that can’t.” In the same vein, Poitras could hardly rely on
these five confidants not to tell her secrets (and Snowden’s) to others.
Hours after he was told, Greenwald told his lover, David Miranda,
about the source in great detail. He even asked him to evaluate the
source’s bona fides for him. Gellman, for his part, raised the matter
with a former high official at the Justice Department.
Moreover, as the intelligence world knew, Poitras was herself
a veritable lightning rod for attracting ex- NSA employees who
objected to some of its surveillance programs. In 2012, her previously
mentioned filming in Berlin of NSA insiders could make her
communications of interest to intelligence services that wanted to
keep tabs on possible NSA dissidents.
Nor was Snowden himself overly discreet. It will be recalled that
he had also advertised his Tor- sponsored CryptoParty activities over
the Internet and supplied Runa Sandvik, who worked with Appelbaum,
his true name and address in Hawaii. Sandvik had no reason
not to share the identity of her co- presenter with others in the Tor
movement. Snowden, of course, had his girlfriend make a video of
his presentation as well. He also bragged about operating the largest
Tor outlets in Hawaii. Even if his Tor software provided him with a
measure of anonymity, it was not beyond the ability of the worldclass
cyber services to crack it.
Under Putin, Russia had built one of the leading cyber- espionage