The Edward Snowden Affair
Page 28
Recalling the SCMP reports, the NSA’s targets extend well beyond terrorist networks and include foreign banks, universities and civilian computers and networks. As outlined in the President’s directive, other objectives are “to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves.”
The first stage of American cyberespionage is assigned to the NSA division with an oxymoronic acronym, Tailored Access Operations (TAO). TAO is comprised of engineers who construct tailor-made software and hardware for the secret agency to deploy. They have a range of ready-made templates engineered to fit a variety of standard “routers, switches and firewalls from multiple product vendor lines.” TAO’s spying products are designed to copy stored files, survive program updates and retrieve communications. The department’s current project is to create biometric software that can detect and record an individual’s conversation out of a sea of chatter. Once realized, it will be analogous to being able to distinctly and clearly understand what a single person is saying in a stadium full of roaring fans.
Gellman then decided to take a day off. Der Spiegel took the disclosure helm with the uncredited exposé, “NSA Spied on Al Jazeera Communications.”102 It is a brief overview of the NSA’s surveillance of the Arab broadcaster Al Jazeera. The news outlet has broadcast al-Qaeda video messages for more than 10 years. A March 23, 2006 classified document shows American intelligence hacked into Al Jazeera’s internal network. The espionage effort was considered a “notable success.” The agency accessed and read communications by many “interesting targets.” In the process it had gained access to Russia’s Aeroflot flight reservation service database. It is possible the U.S. government knew Snowden was en route to Cuba via Russia before his flight made headlines.
Gellman returned the next day to publish the fifth editorial in the Black Budget series, “U.S. intelligence agencies spend millions to hunt for insider threats, document shows.”103 Following his report on the NSA’s success and failures, Gellman devotes more time to the threat of internal spies within the intelligence community. The sudden alarm was the result of Manning having given thousands of documents to WikiLeaks in 2010. Congress demanded Clapper conduct an investigation of current employees. Interestingly, Capitol Hill had given the director of national intelligence an October 2012 deadline to install an automated detection system. If he had met the project’s cut-off date, the world might not have heard of Edward Snowden.
The previously cited investigation of 4,000 current intelligence employees was the result of keystroke monitoring raising eyebrows. The NSA discovered agents were irregularly accessing databases and downloading multiple documents. Though Snowden had done the latter, he failed to arouse suspicion because of his job title and by masking his identity under other employee’s accounts. Gellman suggests the administration’s anxiety applies to a previous budget year because it took place “long before” Snowden leaked his information. Even if the proposed reevaluations were for the present year under discussion, 2012, Snowden’s USIS background check had occurred in 2011. Strangely, if the timeframes were aligned, the whistleblower wouldn’t have needed to worry. An anonymous NSA representative stated “contractors like Snowden” weren’t being put under the magnifying glass. No further explanation was given why he would have been automatically exempt from suspicion.
However, the intelligence community’s primary concern was not whistleblowers. It was infiltration. It is reported that one in five CIA applicants within a particular employment “subset” are turned down because something in their background suggests a potential terrorist element or, in the agency’s terms, the candidates possess “significant terrorist and/or hostile intelligence connections.”
The report reveals Washington freely and unapologetically views all leaks as a treasonous or terrorist act. Obama instituted an insider threat policy through an Executive Order issued in November 2012.104 It designates the unauthorized release of classified material as “espionage” and equates it with terrorism. Gellman quotes Steven Aftergood, a government secrecy expert, “It’s disturbing, because they [whistleblowing and terrorism] are not the same. There are such things as a good leak. Some classified things should be public. The official policy does not admit that distinction.”
Sixth in the collection of exposés is “U.S. documents detail al-Qaeda’s efforts to fight back against drones.”105 It premiered on September 2. An accompanying document106 maintained by the Post reports 358 drone attacks have occurred in Pakistan since 2004, averaging a bombing every nine days. There have been a total of 70 in Yemen and Somalia since 2002, averaging one attack every two months. The Snowden disclosures report Al-Queda is attempting to develop and implement antidrone tactics because of the persistent threat. These include satellite interference “with GPS signals and infrared tags that drone operators rely on to pinpoint missile targets.” Gellman makes sure to add he is not revealing delicate classified information. As researchers at the University of Texas proved in 2012, radar confusion is as simple as replicating a drone’s GPS signal and redirecting the aircraft. However, to date al-Qaeda has been unsuccessful in disrupting a single attack. The satellite transmissions are encrypted.
Unfortunately, the U.S. military has failed to encrypt drones’ video relays. In 2009 Iraqi insurgents on the ground could see where a drone was traveling the same as the Americans who were flying the aircraft. Video feed encryption for drones will not be completed until 2014. Gellman also relays that a drone’s inherent weak point is identical to the Achilles Heel of a remote controlled car. Once it moves out of range, a drone cannot be manually navigated. American intelligence must wait for the autopilot program to return the aircraft to a receiving area. On rare occasions drones have crashed before intelligence regained control.
Classified documents show the intelligence community is also concerned with public opinion. In the same manner that the phrase “The War on Iraq” was consciously changed to eliminate the human element and replaced with the more abstract “The War on Terror,” military intelligence was aware the term “drone” possesses a cold, apathetic sensibility. Amongst the lexicon substitutions offered was “robot warfare” despite the opposition having no aerial weaponry. Gellman refrains from noting similarities in intelligence labeling an individual under surveillance a “target”—an inanimate object which is designed to be fired upon—as opposed to a “suspect” who has yet to be convicted of a crime.
Gellman closed the Black Budget series on September 3 with “Top-secret U.S. intelligence files show new levels of distrust of Pakistan.”107 In lieu of the United States bombing the nation almost weekly, Washington considers Pakistan an ally but keeps it at arm’s length much like Germany and Israel. Paradoxically, and perhaps due to a guilty conscience, the U.S. has given the country an average of two billion dollars in aid per year over the course of the last decade. Still, America’s actions reveal its attitude. As Pakistan’s former ambassador to the United States, Husain Haqqani, observed, “The mistrust now exceeds the trust.”
Though it would serve American intelligence well to remain on good terms with the Middle Eastern country due to its proximity to centralized Islamic concentrations, the United States is apprehensive about Pakistan because of its estimated 120 nuclear arms, human rights abuses and biological and chemical weapons stores. The root of the intelligence community’s trepidation is the security of the foreign land. Washington worries that if Islamic militants were to take over, Pakistan’s weapons would be turned toward America. One of the most critical intelligence gaps regarding Pakistan is how the country transports and builds its nuclear weaponry. Because of this, the U.S. intelligence is making full use of its surveillance abilities in Afghanistan in order to keep an eye on the country’s eastern neighbor.
At best, the Pakistani-U.S. alliance is an uncomfortable one. Washington has been caught more than once turning a blind eye to Pakistan’s human rights abuses. A September 2009
cable from the U.S. Embassy in Islamabad to Washington reported extrajudicial militant killings by the Pakistan army. The Obama administration sought to silence the incident for fear of bad press because of America’s political affiliation. When the message was leaked and later disclosed on WikiLeaks the following year, the White House informed the public it had remained quiet in order to keep the foreign nation’s military from suffering retaliation. In November 2010, a video appeared online showing six bound and blindfolded men being executed by the Pakistani militia. Only “low-level Pakistani army units” the White House believed to have been responsible were refused their regular financial support. U.S. intelligence discovered in May 2012 that Pakistani officers aimed to “eliminate” human rights activist Asma Jahangir “to quiet public criticism of the military.” Neither the U.S. military nor U.N. intervened. Once Jahangir was told of the plot, she quickly conducted a series of interviews to raise public awareness. She is still alive.
As Gellman was informing the world of the NSA’s internal trust issues, Der Spiegel presented a very brief disclosure, “NSA Targeted French Foreign Ministry.”108 With the exception of the Morales plane incident and U.N. spying allegations, France had avoided the disclosure spotlight. The article states that a June 2010 classified document shows the NSA was monitoring French diplomats’ computer networks and, like the U.N. offices in New York and Washington, did so by exploiting the VPN. The hack granted access to diplomatie.gouv.fr and resulted in a “collection of computer screens.” It is unclear if this is intelligence jargon for multiple screenshots or continued, open access to a number of computers. Though a medium intelligence priority at best, the NSA was data mining America’s ally in hopes of stealing information relating to France’s weapons trade and economics. The nation’s president, Francois Hollande, had already threatened to suspend free-trade talks with the U.S. after the initial U.N. spying reports were released.
Rounding out September 1 was an 11-minute Fantastico news report.109 Using an internal NSA document dated June 2012, the news program displayed intercepted text messages by then-Mexican president Enrique Pena Nieto. The purloined intelligence included the then-candidate’s considerations for cabinet members. The nine other presidential candidates were also placed under surveillance over a course of two weeks. A program called “Mainway” collected bulk data, and “Dishfire” filtered the communications. The NSA had also surveilled Brazil’s leader, Dilma Rousseff, and her chief advisors. During the production of the news broadcast, Greenwald set up an encrypted chat with Snowden and the Fantastico staff. (Knowing he would be quoted, Snowden made sure to state he was unable to comment directly on the contents of the classified documents lest he hurt Russia’s ally.)
The NSA viewed the espionage assignment as proof it could “find a needle in a haystack.” Another series of confidential slides show that after a “hop,” the intelligence community attempts to establish connections and associations between secondary targets. This is referred to as “Hop 1.5.” Another slide asks, “Friends, Enemies, or Problems?” and lists Brazil, Egypt, India, Iran, Mexico, Saudi Arabia, Somalia, Sudan, Turkey, Yemen and “others” for the project years 2014 to 2019. An internal newsletter dated May 2005 states, “ISI (the International Security Issues division of the NSA) is responsible for [the surveillance of] 13 individual nation states in three continents. One significant tie that binds all these countries together is their importance to U.S. economic, trade, and defense concerns. The Western Europe and Strategic Partnerships division [of the NSA] primarily focuses on foreign policy and trade activities of Belgium, France, Germany, Italy, and Spain, as well as Brazil, Japan and Mexico.” It goes on to add, “The Aegean and Ukraine division works all aspects of the Turkish target” including diplomatic relations. ISI is also tasked with gathering “financial intelligence.” The newsletter announces the NSA intends to establish ISI divisions outside of its Washington bases. The expansion includes ISI technicians in Georgia, Hawaii, Texas and the European Security Command. ISI workers were scheduled to begin arriving in Texas in June.
As had been the case with previous exclusives, the news station’s timing was deliberate. Fanastico’s latest exposé premiered shortly after Mexico’s minister of justice, Jose Eduardo Cardozo, had returned home following talks with vice president Biden about the O Globo disclosure reports. Biden was slated to travel south shortly after the newscast to discuss Mexico’s economic policy. Rousseff was scheduled to arrive in Washington in October. It was a highly anticipated visit signifying Brazil’s growing stature on the world’s stage. The day after Fanastico aired its report, Rousseff summoned Brazil’s U.S. ambassador.110 She demanded answers.
In 2010, The Guardian, Times and Der Spiegel blanketed the globe with headline-grabbing news. They simultaneously reported on the U.S. government’s “War Logs,” a data dump consisting of 91,731 files pertaining to the Afghanistan War which WikiLeaks posted online on July 25.111 Three news sources came together again, this time with ProPublica filling in for Der Spiegel, to issue one of the biggest exposés within the Snowden files. The reports took two months to produce.112
Greenwald reemerged on September 5 to present, “Revealed: how US and UK spy agencies defeat internet privacy and security.”113 Not content with having access to only Microsoft’s operating systems, Greenwald reports that GCHQ and the NSA developed and are using technology that cracks encryption codes across the Internet. A classified 2010 GCHQ documents states, “For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used internet encryption technologies. Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.” Despite Internet companies’ assurances that their transmissions were secure, the intelligence agencies have access to the contents of protected email, web searches, online chats, banking transactions and even medical records.
Both spy agencies view encryption as a domestic war, as evidenced by the chosen code names for their collection and decoding programs. The NSA’s is “Bullrun,” the namesake of one of the primary battles fought during the American Civil War. GCHQ’s is “Edgehill,” the first major conflict of the English Civil War.
The intelligence communities use many decryption methods. One is the standard brute force attack. As previously noted, a supercomputer runs all of the possible permutations of numbers, letters and symbols until it finds the correct password or phrase. But this time-consuming technique is not their primary weapon against encoding. Gellman hinted at it six days before when presenting the various cyberattack techniques deployed by the NSA.
The NSA had snuggled closer to private Internet companies and become bedfellows with online security firms. With the latter, a portion of SIGINT’s $254.9 million Black Budget bought American intelligence knowledge of antivirus programs’ vulnerabilities as well as ensured backdoors would be—and would remain—available. In short, the spy agency’s Commercial Solutions Center division contracted Internet defense businesses to ignore or create and install exploitable weakness in their programs which would only be known by the intelligence community. In the NSA’s terms, the funds allowed the agency to “[ … ] covertly influence and/or overtly leverage their [U.S. and foreign IT industries’] commercial products’ design.” This includes the heightened security 4G cell phones are said to provide. When questioned if computer protection programs had built-in backdoors, many major antivirus distributors refused to comment or claimed ignorance of possible government involvement.114
GCHQ and the NSA were also forced to confront private Internet companies that had responded to consumer demands for greater security. In online encryption surveillance, two types of secure data transfers are carefully monitored, Transport Layer Security (TLS) and Secure Sockets Layer (SSL). The technology was first made widely available to the public by financial institutions and then online merchandisers before becoming standard practice for most major websites worldwide. This programming assures a web surfer that only the person browsing the Int
ernet is communicating with a specific website. A secure connection is made by a browser simultaneously sending an asymmetric or public key alongside its website request. If the browser recognizes that the website has a SSL certificate, it uses the key to establish a secure, symmetric connection between the user and website. Any website with the URL prefix “HTTPS” (as opposed to the highly vulnerable “HTTP”) is using TLS/SSL technology. The universal sign for a secure connection is a green padlock in a computer screen’s address bar.
A security certificate is an electronic document which verifies that the owner of the website has the rights to the website domain or, in laymen’s terms, it ensures a user that when a web address is entered, the individual or company claiming to own the website actually does. However, a classified document reveals in 2006, the NSA convinced the agency that oversees certificate licensing, the U.S. National Institute of Standards and Technology, to issue the NSA’s version of the draft standard. The next year two cryptographers discovered the agency had included exploitable flaws in its proposal. The result, as American intelligence itself admits, was “[ … ] NSA became the sole editor.” U.S. intelligence sought to further weaken the authority’s power in 2013. A slated agenda within the Black Budget application is to “influence policies, standards and specifications for commercial public key technologies.”
Without the encryption key, successful SSL infiltration that avoids detection is difficult and requires a large budget but is nonetheless possible. The safety feature can be compromised by instigating a “Man in the Middle” (MITM) attack.115 Essentially, this type of hack does not break the SSL code but captures user data by impersonating a secure website. It reroutes a website request to a faux Internet location (which must look and operate like the desired, authentic, certified website). While the user browses the fake webpage, data is gathered without the web surfer noticing. But this is unnecessary if a spy has the encryption key for the website’s SSL certificate. The analyst merely unlocks and records the data flow.