it is certainly possible Snowden was his source. But it seems difficult to believe that Assange waited two years before publishing since he has made it part of his modus operandi to publish documents immediately. And since Wikileaks receives documents anonymously via its TOR software, any party, with access the Snowden files, could have sent it. Greenwald and Poitras also released belated documents. On July 15, 2015, for example, their web publication The Intercept released a Snowden document that t cited a NSA intercept of Israeli military communications about an Israeli raid in Syria on August 1, 2008. It revealed that in it a group of Israeli commandos killed General Suleiman, a top aide to President Assad who had been working with North Korea to build a nuclear facility in Syria. Israel had destroyed that facility in Operation Orchard nearly a year earlier. Whatever the purpose of this new release of a NSA document (which had little, if anything, to do with any of the NSA’s own operations); it was not among the data that Snowden had given Poitras and Greenwald in Hong Kong in 2013, according to a source with access to the investigation. If so Poitras and Greenwald, like Appelbaum and Assange, were still receiving NSA documents that Snowden had allegedly stolen a long time after he claimed he had destroyed all his files. The NSA reportedly determined that these belated documents, all of which concerned American allies in Germany, France and Israel, had been among the material copied during the Snowden breach. They provided further reason to believe that someone still had access to the documents that were not distributed to journalists in Hong Kong. Kucherena’s disclosure just before the first post-Hong Kong release that Snowden still had access to the NSA files made it appear plausible that Snowden sent these documents to Der Spiegel, Wikileaks and The Intercept. A former high-ranking KGB officer I interviewed had a very different view. He told me that in his experience an intelligence defector to Russia would not be allowed to distribute secret material to journalists without explicit approval by the security service tending him. , and that this injunction would be especially true in the case of Snowden after Putin publicly had forbade him from releasing U.S. intelligence data. The alternative is that this material was released at the behest of the Russian intelligence service. The mystery of the post Hong Kong documents also intrigued members in the US intelligence community with whom I discussed it. When I asked a former intelligence executive about the ultimate source for the Merkel story, he responded: “If Snowden didn’t give journalists this document in Hong Kong, we can assume an intermediary fed it to Appelbaum to publish in Der Spiegel?” According to him, the NSA investigation had determined that Snowden indeed had copied a NSA list of cell phone numbers of foreign leaders, including the number of Merkel. This list became the basis of the Der Spiegel story. It was also clear that Snowden in Moscow gave credence to the release. He made a major point about the hacking of Merkel’s phone in an interview with Wired magazine in 2014. Just about two weeks before the leak, Kucherena said Snowden still had access to the documents. Clearly, someone had access. But whoever was behind it, the release of information about the alleged bugging Merkel’s phone resulted in badly fraying US relations with Germany in the midst of developing troubles in Ukraine. As it later turned, according to the investigation of the German federal prosecutor concluded in 2015, there was no evidence found in this document, or elsewhere, that Merkel’s calls were ever actually intercepted. Although they revealed little, if anything, the intelligence services of Germany, France and Israel were not already aware of, they raised a public outcry in allies against NSA surveillance, and the outcry became the event itself. While these post-Hong Kong documents had little, if any, intelligence value, they provided further evidence that at least part of the stolen NSA documents was in the hands of a party hostile to the United States. If so, it wasn’t much of a leap to assume that this party also had access to the far more valuable Level 3 documents revealing the NSA’s sources and methods, such as the one that Ledgett had described as a “road map” to U.S. electronic espionage against Russia and China. Within the intelligence community, this concern was heightened by new counter measure to this espionage employed by Russia and China after Snowden reached Moscow. For example, there were indications that the NSA had lost part of its capabilities to follow Russian troop movements in the Crimea and Eastern Ukraine. U.S. intelligence officials even went so far as to suggest, according to a report in the Wall Street Journal that “ Russian planners might have gotten a jump on the West by evading U.S. eavesdropping.” . Britain also discovered that some of its secret operations had been compromised after Snowden went to Moscow. According to a 2015 story in the Sunday Times of London, British intelligence had determined that Britain’s intelligence- gathering sources had been exposed to adversary services by documents that Snowden had stolen from the NSA in 2013. These documents had been provided to the NSA by the GCHQ, the British cipher service. Unless such intelligence disasters were freak aberrations, it appeared to confirm General Alexander warning in 2014 that the NSA was “losing some of its capabilities, because they’re being disclosed to our adversaries.” Snowden’s supporters, to be sure, disputed this view. If only as an act of faith in Snowden’s personal integrity, they continued to believe his avowal to Senator Humphrey that he had acted to protect U.S. secrets by shielding them from adversary intelligence services after he took them abroad. They also continued to take him at his word when he said he had destroyed all the NSA documents before going to Russia. Despite such protestation of Patriotic loyalty, U.S intelligence officials could not so easily dismiss the possibility that the missing documents still existed. After all, a U.S intelligence worker who is dedicated to protecting American secrets from its adversaries does not ordinarily takes them to an adversary country. The NSA, CIA and Department of Defense therefore had little choice but to assume the worst had happened: Russia and China had obtained access to the “keys of the kingdom”. Whatever the extent of the actual damage, it was up to General Alexander’s replacement, Admiral Michael Rogers, both to restore morale and rebuilding the capabilities of America’s electronic intelligence in the wake of the massive breach. According to a National Security staff member in the Obama White House, that job would take more than a decade. Meanwhile, Whoever now held the keys to the kingdom, one thing was certain: the NSA had failed to protect them. This intelligence failure did not happen out of the blue. Meanwhile, Putin added insult to the injury by awarding the alleged perpetrator sanctuary in Russia. CHAPTER EIGHTEEN The Unheeded Warning “The NSA—the world’s most capable signals intelligence organization, an agency immensely skilled in stealing digital data—had had its pockets thoroughly picked.” • --CIA Deputy Director Michael Morell In April 2010, the CIA received a stark reminder of the ongoing nature of Russian espionage. It came in the form of a message from one of its best placed moles in the Russian intelligence service. This surreptitious source was Alexander Poteyev, a 54-year old colonel in the SVR, which was the successor agency to the First Chief Directorate of the KGB. While the FSB took over the KGB’s domestic role in December 1991, the SVR became Russia's Foreign Intelligence Service. Its operation center was in the Yasenevo district of Moscow. The CIA had recruited Poteyev as its mole in the 1990s when he had been stationed at the Russian Embassy in Washington DC. That it could sustain a mole in Moscow for over a decade attested to its capabilities in the espionage business. After he returned to Moscow, still secretly on the CIA’s payroll, he became the deputy chief of the SVR’s “American” section. This unit of Russian intelligence had the primary responsibility for establishing spies in CIA, FBI, NSA and other American intelligence agencies. The SVR’s last known (or caught) mole in US Intelligence was CIA officer Harold Nicholson in 1996. Before it could now expand its espionage capabilities. It needed to build a network of Russian sleeper agents in the United States. For this network, it needed to groom so-called “illegals,” or agents who were not connected to the Russian Embassy. This so-called “illegals” network was necessary since presumably all Russian diplomats, including the so-called “legal” members of Russian intelligence, were under constant surveillance by the FBI. Advances in surveillance technology in the 21st century had made it increasingly difficult to communicate with recruit through its diplomatic missions. To evade it, the “American” division of the SVR was given the task of placing individuals in the United States disguised as ordinary Americans. Their “legend,” or operational cover, could be thin since they would not be applying for jobs in the government. Their job was simply blend in with their community until they were called upon by the “American” department in Moscow to service a mole that had been planted in US intelligence or other part of the US government. Until there were activated by such a call, they were classified as sleeper agents. Unlike the SVR’s “legal” officers, who were attached to Russian embassies as diplomats and were protected from arrest by the Treaty of Vienna, the SVR’s illegal agents lack diplomatic immunity. According to Pavel Sudoplatov, who defected from the KGB in the Cold War, the sole job of such sleeper agents was to “live under cover in the West awaiting assignments for the Center.” One assignment that justifies the expense of maintaining such agents is to service a penetration, after one is made, in the US intelligence establishment. While waiting to be activated for such a job, sleeper agents were instructed to build every detail of their cover identity so as to perfectly blend in with Americans. To build this American network of sleeper agents took the better part of a decade. In 2005, this SVR’s “American” section in Moscow had begun methodically installing “sleeper agents” in the US. Almost all of them were all Russian citizens who had assumed new identities to better blend into their communities. The CIA learned of this sleeper program through Poteyev soon after it began. The issue was how to exploit this knowledge. When I was writing my book on international deception, Angleton had pointed out to me that “the business of intelligence services is understanding precisely the relationship of their opposition to them.” His view, though his opponents inside the CIA would call it with some justification an obsession, was that an intelligence service had focus on the moves of its rivals. To accomplish this “business” in the first decade of the 21st century, the CIA had to establish why its new opposition, the SVR, was laying the foundation for an espionage operation. What were its priorities in the resumption of the intelligence war? Its inside man, Poteyev, in the SVR, provided it with a tremendous advantage in this relationship. It knew the links in a sleeper network that the SVR believed was safely hidden from surveillance. If they were followed, when they were activated they could expose whatever recruits the SVR had in the American government. The CIA duly shared this information about the sleeper ring with the FBI, which had the responsibility for the surveillance of foreign agents in the United States, The FBI, for its part, kept the Russian sleeper agents under tight surveillance—an operation which grew in complexity and expense as more SVR agents arrived in the US. Meanwhile, in Moscow, Poteyev was following the unfolding operation. Part of his SVR job was to continue preparing these “Americans,” as they were called by the SVR, for their assignments. Some had been sent as couples, other as singletons. One of the singletons that Poteyev personally handled was Anna Kushchyenko. She was a strikingly beautiful Russian student, who changed her name to Anna Chapman by briefly marrying a British citizen she met at a rave party. After taking his name, she left him. After completing her training in Russia, the SVR sent her to New York City to establish herself as international real estate specialist. Other “Americans” under Poteyev’s watch became travel agents, students, and financial advisers. In all, Poteyev identified to the CIA twelve such sleeper agents. Since they had been instructed to simply act out their role, while awaiting an intelligence assignment, they presented no real threat. Even so, the cost of FBI surveillance over the years became sizable. Around the clock surveillance on the movements and communications of a single individual can cost, according to a former FBI agent, over $10,000 a day. The situation suddenly changed when the CIA received Poteyev’s message in 2010. It warned that Russian military intelligence had asked the SVR to activate some of its sleeper agents for a highly-sensitive assignment. Such a move suggested that Russian intelligence had found a possible source that could supply it with valuable information. According to a former CIA intelligence official who later became involved in the case, the assignment involved preparing these agents to service a potential source in the NSA at Fort Meade, Maryland. If true, it suggested that Russian intelligence either had found or was working on a means of penetrating the NSA. In 2010, the NSA’s “Q” division handled such security and espionage threats. It reportedly initiated a counter-espionage probe at the NSA’s Fort Meade headquarters on receiving the tip. But since the NSA’s cryptological service had in 2010 no fewer than 35,000 military and civilian contractor employees, the search for a possible leak was no easy matter. According to a subsequent note in the NSA’s secret budget report to Congress, it would require “a minimum of 4,000 periodic investigations of employees in position to compromise sensitive information” to safely guard against “insider threats by trusted insiders who seek to exploit their authorized access to sensitive information to harm U.S. interests.” According to a former executive in the intelligence community, that amount of investigations far exceeded the budgetary capabilities of the NSA. So while the investigation found no evidence of SVR recruitment, it remained possible that Russian intelligence had found a candidate in the NSA. Meanwhile, in June 2010, to pre-empt such a leak in US intelligence and avoid any potential embarrassment that could result, the FBI decided it could no longer engage in this sort of an intelligence game with the sleeper network. It arrested all 12 sleeper agents identified by Poteyev. After receiving a great deal of public attention (which led to them inspiring the FX series: The Americans,”), the sleeper agents were deported back to Russia. This move had both advantages and disadvantages. The main advantage was that it severed any communication link between the putative person-of-interest in the NSA and Russian intelligence via the sleeper agents. The main disadvantage was that it eliminated the possibility that FBI surveillance of the illegals might lead the FBI to a possible recruit in the NSA or elsewhere. The pre-emptive arrests also had an unforeseen consequence. They resulted in accidently compromising the CIA’s own mole, Poteyev. In entrapping Anna Chapman, who was one of the more active of the sleeper agents, the FBI agent had used a password to deceive her into believing she was speaking to a SVR officer (when in fact she was speaking to an FBI agent who was impersonating one.) That unique password had been personally supplied to her by Poteyev. So Chapman had reason to believe Poteyev had betrayed her, When Chapman returned to Moscow after the spy exchange, she was taken to a well-publicized dinner with Putin. Afterwards, she informed her debriefer at the SVR that only Poteyev had been in a position to know the password that the FBI agent used. This brought Poteyev under immediate suspicion. Tipped off by the CIA to the FBI’s error, Poteyev managed to escape by taking a train from Moscow to Minsk in Belarus. The CIA next exfiltrated him out of Belarus and to the United States. Poteyev had been saved from prison—or worse, but he was no longer useful to the CIA as a mole. Without the services of Poteyev in the SVR in Moscow, US intelligence was unable to find out further details about the mission to which Poteyev’s sleeper agents were to be assigned. All it had discovered was the history of the preparations for a major espionage revival. It now knew that the SVR had installed plumbing in America that one or more agents in this network had been activated to handle a possible recruit in the NSA. But without anyone left in the sleeper network to follow and without an inside source in the SVR, it had no further avenues to fruitfully pursue. The revelation of the sleeper agents had little, if any, other intelligence value. The NSA’s own security investigation turned up no evidence of a leak at Fort Meade in 2010. The absence of evidence of a penetration in a security investigation is not in itself evidence of the absence of a penetration. The Russian intelligence service had demonstrated in the past it was well-schooled in covering its tracks in operations against US communications intelligence. For example, CIA counterintelligence had learned from a KGB defector in the early 1960s that Russian intelligence had penetrated the cipher room at the US Embassy in Moscow and, because of this operation, the KGB was able to decipher crucial communications. Even so, it failed to find either the perpetrator or any evidence of his existence for more than a half century. The operation was only definitively revealed by Russian spymaster Sergey Kondrashev in 2007. Tennent Bagley, who headed the CIA’s Soviet Bloc counterintelligence at the time, late wrote in his book that the ability of Russian intelligence to conceal this penetration for more than a half century “broke the record for secret keeping.” This Russian ability to penetrate US intelligence was not entirely defeated by America’s implementation of more sophisticated security procedures, such as the polygraph examination and extensive background checks. In 1995, only 10 years before Snowden joined it, the CIA's inspector general completed a study of the KGB’s use of false defectors to mislead the US government from the end of the Cold War in late 1980s through the mid-1990s. It found Russia had dispatched at least half-dozen double agents who provided misleading information to their CIA case officers. Because the KGB operation went undetected for nearly a decade, the disinformation prepared in Moscow had been incorporated into reports, which had a distinctive blue stripe to signify their importance, had been provided to the three American Presidents, Ronald Reagan, George H.W. Bush and Bill Clinton. Even more shocking, in tracing the path of this disinformation, the Inspector General found that the "senior CIA officers responsible for these reports had known that some of their sources for this information were controlled by Russian intelligence,” yet they did not inform the President and officials receiving the blue-striped reports, that they had included Russian misinformation. What CIA Director John Deutch called "an inexcusable lapse" also reflected a form of institutional willful blindness in US intelligence, borne out of bureaucratic fear of career embarrassment so well described in LeCarre's spy novels. Detecting intelligence failures has, if anything, become even more difficult in the age of the anonymous Internet. The NSA’s vulnerability to intelligence lapses, which became all too apparent with Snowden, had departed America with a large selection of its most secret documents. The Snowden breach demonstrated the NSA had few, if any, fail-safe defenses against a would-be leakers of communication intelligence. In the new domain of cyber warfare, conventional defensive rules do not apply. “There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker,” Michael Hayden said in an interview in 2015 with the publisher of the Wall Street Journal. His point was that since there are no defensive positions, cyber warfare must rely on an aggressive offensive. If fully successful such attacks would so deeply penetrate the defenses of an adversary intelligence organization that it could not mount any of its own unexpected cyber attacks Such offensive capabilities would make it difficult, if not impossible, for adversary services to recruit a spy in the NSA. .For example, the CIA penetration of the SVR in 2010 prevented it from using its the sleeper network against U.S. targets. “The best defense in this game may be an overwhelming offensive,” a former intelligence official said to me. “but that strategy only works if we can keep secret sensitive sources.” Central to this offensive strategy was the NSA’s National Threat Operations Center in Oahu, Hawaii. It employed threat analysts to surreptitiously monitor the secret activities of potential enemies, mainly China, Russia and North Korea. A large part of their job was to make transparent to the US the hostile activities of the Russian and Chinese services so that they posed little, if any, intelligence threat to America. This strategy worked so far as the NSA guarded itself but it also raised the issue, as the Roman Juvenal famously warned “Quis custodiet ipsos custodes?” Who will guard the guards themselves? Less than three years after the NSA had received the Poteyev warning, a 29-year old civilian trainee at the National Threat Operations Center, demonstrated its glaring vulnerability. Instead of guarding secrets, Snowden stole them. General Hayden described the Snowden breach as the “most serious hemorrhaging of American secrets in the history of American espionage. Among the documents taken in this security breach were lists of secret NSA sources in China and Russia. Despite all the measures the NSA had taken to protect its vital secrets, a lowly civilian employee had walked away with the keys to its kingdom In the hands of their intelligence services, these stolen lists had the potential to totally upend the NSA’s offensive strategy. Since Russia and China have an intelligence treaty for sharing such spoils between them when it is to their mutual advantage, it had to be assumed that if either country had acquired the secrets from Snowden, they would be shared between them altering the balance of power between the communication intelligence services of the US and its adversaries. Following the Snowden breach both China and Russia had immense successes d in breaking through the defenses of US government networks, including the breaches in 2014 and 2015 of U.S. personnel files and background checks. When I asked General Hayden in June 2015 if these successes were made easier by those documents compromised by Snowden, he replied, “Even though I cannot make a direct correlation here, unarguably our adversaries know far more about how we collect signals intelligence than they ever did before [Snowden].” If Snowden could cause such massive damage, so could other civilian trainees at the NSA. Someone in the chain of command had to take responsibility, General Alexander tendered his resignation on June 30th, 2013. “ I’m the director, “he said, falling on his sword. “Ultimately, I’m accountable. “ As President Obama did not want the head of the NSA resigning in the midst of the Snowden crisis, he asked him to stay on for another six months. He then appointed Admiral Michael Rogers to be his replacement. Meanwhile, it had become undeniable clear to the Review Committee appointed by President Obama in 2013 that the NSA’s own defenses had catastrophically failed. If so, this change was the equivalent of re-arranging the deck chairs on the S.S. Titanic after it hit an iceberg. . PART FOUR THE GAME OF NATIONS “I learned that just beneath the surface there's another world, and still different worlds as you dig deeper.” --David Lynch on his 1986 film Blue Velvet CHAPTER NINETEEN The Rise of the NSA “There are many things we do in intelligence that, if revealed, would have the potential for all kinds of blowback,” -- National Intelligence” – James Clapper, Director of National Intelligence In the Game of Nations, which is played at a level that often is not visible to public scrutiny, the great prize is state secrets that reveal the hidden weaknesses of a nation’s potential adversaries. The most important of these in peacetime is communication intercepts. It was just such state secrets that Edward Snowden took from the NSA in the spring of 2013. Before that breach, America’s paramount advantage in this subterranean competition was its undisputed dominance in business of obtaining and deciphering the communications of other nations. The NSA was the instrument by which the United States both protected its own secret communications and stole the secrets of foreign nations. The NSA, however, has an Achilles’ heel: it is dependent on civilian computer technicians who do not necessarily share its values to operate its complex system. Because of this dependence, it was not able in 2013, as it turned out, to protect its crucial sources and methods. Snowden exposed this vulnerability when he walked away with, among other documents, the 32,000 page-long country by country descriptions of the gaps in America’s coverage of the communications of its adversaries. Even though the Cold War had been declared over after the collapse of the Soviet Union a quarter of a century earlier, the age-old enterprise of espionage did not end with it. Russian and China still sought to blunt the edge that the NSA gave the United States. So the Snowden breach cannot be simply looked as an isolated event. It needs to considered in the context of the once and future intelligence war. The modern enterprise of reading the communications of other nations traces back in the United States to military code-breaking efforts preceding America’s entry into the First World War The invention of the radio at the end of the nineteenth century soon provided the means of rapidly sending and getting messages from ships , submarines, ground forces, spies, and embassies. These over-the-air messages could also be intercepted from the ether by adversaries. If they were to remain secret, they could not be sent in plain text. They had to be sent in either code, in which letters are substituted for one another, or, more effectively, cipher, in which numbers are substituted for letters. Making and breaking codes and ciphers became a crucial enterprise for nations. By 1914, the US Army and Navy had set up units, staffed by mathematicians, linguists and crossword puzzle-solvers to intercept and decode enemy messages. After the war had ended in 1918, these units were fused into a cover corporation called the “Code Compilation Company,” which moved to new offices on 37th Street and Madison Avenue in New York City. Under the supervision of the famous cryptographer Herbert O Yardley, a team of 20 code-breakers was employed in what was called the “Black Chamber.” Yardley arranged for Western Union, which has the telegraph monopoly in America, to provide the Black Chamber with all the telegrams coming into the United States. “Its far-seeking eyes penetrate the secret conference chambers at Washington, Tokyo, London, Paris, Geneva, Rome,” Yardley wrote about the Black Chamber. “Its sensitive ears catch the faintest whispering in the foreign capitals of the world.” But in 1929, at the instructions of President Herbert Hoover, Secretary of State Henry Stimson closed the Black Chamber saying famously “Gentlemen should not read each other's mail.” The moratorium did not last long. With war looming in Asia and Europe, President Franklin D. Roosevelt reactivated the operation as the Signals Security Agency. It proved its value in breaking the Japanese machine-generated cipher “purple.” In June 1942, using deciphered Japanese messages to pinpoint the location of the Japanese fleet at Midway; America’s won a decisive naval victory in the Pacific. Germany’s Enigma encoding machines, with three encoding wheels, proved more of a challenge. Initially British cryptanalysts led by the brilliant mathematician Alan Turing succeeded in building a rudimentary computer to decipher German messages to its submarines and bombers, but, in 1942, Germany added a fourth set of encoding wheels, escalation what essentially was a battle of machine intelligence. The US Navy then contracted with the National Cash Register Company to build a computing machine capable of breaking the improved Enigma, and, in May 1943, it succeeded. By the time the war ended in 1945, the US had over one hundred giant decryption machines in operation. This unrivalled capability to read the communications of foreign nations, which remained one of America’s most closely guarded secrets, was transferred to the Army Security Agency based at Fort Meade, Maryland. Then, on October 24, 1952, President Harry S. Truman, greatly expanded its purview and changed its name to the National Security Agency. The NSA was given two missions. The first one was protecting the communications of the US government. The main threat to breaching U.S. government channels of communications was the Soviet. The second one was intercepting all the relevant communications and signals of foreign governments. This latter mandate included the governments of allies as well as enemies. The President, the other intelligence services and the Department of Defense deemed what was relevant for national security. Even though the NSA remained part of the Department of Defense, its job went far beyond providing military intelligence. It also acted as a service agency to other American intelligence services. They prepared shopping lists of foreign communications intelligence and the NSA fulfilled them. As the Cold War heated up in the 1960s, the NSA provided intelligence not only to the Pentagon but to the Department of State, Central Intelligence Agency, the Treasury Department, the Atomic Energy Commission, and the FBI. With a multi-billion dollar “black budget” hidden from public scrutiny, the NSA’s technology directorate invested in state-of-the-art equipment, including super computers that could break almost any cipher, antennae mounted on geosynchronous satellites that vacuumed in billions of foreign telephone calls and other exotic capabilities. It also devised stealthy means of breaking into channels that its adversaries believed were secure. This enterprise required not only an army of technical specialists capable of remotely intercepting even the faintest traces of electromagnetic signals, hacking into computers, and eavesdropping on distant conversations, but using special units, called “tailored access operations,” to plant listening devices in embassies and diplomatic pouches. It also organized elaborate expeditions to penetrate cables in enemy territory. In 1971, for example, the NSA had sent a specially-equipped submarine into Russia’s Sea of Okhotsk in Asia to tap through Arctic ice. The target was a Russian cable 400 feet below the surface that connected the Russian naval headquarters in Vladivostok with a missile testing range. In 1980, President Ronald Reagan, gave the NSA a clear mandate to expand its interception of foreign communications. In Executive Order 12333, he told the NSA to use “all means, consistent with applicable Federal law and (this Executive) order, and with full consideration of the rights of United States persons, shall be used to obtain reliable intelligence information to protect the United States and its interests.” It did restrict any foreign country, either an adversary or an ally, from its surveillance. The NSA’s target soon became nothing short of the entire electromagnetic spectrum. “We are approaching a time when we will be able to survey almost any point on the earth’s surface with some sensor,” Admiral Stansfield Turner, the former Director of Central Intelligence wrote in 1985. “We should soon be able to keep track of most of the activities on the surface of the earth.” Bobby Ray Inman, a former director of the NSA and deputy director of the CIA, argued that the “vastness of the [American] intelligence ‘take’ from the Soviet Union, and the pattern of continuity going back years, even decades,” greatly diminished the possibility of Soviet deception so long as the NSA kept secret its sources. The NSA did not rely entirely on its own sensors for this global surveillance. It also formed intelligence-sharing alliances with key allies the most important was with the British code-breaking service, called the Government Communications Headquarters, or GCHQ, which in World War II had achieved enormous success in using computers to crack the German Enigma cipher. This alliance expanded to include Canada, Australia, and New Zealand, in the so-called Five Eyes Alliance. Since over 80 percent of international phone calls and Internet traffic passed through fiber-optic cables in these five countries, the alliance had the capability of monitoring almost all phone and internet communications. .The NSA also established fruitful liaisons with the cyber-services of Germany, France, Spain, Italy, Netherlands, Portugal, Israel, Japan, and South Korea, who often were willing to provide the NSA with access to telecommunications links in their countries. These long-term allies greatly strengthened the NSA’s hand in other ways in the intelligence war. For example, the so called “James Bond” provision of the British Intelligence Services Act 1994 allowed officers of the GCHQ to commit illegal acts outside of Brittan including planting devices to intercept data from computer servers, cell phones, and other electronic targets. And, as Snowden’s release of documents revealed in 2013 and 2014, these foreign allies fully shared their information with the NSA. Of course, the liaison between the NSA and its allies was a two way street. In 2013, none of these other countries had a global network of geosynchronous sensors in outer space and under the ocean that could monitor signals from missile launching, submarine, military deployments, nuclear tests and other matters of strategic importance to them. Nor did these allies have the cipher-breaking capabilities of the array of NSA super computers. The NSA had assiduously built these means at a cost of over a half trillion dollars and employed tens of thousands of linguists who could translate almost any dialect or language of interest. Even though these allies had their own ciphers services and local capabilities they depended on NSA to provide them a large share of their signal intelligence. From the perspective of defending themselves from potential threats, the deal that these allies had with NSA was a mutually-advantageous. The NSA’s overseas intelligence gathering was not limited to adversary nations. With the exception of the Five-Eye allies, it gathered data that was deemed of importance by the President and Defense Department in friendly countries. These operations had been approved by every American President, and funded by every American Congress, since 1941. After all, even in the realm of allies, activities take place that run counter to American interests. The 911 conspiracy, for example, was hatched in Hamburg, Germany and financed in Dubai and Saudi Arabia. Nor were American allies unaware of the reach of the NSA. “Yes, my continental European friends, we have spied on you. And it is true we use computers to sort through data by using keywords,” former CIA Director James Woolsey wrote in the Wall Street Journal in 2000, “Have you stopped to ask yourselves what we are looking for?” Whether or not it was appreciated by other countries, the global harvesting of communication intelligence by the NSA was hardly secret. As the NSA expanded further, it delegated part of its work to regional bases, including ones in Utah, Texas, Hawaii and Japan. The paramount task of the NSA remained monitoring the channels of communications that an adversary might use. The vast proliferation of these channels in cyberspace, which included email, social media, document sharing and other innovations of the Internet age, greatly complicated this task. Even so, this challenge was not insurmountable because most of the Internet actually travelled through fiber-glass land-line cables that crossed the territories of the United States, Britain and Australia. So the NSA found the technical means, including voluntary gaining access to major Internet companies, to “harvest” vast amounts of this Internet data. America’s other intelligence agencies quickly recognized the value of the communications intelligence gleaned from foreign telecommunications. John E. McLaughlin, who was the CIA’s Acting Director in 2004, described the NSA as nothing less than the “very foundation of US intelligence.” This service proceeded from the immense amount of foreign data that the NSA vacuumed in through its global sensors. This data allowed the CIA and other US intelligence services a means for verifying the reports of its human sources as well as discovering new targets in adversary nations for further investigation. By the first decade of the 21st century, the NSA’s surreptitious efforts to render the Internet transparent to US intelligence had earned it a new set of enemies. They were the previously-mentioned hacktavists who were attempting to shield the activities of Internet users from the intrusions of government surveillance. They employed both encryption and TOR software to defeat that surveillance. The NSA was not about to be defeated by the tactics of amateur privacy advocates. It did not conceal that it was intent on countering any attempt to interfere with its surveillance of the Internet. It built back doors into their encryption and worked to unravel the TOR scrambling of their IP addresses. It made leading hacktavists targets. Brian Hale, the spokesman for the Director of National Intelligence, disclosed that the US routinely intercepted the cyber signatures of parties suspected of hacking into US government networks. Following the 9/11 attack on the Pentagon and World Trade Center, the surveillance of the Internet also became an integral part of Bush’ administration’s war on terrorism. In October 2001, Congress expanded the NSA’s mandate by passing the USA Patriot Act. Section 215 of the act directly authorized the NSA, with the approval of the FISA court, to collect and store domestic telephone billing records. The idea was to better coordinate domestic and foreign intelligence about Al-Qaeda and other jihadist groups. The mantra in government after the 9/11 was to “connect dots.” Congress with this back essentially called for demolishing the wall by domestic and foreign intelligence when it came to foreign-directed terrorism. The act effectively made the NSA a partner with the FBI in tracking phone calls made from the phones origination outside the United States by known foreign jihadists. If these calls were made to individuals inside the NSA was now authorized to retrieve the billing records of the person called and those people who he or she called. These traces were then supplied to the FBI. When a New York Times expose in 2008 revealing that NSA surveillance has been extended to domestic telephone used, Congress passed the FISA Amendments Act of 2008 explicitly allowing the NSA to continue these practices if it obtained a FISA court order. Congress also sanctioned the NSA’s supplying the FBI with the emails and other Internet activity of foreign Jihadists if it was suspected of planning attacks in America. This put the NSA directly in the anti-terrorist business in the United States. It also necessitated the NSA vastly increasing its coverage of the Internet. The new duties also increased the NSA’s need to create new bureaucratic mechanism to monitor its compliance with FISA court orders, Rajesh De, the NSA’s General Counsel at the time of the Snowden breach, described the NSA as becoming by 2013 “one of the most regulated enterprises in the world.” Grafted onto its intelligence activities were layers of mandated reporting to oversight officials. Not only did the NSA have its own chief compliance officer, chief privacy and civil liberties officer, and independent inspector general but the NSA also had to report to a difference set of compliance officers at the Department of Defense the Office of National intelligence and the Department of Justice On top of reporting to those officials, the Department of Justice dispatched a team of lawyers every 60 days to review the results of “every single tasking decision” approved by the FISA court. According to Rajesh De, just assembling these reports involved thousands of hours of manpower. In addition, the President’s Oversight Board required that NSA’s Office of the General Counsel and Inspector General supply it every 90 days with a list of every single error made by every NSA employee anywhere in the world deviating from procedures, including even minor typing errors. These requirements, according to De, inundated a large part of the NSA legal and executive staff in a sea of red tape. Yet, this regulation could not undo surveillance programs such as the one Snowden revealed of Verizon turning over the billing records of its custumers to the NSA, because the NSA was in compliance with the FISA court order (even though, as it turned out in 2015, the FISA court may have erred in interpreting the law.) The NSA’s focus on surveillance may have led to the neglect of its second mission: protecting the integrity of the channels through which the White House, government agencies and military units send information. This task had been made vastly more difficult by the proliferation of computer networks, texting and emails in the 21st century. To protect against cyber attacks against government networks, the Pentagon belatedly created the Cyber Command in 2009. In it, the cyber defense units of the Army, Navy, Marines, and Air Force cyber forces, were merged together in this new command put under the command of the NSA director. NSA director Keith Alexander became the first director of this new command. One problem for the Cyber command was separating attacks by civilians, including criminals, hacktavists and anarchists, from cyber warfare sponsored and supported by adversary states. Since foreign intelligence services often closely imitated the tools of civilian hackers, and were even known to provide them with hacking tools. Even for the Cyber Command, it was not easy challenge to unambiguously determine if the ultimate perpetrator of a cyber attacks was state-sponsored. For example, the identification of North Korea as the principal actor behind the attack on Sony in December 2014 appeared to be a rare success, but many cyber-security experts believed that it might be a false trail used to hide the real attacker. The problem here was that clues can be fabricated in cyber space to point to the wrong party. The job of the Cyber command was to prevent such an attack. To this end, it planted viruses on hundreds of thousands of computers in private hands to act as sentinels to spot other suspicious viruses that could mount such an attack. So private computers became a new battleground in the cyber was. It also built a capability to retaliate. The problem was that, unlike incoming missiles, cyber attacks which were launched through layers of other country’s computers could not be unambiguously traced back to the true perpetrator. This escalation by the Cyber Command set the stage for expanded forms of warfare in Cyber space. “The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently, the U.S. electrical grid,” General Alexander said in explaining the need for this consolidation. “If that is determined to be an organized attack, I would want to go and take down the source of those attacks.” The same retaliation would presumably be used against Russia, Iran or any other adversary. Dominance of cyber space itself now became part of the NSA’s mandate. Even so, the most important job of the NSA remained intercepting secret information from Russia, China, Iran, and North Korea. To this end, it had an annual budget of $12.3 billion and some 35,000 military and civilian employees. In 2012, James Clapper, Jr., the Director of National Intelligence justified the secret intelligence budget by saying in an open session of Congress, “We are bolstering our support for clandestine SIGINT [signal intelligence] capabilities to collect against high priority targets, including foreign leadership targets,” and to develop “groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” It was no secret, even before Snowden, that the NSA was engaged with monitoring the Internet. Through all this tumult the heart of the NSA’s activity remained its 5,000 acre base at Fort George G. Meade, Maryland. It commanded the most powerful mechanism for intercepting communications that the world had ever seen. No other country came close to its technology for intercepting information. The NSA was not only able to intercept secret information from these potential adversaries, but it also, at least not until the Snowden breach, managed to conceal these means from them. As long as these adversaries remained blind to the ways in which its communications were being intercepted, deciphered and read by the NSA, they could not take effective countermeasures. Consequently, he NSA had the capability to provide the President and his advisers with continuous insights into the thinking and planning of potential enemies. Keeping its sources and methods secrets was no easy task. The NSA’s technicians had to deal with continuous technical challenges to provide a seamless harvesting of data from a wide range of communication devices, including telephones, computers and the Internet. It required continuous intra-agency communications between the NSA’s own intelligence officers and a growing number of civilian technicians. It even had its own “Wiki-style” network through which they could discuss problems, called the NSANet. As it could not tightly control access to this technical network, it expunged any mention of the sources and methods from the material circulated on the classified NSA network. Instead, it stored them in discrete computers, called compartments that were disconnected from other computers at the NSA. These compartments could only be accessed by a limited number of analysts and NSA executives who had a need to know about the data they contained. These compartments were the final line of defense against an inside intruder. In 2009, Snowden found his way into the NSA through a temporary job with an outside contractor that had a contract with the NSA’s Technology Directorate to repair and update it back-up system. Four years later, by maneuvering to get hired by another outside contractor with access to the NSA’s sources and methods, he was able to steal secrets stored in isolated computers bearing directly on the ongoing intelligence war. Snowden also copied from these compartments in a matter of weeks, as has been previously mentioned, the NSA’s Level 3 sources and methods used against Russia, Iran and China. The Snowden breach demonstrated that the NSA’s envelope of secrecy was at best illusory. After this immense loss, the NSA’s sources inside these adversary countries were largely compromised even if they were not closed down. Once these adversaries were in a position to know what channels the NSA was intercepting, they could use these same channels to mislead US intelligence. A former top intelligence official told me “The queen on our chessboard had been taken.” To be sure, even after the loss of its “queen,” the game was not lost. The NSA moved to mitigate the damage and find new ways of obtaining unexpected intelligence. In June 2014, the new NSA director Admiral Michael Rogers had to confront flagging morale that, according to former director Michael Hayden, was near-paralyzing the intelligence service. Admiral Rogers recognized that as a direct result of the Snowden breach “the nation has lost capabilities against adversaries right now who are attempting to actively undermine us." But even with that loss, he observed “the sky has not fallen.” As in the Chicken Little fable he cited, the world had not ended for the NSA. Nor had it ended for the multi-billion out-sourcing enterprise it superintended. The NSA may have lost many of its sources, or “capabilities,” but Rogers held out hope that new sources could be eventually found to replace them. Compromised codes, after all, could be changed. New technological methods could be devised. New vulnerabilities also could be targeted in enemy territories. Although repairing the damage might take many “decades.” according to Michael McConnell, the Vice Chairman of Booz Allen, the new director had to get on with that task. McConnell, a former NSA director himself, pointed out that the NSA Director’s “first responsibility is to be the chief cheerleader." Rebuilding the NSA capabilities assumed, however, that there would not be another Snowden-size breach. The question remained: how could the NSA’s vaunted secrecy have been so deeply penetrated by a mere analyst-in-training at a regional base in Oahu? The perpetrator himself could not be asked. He was in Moscow, supposedly employed by an unnamed Russian cyber security firm. He was also in his Moscow interviews pointing to the “incompetence” of the NSA. All that was known for certain about the young man who had taken the “queen” from the board was that he had gained entry to the NSA’s secret chambers through the back door, a portal opened to him by the NSA’s reliance on outside contractors. CHAPTER TWENTY The NSA’s Back Door “You have private for-profit companies doing inherently governmental work like targeted espionage, surveillance, compromising foreign systems. And there’s very little oversight, there’s very little review.” - Edward Snowden, explaining his access to the NSA in Moscow, 2014 Prior to Snowden’s theft of NSA documents, the single most shattering blow to the confidence of the US intelligence community was the exposure of Aldrich Ames as a long-serving Russian mole in the CIA in 1994. Ames, it will be recalled, had been a high-ranking CIA officer. He had even worked at the CIA’s Counterintelligence Center Analysis Group before he was arrested by the FBI. He had also worked as a mole for Russian intelligence. (His recruitment by the KGB will be further discussed in Chapter twenty-seven.) In a plea bargain to avoid the death sentence, he admitted that he had successfully burrowed into the CIA for over nine years on behalf of the KGB. His description of his sub rosa activities as a mole was part of the plea bargain. He was sentenced to life imprisonment. This stunning revelation shook the CIA leadership to its core. Up until then, as mentioned earlier, CIA executives steadfastly denied that it was possible that the KGB could sustain a mole in American intelligence. The Ames arrest also led the NSA to reassess its own vulnerability to penetration. Could there be an Ames inside the NSA? The question was considered by the NSA’s National Threats Operations Center, the same unit from which Edward Snowden later stole a huge trove of secret documents. According to a report in 1996 entitled “Out of Control” (later released by the NSA), the danger of an Ames-type penetration could not be excluded. Even though the “threat officer” who wrote this report was not identified by name, his analysis proved incredibly prescient. He said that the NSA’s drive to enhance its performance by networking its computers would result in the intelligence services, putting “all their classified information ‘eggs’ into one very precarious basket.” The basket was the computer networks run by technicians called: system administrators.” He pointed out that the NSA was becoming increasingly dependent on such networked computer systems, and he predicted that the NSA’s “Aldrich Ames.” As he put it, would be a “system administrator”—which was the position that Edward Snowden held nearly two decades later at Dell when he began stealing secrets. The NSA’s system administrators were, as the threat officer pointed out, very different from the traditional military employees at the NSA. They were usually civilians, who effectively served as repair-men for complex computer systems at the NSA. Moreover, many of them had not been directly hired by the NSA. Instead, their recruitment had been privatized to outside contractors. This outsourcing had deep roots tracing back to the Second World War Ed Booz, the founder of Booz Allen Hamilton, obtained contracts to help manage ship construction from the US Navy. After the war ended he sought contracts for his firm in classified work. These contracts grew in size as the NSA needed more and more system administrators and other information technologists to manage the computer networks. These system administrators needed to be given special privileges to do their service job. One such privilege allowed them to bypass password protection. Another privilege allowed then to temporarily transfer data to an external storage device while they repaired computers. These two privileges greatly increased the risk of a massive breach. Seeing them as the weak link if the chain, the threat officer wrote in the report that “system administrators are likely to be increasingly targeted by foreign intelligence services because of their special access to information.” Before the computerization of the NSA, the threat officer noted that code clerks and other low-level NSA communicators had been the target of adversary intelligence services. But the increasing reliance on computer technicians presented foreign intelligence services with much richer targets. He predicted that they would adapt their recruiting to this new reality. Specifically, he argued that adversary intelligence services would now focus their attention on system administrators. “With system administrators,” he said, “the situation is potentially much worse than it has ever been with communicators.” The reason: “System administrators can so easily, and quickly, steal vast quantities of information.” He further suggested that since system administrators are often drawn from counterculture of hacking, they are more likely to be vulnerable to an adversary service using a fake identity for its approach, or a “false flag.” A “false flag” was a term originally applied to pirate ship that temporarily hoisted any flag that would allow it to gain close proximity to its intended prey but it modern times describes a technique employed by espionage service to surreptitiously lure a prospect. As will be more fully discussed in the next chapter, false flags were a staple used by the KGB in espionage recruitments during the Cold War. They were usually employed when a target for recruitment was not ideologically disposed to assisting the intelligence service. To overcome that problem, recruiters hide their true identities and adopt a more sympathetic bogus one. In 1973, for example, the KGB, working through one of its agents in the US Navy, used the false flag of Israel, to recruit Jerry Alfred Whitworth, who served as a communications officer with a top secret clearance for the Navy. Like many other KGB recruits, Whitworth came from a broken family, dropped out of a high school, took technical courses and got a job as a communications officer. He was not disposed to working for Russia. But he was willing to steal enciphered and plain text cables to help in the defense of Israel. After he was thoroughly compromised by his espionage work, he was told by the KGB recruiter that he was actually working for Russia, but, by this time, he was too deeply compromised to quit. He continued his espionage work for another 8 years. (Whitworth, who was arrested by the FBI in 1985, was convicted of espionage and sentenced to 365 years in prison.) The Internet provided an almost ideal environment for false flags since its users commonly adopt aliases, screen names, and other avatars. The threat officer explained how easy it would be for the KGB to adapt such a false flag when dealing with a dissident system administrator working for US intelligence. As the threat officer pointed out in his report, the KGB had used false flags in the late 1980s to surreptitiously recruit members of the “German Hanover Hackers,” a community of anarchistic hackers who breached computer networks for fun and profit. Up until then, these hacktavists stole corporate and private passwords, credit card information, and other privileged documents as a form of freelance espionage. Because of their fervent anti-authority ideology, the KGB disguised its recruiters as fellow hacktavists. The KGB succeeded in getting the Hanover hackers to steal log-in account identifications, source codes and other information from U.S. government computer networks. The precise vulnerability that this threat officer pointed out in 1996 was system administrators. This weak link became increasingly relevant as the NSA moved further into the digital age. By the beginning of the 21st century, its growing networks of computers were largely run by civilian technicians, including system administrators, infrastructure analysts, and information technologists, who were need to keep the system running. Despite the warning by the threat officer, the NSA became more reliant on these outsiders as it reorganized to meet its new mandates for surveillance of the Internet in the war on terrorism. Since the NSA had to compete with technology companies, such as Google, Apple and Facebook, for the services of experienced IT workers, it used private contractors to find them. They, in turn, recruited civilian technicians from many unconventional areas, including the hacking culture. Ex-hackers, who lacked (or shunned) employment opportunities in the corporate sector, were suitable candidates for the system administrator jobs that these films had contracted to supply the NSA. In the rush to expand, little heed was paid to the 1996 warning that this hacking culture might provide a portal to anti-government hacktavist groups. The NSA became so enamored with this new technology that it neglected the security implications of employing outsiders, “All of us just fell in love with the ease and convenience and scale [of electronic storage]”, Michael Hayden, who headed the NSA at the time, said to the Wall Street Journal in 2015. “So we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here [in a computer network], where it’s by definition more vulnerable.” Making matters even worse, as has been previously discussed, the NSA stripped away much of the so-called stove-piping that insulated highly-sensitive data from the NSA’s other computer networks. Here they were merely following the recommendations of the 9/11 Commission to make their data more accessible to other agencies concerned with potential terrorist attacks. As a result, the inner sanctum of the NSA became more opened to its new army of civilian technicians. The universe of independent contractors was governed by very different forces than that of intelligence services. By 2013, much of the job of managing the NSA’s classified computers had been handed over to five private companies: Booz Allen Hamilton, which handled the most highly secret work; and Dell SecureWorks, Microsoft, Raytheon, and IBM. In many respects, these five companies acted less like management consultants and more like temporary employment agencies in finding for the NSA the computer specialists, who had the necessary security clearances. Unlike intelligence services, their fate depended on turning profits. Since the value of their contracts was largely limited by competitive bidding, their business plans were predicated on their ability to minimize the costs of fulfilling these contracts. Their principal cost was the salaries they paid their independent contractors. Their business plans therefore depended on finding large numbers of computer technicians in the private realm willing to work at a NSA base at relatively-low wages. This task became more difficult as many potential recruits could find higher paying employment with more of a future in the burgeoning private sphere. They could also increase their revenue streams by getting additional contracts which, in turn, meant recruiting even more workers. It was hardly a business plan which could afford to give priority to quality control. In the private sector, there is usually an unambiguous external measure of failure. For example, for an automobile company such as General Motors can measure the performance of its executive by reckoning it change in net income. With secret intelligence work, the metrics for failure are far less clear. This curious aspect of secret work was part of the advice given to White House lawyer in the Obama Administration seeking a position with the NSA in 2012, He was advised that among the advantages of working for a super-secret agency was that if one errs or has a failure. “It stays secret.” He later found out in the Snowden case which exploded during his tenure at the NSA, that not all failures stay secret. Even so, the NSA cannot always find convenient metrics to measures its own failures. For example, it can quantify the amount of data it is intercepting, it cannot count the intelligence it misses. There is no getting around the a priori proposition in the intelligence game: “what is successfully hidden is never found.” But there is a failure that cannot be hidden: a security breach in which a perpetrator uses NSA data to publically expose the NSA’s sources. Up until the Snowden breach in 2013, the NSA had had experienced only one such a public failure. It was the capture by North Korea in 1968 of the USS Pueblo, which had been carrying out highly-sensitive electronic communications interception for the NSA. Because the Pueblo crew failed to destroy the NSA’s encoding machines, which several days were flown to Russia. The stakes were so high that the Pentagon even considered using nuclear weapons to limit the damage of the seizure. The Snowden breach was much worse because, among the thousands of documents he stole, he selected lists of the NSA’s secret sources in adversary nations. Making matters worse, the Snowden breach was a failure that directly traced back to Booz Allen Hamilton, the NSA’s largest contractor. Such a failure calls into question the vexing issue of privatizing secret intelligence. Booz Allen, like all other outside contractors, was in the business to make money. Indeed, it had found government contracts so much more profitable than its work in the private sector that it sold its private sector unit to Price Waterhouse. The profitability of government work led the Carlyle group’s hedge fund to acquire a controlling stake in Booz Allen in July 2008. By 2013, it had increased its revenue by $1.3 billion by expanding its government contracts. Even more impressive, its operating margin on these contracts had doubled. As it turned out, it did not achieve these profits by increasing its core internal staff. In 2008, it had 22,000 employees on its internal staff, and in 2013, it had roughly the same number on its internal staff. What it expanded was the number of outside contractors it employed. It added in these five years, by one Wall Street analyst’s calculation, some 8,000 new external workers. They were employed as system administrators, infrastructure analysts, computer security specialists and other “geek squad” jobs at the NSA and other government agencies. Their main qualification was their prior secrecy clearances (which saved Booz Allen the expense of vetting them and also the loss income while waiting many months for a clearance.) Snowden therefore was highly-desirable from an economic point of view for Booz Allen. Even though he had no prior experience as an infrastructure analyst, and he had been detected being untruthful about his degree in computer sciences, he not only had a SCI secrecy clearance, but he was willing to take a cut in pay. In keeping with the Booz Allen business plan, such a recruit would provide another cog in its profit machine. Not only had the NSA outsourced much of its computer operations to private companies but the Clinton Administration in 1996 had privatized background checks for government employees requiring security clearances. The idea backed by Vice President Al Gore was to reduce the size of the Federal government by outsourcing investigating the backgrounds of millions of government applicants for jobs. The task had been previously been performed by FBI but it was assumed that a profit-making business could do it faster and more efficiently. The private company named United States Investigative Services (USIS) was purchased in 2007 for $1.5 billion by Providence Equity Partners, a rapidly-expanding investment firm founded only four years earlier by graduates of Brown University and the Harvard Business School. So like Booz Allen, USIS was backed by a hedge-fund determined to make money by systematically cutting the cost of a previously government service. But such outsourcing had drawbacks. For one thing, unlike the FBI, USIS lacked the investigative clout to gain entry to other the CIA and other government agencies. For example, when it did the background check on Snowden in 2011, it could not get access to his CIA file. As will be recalled, there was a "derog” in his file that might have set off alarm bells. But because of its lack of access to the CIA, USIS did not learn about the derogatory reports in Snowden’s CIA file. Nor did it learn that he had been threatened by an internal investigation of his alleged computer tampering in 2009. The FBI, with its long standing liaisons with the CIA, might have learned this about Snowden if it had done his background check. To be sure, the profit calculus might have worked better if it had been coupled with adequate oversight. But without such oversight, it proved to be a barrier to extended investigations of applicants. As it turned out, USIS closed cases and cleared applicants without completing an adequate investigation. According to a US government suit filed in 2014, USIS had prematurely closed over 665,000 investigations in order to get more quickly paid for them. Since the more cases it completes each month, the more money it receives from the government, the law suit alleged that USIS employees often “flushed,” or ended cases before completing a full investigation, to meet corporate-imposed quotas for getting bonuses. One employee said in an email cited in the government’s complaint “Flushed everything like a dead goldfish.” As a result, some of information specialists entering the NSA through the back door of outside contractors were not fully vetted. (On August 20, 2015 USIS agreed to forfeit $30 million in fees to settle the law suit.) USIS was also opened to sophisticated hacking attacks by outsiders. For example, in August 2014, the Department of Homeland Security’s counterintelligence unit discovered such a massive and persistent breach in USIS that it shut down its entire exchange of data with USIS. The intrusion into USIS records in this case was attributed to hackers in China most likely linked to the Chinese intelligence service. Such massive intrusions dated back to 2011. USIS’ lack of security in its website left a gaping hole through which outside parties, including Chinese and Russian hackers, could learn both the identity and background of information specialists applying for jobs at the NSA. These private companies had one further security weakness. They did sufficiently protect the personal data of their off-premise employees working at the NSA. Consider, for example, the successful 2011 attack on the Booz Allen Hamilton servers. The previously-mentioned hackers' group “Anonymous” took credit for it. It not only breached the security of Booz Allen servers but cracked the algorithms it used to protect its employees. It next injected so-called Trojan-horse viruses and other malicious codes on Booz Allen servers that allowed it to have future entry. Presumably, if amateur hackers such as Anonymous could break into the computers of the NSA’s largest contractor, so could the state espionage services with far more advanced hacking tools such as those of Russia and China. From these sites, an adversary intelligence service could obtain all the job applications and personal resumes submitted to contractors such as Booz Allen. It could then compile a list of the candidates looking to work at the NSA. These deficiencies in the private sector were compounded by the failure of security in the government’s own Office of Personnel Management. It used a computer system called E-QIP in which intelligence employees with security clearances, including outside contractors, updated their computerized records to maintain or upgrade their security clearances. For example, Snowden updated his clearance in 2011. To do so, these employees constantly updated their financial and personal information. As it turned out, there was a major hole in the E-QIP system. It was repeatedly hacked since 2010 by unknown parties. In 2015, the US government told Congress that China was most likely responsible but Russia and other nations with sophisticated cyber services could have also participated in the hacking. In any case, the records of over 19 million employees, including intelligence workers, became available to a hostile intelligence service. This breach would allow hostile services a great deal of information about independent contractors working at the NSA. They could then use this data to follow the movements of movement of any of these intelligence workers they deemed of interest. Despite all the potential flaws in it, the outsourcing system, ii seemed to work until 2013. It even featured a revolving door through which Booz Allen, for example, hired retiring executives from the intelligence services, such as ex-NSA director Michael McConnell, R. James Woolsey, a former director of CIA, and Lieutenant General James Clapper (ret), who later served as Director of National Intelligence. The cozy relationship between the private firms and the NSA notwithstanding, the NSA leadership was unaware that outsourcing could create a security problem. As far back as 2005, Michael Hayden, then the departing head of the NSA, had been warned of one such vulnerability in a memorandum written by a counter-intelligence officer at the NSA. Like the earlier 1995 report by the threat officer, this memorandum noted the NSA had ceded responsibility for managing its secret systems to outsiders, and warned that the NSA’s reliance on them to manage its computers had opened a back-door into the NSA. In addition, it warned that once an outside contractor managed to slip in through this back door, he could easily jump from one outsourcer to another. This was what Snowden did when he moved from Dell to Booz Allen Hamilton in 2013. Despite its security flaws, outsourcing provided a number of advantages to the NSA. For one thing, it provided a means for circumventing the budget restrictions imposed by Congress on hiring new employees. In addition, since private companies had less-rigid hiring standards, it greatly expanded the pool of young system administrators by tapping into computer cultures that would be antagonistic to working directly for the government. Finally, it used less NSA resources. Since these information technologists were only temporary employees, they were not entitled to military pensions, medical leave and other benefits. It was a system which effectively replaced military careerists with free-lancers. The irony of the situation was that the NSA had surrounded its front doors with rings of barbwire, close-circuit cameras, and armed guards, but for reasons of economy, bureaucratic restrictions and convenience, it had left the back door of outsourcing opened to temporary employees of private companies. To be sure, it might take some time for them to gain entry to its inner sanctum. “It was not a question of if but when one of the contractors would go rogue,” the former NSA executive who wrote the memorandum told me. Snowden answered that question in 2013 by stealing a vast number of files while working for both Dell and Booz Allen. Even more extraordinary than the theft itself was the reaction to it by the NSA. It turned out that there was not cost of failure levied against the outside contractor, Booz Allen, which employed Snowden when he bypassed its security regime to steal the keys to the kingdom. Even though the counterintelligence investigation showed Snowden stole documents from compartments to which he did not have access, the NSA did not penalize his employer, Booz Allen, even though the NSA was set back for decades according even to Michael McConnell, the vice chairman of Booz Allen. Instead, its revenues and profits from government contracts markedly increase between 2013 and 2015. Nor did the NSA alter its reliance on private contractors. The Snowden breach notwithstanding, the back door to the NSA remained wide opened because by the time of Snowden outsourcing to private companies had become an all but irreplaceable part of the intelligence system in America. CHAPTER TWENTY-ONE The Russians Are Coming "The breakup of the Soviet Union was the greatest geopolitical tragedy of the 20th century."—Vladimir Putin In the first invasion of a European country since the end of the Cold War, Russian military forces moved into the Crimea and other parts of Eastern Ukraine in February and March of 2014. Unlike with previous Russian troop movements, such as those into Poland, Hungary, Czechoslovakia and Eastern Germany during the Cold War, the week-long massing of Russian elite troops and sophisticated equipment for the move into Ukraine almost totally evaded detection by the NSA’s surveillance. It failed to pick up tell-tale signs of the impending invasion. Never before had the NSA’s multibillion dollar armada of sensors and other apparatus for intercepting signals missed such a massive military operation. According to a report in the Wall Street Journal that cited Pentagon sources, Russian units had managed to hide all electronic traces of its elaborate preparations. If so, after more than a half-century of attempted penetrations, Russia apparently had found a means of stymieing the interception capabilities of the NSA. While American political scientists wrote optimistically about the end of history, Putin had his own ideas about restoring Russia’s power in the post-Cold War. A formidable KGB officer before he became President of the Russian Federation in 2000, he made no secret that his goal was to prevent the United States from obtaining what he termed “global hegemony.” His logic was clear. He judged the break-up of the Soviet Union in 1991 to be as, as he put it, “a geopolitical tragedy.” He argued that the break-up had provided the United States with the means to become the singular dominant power in the world. He sought to prevent that feared outcome by moving aggressively to redress this loss of Russian power. He upgraded Russia’s nuclear force, modernized Russia’s elite military units and greatly strengthened Russia’s relations with China. The last measure was essential since China was Russia’s principle ally in opposing the extension of American dominance. Yet, there was still an immense gap between it and the United States in communications intelligence. Since the break-up of the Soviet Union, the NSA had continued to build up its technologically capabilities while those of Russia, which teetered on the edge of collapse in the early 1990s. But the NSA also had its problems. As previously mentioned, the NSA’s legal mandate had been limited by Congress to foreign interceptions (at least prior to 9/11 in 2001.) As a result, it was required to separate out domestic from foreign surveillance, a massive process which was not only time-consuming but could generate dissidence within the ranks of American intelligence. It also could not legally use its surveillance machinery to monitor the telephones and Internet activities of the tens of thousands of civilian contractors who ran its computer networks—at least not unless the FBI began an investigation into them. Here the Russian intelligence services had a clear advantage. They had a lawful mandate to intercept any and all domestic communications, In fact, a compulsory surveillance system called by its Russian acronym SORM had been incorporated into Russian law in 1995. It requires the FSB and seven other Russian security agencies to monitor all forms of domestic communications including telephones (SORM 1), emails and other Internet activity (SORM-2), and computer data storage of billing information (SORM-3). Not only did Russia run a nationwide system of Internet-filtering in 2013, but it requires their telecommunication companies furnish to it worldwide data. The NSA also had to deal with many peripheral issues other than the activities of Russia and China. It was charged with monitoring everything from nuclear proliferation in Iran, Pakistan, and North Korea, to potential jihadist threats everywhere in the world. The Russian intelligence service, on the other hand, could put its limited resources to work on redressing the gap with its main enemy: the United States. Nevertheless, Putin had to reckon with the reality in 2013 that Russia could not compete with the NSA in the business of intercepting communications. And if the NSA could listen in on all the internal activities of its spy agencies and security regime, the ability of Putin to use covert means to achieve his other global ambitions would be impaired. In the Cold Peace that replaced the Cold War, Russia had little hope of realizing these ambitions unless it could weaken the NSA’s iron-tight grip on global communications intelligence. One way to remedy the imbalance between Russian intelligence and the NSA was via espionage. Here the SVR would be the instrument and the immediate objective would be to acquire the NSA’s lists of its sources in Russia. If successful, it would be a game changer. Such an ambitious penetration of the NSA, to be sure, was a tall order for Russian intelligence. Most of its moles recruited in the NSA by the KGB, had been code clerks, guards, translators, and low-level analysts. They provided documents about the NSA’s cipher-breaking, but they lacked access to these lists of the NSA’s sources and methods These meager results did not inhibit Russian efforts. Yet, for almost seven decades, ever since the inception of the NSA in 1952, the Russian Intelligence service had engaged in a covert war with the NSA. The Russian intelligence service is, as far as is known, the only intelligence service in the world that ever succeeded in penetrating the NSA. A number of NSA employees also defected to Moscow. The history of this venerable enterprise is instructive. The first two defectors in the NSA’s history were William Martin and Bernon Mitchell. They were mathematicians working on the NSA’s decryption machines who went to Moscow via Cuba in 1960. The Russian intelligence service, then called the KGB, went to great lengths to publicize their defections. It even organized a 90-minute long press conference for them on September 6, 1960 at the Hall of Journalists and invited to it all the foreign correspondents in Moscow. Before television cameras, the defectors proceeded to denounce the NSA’s activities. Martin told how the NSA breached international laws by spying on Germany, Britain and other NATO allies. Mitchell, for his part, suggested that the NSA’s practice of breaking international laws could ignite a nuclear war. Indeed, he justified their joint defection to Russia in heroic whistle-blowing terms, saying, "We would attempt to crawl to the moon if we thought it would lessen the threat of an atomic war." The NSA historian assessed little damage had been done since the NSA quickly could change the codes they compromised. He noted: “The Communist spymasters would undoubtedly have preferred Martin and Mitchell to remain in place as moles, since their information was dated as of the moment they left NSA.” The next NSA defector was Victor Norris Hamilton. He was a translator and analyst at the NSA. He arrived in Moscow in 1962 and, like Mitchell and Martin, he claimed the status of a whistle-blower. This time KGB provided a newspaper platform. Writing in the Russian newspaper Izvestia, Hamilton revealed the extent of US spying on its allies in the Middle East. None of these three 1960s defectors revealed what, if any, NSA secret documents that they had compromised. Nor did any of them ever return to the United States. Martin changed his name to Vladimir Sokolodsky, married a Russian woman, and died in Mexico City on January 17, 1987. Mitchell vanished from sight and was reported to have died in St. Petersburg on November 12, 2001. Hamilton, after telling Russian authorities stories about hearing voices in his head because of a NSA device implanted in his brain, was consigned to Special Psychiatric Hospital No. 5 outside of Moscow. There were also KGB spies in the NSA who were caught or died before they could defect. One of them was Sgt. Jack Dunlap. He was found dead of carbon monoxide poisoning in his garage on July 23, 1963. Although there was no note, his death was ruled an apparent suicide. NSA classified documents later was discovered in his house. After that, NSA investigators unraveled his decade-long career as a KGB mole. Dunlap had been recruited by the KGB in Turkey in 1952. The standard KGB tool kit for recruitment was called MICE. It stood for Money, Ideology, Compromise and Exploitation. The KGB used the first element, money, to compromise Dunlap. After he was compromised, it exploited him by getting him to steal NSA secrets. He had access to such secrets because he became the personal driver first to Major General Garrison Coverdale, the chief of staff of the NSA. After Coverdale retired, he next became the driver for his successor, General Thomas Wattlington. These positions afforded him a secrecy clearance and, even more important, a "no inspection" status for the commanding General’s cars that he drove. This perk allowed him to leave the base with secret documents, have them photocopied by his KGB case officer, and then return them to the files at the NSA base before anyone else knew they were missing. He also used, likely at the suggestion of the KGB case officers, his “no inspection” perk to offer other NSA employees a way of earning money. He would smuggle off the base any items of government property off the base that they took. Once he had compromised them through thefts, he was in a position ask them for intelligence favors. This NSA ring could not be fully investigated because of his untimely death. Other than the packets of undelivered NSA documents found in his home, the investigation was never able to assess the total extent of the KGB penetration of NSA secrets. (Angleton suspected Dunlap was murdered the KGB, in what he termed a surreptitiously assisted death, to prevent Dunlap from talking to investigators.) The Russian intelligence services continued recruiting mercenary spies in the NSA for the duration of the Cold War. The KGB successes included Robert Lipka, a clerk at the NSA in the mid 1960s, who was caught in a sting operation by the FBI and sentenced to 18 years in a federal prison. Ronald Pelton, an NSA analyst, was recruited after he retired from the NSA. After he was betrayed by a KGB double agent in 1985, was sentenced to life imprisonment, Finally, there was David Sheldon Boone, a NSA code clerk, who between 1988 and 1992, provided the KGB with NSA documents in return for $60,000. Boone, sentenced to 24 years in prison, was the last known KGB recruitment of the Cold War. During the Cold War, Russian Intelligence Service officers operated mainly under the cover of the embassies, consulates, United Nations delegations and other diplomatic missions of the Soviet Union. As “diplomats,” they were protected from arrest by the terms of the 1961 Vienna Convention on Diplomatic Relations. Their diplomatic cover greatly limited, however, their universe for finding potential recruits outside of their universe of international meetings, diplomatic receptions, UN organizations, scientific conferences and cultural exchanges. They therefore tended to recruit their counterparts in adversary services. In this regard, the successful entrapment of Harold Nicholson in the 1990s is highly instructive. From his impressive record, he seemed an unlikely candidate for recruitment. He had been a super-patriotic American who had served as a captain in Army intelligence before joining the CIA in 1980. In the CIA, he had an unblemished record as a career officer, serving as a station chief in Eastern Europe and then the deputy chief of operation in Malaysia in 1992. Even though his career was on the rise and he was a dedicated anti-Communist, he became a target for SVR when he was assigned to the CIA’s elite Russian division. Since the job of this division was to recruit Russian officials working abroad as diplomats, engineers and military officers, its operations brought its officers in close contact with SVR officers. Nicholson therefore was required to meet with Russian intelligence officers in Manila, Bucharest, Tokyo and Bangkok and “dangle” himself to the SVR by pretending disloyalty to the CIA. As part of these deception operations, he supplied the Russians with tidbits of CIA secrets, or “chickenfeed,” that had been approved by his superiors at the CIA. What his CIA superiors did not fully take into account in this spy versus spy game was the SVR’s ability to manipulate, compromise, and convert a “dangle” to its own ends. As it turned out, Russian intelligence had been assembling a psychological profile on Nicholson since the late 1980s, and found vulnerability: his resentment at the failure of his superiors to recognize his achievements in intelligence. It played on this vulnerability to compromise him and then converted him to becoming its mole inside the CIA. He worked for the SVR first in Asia then at the CIA headquarters at Langley, where he was given a management position. Among other secret documents, he provided the SVR with the identities of CIA officers sent to the CIA’s special training school at Fort Peary, Virginia, which opened up the door for the SVR to make other potential recruitments. Meanwhile, it paid him $300,000 before he was finally arrested by the FBI in November 1996. (After his conviction for espionage, he was sentenced to 23 years in Federal prison.) The CIA post mortem on Nicholson, who was the highest-ranking CIA officer ever recruited (as far as is known), made clear that even a loyal American, with no intention of betraying the United States, could be entrapped in the spy game. When it comes to recruiting moles in a larger universe, intelligence services operate much like highly-specialized corporate “headhunters,” as James Jesus Angleton described the process to me during the Cold War era. He was referring to the similar approach that corporate human resource divisions had with espionage agencies. Both “head hunt” by searching through a database of possible candidates for possible recruits to fill specific positions. Both type organizations have at their disposal researchers to draw up rosters of potential recruits. Both sort through available data bases to determine which of the names on the list have attributes that might qualify, or disqualify, them for a recruitment pitch. Both also collect personal data on each qualified candidate, including any indication of their ideological leaning, political; affiliations, financial standing, ambitions, and vanities, to help them make a tempting offer. But there are two important differences. First, unlike their counterparts in the private sectors, espionage headhunters ask their candidates not only to take on a new job with them but to keep their employment secret from their present employer. Second, they ask them to surreptitiously steal documents from him. Since they are asking candidates to break the law, espionage services, unlike their corporate counterparts in headhunting, obviously need to initially hide from the candidate the dangerous nature of the work they will do. Depending on the preferences of the targeted recruit, they might disguise the task as a heroic act, such as righting an injustice, exposing an illegal government activity, countering a regime of tyranny, or some other noble purpose. This disguise is called in the parlance of the trade a “false flag.” By using such a false flag, the SVR did not need to find candidate who were sympathy to Russia, or the Putin regime. In its long history dating back to the era of the Czars, Russian intelligence had perfected the technique of false flag recruitment through which it assumes an identity to fit the ideological bent of a potential recruit. Russian intelligence was well-experienced with false flags. It first used this technique following the Bolshevik revolution in 1918 to control dissidents both at home and abroad. The centerpiece, as later analyzed by the CIA, was known as the “Trust” deception. It began in August 1921 when a high-ranking official of the Communist regime in Russia named Aleksandr Yakushev, slipped away from a Soviet trade delegation in Estonia and sought out a leading anti-Communist exile he had known before the revolution in Russia. He then told him that he represented a group of disillusioned officials in Russia that included key members of the secret police, army, and interior ministry. Yakushev said that they all had come to the same conclusion: the Communist experiment in Russia had totally failed and needed to be replaced. To effect this regime change, they had formed an underground organization code-named the “Trust” because the cover for their conspiratorial activities was the Moscow headquarters of the Municipal Credit Association, which was a trust company. According to Yakushev’s account, it had had become by 1921 the equivalent of a de facto government, The exile leader in Estonia reported this astonishing news to British intelligence which, along with French and American intelligence, helped fund this newly-emerged anti-Communist group. Initially British intelligence had doubts about the bona fides of the Trust. So did other Western intelligence services sponsoring exile groups. But they gradually accepted it after they received intelligence reports confirming its operations from many other sources, including Russian officials, diplomats, and military officers who claimed to have defected from the Soviet government in Moscow. Since these reports all dove-tailed, they recognized the Trust as a real underground organization. Once the Trust had been established in the minds of the Western intelligence services, it offered them as well as exile groups the services of its network of collaborators. These services included smuggling out dissidents, stealing secret documents, and disbursing money inside Russia to sympathizers. Within a year, exile groups in Paris, Berlin, Vienna, and Helsinki were using the “Trust” to deliver arms and supplies to their partisans inside Russia. The Trust also furnished spies and exile leader’s fake passports which allowed them to sneak back into Russia to participate in clandestine missions. It even undertook sabotage and assassination missions paid for by Western intelligence services. As they saw with their own eyes police stations blown up and political prisoners escape from prisons, these agents and dissidents came to further believe in the power of the Trust. By the mid-1920s, no fewer than eleven Western intelligence services had become almost completely dependent on the Trust for information about Russia. They also sent millions of dollars into Russia via couriers to finance its activities. But suddenly exile leaders working in Russia under the aegis of the Trust began to vanish. Then top western intelligence agents, such as Sydney Reilly and Boris Savinkov were arrested, and their networks were eliminated. Instead of the Communist regime collapsing, as the Trust had predicted, it consolidated its power and wiped out all the dissident groups. Finally, in 1929, the Trust was revealed by a defector to be a long-term false flag operation run by the Russian intelligence service. Even the Trust building, rather than being the cover for a subversive conspiracy, was the headquarters for the Russian secret police during this seven-year operation. The secret police had provided the documents fed to Western intelligence, briefed the agents who pretended to defect, published the dissident newspapers the Trust distributed, fabricated the passport it supplied exiles, blew up Russian buildings and staged jail breaks to make the deception more credible. It also collected the money sent in by Western intelligence services, which more than paid for the entire deception. Since it was running the show, it could offer those lured into the trap an opportunity to work for it as double-agents. The alternative, if they refused, was to face a firing squad. Even after the “Trust” itself had been fully exposed, The Russian Intelligence Service continued to succeed with other false-flag deception, During the Cold War, for example, it set up a fake underground in Poland modeled on the Trust. It was called WIN. It also set up other false flag groups in Ukraine, Georgia, Lithuania, Albania, and Hungary. It also had agents masquerade as members of the security services of Israel, South Africa, Germany, France and the US to recruit unwitting agents. These deceptions became an integral part of the recruitments of the Russian intelligence services. Penetrating the NSA and getting access to files from its stove-piped computers was a far more difficult challenge for the SVR. Approaching CIA officers, such as Nicholson, was relatively easy because it was part of the CIA officer’s job to meet with their adversaries. NSA officers, on the other hand, did not engage in “dangles” or even attend diplomatic receptions. They had not reason, other than a sinister one, to meet with a member of the Russian intelligence service. Furthermore, unlike CIA officers who, like Nicholson, are often posted in neutral countries where they can be approached in a social context, NSA officers worked at well-guarded regional bases and are not part of the diplomatic life. Since a known employee of a foreign diplomatic mission could not even approach a NSA officer without arousing suspicion, the SVR would need to use an intermediary, called an “access agent,” whose affiliations with it were not known to the FBI. Such an operation would require establishing a network of illegals in the America, as the SVR did after Putin became President. Even them, the intermediary would have to find a plausible pretext to approach the target with revealing his actual interest. The emergence of computer networks in the 1990s greatly expanded the SVR’s recruiting horizon. It offered an opportunity to penetrate a new layer at the NSA employees: civilian technologists working under contract for the US government. Many of these civilians at the NSA, especially the younger ones, had been drawn from the hacking and game-playing culture. Some had even taken courses abroad on hacking techniques. They presented the SVR was inviting targets for recruitment. As was previously mentioned, Russian intelligence had considerable experience in Germany with hacktavists who tended to be anarchists. There were also supporters of the Libertarian movement. The common denominator was often their resentment expressed in their postings s of the United States and its allies attempting to limit the downloading of copy-righted music, movies and software on the Internet, all of which went under the rubric of “freedom of the Internet.” They also vocally objected to the NSA using built-in backdoors in their software to read their encrypted messages. They were not difficult to find on the Internet. The donors to Ron Paul’s Libertarian election campaign (including Snowden) were a matter of public record, for example. Even if there was no shortage of hacktavists who believed the surveillance of the Internet by the NSA was an evil worth fighting, the SVR still had to find a plausible way of approaching members of this counterculture without offending them. Clearly, the SVR could no longer use out- of-date Communist and anti-capitalist ideology as a lure. Russia was far more authoritarian than the U.S, when it came to the Internet. One viable alternative for the SVR was custom-tailoring false flags to appeal to hacktavists.