U.S. texts do sometimes discuss telecommunications electronics material protected from emanating spurious transmissions (TEMPEST), a term NSA coined to describe protections against unintended electromagnetic emanations from information and communications technology,1 but the emphasis on U.S. information security is overwhelmingly on computer science, not the physics of TEMPEST.
One reason for this difference in emphasis in cybersecurity could be that very little information about recovering information from undesired RF emanations from electronics is publicly available in the West, whereas in Russia, such information abounds. For instance, I recently found over a dozen Russian-language textbooks on the protection against “information leakage through technical channels” and PEMIN (Побочные Электро Магнитные Излучения и Наводки,2 Russia’s version of TEMPEST, literally “side electromagnetic emissions and light”), and each of these texts delved deeply into both passive (e.g., microphonics from acoustoelectric transduction) and active (e.g., RF imposition) surveillance techniques. Similarly, the syllabi of most information security programs at Russian universities also describe such phenomena in great depth.
So why does the Russian government, which is well known for keeping an iron grip on “state secrets,” permit such wide and open discussion of surveillance techniques that are known only to a few specialists—most with high security clearances—in the West? In fact, one of the Russian-language documents that describes surveillance techniques for electromagnetic emanations in depth, Basic Model: The Threat of Personal Data Safety in Their Processing in the Information Systems of Personal Data,3 is published by the Russian government (Federal Bureau for Technology and Export Control, or FSTEK) itself!
Another explanation is that, in a nation rampant with organized crime, businesses—upon which the fragile Russian economy depends—put an extremely high priority on protecting themselves from industrial espionage and theft carried out by highly skilled former KGB or FSB technical operatives.
In the preface to a comprehensive textbook describing ultrasophisticated technical surveillance techniques, Technical Methods of Protecting Information, PEMIN expert Yuri Sidorin (at a Russian government-run polytechnic university in Saint Petersburg) wrote:
The collapse of the former Soviet Union, the formation of new states, lack of clear boundaries, a crisis in the economy, weakening of all kinds of responsibility and imperfect legislation resulted in a sharp increase in criminal groups. The presence of criminals with considerable money allows [these criminals] to create technically well-equipped mobile groups. The use of new technology and the bribing of employees (or introducing their people into the firm) allows criminals to successfully conduct their operations. The objects of their activity are private firms, factories, bases and warehouses, oil and gas processing stations, museums, valuable artistic property of the state and citizens, etc. Activities of these criminal groups leads to a sharp decline in the company’s income, and in some cases also to its collapse.4
Another reason the Russian government allows open discussion of these techniques, and openly publishes such information itself, could be that, in Russia, these surveillance methods are not worth protecting as “state secrets” because they are common knowledge.
Which raises the question: Since the Russians pioneered these surveillance techniques (e.g., the Thing, MUTS/TUMS), did they suddenly stop developing them when the Soviet Union collapsed in 1991, or did they continue apace so that they now possess vastly more sophisticated and capable surveillance methods that they don’t talk about?
Common sense says that the Russians, who place an extremely high priority on intelligence gathering, have continued to invest heavily in technical surveillance technology and that they either have maintained—or even extended—their lead over the West in these areas.
Why do I believe that the Russians had in the past, and probably enjoy today, a lead in technical surveillance? Well, let’s go back to two cases, MUTS/TUMS, and the bugging of the New Office Building (NOB) in Moscow. The functions of MUTS and TUMS were a mystery to both State and CIA, suggesting that Soviet tradecraft exceeded that of either U.S. organization. Then, when CIA first discovered the NOB implants in 1982, they told the State Department that although they did not fully understand what the Soviets were up to, they were confident that the United States could counter the implants without removing them and that construction could continue.5
By the late 1980s, however, CIA concluded that they could not guarantee the security of the embassy through countermeasures and so recommended that the entire NOB be torn down and rebuilt under very tight security. (State refused to do this and ultimately consented only to the rebuilding of the top floors that housed the most sensitive operations, so that, to this day, the bottom floors of the U.S. chancery in Moscow are riddled with Russian listening devices.6)
What’s disturbing to me about all this is that the Russian-American difference in emphasis in training on information security and level of technical surveillance tradecraft has created what I call a cyber blind spot in U.S. information systems. If you asked any U.S. cybersecurity expert what radar flooding or microphonic exploitation are, ninety-nine times out of a hundred, you’d get a blank stare. But if you asked almost any Russian information security specialist about these same topics (using the Russian terms RF imposition in place of radar flooding and PEMIN in place of microphonics), ninety-nine times out of a hundred, you’d get instant recognition.
So you tell me: If, in country A, almost everyone in information security is familiar with a class of exploits that are virtually unknown in country B, whose computers and networks will be at higher risk?
And by American computers and networks, I’m not confining my concerns to government national security systems: other large organizations—banks, financial institutions, utilities, election systems, and IT—also have a cyber blind spot and are open to penetration from foreign intelligence services (such as Russia’s SVR, FSB, or GRU) who seek to disrupt the U.S. economy, steal industrial secrets, and/or sow dissension.
The subject of dissension brings me back to the who-hates-whom chart.
To me, the chart was not just part of the GUNMAN story but the whole story itself. Having lived on the chart as a senior intelligence official at NSA, then at ODNI, and experienced the turf wars, rivalries, and distrust (e.g., the CIA officer who was sure Gandy faked the GUNMAN discovery to build his reputation and budget, and Mike Arneson, who thought CIA might have been responsible for the bug), I can testify with some authority that the infighting inside the U.S. national security community makes us incredibly vulnerable to Russian provocations, and the Russians know this.
Hints about Russian strategies for sowing dissension in the U.S. national security community and government can be found in recent attacks attributed to them. In both the 2016 hack of the Democratic National Committee (DNC) and the 2018 nerve agent attack in the UK, Russia left subtle—or not-so-subtle—calling cards that allowed the attacks to be attributed to them, while at the same time providing plausible deniability. The DNC hack was traced to Russian intelligence by various means, including analysis of the host network and methods used by the attackers.
The problem is, Russian intelligence has world-class hackers that are extremely proficient at making attribution of their attacks impossible, so if the Kremlin had absolutely, positively wanted to mask their involvement in the DNC hacks, they were perfectly capable of doing so. This implies that Russian leaders wanted to leave a strong hint that Russia had carried out the attack, possibly as a policy deterrent (“See,” the Kremlin might be saying, “this is what Russia is capable of when you piss us off, as Hillary did in 2011 when she encouraged Russian dissidents”) and possibly to ignite a huge internal debate in the United States over Russia.
The attack on GRU defector Sergei Skripal and his daughter, Yulia, in 2018, using a nerve agent (Novichok) that was exclusive to Russia, similarly served as a warning to Russia’s adver
saries, while sparking further debate in the West about Russia (some in the United States advocated very forceful response to the attack, others argued for mild sanctions, while others were apparently unbothered by the attack or unconvinced of its origin).
The infighting problem within the U.S. government is troubling because it does not arise through maliciousness, ambition, or bureaucratic selfishness of flawed individuals and cannot be solved simply by replacing a few bad actors with well-intentioned public servants.
For example, I believe George Shultz (who is alleged to have made the “fox in the henhouse” comment about NSA at the Moscow embassy) was an excellent secretary of state, who did a great job fostering diplomatic—as opposed to military—solutions to the Soviet threat. His conflicts with hawks on the National Security Council and DOD (of which NSA was a part) were part of a healthy give-and-take of ideas, and his desire that spy-counterspy dramas with the Soviets not impede the larger arc of history were, in my view, well-placed.
Similarly, CIA officers such as Burton Gerber and Gus Hathaway had very good reasons for questioning Gandy’s conclusions, because in the past, technologists at both NSA and CIA had exaggerated technical threats. For their part, such intelligence technologists weren’t being malicious or self-serving either when they raised concerns, just calling the shots as they saw them.
In short, with Project GUNMAN, as with most challenges to national security, no one at the competing bureaucracies woke up in the morning thinking about how to sabotage U.S. national security.
Rather, virtually everyone in the GUNMAN saga was acting out a well-worn Washington script that says, “Where you stand is where you sit.”
In essence, the U.S. national security community is designed—whether intentionally or not—to foster conflict, tension, and constant backstabbing, so it doesn’t matter who the individual actors are in each agency: the tendency to fight ourselves more than our adversaries is baked into the system.
Up to a point, this conflict is healthy because it ensures a diversity of ideas and protects America from groupthink. But usually, this conflict goes unchecked and escalates to an unhealthy level, as happened with the GUNMAN typewriter incident. Mistrust and conflicting agendas allowed the Soviets to read U.S. communications out of the Moscow embassy for six full years after the initial discovery of the chimney antenna.
Another aspect of the protracted GUNMAN saga that has troubling implications for the future of U.S. national security is that it represented the volatile and dangerous intersection of two deeply entrenched problems with our defense and intelligence establishment that persist to this day: underappreciation of the technical sophistication of the Russian threat, and interagency mistrust. Just as Gandy’s claims of Soviet technical surveillance capabilities were met with incredulity at CIA and State, when I recently raised the issue of the cyber blind spot in an unclassified discussion with former CIA officers, these officers’ reaction were, “Oh yeah, just more fearmongering from a wild-eyed NSA geek [me].”
I can say with high confidence that skepticism to the idea that the Russians are better than us at some aspects of cyber (i.e., in our cyber blind spot) is not confined to retired CIA officers. For example, some government security specialists argue that because blind spot exploitations, such as RF imposition, are costly, risky, and manpower-intensive operations that are not nearly as practical or economically viable as malware, phishing, or remote firewall attacks, the prospect of such attacks are not very concerning.
This here-and-now skepticism of a Russian technical threat, born of overconfidence in America’s technological superiority and historic interagency mistrust and disrespect, means that the entrenched problems that allowed the KGB to read embassy cable traffic for six years after the chimney antenna was discovered are still with us today and still leave us highly vulnerable to assaults from Russian intelligence.
So what’s the solution to endemic infighting in the national security community? How do we answer Gandy’s question to me about how to fix the who-hates-whom chart?
In a word, leadership.
Each president needs to understand the way the system really functions and to punish excessive competition in the national security arena while rewarding cooperation.
It’s really very simple: we’ll get the bureaucratic behavior we reward and won’t get the bureaucratic behavior we punish.
When presidents embrace this idea, the United States will be safer. When they don’t embrace it, we will be far less safe.
Acknowledgments
I could not have written this story without Charles Gandy’s extensive contributions and patience with hundreds of hours of grueling interviews. Ditto for Gandy’s late wife, Freda, who sat through and contributed to many of the interviews.
My wife (and sometimes coauthor), Chris, was incredibly helpful reviewing drafts and providing valuable editorial ideas.
Stephen S. Power, my editor, helped tremendously, as did my agent, Richard Curtis.
A very special thanks goes to Jon LeChevet, who, like Gandy, also proved essential to the telling of this story. Jon was remarkably candid and did not try to be an apologist for the State Department, for which he worked. Jon also exhibited remarkable courage and integrity, volunteering things that he had done related to the GUNMAN implants that were less than perfect. I have rarely met a public servant with more objectivity, honesty, and patriotism.
Mike Arneson has my deep appreciation for his extensive inputs on his part of the story, as does Sean Deeley, Walt’s youngest son, who contributed invaluable insights about his father (who died in 1989, when Sean was fourteen). A poignant moment came in the writing of this book when I relayed to Sean Deeley Charles Gandy’s response when I said, “I’m going to interview Deeley’s youngest son tomorrow. What would you like me to tell him about Walt’s work at NSA?” Without hesitation, Gandy said, “You tell him his father was a hero.”
Sean’s touching reaction to hearing those words made all the effort I’d put into researching the manuscript instantly worth it.
Others who played a direct or indirect role in the GUNMAN project and who helped with important details include Secretary George Shultz, Admiral Bobby Ray Inman, Secretary Bob Gates, former NSA deputy director Bob Rich, Burton Gerber, Milt Bearden, Marti Peterson, Nina Stewart (of the PFIAB), Steve Polnick, Ed Epstein, George Beebe, former KGB major Victor Sheymov, “Carl,” and NP, along with former NSA officers CM and JD.
Thanks also to Tom Fingar, former deputy director of national intelligence, for insight on how State Department intelligence (INR) functioned and the Roger channel; and to a former CIA executive who asked to remain nameless.
Any errors in the telling of this story are mine, not those of any of my sources.
Gandy, alarmed and embarrassed that this story portrayed him as a “John Wayne, lone hero type,” asked that I acknowledge the full R9 team who supported him. “Everything you said I did was really accomplished by a team of about fifteen.”
So to those nameless fifteen, my profound thanks.
I want to express my deep gratitude to General Michael Hayden, who brought me into the intelligence world in 2002, taking me on the adventure of a lifetime. The whole experience, including the opportunity to meet geniuses like Charles Gandy, was what, at Disney, we used to call “an E-ticket ride.”
I also want to express my appreciation to the late Lieutenant General Lincoln Faurer, who said, with respect to overcoming skepticism, infighting, and inertia that obstruct defenses against Russian espionage, “You ought to keep screaming until someone hears. We did not keep screaming and screaming.”1
Finally, thanks to the men and women at NSA and CIA who toil in obscurity to keep us safe, along with the talented officers and diplomats in the State Department who also keep us safe by dealing with vexing problems “over there” before they grow into much bigger problems “back here.”
Notes
1. Our Spies Are Dying
1 Central Intelli
gence Agency, The CIA/NSA Relationship, CIA-RDP79M00467A002400030009-4 (Washington, D.C.: CIA, 1976).
2 Central Intelligence Agency, Directors of Central Intelligence as Leaders of the U.S. Intelligence Community 1946–2005, chapter 8, “Stansfield Turner: Ambition Denied” (Washington, D.C.: CIA, 2005), www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/directors-of-central-intelligence-as-leaders-of-the-u-s-intelligence-community/chapter_8.htm.
3 James Bamford, Body of Secrets: Anatomy of the Ultra-Secret National Security Agency (New York: Anchor Books 2002), 381.
4 Central Intelligence Agency, “TRIGON: Spies Passing in the Night,” www.cia.gov/news-information/featured-story-archive/2016-featured-story-archive/trigon-spies-passing-in-the-night.html.
5 Milt Bearden and James Risen, The Main Enemy (New York: Presidio Press, 2004), 26.
6 Martha D. Peterson, The Widow Spy (Wilmington, NC: Red Canary Press, 2012), 87.
7 Esther B. Fein, “Toward the Summit; For Reagans, Stately Rooms but No View,” New York Times, May 29, 1988.
8 “Estimate of Damage to U.S. Foreign Policy Interests,” Federation of American Scientists, https://fas.org/irp/news/2001/03/moscowbugs.html.
9 “Spaso House,” Wikipedia, https://en.wikipedia.org/wiki/Spaso_House.
10 “Spaso House History,” U.S. Embassy & Consulates in Russia, https://ru.usembassy.gov/embassy-consulates/moscow/spaso-house/spaso-history/.
11 “The Thing—Great Seal Bug,” Crypto Museum, www.cryptomuseum.com/covert/bugs/thing/index.htm.
The Spy in Moscow Station Page 25
