The Perfect Weapon
Page 8
Why? Not because cyberweapons are as devastating as nuclear or biological weapons—except in the most extreme of cases. “It’s because the things you need to run a modern society and oil economy—to run Saudi Arabia—all depend on electricity, valves, and pipelines. And the Saudis are incredibly vulnerable and can’t solve this problem.” Their distribution networks were built up over decades and are connected to other countries. So are the control systems for those networks. The Iranians don’t have to get into the system through Saudi Arabia; there are more entry points around the Middle East than they can count. “And the Iranians have calculated that the Saudis aren’t going to go to war for an oil disruption whose origin they can’t prove. That’s the theory, anyway.”
The Saudi Aramco attacks were also an early lesson in some of the conundrums of American vulnerability: While the United States devised, at some expense, a vast plan to shut down Iran in the event a conflict broke out, Nitro Zeus sat on the shelf, unused. No doubt it became a model for integrating cyberweapons into American war plans against other potential enemies. In the meantime, Iran, with far less reach and capability, perpetrated small attacks that exposed not only the ease of creating problems for American businesses but also the vulnerability engendered by American secrecy surrounding cyber.
Because the United States never talked about its own attacks on Iran, it became virtually impossible to debate publicly the wisdom of the original decision to go after Iran’s infrastructure—to ask what Robert Gates called the least-asked question in Washington: “And then what?”
America’s secrecy about offensive cyber, and its fear of revealing sources and methods, meant that the government never really warned American banks and businesses that they were ripe targets for the new Iranian cybercorps. Instead, the United States issued general cautions about the need for cyber defenses and information-sharing—the digital equivalent of telling people to seek shelter in their basements in the case of a nuclear exchange without mentioning that it would be the radiation, as much as the blast, that was likely to wipe them out.
“Wasn’t this ridiculous?” I asked one of Obama’s senior aides during the Iranian attacks. If we had bombed an Iranian airbase, wouldn’t we warn Americans about the specific threat of retaliation?
“We didn’t want to scare people about something they really couldn’t do much about,” came the response. The official went on to explain that chief executives had been given special clearances, as if that relieved the government of responsibility. But it turned out there wasn’t much those chief executives could do with any privileged information they learned.
“I couldn’t tell my own information technology managers what I had heard,” one of them said when I asked about the briefings. “There was literally nothing I could do with this information except stay up at night and worry about it.”
Of course, when failure of network defense is already an issue, secrets have a way of getting out. Soon, secrets far larger than who was attacking America’s banks would be wrenched out of the government’s hands. All it took was a single contractor at the NSA with grievances about the government, a substantial ego, and easy, unmonitored access to the agency’s deepest secrets.
CHAPTER III
THE HUNDRED-DOLLAR TAKEDOWN
Did the combination of Snowden, Cyber Command, Stuxnet…spark a panic among U.S. adversaries and a subsequent arms race in offensive cyber operations that is adversely affecting the United States?…Hard questions, scary times.
—Jack Goldsmith, Harvard Law School professor and former assistant attorney general, Office of Legal Counsel to President George W. Bush
The first big public revelation of the National Security Agency’s deepest secrets, and the most costly blow to its multibillion-dollar programs to break into computer networks from Tehran to Beijing to Pyongyang, occurred thanks to a piece of commercial software called a “web crawler.” Retail price: under $100.
Web crawlers are exactly what they sound like. They are essentially digital Roombas that move systematically through a computer network the way that Roombas bounce from the kitchen to the den to the bedrooms, vacuuming up whatever lies in their path. Web crawlers can automatically navigate among websites, following links embedded in each document. They can be programmed to copy everything they encounter.
This particular web crawler was deposited in the NSA’s networks in the spring of 2013 by Edward J. Snowden, a Booz Allen Hamilton contractor working at an NSA outpost in Hawaii. Perhaps the most astounding aspect of his effort to steal a huge trove of the agency’s documents—a move considered treasonous by many, but long-overdue and patriotic civil disobedience by his supporters—is that it worked so well: the world’s premier electronic spy agency was completely unprepared to detect such a simple intruder swimming in a sea of top-secret documents.
In its embarrassment, the best excuse the agency could muster was that the process of updating security measures in their more far-flung outposts hadn’t yet reached NSA Hawaii—more formally, the Hawaii Cryptologic Center near Wahiawa, on Oahu. “Someplace had to be last” to get the security upgrades, one of the agency’s top executives told me somewhat sheepishly.
If you take Snowden at his word, his goal in revealing the inner secrets of the NSA was to expose what he viewed as massive wrongdoing and overreach: secret programs that monitored Americans on US soil, not just foreigners, in the name of tracking down terrorists who were preparing to attack the United States. The vast databases at NSA Hawaii disgorged several examples of programs that bolstered Snowden’s case that the NSA had used the secret Foreign Intelligence Surveillance Court, and compliant congressional committees, to take its surveillance powers into domestic phone and computer networks that at first glance seemed off-limits by law.
But the main focus of the NSA division within the secure complex in Hawaii was across the Pacific. From Hawaii, not far from Pearl Harbor and the US Pacific Command, the NSA was deploying its very best cyberweapons against its most sensitive targets, including North Korea’s intelligence services and China’s People’s Liberation Army. The weapons ranged from new surveillance techniques that could leap “air gaps” and penetrate computers not connected to the Internet to computer implants that could detonate in time of war, disabling missiles and blinding satellites. While the American public and much of the media were transfixed by the image of a “Big Brother”—tracking not only the numbers they call but the trail of digital dust left by the smartphones in their pockets—the most revealing documents in Snowden’s trove showed the vast ambitions of the nation’s new cyber arsenal.
If the revelation of Operation Olympic Games had given the public a peek through the keyhole at America’s most sophisticated offensive cyber capabilities, Snowden offered the Google Satellite view, from miles above. From there, it was a remarkable sight. It was immediately clear that, over the past decade, the United States had tasked thousands of engineers and contractors, working under tight secrecy, to build a range of new experimental weapons. Some of these weapons merely pierced foreign networks and offered another window into the deliberations and secret deals of adversaries and allies—basically a cyber-assisted form of traditional espionage. But other tools went much further, by burrowing deep into foreign networks that one day the United States could decide to cripple or destroy. The trove of stolen classified documents contained only hints of these programs, since Snowden’s access had only got him so far. But taken together, they strongly suggested that Nitro Zeus had been just the beginning.
* * *
—
At once naïve and cunning, brilliant, articulate, and highly manipulative, Snowden grew up in a North Carolina family steeped in military tradition. A diffident student, Snowden briefly attempted the Special Forces training program before washing out. By his mid-twenties, he had bounced around several colleges, dabbled in Buddhism, and developed a fascination with Japan. He would later
describe his first job as a security guard for the NSA—a modest exaggeration. He did not, in fact, work at Fort Meade. Rather, he had guarded a nearby university research center linked to the NSA.
Snowden’s big break came in 2006, at age twenty-three, when the CIA needed quick hires to fulfill their growing counterterrorism mission. They moved him into a telecommunications job, then sent him—undercover, no less—to Geneva. Three years later he quit, rightly concluding that his expertise would be more profitable in the private sector. He took a position at Dell, advising the NSA on updating its computers, and ultimately ended up in its Hawaii operations. But his real ambition was to work inside the NSA.
Either to cover his tracks or because he sincerely believed it, Snowden had professed early in his career that he hated leaks, leakers, and the news organizations that make use of their material. The Times was on the wrong side of his wrath in 2009, when I revealed in an article that President Bush, in turning down the Israeli request for bunker-busting bombs to deal with Iran’s nuclear program, initiated a secret program to attack the country’s computer networks—what later became “Olympic Games.”
“HOLY SHIT, WTF NYTIMES,” Snowden wrote that day in 2009. “Are they TRYING to start a war? Jesus Christ. They’re like WikiLeaks.”
The man who would later revel in revealing scores of sensitive programs sounded incensed.
“Who the fuck are the anonymous sources telling them this? Those people should be shot in the balls.”
But somewhere along the line Snowden’s views about the importance of shining a light on America’s hidden battles in cyberspace underwent a radical transformation. “It was seeing a continuing litany of lies from senior officials to Congress—and therefore to the American people…that compelled me to act,” he posted in another online chat, after he had fled the United States.
Snowden’s motives at that time remain a subject of vociferous debate. But he wanted a job at the NSA so badly that he broke into a government computer system to swipe the admissions test. Armed with the answers, he aced the exam. Yet when the offer from the NSA came, Snowden was insulted—it was for a midlevel bureaucratic position, with a midlevel salary to match. So he applied for the next best thing: a job at Booz Allen Hamilton, the company that, behind the scenes, had designed many of the NSA’s most important computer systems and provided the staff to keep them running.
Snowden would have a contractor’s badge hanging around his neck, not the NSA badge he coveted. But he would have as much overview as an employee—and more, once he got his hands on a higher-level password.
As a result, the files Snowden scooped up with the $100 web crawler included what Rick Ledgett, the NSA’s number-two official, described to me as “the keys to the kingdom.”
It was Ledgett, an NSA veteran, who pulled the short straw to run what the agency misleadingly called its “Media Leaks Task Force,” as if the NSA’s Snowden problem had instead been about the newspapers and broadcasters who spread the agency’s secret documents around the globe. When I suggested to him once that a more appropriate name might have been the “Insider Threat and Internal Mismanagement Task Force,” Ledgett smiled and demurred.
“Snowden was part of the problem, but not the only problem,” he argued. But Ledgett acknowledged the central fact: the agency “had no idea” that a web crawler you could buy on Amazon had spent weeks working its way through an estimated 1.7 million documents in the agency’s systems.
Exactly how many documents, PowerPoint slides, and databases Snowden copied and smuggled with him when he fled Hawaii for Hong Kong is still a matter of dispute. Most have never been published. But almost all were unencrypted because of an assumption at the time—a remarkable assumption, given the nature of the agency’s mission—that if you were inside the NSA system, you were trusted and could copy just about anything without setting off alarms.
Luckily for the NSA, Snowden didn’t have all the kingdom’s keys. The agency compartmentalizes its data into multiple levels, and Snowden only reached the documents that describe the agency’s programs, but not the specific sources or details of the tools that enable them. But that left plenty to reveal: programs with names like PRISM—that allowed court-approved, if limited, access to the online Google and Yahoo! accounts of tens of millions of Americans. And there was XKeyscore, which offered sophisticated new methods to filter vast flows of Internet data that the NSA tapped into as the data moved around the globe.
The Snowden trove was like an archeological dig through the innovations of the past decade. He had unearthed how the NSA was working to break the encryption of cell-phone data, and how it was undermining even the “virtual private networks”—or VPNs for short—that companies and many computer-savvy users had turned to in hopes of protecting their data. Those private networks turned out to be not quite as private as advertised.
As one of my Times colleagues put it so well, the agency had become “an electronic omnivore of staggering capabilities.”
The documents made clear that we are in a golden age of digital surveillance. The United States was collecting what a presidential commission later called “mass, undigested, non-public personal information” about Americans just in case it wanted to mine that data sometime in the future “for foreign intelligence purposes.” Within the United States debate raged over whether the NSA had overstepped its bounds in sucking up vast amounts of data on Americans, virtually washing away any distinction between “domestic” and “foreign” communications.
But from the beginning America’s allies and adversaries learned something far more important from the Snowden documents—namely, that the NSA’s interests in global surveillance and sabotage went well beyond Iranian centrifuge plants. Snowden gave these observers two gifts. The first was an understanding of the NSA’s global operations from Berlin to Beijing. The second was an excuse for countries around the world to attempt to stymie American technological dominance in their markets.
The starkest lesson to emerge from the Stuxnet and Snowden experiences is that the cyber world still operated with almost no internationally accepted rules of behavior. It was, as Obama put it, the “wild, wild West,” in which countries, terrorists, and tech companies constantly tested the boundaries with few repercussions.
China and Russia would use the Snowden revelations to justify draconian rules that require any American company operating within their borders to turn over pictures, emails, and chats on demand—essentially cooperating in the perpetuation of an authoritarian state.
As for Europe, after the Germans realized the NSA was keeping a busy surveillance office open on the rooftop of the American embassy overlooking the famed Brandenburg Gate, they began talking about creating a “Schengen” routing system in which online data would be kept in Europe. It would be designed to defend against their ally, the United States, more than against their Russian adversaries. The idea was enthusiastically endorsed by Chancellor Angela Merkel, whose cell phone was an NSA target. But the plan was also technologically ill conceived, and eventually the Germans discovered it would do nothing to prevent the NSA from hacking into their networks. In fact, it might even make it easier.
* * *
—
A half decade after the Snowden revelations, it is remarkable how many questions the NSA was never forced to answer in public. Its officials were able to hide behind the secrecy that surrounds its operations, even though the Snowden trove gave the world an unparalleled look at their work. Publicly, the intelligence agency leadership treated the entire Snowden insider leak as equivalent to a natural disaster: something you regretted but couldn’t do anything about.
James Clapper said Snowden had taken advantage of “a perfect storm” of security lapses, yet no one was publicly blamed for those lapses. “He knew exactly what he was doing,” Clapper said. “And he was pretty skilled at staying below the radar, so what he was doing wasn’t visible.”<
br />
Modest changes were made after Snowden’s revelations. The NSA briefly cracked open its doors, recognizing that it had to explain itself to the American people. One civilian NSA worker was removed from his job—presumably the one who’d let Snowden use his higher-level passwords—and a contractor and a military officer were blocked from access to NSA data. But the agency offered no information on Snowden. No one wanted to explain in too much detail what had happened, or who should be held accountable. The era of “No Such Agency,” as its employees used to call it, only half in jest, had to end, but accountability had its limits.
Neither Booz Allen nor the NSA ever explained how Snowden could load vast amounts of data on some kind of electronic device—he has never said what it was—and walk out the door, uninspected and unimpeded. While intelligence officials kept darkly hinting that Snowden must have been working for the Chinese or the Russians all along, they never offered proof that he was a sleeper agent burrowed deeply inside the NSA. Instead, they whispered suggestions to reporters that they examine where Snowden was staying in Hong Kong and look into how his exile in Russia was arranged. But if officials collected evidence that the world’s two other superpowers had placed Snowden in the midst of NSA Hawaii, they have never offered it—perhaps because they hope to prosecute him someday, or perhaps because it would be so supremely embarrassing.
Most important, the NSA has never had to account for the fact that it ignored so many warnings about its well-documented vulnerabilities to a new era of insider threats. The warnings had been quite public. Only three years before the Snowden breach, an army private now known as Chelsea Manning had gotten away with essentially the same thing in Iraq—downloading hundreds of thousands of military videos and State Department cables and handing them off to WikiLeaks.