As I’ve said, there are two possible ways he could have gotten these passwords: either he had assistance from a party who had access to them, or he found flaws in the NSA’s security procedures that left the supposedly closed vaults effectively unlocked.
The Unwitting Accomplice Possibility
It is possible that if Snowden received assistance, it was entirely unwitting. He might have obtained some passwords through deception, such as tricking co-workers into typing their passwords into a device that captured them. As the NSA informed Congress in 2014, three of his fellow workers told the FBI that Snowden might have deceived them to gain access to their passwords. He could have simply asked other analysts at the center who had been read into compartments for their passwords. Such an approach would be extremely risky for the analyst, who could lose his job and security clearance by cooperating. It could also be risky for Snowden because any analyst he approached was supposed to report any request for a password to a security officer. Making such requests even more suspicious, Snowden had been working at the Threat Operations Center for just a few weeks as a trainee and was not well known to other analysts there. “It is inconceivable to me that his co-workers would divulge their passwords to him,” a former Booz Allen executive, who had also worked at the Defense Intelligence Agency, told me. “If he was a system administrator, he might trick a threat analyst into entering his password into his computer under the pretext that he needed it to deal with an urgent hardware issue.” But, it will be recalled, Snowden was not a system administrator at the center. Snowden therefore “had no plausible reason for requesting passwords to compartments he had not been read into,” the former executive said. He said that NSA executives might have been read into all twenty-four of the compartments, but he deemed it inconceivable they would illicitly share their passwords with Snowden. I asked him what the chance was of his voluntarily obtaining some twenty-four passwords from co-workers in five weeks. “In my opinion, near zero,” he said.
It is possible of course that Snowden could have simply observed others typing in their passwords, one by one, but that would take time and possibly attract attention. I asked the former Booz Allen contractor whether it was possible that Snowden could have used a device for intercepting another computer’s electronic signals, called by hackers a “key logger.” Such a device, which is obtainable over the Internet, could be used to steal the passwords of the analysts who had been read into the compartments. My source said that while it was possible that Snowden smuggled in a key logger in his backpack, it could not be operated unless it was hardwired to a computer inside the center, because, like those at all other NSA facilities, the computers had been insulated to block any form of wireless transmission. This precaution was taken to guard against an EMP, or electromagnetic pulse, attack by an enemy. The only way Snowden could intercept keystrokes was to attach a cable from his key logger to each of his fellow workers’ computers. In this scenario, he would have had to surreptitiously build his own wired network connecting his hidden key logger to twenty-four separate computers. Moreover, he would have to do this wiring in an open-plan office where he could not count on these additional wires, even if rigged one by one, not being noticed by either other analysts in the room or the “geek squad” of system administrators who regularly checked connections. Making the task even more risky, according to my Booz Allen source, there were closed-circuit cameras. The only way he could mitigate the risk of detection was by having someone help him build this network.
Even if Snowden had managed to obtain all the necessary passwords from colleagues, he would have had to transfer the files to an external storage device. This was not a matter of simply attaching a thumb drive or other external device to a port, because, unlike in movies such as Mission: Impossible, the ports on the computers at the NSA were ordinarily sealed shut. This measure was taken specifically to prevent any unauthorized downloading by NSA workers. The only people at the center who had the authorization, and the means, to open these ports and transfer data were system administrators, according to the former Booz Allen executive. System administrators needed to have this privilege to deal with glitches in the computers. Snowden was no longer a system administrator and had no such privileges. So again, he would have needed help. He would have needed to either borrow a system administrator’s credential or forge his own.
The credential he would need is called a public key infrastructure, or PKI, card with its authentication code embedded in a magnetic strip. When I asked the former Booz Allen executive if Snowden possessed the skill set to forge such a card, he said that he strongly doubted any NSA employee would be capable of such a forgery without special equipment. Just asking such a favor could “set off alarms,” my source said.
The unwitting accomplice scenario had another stumbling block: time. We know from Poitras that Snowden told her in early April 2013 that he planned to deliver documents to her in six to eight weeks (which he in fact did). But he had not yet started working for Booz Allen at the center until that same month. It does not seem plausible that in making such a commitment he was merely counting on his ingenuity in the face of strangers to fulfill it. The only way he could have known for certain that he would be able to borrow a PKI card and obtain the passwords, whether by trickery, by observation, or by a key router, before he had begun working at the center was that he already knew someone there who would help him.
The Witting Accomplice Possibility
The witting accomplice scenario better fits with the principle in logic called Occam’s razor, which suggests that when one is choosing between alternative explanations, the one that requires the fewest assumptions should be given priority. It would be relatively easy to gain access to passwords if Snowden had the cooperation of an insider at the center who had been read into the compartments or, even better, if he had the cooperation of a system administrator with the necessary PKI cards and shell keys to bypass the password protection. Such an accomplice could also help explain how Snowden was able to get the job at the center in the first place, how he knew in advance that he could find there the “lists” of the NSA sources in foreign countries, and how he knew that there were security traps at the center. Such a witting accomplice might even have prepared in advance the “spiders” that Snowden used to index the files.
The witting accomplice scenario of course requires an unsettling expansion of the plot. It means Snowden collaborated with one or more insiders at the center to steal secret documents. It is not difficult to imagine, in light of the lax background checks for outside contractors servicing the NSA, that there were others in the “geek squad” who shared Snowden’s antipathy to NSA surveillance. Certainly, we know that Snowden found other NSA workers who were willing to attend his anti-surveillance CryptoParty in December 2012. Some might be willing to offer Snowden help if he was willing to go public. Indeed, if the geek culture produced one Snowden, why wouldn’t it produce others? If such an accomplice lacked Snowden’s willingness to flee to another country, he might have limited his participation to supplying technical assistance. For his part, Snowden might have agreed to divert suspicion from his accomplice by taking sole responsibility for the crime when he went public.
All of this is theoretically possible, but no witting accomplice was ever identified. The FBI, which was in charge of the domestic part of the investigation of the Snowden case, questioned all of Snowden’s co-workers at the center over the course of six months and failed to find anyone who knowingly helped Snowden. If the accomplice was an idealistic amateur, it is likely the FBI would have found him. Three co-workers did admit to the FBI, as noted earlier, that they might have inadvertently given Snowden their passwords, but these three slips would not account for Snowden’s breach of all the other compartments. Of course, there might have also been less forthcoming co-workers who hid their slips in divulging their passwords to Snowden.
This raises the more sinister possibility that the accomplice was not an amateur co-worker but a spy
who was already in place when Snowden arrived. Such a penetration agent could have been recruited by an adversary intelligence service before Snowden came on the scene. After Snowden expressed a desire to expose the NSA’s domestic surveillance, it could then have used him as an “umbrella” to hide its own activities. Finding such a means to protect a source while exploiting his or her information is not uncommon in espionage operations, and because Snowden was willing to flee America and go public, he could serve as a near-perfect umbrella. “Snowden may have carried out of the NSA many more documents than he knew about,” Tyler Drumheller, the former CIA station chief, said. It could also account for the disparity between the claims of Snowden and the NSA damage assessment as to the number of documents that were compromised.
As far-fetched as this scenario may seem, less than three years before the Snowden breach the NSA had received a warning from a CIA mole (to be discussed in greater detail later) that the Russian intelligence service might have recruited a KGB mole at the Fort Meade headquarters of the NSA. No mole was found in 2010, and if one existed, it could not have been Snowden, who was working for the NSA in Japan in 2010. Such a putative mole could conceivably have acquired enough information to later facilitate Snowden’s operation.
As Snowden acknowledges, he was not a happy worker at the NSA. He complained in his posts over the Internet between 2010 and 2013 about superiors and what he considered NSA abuses to co-workers. If someone assumed the guise of a reluctant whistle-blower, he would have little difficulty in approaching Snowden. Snowden might not even know his true affiliation beyond that he shared Snowden’s anti-surveillance views. If Snowden then voiced an interest in exposing the NSA’s secrets, this person could supply him with the necessary guidance, steering a still-unsuspecting Snowden first to the Booz Allen position and afterward to his associates in Hong Kong. By taking sole credit for the coup in the video that he made with Poitras and Greenwald in Hong Kong, he acted, as he told Greenwald, to divert suspicion from anyone else. This move could also give any collaborator he might have had in Hawaii time to cover his or her tracks.
The astronomer Carl Sagan famously said in regard to searching the universe for signals from other civilizations that the “absence of evidence is not evidence of absence.” That injunction also applies to the spooky universe of espionage. The fact that a mole hunt fails to find a hidden collaborator at the NSA does not necessarily mean such a mole does not exist. Historically, we have many notable cases in which Russian moles eluded long, intensive investigations. Robert Hanssen penetrated the FBI for over twenty years for the KGB without being caught. Similarly, Aldrich Ames acted as a KGB mole in the CIA for more than ten years and passed all the CIA’s sophisticated lie detector tests. Both Hanssen and Ames eluded intensive FBI and CIA investigations that lasted over a decade. According to Victor Cherkashin, their KGB case officer, whom I interviewed in Moscow in 2015, the KGB was able to hide their existence from investigators for such a long period partly because of the widespread belief in U.S. intelligence that moles were fictional creatures that sprang from the “paranoid mind” of James Jesus Angleton. When I then cited the signature line from the movie The Usual Suspects, “The greatest trick the devil ever pulled was convincing the world he didn’t exist,” Cherkashin thinly smiled and said, “CIA denial [of moles] certainly helped.”
In view of such past successes of the Russian intelligence services, it cannot be precluded that there was another person in the NSA working with the enthusiastic Snowden as cover to prevent any light from falling on his own surreptitious spying. While it may seem extremely unlikely that Snowden had such assistance, the alternative scenario, that Snowden broke into the sealed compartments and made off with the documents without any assistance, seems equally unlikely.
Even if Snowden had been, as he claims, a pure idealist seeking to right a perceived wrong, it does not exclude the possibility of his becoming entangled in the plots of others. Intelligence services make it their business to bring about such witting or unwitting entanglements.
CHAPTER 16
The Question of When
The NSA was actually concerned back in the time of the crypto-wars with improving American security. Nowadays, we see that their priority is weakening our security.
—EDWARD SNOWDEN, Moscow, 2015
IN HIS 1974 NOVEL, Tinker, Tailor, Soldier, Spy, John Le Carré helped establish the concept in the public imagination of a mole burrowing into a rival intelligence service. Le Carré’s now-classic mole, code-named Gerald by the KGB, managed in the novel to gain access to the inner sanctum of the British intelligence service MI6. Aided and guided by his controllers in Moscow, he systematically stole British intelligence secrets. As Le Carré wove the plot, the brilliantly orchestrated operation involved spotting, compromising, and recruiting others to gradually advance Gerald the mole to a position of power. Such well-organized penetrations are not limited to fiction. The career of the KGB mole Heinz Felfe, who was advanced through the ranks of West German intelligence by an elaborate series of sacrifices by his controllers in Moscow until he actually headed West German counterintelligence in 1961, could have served as the nonfiction inspiration for Le Carré’s 1963 novel, The Spy Who Came in from the Cold. As U.S. intelligence only found out after the Cold War ended, the KGB also had the ability to sustain moles for decades.
The CIA also had its share of long-term successes, such as Alexander Poteyev, who fed the CIA secrets for over ten years while burrowing into Russian intelligence. In the choreography of these operations, as in Le Carré’s fiction, rival intelligence services ensnared and sacrificed recruits, as if playing a chess game, to advance their moles. Despite notable successes such as Felfe and Poteyev, a great number of these elaborate conspiracies fail to insinuate a mole into their adversaries’ confidence. Intelligence services therefore also take advantage of a more prosaic source: the self-generated spy, or, as they are called in the trade, a “walk-in.”
Although they are largely unsung in novels, these walk-ins are an important part of espionage. A counterespionage review done for the Presidential Foreign Intelligence Advisory Board (PFIAB) in 1990 found that most U.S. spies in the Cold War had taken documents on their own volition and only afterward offered them to an adversary service. Self-generated spies have diverse motives. Some intelligence workers steal secrets for financial gain. Others take them to further an ideological interest. As opportunistic enterprises, intelligence services do not turn walk-ins away if they have valuable intelligence. Indeed, some of the most successful moles were not recruited, or even controlled, by spy agencies. They were self-generated penetrations, or “espionage sources,” as the KGB preferred to call them, who first stole secrets and later voluntarily delivered them to an adversary.
Hanssen, who successfully penetrated the FBI for the Russian intelligence services from 1979 to 2001, according to the assessment of a 2002 presidential commission, had caused “the worst intelligence disaster in US history.” Eleven years later, George Ellard, a former NSA inspector general who had been a member of that commission, compared Hanssen with Snowden “in that they both used very well-honed IT abilities to steal and disclose classified information vital to our national security.”
It is also possible to exploit a walk-in even after he has left his service. For example, the KGB major Anatoliy Golitsyn was an ideological self-generated spy who walked into the U.S. embassy in Helsinki on December 15, 1961. He asked to see the CIA officer on duty and announced to him that he had collected a trove of KGB secrets, including information that could identify its key spies in the West. He offered to defect to the United States. The CIA accepted his offer, and through this archive of secrets he had previously compiled, he became one of the CIA’s most productive sources in the Cold War.
The job of an intelligence service is to take advantage of whatever opportunities come its way in the form of self-generated spies. If a Russian walk-in had not yet burned his bridges to his own service, U.S. intelligence off
icers were under instructions to attempt to persuade the walk-in to return to his post in Russia and serve as a “defector-in-place,” or mole. “While defectors can and do provide critical information,” a CIA memorandum on walk-ins during the Cold War noted, “there are very few cases in which the same individual may not have been of greater value if he had returned to his post.” Of course, if a walk-in believed he was already compromised, as Golitsyn did, a decision would have to be made whether the value of his intelligence merited exfiltrating him to the United States.
This required evaluating the bona fides of the walk-in. Not all walk-ins are accepted as defectors. Some walk-ins are deemed “dangles,” or agents dispatched by the KGB to test and confuse the CIA. Others are rejected as political liabilities, as happened to Wang Lijun, a well-connected police chief in China. In February 2012, Wang walked into the U.S. consulate in Chengdu asking for asylum. The State Department decided against it. After Wang left U.S. protection, he was arrested for corruption and received a fifteen-year prison sentence. Such decisions about walk-ins are not made without due consideration, often at the highest level of a government, because exfiltrating a defector can result in diplomatic ruptures and political embarrassments.
Conversely, it raises espionage concerns when an adversary government authorizes the exfiltration of a rogue employee of an intelligence service. At minimum, it suggests that a rival government placed value on what the defector could provide it. The Snowden case is no exception. Whatever Snowden’s prior relations might have been with Russia, it can be assumed that after he fled to Moscow, in light of the intelligence value of the stolen documents, he would wind up in the hands of the Russian security services. That assumption was reinforced by subsequent countermeasures that were implemented by adversaries moved to block secret sources of NSA surveillance, as the CIA deputy director later revealed. Such moves could indicate that at least part of the U.S. communications intelligence that Snowden had stolen was in enemy hands. The CIA and NSA’s monitoring of these countermeasures was itself extremely delicate, because revealing what they learned about Russian and Chinese countermeasures risked compromising even more U.S. communications sources than had Snowden.
How America Lost Its Secrets Page 17
