By the rules of spy craft, that is entirely in-bounds. America spies, China spies, Russia spies—and turning the tables is fair play. But there is a long-term cost that Snowden, perhaps unintentionally, highlighted. If the United States wanted to set rules for the rest of the world to play by—starting with not exploiting technology that can undermine critical infrastructure—it would have to be willing to give something up. And as Shotgiant made clear, no one in the NSA, or beyond, wanted to contemplate what that might be.
* * *
—
The China files showed that Huawei was hardly the NSA’s only target. In 2013 the agency cracked two of China’s biggest cell-phone networks and was happy to discover that some of the most strategically important units of the Chinese Army—including several that maintain its nuclear weapons—were overly dependent on easy-to-track cell phones. Other Snowden documents laid out how the NSA had mapped where the Chinese leadership lives and works. There was a huge bull’s-eye on Zhongnanhai—the walled compound next to the Forbidden City that was once a playground of the emperors and their concubines. Today it is a mix of ancient splendor and some aged-looking suburban homes with—at least until the Snowden revelations—ill-protected Wi-Fi networks. It turned out that the Chinese leadership, like everyone else, were constantly complaining about how slow their Wi-Fi was and upgrading their equipment. That created an opportunity for the NSA.
It was one that the Tailored Access Operations unit was prepared to tackle. In late 2013, Der Spiegel published the “ANT catalog,” an equipment catalog that James Bond might have admired.
Starting in 2008 or so, the NSA began making use of new tools designed to steal or alter data in a computer even if it is not connected to a network—exactly what it did in Iran to get past the “air gap” that separated the Natanz plant from the digital world.
The most ingenious of the devices relied on a covert channel of low-frequency radio waves transmitted from tiny circuit boards and USB keys inserted surreptitiously into the target computers. Getting the equipment into the computers required, of course, that the United States or one of its allies insert the hardware into the devices before they were shipped from the factory, divert them while they were in transit, or find a stealthy spy with a way to gain access to them—no easy task. But sometimes it was also possible to fool a target into inserting the devices themselves. The ANT catalog included one device, called Cottonmouth I, that looked like a normal USB plug that you might buy at Office Depot. But it had a tiny transceiver buried inside that leapt onto a covert radio channel to allow “data infiltration and exfiltration.”
Once the illicit circuitry was in place, the catalog indicated, signals from the computer were sent to a briefcase-size relay station—wonderfully called “Nightstand”—that intelligence agencies could place up to eight miles away from the target. In other words, an American intelligence agent sitting in a smoggy coffeehouse across Beijing from Zhongnanhai could be pumping email exchanges among the leaders, or their spouses and children, back to Washington.
The simplest way to think about the ANT catalog was that it updated the “bugs” that intelligence agents had been putting into telephones since the 1920s. But that misses the scope of what the equipment can pick up from computer networks, and the opportunities for cyberattack. The catalog revealed a new class of hardware with a scale and sophistication that enabled the NSA to get into—and alter data on—computers and networks that their operators thought were completely sealed off from the Internet, and thus impermeable to outside attack. The NSA had even gone to the trouble of setting up two data centers in China, apparently through front companies, whose main purpose was to insert the malware into computer systems.
The system, which the NSA called “Quantum,” was used beyond China: there were parallel efforts to get malware into Russian military networks and systems used by the Mexican police and drug cartels.
Not surprisingly, when the Times prepared to publish some of these details, NSA officials declined to confirm, at least on the record, that the documents described any of their programs. Off the record, they said it was all part of a new doctrine of “active defense” against foreign cyberattacks. In short, it was aimed more at surveillance than at “computer network attack”—NSA-speak for offensive action.
The problem, of course, is that the Chinese would never believe this. When Americans find similar “implants” in our gas-distribution network, or financial markets, we immediately assume the worst—that China is preparing to attack. I asked one senior NSA official how they might signal to China, or any other adversary, that these were merely monitoring tools, not digital land mines set to explode in a few years.
“That’s the problem,” he said. “We can’t convince them. And they can’t convince us.”
There was another problem. NSA officials didn’t think the ANT catalog came from any documents that Snowden’s “crawler” had touched. They began looking for another insider—a second Snowden.
* * *
—
The Snowden disclosures are now years old and describe some activities that took place before Barack Obama was elected president. As a result, some officials now argue that the damage to the NSA, while severe at the time, has diminished dramatically. Like a new iPhone or a blazing-fast laptop, the technology of surveillance and attack can look dated after a year or two. And programs that seem vital when they are created can be overtaken by events—or the arrival of new technology.
That was the argument that Adm. Rogers made to me when I first visited him at the NSA in 2014, just as he was taking over as the director of the agency and the chief of US Cyber Command. Yes, some terrorist groups had changed their tactics once they figured out how the United States was listening in on them, he said, pacing to stretch a bad back in his NSA office in Fort Meade. Yes, he acknowledged, many allies were angry—some because they discovered Washington was spying on them (like the Germans), and others because Snowden revealed they were secretly helping the Americans (the list was long, but also included the Germans).
But then he added: “You have not heard me as the director say, ‘Oh, my God, the sky is falling.’ I am trying to be very specific and very measured in my characterizations.”
But as the discussion went on, it became clear that Rogers worried about one more long-lasting effect of the disclosures: they could, he said, take an unseen toll on the willingness of allies to work with the United States and share what they learned about the world. It was not that the intelligence agencies of Germany, France, or Britain were shocked by what they read: they knew that America spied on them, and they had plenty of programs of their own to spy on the United States. Rogers’s fear was that the need for leaders in those countries to publicly condemn American overreach would have a corrosive effect on future cooperation.
Clearly, the biggest worry surrounded Chancellor Angela Merkel. One of the documents—which also now appears to have come not from the Snowden trove but from another insider leak—strongly suggested Merkel’s personal cell phone had been tapped after she became the party leader of the Christian Democratic Union. That was a decade and a half earlier, long before anyone seriously thought she could emerge as leader of the country. It wasn’t a cyber operation; it was plain old phone tapping.
But Merkel was outraged—and she let Obama know it. “Spying among friends—that simply isn’t done,” she said, at one point waving her hopelessly-out-of-date personal cell phone at reporters. Of course it was done, all the time, including by Merkel’s own intelligence agency, the BND.
It was never quite proven that the NSA was actively listening to Merkel. But Obama was forced to take the unusual step of publicly declaring that he was taking his close ally off the list of NSA targets.
Unsatisfied, Merkel called Obama and, as she later said, reminded him that she had grown up in East Germany under the Stasi, the secret police. And in her arch way, Merk
el made it clear to Obama that she thought there was little difference between how that secret police force monitored its people and what the United States was doing with allies. “This is like the Stasi,” Merkel told him.
But Merkel was hardly the only target—the United States was also listening to the leaders of Mexico and Brazil. (After publicly declaring that Merkel would no longer be a target, Obama wouldn’t say which other world leaders came off the list, and more important which ones stayed on.)
The lesson of the Merkel affair was that the NSA, in its single-minded passion to pick up every bit of foreign intelligence that it could, failed to consider the damage that might be done if its activities ever became public. No one was reviewing its target list to see if it passed the simple test applied to covert actions at the CIA: if this operation was splashed across the front pages of the Times and the Post, would someone have to resign in disgrace? In fact, a senior Obama national-security official told me that while the CIA’s covert actions were reviewed every year, no one had done the equivalent on a regular basis with the NSA. That quickly changed.
Still, intelligence leaders were unapologetic, other than for getting caught. Intelligence agencies were created to spy on foreigners, they said, both friend and foe. “We’re talking about a huge enterprise here, with thousands and thousands of individual requirements,” General Clapper, who found himself in the crosshairs after the revelation, told members of Congress.
He justified the spying on allies with a simple mantra: trust no one. The United States spies on its friends to see “if what they’re saying gels with what’s actually going on,” he added, and how the words and actions of other nations “impact us across a whole range of issues.”
Clapper was speaking the truth. But it was a realpolitik moment because the revelations had made clear how voracious America’s data appetite had become. In Germany, and around the world, the NSA was trying to gather cellular and landline phone numbers—often obtained from American diplomats—for as many foreign officials as possible. The contents of the intercepted phone calls were then stored in computer databases that could regularly be searched using keywords.
“They suck up every phone number they can in Germany,” one former intelligence official told me and my colleague Mark Mazzetti. And during some fierce conversations between American and German intelligence chiefs after the Snowden revelations, the United States made clear it was not about to stop the practice, except in the case of the German chancellor’s own phone.
Obama and Merkel struggled to repair the damage. “Susan Rice has been very clear to us,” one senior German official told me at the time, referring to the US national security adviser. “The US is not going to set a precedent” by vowing not to spy on an allied government.
The Snowden revelations forever changed the way Germany thought about its post–World War II ally. Politicians in both Washington and Berlin like to celebrate the closeness of the alliance and describe it as unshakable. The relationship is close, but clearly shakable—and rooted in some mistrust.
Clapper insisted that Snowden merely gave Americans a vision into what Congress set up the agency to do: break into foreign signals intelligence. And so he saw Snowden as just a malicious actor, who talked about protecting Americans from snooping but revealed much more to American adversaries. “What he exposed was way beyond so-called domestic surveillance,” Clapper said.
Later, after he had left office, he told me that Snowden’s revelations forced the United States to end a program that had helped stop IED attacks—the improvised explosive devices that killed and maimed so many Americans and civilians alike—in Afghanistan. “The day after Glenn Greenwald wrote about it in the Guardian, it was shut down,” he contended, referring to the American who became Snowden’s biggest supporter. “He did huge damage that we’re all paying for,” Clapper insisted. “He was a narcissistic, self-centered ideologue.”
All true. But he may have also done us a favor by forcing Washington and the new giants of the Internet—Google, Facebook, Microsoft, Intel—to rethink their relationship with the US government as well.
CHAPTER IV
MAN IN THE MIDDLE
No hard feelings, but my job is to make their job hard.
—Eric Grosse, Google’s head of security, talking about the NSA
It was the smiley face that got to the engineers at Google.
The face was drawn at the bottom of a handwritten diagram on yellow paper that looked a bit like something an engineer might sketch at a coffee shop—save for the fact that it was on a slide marked TOP SECRET//SI//NOFORN and included in Snowden’s trove of leaked documents.
The diagram revealed that the NSA was trying, maybe successfully, to insert itself in the nexus between the “Public Internet” and the “Google Cloud” in a move called a “man in the middle” attack. In other words, everything that went into and came out of Google’s international data centers, connecting its customers around the world, could be intercepted. The drawing included an arrow pointing to the place in the diagram that corresponded to where the NSA was inserting itself. Next to the arrow, adding insult to injury, the author of the slide had doodled a smiley face.
The diagram made a single fact very stark: the NSA was working to secretly infiltrate the communications links connecting the various “front-end servers” that Google had distributed around the world, and which were used to store everything its customers held dear. Those servers were spread around the world for a very practical reason: speed of access to information. Someone in Singapore pulling documents down from the Google Cloud didn’t have to wait until the data made its way halfway around the Earth from Scotland.
By finding a way in between two servers, the NSA would be able to intercept all kinds of traffic moving between them and the outside world, from Gmail messages to Google documents, even searches on Google Maps. With that one brilliant stroke of digital spy craft, the NSA would gain access to data from hundreds of millions of accounts—mostly those of non-Americans, but the accounts of millions of Americans as well. To harvest the data on “U.S. Persons,” the NSA would have to get a court order, but foreigners—anyone who wasn’t legally an “American person”—were fair game for the NSA, no court orders required. For the first time, the NSA would have access to the thinking, search habits, and secret communications of millions of people overseas—allies and adversaries alike. It was an intelligence agency’s dream.
The diagram didn’t specify exactly how the NSA was planning on getting between those servers, but there were only a few possible options. The NSA would have to hack in remotely from one of its bases around the world, physically tap the undersea cables themselves, or get cooperation from a foreign partner, such as the British. The most likely method was physically tapping the termination points in a country where the undersea cables came ashore. And since Google had not gotten around to encrypting the data that was “in transit” through these cables, merely getting into the network itself was the price of admission to the data.
When the Washington Post first published the slide, on October 30, 2013, over four months after the first Snowden revelations, the reaction inside the Googleplex in Mountain View was immediate and predictable.
“Fuck these guys,” wrote Brandon Downey, one of Google’s security engineers, on his Google Plus page, before going on, in true Silicon Valley fashion, to compare the moment to a scene from Lord of the Rings: “It’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.”
Google’s official response was only slightly more diplomatic: “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Not surprisingly,
the US government was not especially interested in discussing “reform.” In the NSA’s view, Google’s networks were fair game for message interception, just as the fiber-optic cables traversing the globe were open for intercepting message traffic. As long as the communications in question were between foreigners, and involved no “US persons” as defined by the law, intercepting their Gmail traffic and their searches was all part of a day’s work for America’s digital spies.
But the government, and the NSA in particular, had missed a major turn in the way Americans viewed the importance of the privacy of the data they now carried on their smartphones and laptops. When phones were landlines, hardwired to the house, and international calls were expensive and rare for ordinary Americans, there was little public outrage if the government kept tabs on international phone lines. And in the years after the September 11 attacks, there was considerable public sympathy for the government’s interest in going after terrorist communications.
All that changed with the invention of the smartphone. Suddenly, the information the NSA was sweeping up wasn’t just telephone traffic. For the first time people were keeping their whole lives in their pockets—their medical data, their banking information and work emails, their texts with spouses, lovers, and friends. It was all being stored in those Google servers, and others like it run by Yahoo! and Microsoft and smaller competitors. And depending on where one was, that data could be stored anywhere. The distinction between “international” communications and “domestic” communications was virtually wiped out. All of a sudden the idea of the government’s getting inside Google’s servers seemed a lot more worrisome.
The Perfect Weapon Page 10
