Britain also discovered that some of its secret operations had been compromised after Snowden went to Moscow. According to a 2015 story in the Sunday Times of London, British intelligence had determined that Britain’s intelligence-gathering sources had been exposed to adversary services by documents that Snowden had stolen from the NSA in 2013. These documents had been provided to the NSA by the GCHQ. Unless such intelligence disasters were freak aberrations, it appeared to confirm General Alexander’s warning in 2014 that the NSA was “losing some of its capabilities, because they’re being disclosed to our adversaries.”
Snowden’s supporters disputed this view. If only as an act of faith in Snowden’s personal integrity, they continued to believe his avowal to Senator Humphrey that he had acted to protect U.S. secrets by shielding them from adversary intelligence services after he took them abroad. They also continued to take him at his word when he said he had destroyed all the NSA documents before going to Russia. Despite such protestations of patriotic loyalty, U.S. intelligence officials could not so easily dismiss the possibility that the missing documents still existed. After all, a U.S. intelligence worker who is dedicated to protecting America’s secrets from its adversaries does not ordinarily steal them.
The NSA, the CIA, and the Department of Defense therefore had little choice but to assume the worst had happened: Russia and China had obtained access to the “keys to the kingdom.” Whatever the extent of the actual damage, it was up to Alexander’s replacement, Admiral Michael Rogers, both to restore morale and to rebuild the capabilities of America’s electronic intelligence in the wake of the massive breach. According to a national security staff member in the Obama White House, that job would take more than a decade. The NSA had failed to protect vital assets. This intelligence failure did not happen out of the blue.
CHAPTER 18
The Unheeded Warning
The NSA—the world’s most capable signals intelligence organization, an agency immensely skilled in stealing digital data—had had its pockets thoroughly picked.
—CIA DEPUTY DIRECTOR MICHAEL MORELL, 2015
IN APRIL 2010, the CIA received a stark reminder of the ongoing nature of Russian espionage. It came in the form of a message from one of its best-placed moles in the Russian intelligence service. This surreptitious source was Alexander Poteyev, a fifty-four-year-old colonel in the SVR, which was the successor agency to the first chief directorate of the KGB. While the FSB took over the KGB’s domestic role in 1991, the SVR became Russia’s foreign intelligence service. Its operation center was in the Yasenevo district of Moscow. The CIA had recruited Poteyev as a mole in the 1990s when he had been stationed at the Russian embassy in Washington, D.C. That it could sustain a mole in Moscow for over a decade attested to its capabilities in the espionage business. After he returned to Moscow, still secretly on the CIA’s payroll, he became the deputy chief of the SVR’s “American” section. This unit of Russian intelligence had the primary responsibility for establishing spies in the CIA, the FBI, the NSA, and other American intelligence agencies.
The SVR’s last known (or caught) mole in U.S. intelligence was the CIA officer Harold Nicholson, in 1996. Before it could expand its espionage capabilities, it needed to build a network of Russian agents in the United States. For this network, it needed to groom so-called illegals, or agents who were not connected to the Russian embassy. This so-called illegals network was necessary because presumably all Russian diplomats, including the so-called legal members of Russian intelligence, were under constant surveillance by the FBI.
Advances in surveillance technology in the twenty-first century made it increasingly difficult to communicate with recruits through its diplomatic missions. To evade it, the “American” division of the SVR was given the task of placing individuals in the United States disguised as ordinary Americans. Their “legend,” or operational cover, could be thin because they would not be applying for jobs in the government. Their job was simply to blend in with their community until they were called upon by the “American” department in Moscow to service a mole who had been planted in U.S. intelligence or other parts of the U.S. government. Until they were activated by such a call, they were classified as sleeper agents. Unlike the SVR’s “legal” officers, who were attached to Russian embassies as diplomats and were protected from arrest by the Treaty of Vienna, the SVR’s illegal agents lack diplomatic immunity. According to Pavel Sudoplatov, who served in the KGB in the Cold War, the sole job of such sleeper agents was to “live under cover in the West awaiting assignments for the Center.” One assignment that justifies the expense of maintaining such agents is to service a penetration, after one is made, in the U.S. intelligence establishment. While waiting to be activated for such a job, sleeper agents were instructed to build every detail of their cover identity so as to perfectly blend in with Americans.
To build this American network of sleeper agents took the better part of a decade. In 2005, the SVR’s “American” section in Moscow had begun methodically installing them in the United States. Almost all were Russian citizens who had assumed new identities to better blend into their communities.
The CIA learned of this sleeper program through Poteyev soon after it began. The issue was how to exploit this knowledge. When I was writing my book on international deception, James Jesus Angleton had pointed out to me that “the business of intelligence services requires understanding precisely the relationship of their opposition to them.” His view, though his opponents inside the CIA would call it with some justification an obsession, was that an intelligence service had to focus on the moves of its rivals. To accomplish this “business” in the first decade of the twenty-first century, the CIA had to establish why its new opposition, the SVR, was laying the foundation for an espionage operation. What were its priorities in the resumption of the intelligence war? Its inside man in the SVR, Poteyev, provided it with a tremendous advantage in this relationship. He knew the links in a sleeper network that the SVR believed was safely hidden from surveillance. If they were followed, when they were activated, they could expose whatever recruits the SVR had in the American government. The CIA duly shared this information about the sleeper ring with the FBI, which had the responsibility for the surveillance of foreign agents in the United States. The FBI, for its part, kept the Russian sleeper agents under tight surveillance—an operation that grew in complexity and expense as more SVR agents arrived in the United States.
Meanwhile, in Moscow, Poteyev was following the unfolding operation. Part of his SVR job was to continue preparing these “Americans,” as they were called by the SVR, for their assignments. Some had been sent as couples, others as singles. One of the singles that Poteyev personally handled was Anna Kushchyenko. She was a strikingly beautiful Russian student who changed her name to Anna Chapman by briefly marrying a British citizen she met at a rave party. After taking his name, she left him. After completing her training in Russia, she was sent by the SVR to New York City to establish herself as an international real estate specialist. Other “Americans” under Poteyev’s watch became travel agents, students, and financial advisers. In all, Poteyev identified to the CIA twelve such sleeper agents. The cost of FBI surveillance of them over the years became sizable. According to a former FBI agent, around-the-clock surveillance on the movements and communications of a single individual can cost over $10,000 a day.
When the CIA received Poteyev’s message in 2010 warning that Russian military intelligence had asked the SVR to activate some of its sleeper agents for a highly sensitive assignment, that suggested Russian intelligence had found a possible source who could supply it with valuable information. According to a former CIA intelligence official who later became involved in the case, the assignment involved preparing these agents to service a potential source in the NSA at Fort Meade, Maryland. If true, it suggested that Russian intelligence either had found or was working on a means of penetrating the NSA.
In 2010, the NSA division that handled such secu
rity and espionage threats reportedly initiated a counterespionage probe at the NSA’s Fort Meade headquarters. According to a former NSA official, “They [were] looking for one or more Russian spies that NSA [was] convinced resided at Fort Meade and possibly other DoD Intel offices, like DIA.” Because the NSA’s cryptological service had in 2010 thirty-five thousand military and civilian contractor employees, the search for a possible leak was no easy matter. According to a subsequent note in the NSA’s secret budget report to Congress, it would require “a minimum of 4,000 periodic investigations of employees in position to compromise sensitive information” to safely guard against “insider threats by trusted insiders who seek to exploit their authorized access to sensitive information to harm U.S. interests.” According to a former executive in the intelligence community, that amount of investigation far exceeded the budgetary capabilities of the NSA. So while the investigation found no evidence of SVR recruitment, it remained possible that Russian intelligence had found a candidate in the NSA.
Meanwhile, in June 2010, to preempt such a leak in U.S. intelligence and avoid any potential embarrassment that could result, the FBI decided it could no longer engage in this sort of an intelligence game with the sleeper network. It arrested all twelve sleeper agents identified by Poteyev. After receiving a great deal of public attention (which led to their inspiring the FX series The Americans), the sleeper agents were deported to Russia. This move had both advantages and disadvantages. The main advantage was that it severed any communication link between the putative person of interest in the NSA and Russian intelligence via the sleeper agents. The main disadvantage was that it eliminated the possibility that FBI surveillance of the illegals might lead the FBI to a possible recruit in the NSA or elsewhere.
The preemptive arrests also had an unforeseen consequence. They resulted in accidently compromising Poteyev. When Chapman returned to Moscow after a spy exchange, she was taken to a well-publicized dinner with Putin. Afterward, she informed her debriefer at the SVR that only Poteyev had been in a position to know the password that an FBI agent had used to try to deceive her into believing she was speaking to an SVR officer. This brought Poteyev under immediate suspicion. Tipped off by the CIA to the FBI’s error, Poteyev managed to escape by taking a train from Moscow to Belarus, where the CIA exfiltrated him to the United States. Poteyev had been saved from prison—or worse—but he was no longer useful to the CIA as a mole. Without the services of Poteyev in the SVR in Moscow, U.S. intelligence was unable to find out further details about the mission to which Poteyev’s sleeper agents were to be assigned. All it had discovered was the history of the preparations for a major espionage revival. It now knew that the SVR had installed plumbing in America and that one or more agents in this network had been activated to handle a possible recruit in the NSA. But without anyone left in the sleeper network to follow and without an inside source in the SVR, it had no further avenues to fruitfully pursue. The revelation of the sleeper agents had little if any other intelligence value.
The NSA’s own security investigation turned up no evidence of a leak at Fort Meade in 2010. That of course doesn’t mean there hadn’t been one. The Russian intelligence service had demonstrated in the past that it was well schooled in covering its tracks in operations against U.S. communications intelligence. For example, CIA counterintelligence had learned from a KGB defector in the early 1960s that Russian intelligence had penetrated the cipher room at the U.S. embassy in Moscow and, because of this operation, the KGB was able to decipher crucial communications. Even so, it failed to find either the perpetrator or any evidence of his existence for more than half a century. The operation was only definitively revealed by the Russian spymaster Sergey Kondrashev in 2007. Tennent Bagley, who headed the CIA’s Soviet bloc counterintelligence at the time, lately wrote in his book that the ability of Russian intelligence to conceal this penetration for more than half a century “broke the record for secret keeping.”
This Russian ability to penetrate U.S. intelligence was not entirely defeated by America’s implementation of more sophisticated security procedures, such as the polygraph examination and extensive background checks. In 1995, eleven years before Snowden joined it, the CIA’s inspector general completed a study of the KGB’s use of false defectors to mislead the U.S. government from the end of the Cold War in the late 1980s through the mid-1990s. It found Russia had dispatched at least half a dozen double agents who provided misleading information to their CIA case officers.
Because the KGB operation went undetected for nearly a decade, the disinformation prepared in Moscow had been incorporated into reports (which had a distinctive blue stripe to signify their importance) that had been provided to Ronald Reagan, George H. W. Bush, and Bill Clinton. Even more shocking, in tracing the path of this disinformation, the inspector general found that the “senior CIA officers responsible for these reports had known that some of their sources for this information were controlled by Russian intelligence,” yet they did not inform the president and officials receiving the blue-striped reports that they included Russian misinformation. What the CIA director John Deutch called “an inexcusable lapse” also reflected a form of institutional willful blindness in U.S. intelligence, born out of a bureaucratic fear of career embarrassment so well described in Le Carré’s spy novels. Detecting intelligence failures has, if anything, become even more difficult in the age of the anonymous Internet.
The Snowden breach demonstrated the NSA had few if any fail-safe defenses against would-be leakers of communications intelligence. In the new domain of cyber warfare, conventional defensive rules do not apply. “There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker,” General Hayden said in an interview in 2015 with the publisher of The Wall Street Journal. His point was that because there are no defensive positions, the United States in cyber warfare must rely on an aggressive offensive. If fully successful, such an offensive would so deeply penetrate the defenses of an adversary’s intelligence organization that it could not mount any of its own surprise cyber attacks. It would also make it difficult if not impossible for adversary services to recruit a spy in the NSA. For example, the CIA penetration of the SVR in 2010 prevented it from using its sleeper network against U.S. targets. “The best defense in this game may be an overwhelming offensive,” a former intelligence official said to me. “But that strategy only works if we can keep secret sensitive sources.”
Central to this offensive strategy was the NSA’s National Threat Operations Center in Oahu. It employed threat analysts to surreptitiously monitor the secret activities of potential enemies, mainly China, Russia, and North Korea. A large part of their job was to make transparent to the United States the hostile activities of the Russian and Chinese services so that they posed little if any intelligence threat to America. This strategy worked so long as the NSA guarded itself, but it also raised the issue, as the Roman Juvenal famously warned, “Quis custodiet ipsos custodes?” (Who will guard the guards themselves?)
Less than three years after the NSA had received the Poteyev warning, instead of guarding secrets, Snowden stole them. Despite all the measures the NSA had taken to protect its vital secrets, a lowly civilian employee had walked away with the lists of secret NSA sources in China and Russia and then gone first to China and then to Russia. In the hands of their intelligence services, these stolen lists had the potential to totally upend the NSA’s offensive strategy. Because Russia and China have an intelligence treaty for sharing such spoils between them when it is to their mutual advantage, it had to be assumed that if either country had acquired the secrets from Snowden, they would be shared between them, altering the balance of power between the communications intelligence services of the United States and its adversaries.
Following the Snowden breach, both China and Russia had immense successes in breaking through the defenses of U.S. government networks, including the reported breaches in 2014 and 2015 of U.S. personnel files and background checks. Wh
en I asked General Hayden in June 2015 if these successes were made easier by those documents compromised by Snowden, he replied, “Even though I cannot make a direct correlation here, unarguably our adversaries know far more about how we collect signals intelligence than they ever did before [Snowden].”
If Snowden could cause such massive damage, so could other civilian trainees at the NSA. Someone in the chain of command had to take responsibility. General Alexander tendered his resignation on June 30, 2013. “I’m the director,” he said, falling on his sword. “Ultimately, I’m accountable.” Because President Obama did not want the head of the NSA resigning in the midst of the Snowden crisis, he asked him to stay on for another six months. He then appointed Rogers to be his replacement. Meanwhile, it had become undeniably clear to the review committee appointed by President Obama in 2013 that the NSA’s own defenses had catastrophically failed. If so, this change was the equivalent of rearranging the deck chairs on the Titanic after it hit the iceberg.
PART THREE
THE GAME OF NATIONS
I learned that just beneath the surface there’s another world, and still different worlds as you dig deeper.
—DAVID LYNCH, on his 1986 film, Blue Velvet
CHAPTER 19
The Rise of the NSA
There are many things we do in intelligence that, if revealed, would have the potential for all kinds of blowback.
How America Lost Its Secrets Page 21
