The collapse of the Soviet Union was a major geopolitical disaster of the century.
—VLADIMIR PUTIN
IN THE FIRST INVASION of a European country since the end of the Cold War, Russian military forces moved into the Crimea and other parts of eastern Ukraine in February and March 2014. Unlike with previous Russian troop movements, such as those into Poland, Hungary, Czechoslovakia, and East Germany during the Cold War, the weeklong massing of Russian elite troops and sophisticated equipment for the move into Ukraine almost totally evaded detection by the NSA’s surveillance. Never before had the NSA’s multibillion-dollar armada of sensors and other apparatus for intercepting signals missed such a massive military operation. According to a report in The Wall Street Journal that cited Pentagon sources, Russian units had managed to hide all electronic traces of their elaborate preparations. If so, after more than half a century of attempted penetrations, Russia had apparently found a means of stymieing the interception capabilities of the NSA.
Putin had firm ideas about restoring Russia’s power in the post–Cold War era. A formidable KGB officer before he became president of the Russian Federation in 2000, he made no secret that his goal was to prevent the United States from obtaining what he termed “global hegemony.” His logic was clear. He judged the breakup of the Soviet Union in 1991 to be, as he put it, “a geopolitical disaster.” He argued that the breakup had provided the United States with the means to become the singular dominant power in the world.
He sought to prevent that outcome by moving aggressively to redress this loss of Russian power. He upgraded Russia’s nuclear force, modernized Russia’s elite military units, and greatly strengthened Russia’s relations with China. The last measure was essential because China was Russia’s principal ally in opposing the extension of American dominance. Yet there was still an immense gap between them and the United States in communications intelligence.
Since the breakup of the Soviet Union, the NSA had continued to build up its technological capabilities, while Russia teetered on the edge of collapse in the early 1990s. But as previously mentioned, the NSA’s legal mandate had been limited by Congress to foreign interceptions (at least prior to 9/11). As a result, it was required to separate out domestic from foreign surveillance, a massive process that not only was time-consuming but could generate dissidence within the ranks of American intelligence. It also could not legally use its surveillance machinery to monitor the telephones and Internet activities of the tens of thousands of civilian contractors who ran its computer networks—at least not unless the FBI began an investigation into them.
Here the Russian intelligence services had a clear advantage. They had a lawful mandate to intercept any and all domestic communications. In fact, a compulsory surveillance system called by its Russian acronym SORM had been incorporated into Russian law in 1995. It requires the FSB and seven other Russian security agencies to monitor all forms of domestic communications including telephones (SORM-1), e-mails and other Internet activity (SORM-2), and computer data storage of billing information (SORM-3). Not only did Russia run a nationwide system of Internet filtering in 2013, but it required its telecommunication companies to furnish it with worldwide data.
The NSA also had to deal with many peripheral issues other than the activities of Russia and China. It was charged with monitoring nuclear proliferation in Iran, Pakistan, and North Korea, potential jihadist threats everywhere in the world, and much else. The Russian foreign intelligence service, the SVR, could put its limited resources to work on redressing the gap with its main enemy: the United States.
Nevertheless, Putin had to reckon with the reality in 2013 that Russia could not compete with the NSA in the business of intercepting communications. And if the NSA could listen in on all the internal activities of its spy agencies and security regime, the ability of Putin to use covert means to achieve his other global ambitions would be impaired. In the cold peace that replaced the Cold War, Russia had little hope of realizing these ambitions unless it could weaken the NSA’s iron-tight grip on global communications intelligence. One way to remedy the imbalance between Russian intelligence and the NSA was via espionage. Here the SVR would be the instrument, and the immediate objective would be to acquire the NSA’s lists of its sources in Russia. If successful, it would be a game changer.
Such an ambitious penetration of the NSA, to be sure, was a tall order for Russian intelligence. Most of its moles recruited in the NSA by the KGB had been code clerks, guards, translators, and low-level analysts. They provided documents about the NSA’s cipher breaking, but they lacked access to the lists of the NSA’s sources and methods. These meager results did not inhibit Russian efforts. For six decades, ever since the inception of the NSA in 1952, the Russian intelligence service had engaged in a covert war with the NSA.
The Russian intelligence service is, as far as is known, the only intelligence service in the world that ever succeeded in penetrating the NSA. A number of NSA employees also defected to Moscow. The history of this venerable enterprise is instructive.
The first two defectors in the NSA’s history were William Martin and Bernon Mitchell. They were mathematicians working on the NSA’s decryption machines who went to Moscow via Cuba in 1960. The Russian intelligence service, then called the KGB, went to great lengths to get propaganda value from their defections. It even organized a ninety-minute press conference for them on September 6, 1960, at the Hall of Journalists and invited all the foreign correspondents in Moscow. Before television cameras, the defectors denounced the NSA’s activities. Martin told how the NSA breached international laws by spying on Germany, Britain, and other NATO allies. Mitchell, for his part, suggested that the NSA’s practice of breaking international laws could ignite a nuclear war. Indeed, he justified their joint defection to Russia in heroic whistle-blowing terms, saying, “We would attempt to crawl to the moon if we thought it would lessen the threat of an atomic war.” The NSA review of the case, however, assessed that little damage had been done, because the NSA quickly changed the codes they had compromised. It noted, “The Communist spymasters would undoubtedly have preferred Martin and Mitchell to remain in place as moles, since their information was dated as of the moment they left NSA.”
The next NSA defector was Victor Norris Hamilton, a translator and analyst at the NSA. He arrived in Moscow in 1962, and like Mitchell and Martin he claimed the status of a whistle-blower. This time, the KGB provided a newspaper platform. Writing in the Russian newspaper Izvestia, Hamilton revealed the extent of U.S. spying on its allies in the Middle East.
None of these three 1960s defectors revealed what, if any, NSA secret documents they had compromised. Nor did any of them ever return to the United States. Martin changed his name to Vladimir Sokolodsky, married a Russian woman, and died in Mexico City on January 17, 1987. Mitchell vanished from sight and was reported to have died in St. Petersburg on November 12, 2001. Hamilton, after telling Russian authorities stories about hearing voices in his head because of an NSA device implanted in his brain, was consigned to Special Psychiatric Hospital No. 5 outside Moscow.
There were also KGB spies in the NSA who were caught or died before they could defect. One of them was Sergeant Jack Dunlap. He was found dead of carbon monoxide poisoning in his garage on July 23, 1963. Although there was no suicide note, his death was ruled an apparent suicide. NSA classified documents were later discovered in his house. After that, NSA investigators unraveled his decade-long career as a KGB mole. Dunlap had been recruited by the KGB in Turkey in 1952. The standard KGB tool kit for recruitment was called MICE. It stood for Money, Ideology, Compromise, and Ego. The KGB used the first element, money, to compromise Dunlap. After he was compromised, it exploited him by getting him to steal NSA secrets. He had access to such secrets because he became the personal driver to Major General Garrison Coverdale, the chief of staff of the NSA. After Coverdale retired, he became the driver for his successor, General Thomas Watlington. These positions afforded him a security clearance and, even more important, a “no inspection” status for the commanding general’s cars that he drove. This perk allowed him to leave the base with secret documents, have them photocopied by his KGB case officer, and then return them to the files at the NSA base before anyone else knew they were missing. He also used, likely at the suggestion of the KGB case officers, his “no inspection” perk to offer other NSA employees a way of earning money. He would smuggle off the base any items of government property that they took. Once he had compromised them through thefts, he was in a position to ask them for intelligence favors. This NSA ring could not be fully investigated because of his untimely death. Other than the packets of undelivered NSA documents found in his home, the investigation was never able to assess the total extent of the KGB penetration of NSA secrets. (Angleton suspected Dunlap was murdered by the KGB in what he termed a surreptitiously assisted death, to prevent Dunlap from talking to investigators.)
The Russian intelligence services continued recruiting mercenary spies in the NSA for the duration of the Cold War. The KGB successes included Robert Lipka, a clerk at the NSA in the mid-1960s, who was caught in a sting operation by the FBI and sentenced to eighteen years in a federal prison. Ronald Pelton, an NSA analyst, was recruited after he retired from the NSA. After he was betrayed by a KGB double agent in 1985, he was sentenced to life imprisonment. Finally, there was David Sheldon Boone, an NSA code clerk, who between 1988 and 1992 provided the KGB with NSA documents in return for $60,000. Boone, sentenced to twenty-four years in prison, was the last known KGB recruitment of the Cold War.
During the Cold War, Russian intelligence service officers operated mainly under the cover of the embassies, consulates, United Nations delegations, and other diplomatic missions of the Soviet Union. As “diplomats,” they were protected from arrest by the terms of the 1961 Treaty of Vienna Convention on Diplomatic Relations. Their diplomatic cover, however, greatly limited their field for finding potential recruits outside their universe of international meetings, diplomatic receptions, UN organizations, scientific conferences, and cultural exchanges. They therefore tended to recruit their counterparts in adversary services.
In this regard, the successful entrapment of Harold Nicholson in the 1990s is highly instructive. From his impressive record, he seemed an unlikely candidate for recruitment. He had been a superpatriotic American who had served as a captain in army intelligence before joining the CIA in 1980. In the CIA, he had an unblemished record as a career officer, serving as a station chief in Eastern Europe and then the deputy chief of operations in Malaysia in 1992. Even though his career was on the rise and he was a dedicated anti-Communist, he became a target for the SVR when he was assigned to the CIA’s elite Russian division. Because the job of this division was to recruit Russian officials working abroad as diplomats, engineers, and military officers, its operations brought its officers in close contact with SVR officers. Nicholson therefore was required to meet with Russian intelligence officers in Manila, Bucharest, Tokyo, and Bangkok and “dangle” himself to the SVR by feigning disloyalty to the CIA.
As part of these deception operations, Nicholson supplied the Russians with tidbits of CIA secrets, or “chickenfeed,” that had been approved by his superiors at the CIA. What his CIA superiors did not fully take into account in this spy-versus-spy game was the SVR’s ability to manipulate, compromise, and convert a “dangle” to its own ends. As it turned out, Russian intelligence had been assembling a psychological profile on Nicholson since the late 1980s and found vulnerability: his resentment at the failure of his superiors to recognize his achievements in intelligence. The Russians played on this vulnerability to compromise him and then converted him to becoming its mole inside the CIA.
Nicholson worked for the SVR first in Asia; then he was given a management position at CIA headquarters, which is located in Langley, Virginia. Among other secret documents, he provided the SVR with the identities of CIA officers sent to the CIA’s special training school at Fort Peary, Virginia, which opened the door for the SVR to make other potential recruitments. Meanwhile, it paid him $300,000 before he was finally arrested by the FBI in November 1996. (After his conviction for espionage, he was sentenced to twenty-three years in federal prison.) The CIA postmortem on Nicholson, who was the highest-ranking CIA officer ever recruited (as far as is known), made clear that even a loyal American, with no intention of betraying the United States, could be entrapped in the spy game.
When it comes to recruiting moles in a larger universe, intelligence services operate much like highly specialized corporate “headhunters,” as James Jesus Angleton described the process to me during the Cold War era. He was referring to the similar approach that corporate human resource divisions had with espionage agencies. Both headhunt by searching through a database of candidates for possible recruits to fill specific positions. Both types of organizations have researchers at their disposal to draw up rosters of potential recruits. Both sort through available databases to determine which of the names on the list have attributes that might qualify or disqualify them for a recruitment pitch. Both also collect personal data on each qualified candidate, including any indication of his or her ideological leaning, political affiliations, financial standing, ambitions, and vanities, to help them make a tempting offer.
But there are two important differences. First, unlike their counterparts in the private sector, espionage headhunters ask their candidates not only to take on a new job but also to keep their employment secret from their present employer. Second, they ask them to surreptitiously steal documents from him. Because they are asking candidates to break the law, espionage services, unlike their corporate counterparts in headhunting, obviously need to initially hide from the candidates the dangerous nature of the work they will do. Depending on the targeted recruit, they might disguise the task as a heroic act, such as righting an injustice, exposing an illegal government activity, or countering a regime of tyranny. This disguise is called in the parlance of the trade a false flag, as mentioned earlier. By using such a false flag, the SVR did not need to find a candidate who was sympathetic to Russia or the Putin regime. In its long history dating back to the era of the czars, Russian intelligence had perfected the technique of false flag recruitment, through which it assumes an identity to fit the ideological bent of a potential recruit.
Russian intelligence was well experienced with false flags. It first used this technique following the Bolshevik revolution in 1917 to control dissidents both at home and abroad. The centerpiece, as later analyzed by the CIA, was known as the “Trust” deception. It began in August 1921 when a high-ranking official of the Communist regime in Russia named Aleksandr Yakushev slipped away from a Soviet trade delegation in Estonia and sought out a leading anti-Communist exile he had known before the revolution in Russia. He then told him that he represented a group of disillusioned officials in Russia that included key members of the secret police, the army, and the Interior Ministry. Yakushev said that they all had come to the same conclusion: the Communist experiment in Russia had totally failed and needed to be replaced. To effect this regime change, they had formed an underground organization code-named the Trust, because the cover for their conspiratorial activities was the Moscow headquarters of the Municipal Credit Association, which was a trust company. According to Yakushev’s account, it had become the equivalent of a de facto government by 1921.
The exiled leader in Estonia reported this astonishing news to British intelligence, which, along with French and American intelligence, helped fund this newly emerged anti-Communist group. Initially, British intelligence had doubts about the bona fides of the Trust, as did other Western intelligence services sponsoring exile groups. But they gradually accepted it after they received intelligence reports confirming its operations from many other sources, including Russian officials, diplomats, and military officers who claimed to have defected from the Soviet government. Because these reports all dovetailed, they recognized the Trust as a legitimately underground organization.
Once the Trust had been established in the minds of the Western intelligence services, it offered them as well as exile groups the services of its network of collaborators. These services included smuggling out dissidents, stealing secret documents, and disbursing money inside Russia to sympathizers. Within a year, exile groups in Paris, Berlin, Vienna, and Helsinki were using the Trust to deliver arms and supplies to their partisans inside Russia. The Trust also furnished spies’ and exiled leaders’ fake passports, which allowed them to sneak back into Russia to participate in clandestine missions. It even undertook sabotage and assassination missions paid for by Western intelligence services. As they learned of police stations being blown up and political prisoners escaped from prisons, these agents and dissidents came to further believe in the power of the Trust.
By the mid-1920s, no fewer than eleven Western intelligence services had become almost completely dependent on the Trust for information about Russia. They also sent millions of dollars into Russia via couriers to finance its activities.
But suddenly exiled leaders working in Russia under the aegis of the Trust began to vanish. Then top Western intelligence agents, including Sidney Reilly and Boris Savinkov, were arrested, and their networks were eliminated. Instead of the Communist regime collapsing, as the Trust had predicted, it consolidated its power and wiped out all the dissident groups. Finally, in 1929, the Trust was revealed by a defector to be a long-term false flag operation run by the Russian intelligence service. Even the Trust building, rather than being the cover for a subversive conspiracy, was the headquarters for the Russian secret police during this eight-year operation. The secret police had provided the documents fed to Western intelligence, briefed the agents who pretended to defect, published the dissident newspapers the Trust distributed, fabricated the passports it supplied exiles, blew up Russian buildings, and staged jail breaks to make the deception more credible. It also collected the money sent in by Western intelligence services, which more than paid for the entire deception. Because it was running the show, it could offer those lured into the trap an opportunity to work for it as double agents. The alternative, if they refused, was to face a firing squad.
Even after the Trust itself had been fully exposed, the Russian intelligence service continued to succeed with other false flag deceptions. During the Cold War, it set up a fake underground in Poland called WIN, modeled on the Trust. It set up false flag groups in Ukraine, Georgia, Lithuania, Albania, and Hungary. It also had agents masquerade as members of the security services of Israel, South Africa, Germany, France, and the United States to recruit unwitting agents. These deceptions became an integral part of the recruitments of the Russian intelligence services.
Penetrating the NSA and getting access to files from its stovepiped computers was a far more difficult challenge for the SVR. Approaching CIA officers, such as Nicholson, was relatively easy because it was part of the CIA officers’ jobs to meet with their adversaries. NSA officers, on the other hand, did not engage in “dangles” or even attend diplomatic receptions. They had no reason, other than a sinister one, to meet with a member of the Russian intelligence service. Furthermore, unlike CIA officers, who, like Nicholson, are often posted in neutral countries where they can be approached in a social context, NSA officers work at well-guarded regional bases and are not part of the diplomatic life. Because a known employee of a foreign diplomatic mission could not even approach an NSA officer without arousing suspicion, the SVR would need to use an intermediary, called an access agent, whose affiliations were not known to the FBI. Such an operation would require establishing a network of illegals in America, as the SVR did after Putin became president. Even then, the intermediary would have to find a plausible pretext to approach the target without revealing his actual interest. Such complex operations at the NSA, as far as is known, only yielded a few low-level recruits.
The emergence of computer networks in the 1990s greatly expanded the SVR’s recruiting horizon. It offered a new penetration opportunity at the NSA: civilian technologists working under contract for the U.S. government. Many of these civilians at the NSA, especially the younger ones, as we know, had been drawn from the hacking and game-playing culture; some had even taken courses on hacking techniques. They presented the SVR with inviting targets for recruitment. As was previously mentioned, Russian intelligence had considerable experience in Germany with hacktivists, who tended to be anarchists. There were also supporters of the libertarian movement. The common denominator was often their resentment, expressed in their postings, of the United States and its allies attempting to limit the downloading of copyrighted music, movies, and software on the Internet, all of which fell under the rubric of “freedom of the Internet.” They also vocally objected to the NSA’s using built-in back doors in its software to read their encrypted messages. Such people were not difficult to find on the Internet. The donors to Ron Paul’s libertarian election campaign (including Snowden) were a matter of public record.
Even if there was no shortage of hacktivists who believed the surveillance of the Internet by the NSA was an evil worth fighting, the SVR still had to find a plausible way of approaching members of this counterculture without offending them. Clearly, the SVR could no longer use out-of-date Communist and anti-capitalist ideology as a lure. Russia was far more authoritarian than the United States when it came to the Internet. One viable alternative for the SVR was custom-tailoring false flags to appeal to hacktivists.
For this purpose, the Internet provided a near-perfect realm. Because it is a place where true identities cannot easily be verified, intelligence services could employ a protean kit of disguises to assume false identities to entice potential dissidents into communicating with them. The KGB’s earlier efforts to use hacktivist groups in Germany had produced little if any intelligence about the NSA because of the stovepiping it used to isolate its computers from networks that could be hacked into from the outside. It will be recalled that the NSA threat officer had cited these failures in his 1996 report on NSA vulnerability. He also said that efforts of the Russian intelligence services to use false flag recruitments provided the KGB with “a learning experience.” The KGB had learned that hacking by itself could not breach the NSA’s protective stovepiping. He predicted that its next logical move would be to “target insider computer personnel.” This false flag recruitment would aim at, in his view, system administrators, computer engineers, and cyber-service workers who either were already inside the NSA or had a security clearance that would facilitate getting jobs with NSA contractors.
Even with an appropriate false flag, the task of finding such a “Prometheus” required obtaining a database of those working at the NSA. There were some five thousand civilian technicians at the NSA of all political stripes. Hacking into the personnel records of the intelligence workers seeking to renew their security clearance was a place to begin. The Internet provided the SVR with just this opportunity. As you will recall, holes in the security of the computer networks of the U.S. Office of Personnel Management and USIS and the websites of the companies supplying the NSA with independent contractors had made the background checks on American intelligence workers available to the Chinese, and presumably other adversary intelligence service hackers, since 2011. If the SVR had access to this personnel data, the research for a candidate would be greatly facilitated. From the 127-page Standard Form 86, which each applicant for a security clearance submits, the SVR could filter out intelligence workers employed by the NSA by their educational background, employment history, affiliations, and foreign contacts. It could then search this data for candidates with a possible hacktivist profile.
This data could next be crossed with a list of individuals the SVR knew were in contact with high-profile activists who were part of the anti-surveillance movements. This would include core participants in the Tor Project, WikiLeaks, Noisebridge, CryptoParties, the Freedom of the Press Foundation, and the Electronic Frontier Foundation. (Snowden, for example, had been in touch with members of all these groups in 2012 and 2013.)
The SVR would have little problem monitoring even encrypted communications with leading figures in the anti-surveillance world. These activists, despite secrecy rituals such as putting their cell phones in refrigerators, remain visible to a sophisticated intelligence service such as the SVR. All the defensive tactics of Laura Poitras, including PGP encryption, Tor software, and air-gapped computers (computers that have never been connected to the Internet), did not keep secrets about her sources entirely to herself. Snowden, at a time when he was stealing NSA secrets in February 2013, went to great lengths to impress on Poitras the need for operational security about his contacts with her, but that injunction did not prevent her from telling at least five people about her source, including Micah Lee, the Berkeley-based technology operative for the Freedom of the Press Foundation; Jacob Appelbaum, the Tor proselytizer; Ben Wizner, the ACLU lawyer; Barton Gellman; and Glenn Greenwald. “It is not me that can’t keep a secret,” Abraham Lincoln joked. “It’s the people I tell it to that can’t.” In the same vein, Poitras could hardly rely on these five confidants not to tell her secrets (and Snowden’s) to others. Hours after he was told, Greenwald told his lover, David Miranda, about the source in great detail. He even asked him to evaluate the source’s bona fides for him. Gellman, for his part, raised the matter with a former high official at the Justice Department.
Moreover, as the intelligence world knew, Poitras was herself a veritable lightning rod for attracting ex-NSA employees who objected to some of its surveillance programs. In 2012, her previously mentioned filming in Berlin of NSA insiders could make her communications of interest to intelligence services that wanted to keep tabs on possible NSA dissidents.
Nor was Snowden himself overly discreet. It will be recalled that he had also advertised his Tor-sponsored CryptoParty activities over the Internet and supplied Runa Sandvik, who worked with Appelbaum, his true name and address in Hawaii. Sandvik had no reason not to share the identity of her co-presenter with others in the Tor movement. Snowden, of course, had his girlfriend make a video of his presentation as well. He also bragged about operating the largest Tor outlets in Hawaii. Even if his Tor software provided him with a measure of anonymity, it was not beyond the ability of the world-class cyber services to crack it.
Under Putin, Russia had built one of the leading cyber-espionage services in the world. According to a 2009 NSA analysis of Russian capabilities, which was obtained by The New York Times in 2013, Russia’s highly sophisticated tools for cyber espionage were superior to those of China or any other adversary nation. For example, investigators from FireEye, a well-regarded Silicon Valley security firm, found that in 2007 Russian hackers had developed a highly sophisticated virus that could bypass the security measures of the servers of both the U.S. government and its private contractors. According to one computer security expert, the virus had made protected Internet websites “sitting ducks” for these sophisticated Russian hackers. The cryptographer Bruce Schneier, a leading specialist in computer security, explained, “It is next to impossible to maintain privacy and anonymity against a well-funded government adversary.”
Nor has the Russian cyber service made a secret out of the fact that it targets Tor software. It even offered a cash prize to anyone in the hacking community who could break Tor. Prior to 2013, according to cyber-security experts, it spent over a decade building cyber tools aimed at unraveling the Tor networks used by hacktivists, criminal enterprises, political dissidents, and rival intelligence operatives. To this end, it reportedly attempted to map out computers that served as major Tor exit nodes (such as the one Snowden operated in 2012 near an NSA regional base in Hawaii). It also reportedly attached the equivalent of “electronic ink” to messages, which would allow it to trace the path of messages that passed through them. Through this technology, it could tag and follow Tor users as their communications traveled across the Internet. It could even borrow their Internet identities. To be sure, the NSA also had such a capability. The Silk Road founder, Ross Ulbricht, discovered to his distress that his Tor software did not make his computer server in Iceland invisible. According to a former top official in the Justice Department, the NSA was able to locate it by cracking the Tor software (Ulbricht is currently serving a life sentence for his activities). Unlike adversary services, however, the NSA needs a warrant to investigate U.S. citizens who use Tor.
The NSA is hardly immune from an attack on its own computers. As the former CIA deputy director Morell wrote in his 2015 book, The Great War of Our Time, many financial institutions have “better cyber security than the NSA.” The Internet certainly helped make the activities of U.S. intelligence workers visible to the SVR.
But to achieve its goals, the SVR still had to find at least one disgruntled civilian contractor inside the NSA who had access to the sealed-off computer networks. Did it find its man? If so, was it before or after Snowden arrived in Hong Kong with the Level 3 NSA files?