How America Lost Its Secrets
Page 9
Snowden subsequently told the South China Morning Post that he took this job to “get access to lists of machines all over the world the NSA had hacked.” If so, he was after the keys to the NSA’s kingdom of global surveillance. Booz Allen held those keys. “He targeted my company because we enjoy more access than other companies,” Booz Allen’s vice-chairman Michael McConnell said with the benefit of hindsight. As a result of the theft, he appraised, “an entire generation of intelligence was lost.” McConnell, a former NSA director, was in a position to know.
Snowden’s sudden career change had both advantages and disadvantages for the enterprise he was planning. The main advantage was that he would have proximity to the computers in which were kept the “lists” he sought of NSA global sources. The main disadvantage, aside from a cut in salary, was that he would no longer be a system administrator. This change meant he would no longer have privileges to bypass password restrictions or temporarily transfer data. Instead, as an infrastructure analyst, he would not have password access, at least during the two-month-long training period, to the computers that he had not been specifically “read into,” which did not include those computers that stored the Level 3 lists. Access to these tightly controlled compartments was limited to only a handful of analysts at the center who had a need to know.
Because the new job entailed handling higher-level secret documents, Booz Allen had stricter requirements for applicants than Dell. To slip by them, Snowden had engaged in a minor subterfuge. He wrote on his application that he was expecting a master’s degree from the online division of Liverpool University in England. In fact, he had not completed a single course at Liverpool and would not be receiving any sort of a degree from it. Booz Allen did not verify this and had agreed to hire him as a trainee-analyst. It did not change that decision even after it found out about his subterfuge.
According to Admiral McConnell, Snowden never actually worked in the Booz Allen offices, which are housed in a skyscraper in downtown Honolulu. Instead, he was immediately assigned to work at the NSA’s highly sensitive National Threat Operations Center at the Kunia base, the same location where he had worked for Dell.
Before he could begin working there, however, he needed to fly to Maryland to take a mandatory orientation course at the NSA. The course was given in an eleven-story building, with a sheer wall of black glass, on the NSA’s 350-acre campus at Fort Meade. He arrived there from Hawaii on April 1, 2013. Like every other Booz Allen contractor who worked at the NSA’s center, Snowden was required to sign the “Sensitive Compartmented Information Nondisclosure Agreement.” In this document, Snowden acknowledged that he had been granted access to sensitive compartmented information, called SCI, as part of his work and that he understood that any disclosure of that information to an unauthorized person would violate federal criminal law. He was also told, as were all new contract employees at Booz Allen, that its disclosure could damage the interests of the United States and benefit its enemies. In signing the document, he swore an oath not to divulge any of this information without first receiving written approval from U.S. authorities. So less than two months before he downloaded sensitive compartmented information, he was fully aware of what the consequences of divulging this information would be. By this time, as we know, he had already agreed to deliver classified data to three journalists.
Snowden believed that bringing complaints to NSA lawyers or supervisors was, as he put it, “playing with fire.” “When I was at NSA,” Snowden later said in Moscow, “everybody knew that for anything more serious than workplace harassment, going through the official process was a career-ender at best.”
Nevertheless, on April 5, 2013, while still in the training facility in Maryland, he apparently sought to establish a paper trail for himself. He wrote a letter to NSA’s Office of the General Counsel asking whether or not NSA directives take precedence over acts of Congress. A lawyer from the Office of the General Counsel responded three days later, addressing Snowden as “Dear Ed.” The lawyer said that acts of Congress take precedence over NSA directives. He also suggested that “Ed” phone him if he needed any further clarification. Presumably, Snowden had asked the question to elicit a reply he could later use to bolster his claim that the NSA had ignored or rejected policies regarding NSA directives. Instead, the “Dear Ed” response was of little use to Snowden, because it did not dispute his point that NSA directives must lawfully conform to the acts of Congress. The NSA lawyer never heard back from “Ed.”
Snowden completed his orientation course at Fort Meade on Friday, April 12, 2013. While he was in Maryland, he took time off to pay visits to both of his divorced parents. It would be the last time he would see either of them in the United States.
He returned on April 13 to Hawaii. One domestic task he had to attend to was helping Mills pack up their possessions, which they stored in boxes in the garage. The lease on their house was up on April 30, 2013, and they had to move. According to Mills, they found a temporary rental just a few blocks away.
On Monday, April 15, Snowden began on-the-job training as an analyst at the National Threat Operations Center. He would not complete the course. After he began the training, he prepared his exit by writing to Booz Allen and saying he needed a brief medical leave in May to undergo treatment for epilepsy symptoms. As far as is known, he did not suffer from epilepsy. Booz Allen required a minimum of one month’s notice for foreign travel. By making the request, he lessened the likelihood that it would arouse undue suspicion when he departed for Hong Kong with stolen documents on May 18. This brief window left him some four weeks to take the lists that he coveted.
Snowden carried out the heist with precision reminiscent of a Mission: Impossible movie caper. First, he needed to get passwords to up to twenty-four compartments at the National Threat Operations Center that he had not been read into. Even in the “open culture” of the NSA, this was not an easy challenge. He would be asking one or more intelligence professionals to break strict NSA rules that not only prohibited them from disclosing their passwords to an unauthorized party such as himself but required them to report any unauthorized person who asked to use their passwords. Remarkably, he accomplished this incredible feat. He gained access to twenty-four compartments containing the NSA’s most closely guarded secrets in a matter of a few weeks.
Next, he had to find the lists he was seeking in a vast ocean of data. For this task, he used software applications called spiders to crawl through the data and find the files he was after. He deployed these robotic spiders, which presumably had been programmed in advance, soon after he began working at the center. According to the subsequent NSA damage assessment, Snowden’s spiders indexed well over one million documents. Many of those that he copied and moved were from Level 3 sensitive compartmented information, according to the NSA analysis. The spiders also made his penetration relatively safe. As previously mentioned, the Hawaii base did not have a real-time auditing system. So alarm bells did not go off in the security office when he indexed documents.
Finally, Snowden had to find a way to transfer this data to a computer with an opened USB port. This task was complicated by a security precaution. Most of the computers at the center had had their ports sealed shut to prevent unauthorized downloads. Making the transfer even more difficult, he was working as an analyst in training in an open-plan office with closed-circuit security cameras. But it was not impossible. System administrators sometimes used service computers that had unsealed ports to back up data before they did maintenance work. Even though Snowden was no longer a system administrator, he could still perhaps befriend a system administrator or even steal or borrow a service computer.
Whatever the NSA’s and Booz Allen’s security measures, Snowden succeeded in getting the files. In a matter of a few weeks, he managed to download hundreds of thousands of Level 3 documents to an unsealed computer. He also took some less sensitive documents from the administrative file (which contained mainly Level 1 documents) at the end of April.
These later acquisitions included an order from the FISA court issued on April 25, 2013.
He had completed the operation by May 17, the last day he would ever enter the NSA facility. He transferred the data he had amassed on the service computer, including the lists of the computers in Russia and China that the NSA had succeeded in penetrating, onto storage devices, which he later said were thumb drives. Then he coolly walked past the security guards at the exit, who only seldom performed random checks on NSA employees.
He carried out the entire operation with such brilliant stealth that he left few if any clues behind as to how he obtained his colleagues’ passwords to multiple compartments, moved the data from many different supposedly sealed computers to an opened service machine, or downloaded these documents to multiple thumb drives without arousing suspicion. The NSA would not discover the theft for fifteen days.
His departure from Hawaii was also well prepared. Lindsay Mills had departed that morning for a planned two-week visit to the outer islands. This trip allowed him to pack his belongings without saying anything to her that might be difficult for her to later explain. He simply left a note that she could show to authorities saying that he was away on a “business trip.” He informed Bay that he would have to go in for epilepsy tests on the following Monday and Tuesday. If the results weren’t good, he might have to be out even longer.
CHAPTER 9
Escape Artist
I’m not self-destructive. I don’t want to self-immolate and erase myself from the pages of history. But if we don’t take chances, we can’t win.
—EDWARD SNOWDEN, Moscow, 2014
THE NEXT EVENING, May 18, Snowden drove to Honolulu International Airport. He left his leased car in the parking lot. He took with him only carry-on baggage, including a backpack and a laptop with a Tor sticker on it. “I took everything I had on my back,” he said, referring to the backpack. He also said that he took enough cash to pay for his fugitive life and he took the thumb drives containing the NSA’s keys to the kingdom.
At this point, of course, Snowden was not wanted by the authorities. He had provided his employer and the NSA with a medical excuse for his absence from work so he would not be immediately missed. He had a valid passport, a credit card, and ID. Snowden’s destination was Hong Kong. After crossing the international date line, Snowden waited about three hours in the transit zone of Narita. He then boarded a plane to Hong Kong. After the four-hour flight from Narita, he arrived in Hong Kong early in the morning on May 20.
He had visited Hong Kong at least once before, with Lindsay Mills, when he was stationed in Japan. According to Albert Ho, his Hong Kong lawyer, Snowden stayed at a residence arranged for him in advance by a party whom Snowden knew prior to his arrival. As noted earlier, for the next ten days, Snowden did not use his credit card or leave any paper trail to his location. Wherever he was, “his first priority,” as he later told Greenwald, was to find a place safe from U.S. countermeasures. He brought with him a large number of electronic copies of NSA documents marked TS/SCI/NOFORN, which stood for “Top Secret, Sensitive Compartmented Information, and No Foreign Distribution.” According to government rules, data carrying these labels could not be removed from a government-approved “SCI facility.” But Snowden, who brought them with him into this semiautonomous zone in China, broke these rules.
Wherever Snowden was staying, apparently he believed he was relatively safe. “That whole period was very carefully planned and orchestrated,” Snowden later told The Guardian in Moscow. On May 22, he sent an e-mail to Bay (who did not know he had left Hawaii) saying that his epilepsy tests came back with “bad” results, and he needed further medical attention. Here Snowden communicated directly first with Gellman and then with Greenwald. He e-mailed Gellman under the alias “Verax.”
Already, via Poitras, he had provided Gellman with PowerPoint slides from an NSA presentation about a joint FBI-NSA-CIA operation code-named PRISM. He believed it qualified as whistle-blowing because it revealed that the NSA, in intercepting e-mails, tweets, postings, and other web interactions about foreign terrorists, incidentally also picked up data about Americans. According to the rules imposed on the NSA by a 2007 presidential directive, whatever information was accidently picked up about Americans was supposed to be filtered out, and hundreds of compliance officers were to recheck the data every ninety days to assure that directive was being carried out. Even so, it was likely some data was not expunged in this process. So PRISM could cause embarrassment for the NSA.
Snowden had not yet made arrangements to meet journalists, but now he proposed that Gellman join him in Hong Kong. In attempting to convince him of the urgency of the trip, he wrote that he had reason to believe that “omniscient State powers” imperiled “our freedom and way of life.” He noted, with a touch of modesty, “Perhaps I am naive.” He also added dramatically, “I have risked my life and family.” Even so, Gellman declined coming to Hong Kong. (According to Greenwald, Gellman could not make the trip, because lawyers for The Washington Post were uneasy with having a reporter receive classified documents in a part of China.)
On May 24, 2013, Snowden attempted to apply more pressure on Gellman by telling him that the story about the PRISM program had to be published by the Post within seventy-two hours. Gellman could not accede to such a condition, because the decision of when to publish a story was made not by him but by the editors of the newspaper. He told Snowden that the earliest the story could be published was June 6, 2013, which was well past Snowden’s deadline.
Snowden next turned to Greenwald in Brazil. Both Poitras and Micah Lee had made great efforts to tutor Greenwald on encryption protocols, with Lee’s sending Greenwald a DVD by FedEx that would allow him to receive both encrypted messages and encrypted phone calls. Even then, Greenwald was unable to fully install it. As a result, Greenwald still had not met Snowden’s requisites on encrypting his computer.
With Gellman uncertain, Greenwald was now essential to Snowden’s plan. If he was to have any newspaper outlet, he needed to persuade Greenwald to come to Hong Kong. At this point, he took matters into his own hands. On May 25, Snowden somewhat aggressively e-mailed Greenwald, saying, “I’ve been working on a major project with a mutual friend of ours. You recently had to decline short-term travel to meet with me.” Although he did not specify the “short-term travel” to which he referred, he added pointedly, “You need to be involved in this story.” He suggested that they immediately speak on the phone via a website that encrypts conversations. Snowden began the call by complaining, “I don’t like how this is developing.” He made it clear that he, not the journalist he had selected, was pulling the strings. If Greenwald wanted the scoop, he had to follow Snowden’s instructions, which included dividing the scoops between The Guardian and The Washington Post. According to his plan, Gellman would break the PRISM story in the Post, and Greenwald would break the “mass domestic spying” story in The Guardian. In addition, he insisted that The Guardian publish his personal manifesto alongside its story. As he envisioned it, the media event would also include a video component in which Greenwald would interview him.
Greenwald agreed to this micromanaging, so Snowden said he would send him what he called a “welcome package” of documents to demonstrate his good faith. His plan also required a face-to-face meeting. Snowden told him, “The first order of business is to get you to Hong Kong.” The whole conversation lasted two hours, according to Greenwald.
Snowden sent him twenty classified NSA documents labeled “Top Secret.” He also included in the package his personal manifesto, which asserted that the NSA was part of an international conspiracy of intelligence agencies that were working to “inflict upon the world a system of secret, pervasive surveillance from which there is no refuge.”
Meanwhile, Snowden told Poitras he was sending her a number of NSA documents, including a FISA warrant that had been issued less than a month earlier. He wanted that FISA warrant to serve as the basis of Greenwald’s scoop. It w
as perfect whistle-blowing material for The Guardian because it ordered Verizon to turn over all its billing records for ninety days to the NSA. It was as close to a smoking gun as anything he had copied at the NSA. It would also get attention because James Clapper, the director of national intelligence, had stated before Congress just two months earlier that the NSA did not collect phone data in America. This warrant would allow The Guardian, in the best tradition of gotcha journalism, to catch Clapper in an apparent lie.
Continuing his string pulling, Snowden instructed Poitras not to show the FISA warrant to Greenwald until they were safely aboard a plane to Hong Kong. That would prevent Greenwald from releasing the story previously. He also sent Poitras an entire encrypted file of NSA documents, saying it would “include my true name and details for the record, though it will be your decision as to whether or how to declare my involvement.” He did not send her the key to decipher the file, saying, “The key will follow when everything else is done.” He further told her that he preferred that her new film focus on him as the sole perpetrator of the leak so that no one else at the NSA would be suspected.