If a hundred top-quality diamonds were stolen from locked vaults at Tiffany by a recently hired trainee who, it turned out, did not have the combination to open these vaults, the police would be expected to consider that the trainee might have had help from a current or former insider at the company who knew the combinations. Snowden, who had accomplished a similarly inexplicable feat, said in his video confession that he was solely responsible. However, it is perfectly logical to assume, given the circumstances, that he might have had help, unwitting or witting.
The FBI could assume either that the NSA’s security regime was so badly flawed that Snowden could trick his fellow workers into providing him with access or that there was another individual at the center who might have assisted or directed Snowden. When the investigation came to this fork in the road in the summer of 2013, according to a source on the House Intelligence Committee, it chose the former route.
Finally, there was the question of whether Snowden had gone to Russia by design or by accident. Whenever an intelligence worker steals sensitive compartmented information of interest to a foreign adversary and then defects to that adversary, it raises at least the specter of state-sponsored espionage. It is a commonly accepted presumption in counterintelligence that a spy, fearing arrest, flees to a country that has some reason to offer him protection. When the British spies Guy Burgess, Donald Maclean, and Kim Philby fled to Moscow during the Cold War, the presumption was that they had a prior intelligence connection with Russia. Philby confirmed that in his 1968 memoir, My Silent War. So in the case of Snowden, counterintelligence had to consider the possibility that his theft of state secrets and his arrival in Moscow might not be totally coincidental.
Snowden blamed high officials in the U.S. government who purposely “trapped him” in Russia. He told the editor of The Nation, “I’m in exile. My government revoked my passport intentionally to leave me exiled” and “chose to keep me in Russia.” He repeated that assertion over a dozen times, but as we’ve seen, it had no basis in fact. Whenever criminal charges are lodged against a U.S. citizen by the Department of Justice, the State Department, in accordance with the U.S. code of justice, marks in the electronic passport validation advisory system that that person’s passport is valid only for return to the United States. After criminal charges were publicly filed against Snowden on June 21, it advised foreign governments that because Snowden was wanted on felony charges, he “should not be allowed to proceed in any further international travel, other than is necessary to return him to the United States.” Rather than “exiling” Snowden, the government acted to facilitate his return home. With his passport, he could have flown home from either Hong Kong or Moscow, where he, like any other person accused of a felony, would face the charges against him. Snowden’s unfounded claims suggested to investigators that he had something to hide about his arrival in Russia.
The counterintelligence investigation had access to State Department records showing that its representatives in Hong Kong had informed authorities there on June 16 that there were criminal charges against Snowden. Only a typographical error in spelling out Snowden’s middle name—James instead of Joseph—in the criminal charges prevented the Hong Kong police from immediately ordering his detention. His Hong Kong lawyers were certainly advised of these pending charges no later than June 21, when they were published on the front page of the South China Morning Post in Hong Kong. Presumably, Snowden knew that actions by the U.S. government were already in progress and that one of these actions would include restricting his passport. One of his lawyers, Jonathan Man, even accompanied Snowden to the airport out of his concern that he would not be allowed by Hong Kong authorities to go through passport control. Ordinarily, Hong Kong passport control scans passports when tourists exit but does not check them against a computerized database.
In any case, when Snowden arrived in Russia on June 23, any future international travel decisions for him would be up to the government of Russia, not that of the United States. It could have sent him back to Hong Kong, as is normally done when someone arrives without a proper visa, or to the United States. The only government with the actual means to “trap” him in Russia was the Russian government.
Senior intelligence officials also knew that the U.S. government, rather than conspiring to keep Snowden in Moscow, had met nearly every day while he was in Hong Kong with Lisa Monaco, President Obama’s homeland security adviser, in the White House Situation Room to find a way to prevent Snowden and his cache of secrets from falling into Russian hands. Robert S. Mueller III, then the FBI director, reportedly even directly appealed to the FSB head, Alexander Bortnikov, to return Snowden to the United States.
U.S. intelligence also knew that it was no accident that Snowden wound up in the hands of Russia. He had been in contact with Russian officials in Hong Kong. It will be recalled that Putin admitted to this liaison on September 3, in a press briefing on state-owned Channel One television; he also divulged that he had advance knowledge of Snowden’s plan.
“I will tell you something I have never said before,” Putin said. Snowden “first went to Hong Kong and got in touch with our diplomatic representatives.” Putin was told then that an American “agent of special services” was seeking to come to Russia. Putin added that he declared that this agent would be “welcome, provided, however, that he stops any kind of activity that could damage Russian-US relations.”
Even before that public confirmation of the Russian role in Hong Kong, the White House was well aware of it. On June 23, the Democratic senator Charles Schumer of New York correctly said, based on a White House briefing, that “Vladimir Putin had personally approved Snowden’s flight” to Moscow. The NSA had the means to monitor Russian communication between Moscow and Hong Kong. The NSA also reportedly intercepted contacts between these Russian officials and Russian representatives of Aeroflot, the Russian state-owned airline that had flights between Hong Kong and Moscow. Aeroflot (like most other international carriers) ordinarily requires international passengers to have both a valid passport and, if necessary, a visa to the country of their destination. Those rules had to be waived for Snowden’s exfiltration from Hong Kong. Snowden’s defection to Moscow was not a haphazard result of unexpected circumstances. Russia obviously knew he was coming. This raised new questions for the investigation. What led Snowden to defect to Russia? Was his arrival in Moscow planned by Russian intelligence in advance of his going public in Hong Kong? Was any other party, such as China, privy to the plan? Was there a quid pro quo?
Putin’s authorization could certainly account for Aeroflot’s waiving its usual passport and visa check to allow Snowden to board its plane, as well as the dispatch with which Russian officials whisked Snowden off the plane after it landed at the Moscow airport. It could also account for Snowden’s vanishing from public view for the next three weeks and the promulgation of the cover story that Snowden was unwillingly trapped at the airport by the U.S. government. The reasons behind Putin’s move were less clear.
By September 2013, the investigation was looking into a veritable abyss. Snowden’s culpability was no longer an issue. What was lacking from Snowden’s video, or the two-hour film made by Laura Poitras, was any specific information on how many documents he had copied, how he had obtained the passwords to the computers on which they were stored, the period of time involved in the theft, or how he had breached all the security measures of the NSA in Hawaii. Nor would that data be forthcoming from Snowden, who may be the only witness to the crime. By June 23, he was in a safe haven in Moscow. Even though the grand jury case against Snowden was cut and dry, it was also irrelevant because the United States does not have an extradition treaty with Russia.
The purpose of the intelligence investigation went far beyond determining Snowden’s guilt or innocence, however. Its job was to find out how such a massive theft of documents could occur, how the perpetrator escaped, and, perhaps most urgent, who had obtained the unaccounted-for stolen documents from Snowden
.
In his interviews with journalists in Moscow, Snowden studiously avoided describing the means by which he breached the security aperture of America’s most secret intelligence service. He only told the journalists who came to Moscow to interview him, with a bit of pseudo-modesty, that he was not “an angel” who descended from heaven to carry out the theft. But the question of how Snowden stole these documents may be the most important part of the story. The NSA, after all, furnishes communications intelligence to the president, his national security advisers, and the Department of Defense, intelligence that is supposedly derived from secret sources in adversary nations. If these adversary nations learn about the NSA’s sources, then the information, if not worthless, cannot be fully trusted. The most basic responsibility of the NSA is to protect its sources. Yet Snowden walked away with long lists of them. In doing so, he amply demonstrated that a single civilian employee working for an outside contractor, even one not having the necessary passwords and other access privileges, could steal documents that betrayed these vital sources. He also demonstrated that such a massive theft could go undetected for at least two weeks.
If Snowden managed this feat on his own, as he claims in his Hong Kong video, it suggests that any other civilian employee with a perceived grievance against NSA practices or American foreign policy could also walk away with some of the most precious secrets held by U.S. intelligence. Such vulnerability extends to tens of thousands of civilian contract employees in positions similar to the one held by Snowden. The lone disgruntled employee explanation is therefore hardly reassuring. If true, it calls into question the entire multibillion-dollar enterprise of outsourcing the management of the NSA’s computer networks and other technical work to outside contractors. It also casts doubts on the post-9/11 decision by the intelligence community to strip away much of the NSA’s “stovepiping” that previously insulated its most sensitive computers. Without such stovepiping, any rogue civilian employee could bring down the entire edifice of shared intelligence.
A finding that Snowden had acted in concert with others in breaching compartments at the NSA would hardly be any more reassuring. Such collaboration among intelligence workers would reflect gravely on the mind-set of the NSA. Snowden described an atmosphere in which intelligence workers exchanged lewd photographs of foreign suspects. Some NSA employees met to protest the NSA policies. Did this violation of the NSA’s rules also involve abetting the theft of documents? If so, the NSA would have to evaluate further vulnerabilities that might arise when it entrusts its secrets to technicians who do not share its values. A collaborative breach would signal an immense failure of the present concept of the counterintelligence regime in the NSA.
From what I gathered from government officials who were familiar with the investigation, there was a concern that answering the “how” question would rouse serious doubts about the very ability of the NSA to carry out its core mission of protecting the government’s intelligence secrets. However it was organized, it was clear that Snowden had played a major role in what amounted to a brilliant intelligence coup.
CHAPTER 15
Did Snowden Act Alone?
When you look at the totality of Snowden’s actions certainly one hypothesis that jumps out at you, that seems to explain his ability to do all these things, is that he had help and had help from somebody who was very competent in these matters.
—GENERAL MICHAEL HAYDEN, former director, NSA and CIA
A WHISTLE-BLOWER enters the enterprise of stealing state secrets for reasons of conscience, but so do many spies. Such conscience-driven spies are called, in CIA parlance, “ideological agents.” For instance, the British diplomat Donald Maclean, one of the most important Russian spies in the Cold War, was an ideological recruit. He stole immensely valuable U.S. nuclear secrets for the Russian intelligence service without receiving any monetary compensation.
The acceptance of money is not necessarily a meaningful distinction when it comes to espionage. To be sure, many spies get paid, but some whistle-blowers also receive a rich bounty for their work. Indeed, under federal laws, whistle-blowers can qualify for multimillion-dollar bounties for exposing financial malfeasance. The whistle-blower Bradley Birkenfeld, for example, after he himself was paroled from prison in 2012, received an award of $104 million for providing data that exposed illicit tax sheltering at the Swiss UBS bank. Assange also offered political whistle-blowers six-figure cash bounties from money raised on the Internet. In 2015, for instance, WikiLeaks offered $100,000 bounties to any whistle-blowers who provided the site with secret documents exposing details of the Trans-Pacific Trade Agreement.
Nor is acting alone necessarily a line that divides whistle-blowers from spies. In many cases, whistle-blowers have accomplices who help them carry out their mission. For example, in 1969, the celebrated whistle-blower Daniel Ellsberg, a military analyst at the Rand Corporation, had an accomplice, Anthony Russo, who had also worked at Rand. (Both were indicted by the government.) Acting in concert, they copied secret documents that became known famously as the Pentagon Papers.
Whistle-blowers can also, like conventional spies, enter into elaborate conspiracies to carry out an operation. On the night of March 8, 1971, eight whistle-blowers working together with burglary tools broke into the FBI office in Media, Pennsylvania, and stole almost all the FBI files there. The conspirators escaped and kept their identities secret for over forty-two years.
Self-definitions also do not necessarily produce a distinction between whistle-blowers and conventional spies. Consider Philip Agee, who left the CIA in 1969 for what he described as “reasons of conscience.” Specifically, he said he objected to the CIA’s covert support of Latin American dictators. After contacting the Soviet embassy in Mexico City, he defected to Cuba, where he leaked information that exposed CIA operations. Although Agee insisted he was a whistle-blower, and he adamantly denied offering any secrets to the Soviet Union, the KGB viewed him as a conventional spy. According to Oleg Kalugin, the top Soviet counterintelligence officer in the KGB in Moscow, who defected to the United States, Agee offered CIA secrets first to the KGB residency in Mexico City in 1973 and then to the Cuban intelligence service. Agee provided the KGB with a “treasure trove” of U.S. secrets, Kalugin revealed. “I then sat in my office in Moscow reading the growing list of revelations coming from Agee.” Despite this disparity, Agee still defined himself to the public as a whistle-blower because he also had exposed CIA operations to the public.
The Snowden case blurs the demarcation line even further. Unlike other whistle-blowers who uncovered what they considered government malfeasance by virtue of their jobs, Snowden, by his own admission, took a new job in 2013 specifically to get access to the SCI files concerning NSA sources that he stole from the Threat Operations Center. Switching jobs in order to widen one’s access to state secrets is an activity usually associated with penetration agents, not whistle-blowers. While the technical distinction between a whistle-blower and a spy may still serve the media in the case of Snowden, it does not help in solving the counterintelligence conundrum. A complex theft of state secrets had been successfully carried out in a supposedly secure site. The only known witness, Snowden, had escaped to Russia, where he could be of no help in reconstructing the crime for American intelligence agencies. The stolen data was kept in the equivalent of sealed “vaults”—actually computer drives that were not connected to the NSA network. If ever there was a locked-room mystery, this was it.
According to the FBI investigation, Snowden pierced these barriers by using passwords that belonged to other people and using credentials that allowed him to masquerade as a system administrator. It was a feat that must have required meticulous planning.
To address such a mystery, a counterintelligence investigation starts with a tabula rasa, stripping away all the previous assumptions, including that Snowden was the lone perpetrator. It builds alternative scenarios to test against the known facts. To be sure, scenario building differs from that o
f a conventional forensic investigation aimed at finding pieces of evidence that can be used to persuade a jury in a courtroom. Unlike a judicial investigation concerned with guilt and innocence, scenario building looks to develop a story that is, concurrently, intrinsically consistent and humanly plausible, and in the process it also identifies and explores the possible holes in the case.
“Scenarios deal with two worlds: the world of facts and the world of perceptions. They explore for facts but they aim at perceptions inside the heads of decision makers. Their purpose is to gather and transform information of strategic significance into fresh perceptions,” wrote Pierre Wack in the Harvard Business Review in 1985. Such scenarios must aim at constituting a limited set of mutually exclusive alternatives. The point is to assure that any alternative that fits the relevant facts, no matter how implausible it may initially seem to be, is not neglected.
One of the most vexing problems that had to be explained by these scenarios is how Snowden got the passwords to up to twenty-four of these vaults. He could not have obtained these passwords during his previous employment at Dell, because Dell technicians did not have access to the Level 3 documents stored in these compartments. Nor, as noted earlier, was he given access to them when he transferred to Booz Allen, because he had not completed the requisite training.
Snowden had also, it will be recalled, relinquished his privileges as a system administrator when he transferred to Booz Allen, so he did not have the privilege to override password protection. In short, his new position as an infrastructure analyst did not give him the ability to enter compartments that he had not yet been read into.
How America Lost Its Secrets Page 16
