Even so, the most important job of the NSA remained intercepting secret information from Russia, China, Iran, and North Korea. To this end, it had an annual budget of $12.3 billion and some thirty-five thousand military and civilian employees. In 2013, James Clapper, director of national intelligence, justified the secret intelligence budget by saying in an open session of Congress, “We are bolstering our support for clandestine SIGINT [signals intelligence] capabilities to collect against high priority targets, including foreign leadership targets,” and to develop “groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” It was no secret to Congress, even before Snowden, that the NSA was attempting to monitor the Internet. What was a closely held secret before Snowden revealed it was that the NSA had found a way in 2007 to intercept Internet traffic before it was encrypted.
Through all this tumult, the heart of the NSA’s activity remained its five-thousand-acre base at Fort Meade, Maryland. It commanded the most powerful mechanism for intercepting communications that the world had ever seen. No other country came close to its technology for intercepting information. The NSA not only was able to intercept secret information from potential adversaries but also—at least until the Snowden breach—managed to conceal these means from them. As long as these adversaries remained blind to the ways in which their communications were being intercepted, deciphered, and read by the NSA, they could not take effective countermeasures. Consequently, the NSA had the capability to provide the president and his advisers with continuous insights into the thinking and planning of potential enemies.
Keeping its sources and methods secret was no easy task. The NSA’s technicians had to deal with continuous technical challenges to provide a seamless harvesting of data from a wide range of communication devices, including telephones, computers, and the Internet. It required continuous intra-agency communications between the NSA’s own intelligence officers and a growing number of civilian technicians. It even had its own “Wiki-style” network through which they could discuss problems, called the NSANet. Because it could not tightly control access to this technical network, it expunged any mention of the sources and methods from the material circulated on the classified NSA network. Instead, it stored them in discrete computers, called compartments, which were disconnected from other computers at the NSA. These compartments could only be accessed by a limited number of analysts and NSA executives who had a need to know about the data they contained. These compartments were the final line of defense against an inside intruder.
In 2009, Snowden, as we know, found his way into the NSA through a temporary job with an outside contractor that was working for the NSA’s Technology Directorate to repair and update its backup system. Four years later, by maneuvering to get hired by another outside contractor with access to the NSA’s sources and methods, he was able to steal secrets stored in isolated computers bearing directly on the ongoing intelligence war. Snowden also copied from these compartments in a matter of weeks, as has been previously mentioned, the NSA’s Level 3 sources and methods used against Russia, Iran, and China. The Snowden breach demonstrated that the NSA’s envelope of secrecy was at best illusory.
After this immense loss, the NSA’s sources inside these adversary countries were largely compromised, even if they were not closed down. Once these adversaries were in a position to know what channels the NSA was intercepting, they could use these same channels to mislead U.S. intelligence. A former top intelligence official told me, “The queen on our chessboard had been taken.”
The NSA moved to mitigate the damage and find new ways of obtaining unexpected intelligence. In June 2014, the new NSA director, Rogers, had to confront flagging morale that, according to General Hayden, was near paralyzing the intelligence service. Rogers recognized that as a direct result of the Snowden breach, “the nation has lost capabilities against adversaries right now who are attempting to actively undermine us.” But even with that loss, he observed, “the sky has not fallen.”
As in the Chicken Little fable he cited, the world had not ended for the NSA. Nor had it ended for the multibillion-dollar outsourcing enterprise it superintended. The NSA might have lost many of its sources, or “capabilities,” but Rogers held out hope that new sources could eventually be found to replace them. Compromised codes, after all, could be changed. New technological methods could be devised. New vulnerabilities could also be targeted in enemy territories. Although repairing the damage might take many “decades,” according to Michael McConnell, the vice-chairman of Booz Allen, the new director had to get on with that task. McConnell, a former NSA director himself, pointed out that the NSA director’s “first responsibility is to be the chief cheerleader.” Rebuilding the NSA capabilities assumed, however, that there would not be another Snowden-sized breach.
The question remained: How could the NSA’s vaunted secrecy have been so deeply penetrated by a mere analyst in training at a regional base in Oahu? The perpetrator himself could not be asked if he was in Moscow pointing to the “incompetence” of the NSA in his Moscow interviews. What was known, though, was that the young man who had taken the “queen” from the board had gained entry to the NSA’s secret chambers through the back door, a portal opened to him by the NSA’s reliance on outside contractors.
CHAPTER 20
The NSA’s Back Door
You have private for-profit companies doing inherently governmental work like targeted espionage, surveillance, compromising foreign systems. And there’s very little oversight, there’s very little review.
—EDWARD SNOWDEN, Moscow, 2014
PRIOR TO SNOWDEN’S THEFT of NSA documents, the single most shattering blow to the confidence of the U.S. intelligence community was the 1994 exposure of Aldrich Ames as a long-serving Russian mole in the CIA. Ames, it will be recalled, had been a high-ranking CIA officer, working at the CIA’s Counterintelligence Center Analysis Group, before he was arrested by the FBI. He had also worked as a mole for Russian intelligence.
In a plea bargain to avoid a death sentence (he was sentenced to life imprisonment), he admitted that he had successfully burrowed into the CIA and had worked there for over nine years on behalf of the KGB. His description of his sub-rosa activities as a mole was part of the plea bargain. This stunning revelation shook the CIA leadership to its core. Until then, CIA executives steadfastly denied that it was possible that the KGB could sustain a mole in American intelligence. The Ames arrest also led the NSA to reassess its own vulnerability to penetration. Could there be an Ames inside the NSA?
The question was considered by the NSA’s National Threat Operations Center, the same unit from which Edward Snowden later stole a huge trove of secret documents. According to a report in 1996 titled “Out of Control” (later released by the NSA), the danger of an Ames-type penetration could not be excluded. Even though the “threat officer” who wrote this report was not identified by name, his analysis proved incredibly prescient. He said that the NSA’s drive to enhance its performance by networking its computers would result in the intelligence services’ putting “all their classified information ‘eggs’ into one very precarious basket.” The basket was the computer networks run by technicians called system administrators. He pointed out that the NSA was becoming increasingly dependent on such networked computer systems, and he predicted that the NSA’s “Aldrich Ames,” as he put it, would be a “system administrator,” which was the position that Edward Snowden held nearly two decades later at Dell when he began stealing secrets.
The NSA’s system administrators were, as the threat officer pointed out, very different from the traditional military employees at the NSA. They were usually civilians who effectively served as repairmen for complex computer systems. Moreover, many of them had not been directly hired by the NSA. Instead, their recruitment had been privatized to outside contractors.
This outsourcing had deep roots tracing back to World War II. Ed Booz and Jim Allen, the founders of Booz Alle
n Hamilton, obtained contracts to help manage ship construction from the U.S. Navy. After the war ended, they sought contracts for their firm in classified work. These contracts grew in size as the NSA needed more and more system administrators and other information technologists to manage the computer networks. These system administrators needed to be given special privileges to do their service job. One such privilege allowed them to bypass password protection. Another privilege allowed then to temporarily transfer data to an external storage device while they repaired computers. These two privileges greatly increased the risk of a massive breach. Seeing them as the weak link in the chain, the threat officer wrote in the report that “system administrators are likely to be increasingly targeted by foreign intelligence services because of their special access to information.”
Before the computerization of the NSA, the threat officer noted, code clerks and other low-level NSA communicators had been the targets of adversary intelligence services. But the increasing reliance on computer technicians presented foreign intelligence services with much richer targets. He predicted that they would adapt their recruiting to this new reality. Specifically, he argued that adversary intelligence services would now focus their attention on system administrators. “With system administrators,” he said, “the situation is potentially much worse than it has ever been with communicators.” The reason, he explained, was that “system administrators can so easily, and quickly, steal vast quantities of information.”
He further suggested that because system administrators are often drawn from the counterculture of hacking, they are more likely to be vulnerable to an adversary service using a fake identity for its approach, or a “false flag.” A “false flag” was a term originally applied to a pirate ship that temporarily hoisted any flag that would allow it to gain proximity to its intended prey, but in modern times it describes a technique employed by espionage services to surreptitiously lure a prospect. False flags were a staple used by the KGB in espionage recruitment during the Cold War. They were usually employed when a target for recruitment was not ideologically disposed to assisting the intelligence service. To overcome that problem, recruiters hide their true identities and adopt a more sympathetic, bogus one.
In 1973, the KGB, working through one of its agents in the U.S. Navy, used the false flag of Israel to recruit Jerry Alfred Whitworth, who served as a communications officer with a top secret clearance for the navy. Like many other KGB recruits, Whitworth came from a broken family, dropped out of high school, took technical courses, and got a job as a communications officer. He was not disposed to working for Russia. But he was willing to steal enciphered and plain text cables to help in the defense of Israel. After he was thoroughly compromised by his espionage work, he was told by the KGB recruiter that he was actually working for Russia, but by this time he was too deeply compromised to quit. He continued his espionage work for another eight years. (Whitworth, who was arrested by the FBI in 1985, was convicted of espionage and sentenced to 365 years in prison.)
The Internet provided an almost ideal environment for false flags because its users commonly adopt aliases, screen names, and other avatars. The threat officer explained how easy it would be for the KGB to adapt such a false flag when dealing with a dissident system administrator working for U.S. intelligence. As the threat officer pointed out in his report, the KGB had used false flags in the late 1980s to surreptitiously recruit members of the “German Hanover Hackers,” a community of anarchistic hackers who breached computer networks for fun and profit. Until then, these hacktivists stole corporate and private passwords, credit card information, and other privileged documents as a form of freelance espionage. Because of their fervent anti-authority ideology, the KGB disguised its recruiters as fellow hacktivists. The KGB succeeded in getting the Hanover hackers to steal log-in account identifications, source codes, and other information from U.S. government computer networks.
The weak link of system administrators became increasingly relevant as the NSA moved further into the digital age. By the beginning of this century, its growing networks of computers were largely operated by civilian technicians, including system administrators, infrastructure analysts, and information technologists, who were needed to keep the system running. Despite the warning by the threat officer, the NSA became more and more reliant on these outsiders as it reorganized to meet its new mandates for surveillance of the Internet in the war on terrorism.
The NSA had to compete with technology companies, such as Google, Apple, and Facebook, for the services of experienced IT workers. Though Booz Allen had been providing technically trained specialists to the government since the 1940s and ’50s, congressionally imposed salary caps put the NSA at a disadvantage to private firms in its recruitment efforts. As a result, it increasingly contracted with private firms to find talent, especially in the rush for data-based intelligence following 9/11. Booz Allen, to meet increased demand, recruited civilian technicians from many unconventional areas, including the hacking culture. Ex-hackers who lacked (or shunned) employment opportunities in the corporate sector were suitable candidates for the system administrator jobs that these firms had contracted to supply the NSA. In the rush to expand, little heed was paid to the 1996 warning that this hacking culture might provide a portal to anti-government hacktivist groups. The NSA became so enamored with this new computer technology that it neglected the security implications of employing outsiders to service it. “All of us just fell in love with the ease and convenience and scale [of electronic storage],” General Hayden, who headed the NSA at the time, said to The Wall Street Journal in 2015. “So we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here [in a computer network], where it’s by definition more vulnerable.” Making matters even worse, as has previously been discussed, the NSA stripped away much of the so-called stovepiping that insulated highly sensitive data from the NSA’s other computer networks. FBI Director Mueller, in his “Statement Before the Senate Committee on Homeland Security and Governmental Affairs,”described a decade of post–9/11 intelligence reorganization thus: “One of the first steps was to centralize control and management of counterterrorism operations at headquarters to avoid the ‘stove-piping’ of information on terrorism cases in the 56 individual field offices across the country.” Here the NSA was merely following the recommendations of the 9/11 Commission to make their data more accessible to other agencies concerned with potential terrorist attacks, but as a result, the inner sanctum of the NSA became more open to its new army of civilian technicians.
By 2013, much of the job of managing the NSA’s classified computers had been handed over to a handful of private companies: Booz Allen Hamilton, which handled the most highly secret work; Dell SecureWorks; Microsoft; Raytheon; and IBM. In many respects, these five companies acted less like management consultants and more like temporary employment agencies in finding for the NSA the computer specialists who had the necessary security clearances.
The NSA found that the universe of independent contractors was governed by very different considerations from that of intelligence services. Unlike intelligence services, their fate depended on turning profits. Because the value of their contracts was largely limited by competitive bidding, their business plans were predicated on their ability to minimize the costs of fulfilling these contracts. Their principal cost was the salaries they paid their independent contractors. Their business plans therefore depended on finding large numbers of computer technicians in the private realm willing to work at an NSA base at relatively low wages. This task became more difficult as many potential recruits could find higher-paying employment with more of a future in the burgeoning private sphere. But the companies could also increase their revenue streams by getting additional contracts, which, in turn, meant recruiting even more workers.
Such a business plan could hardly afford to give the highest priority to the low probability of a security risk. In the private sector, there is usua
lly an unambiguous external measure of failure. An automobile company such as General Motors can measure the performance of its executives by reckoning its change in net income. With secret intelligence work, the metrics for failure are far less clear. This curious aspect of secret work was part of the advice given to a White House lawyer in the Obama administration seeking a position with the NSA in 2012, who was told that among the advantages of working for a super-secret agency was that if one errs or has a failure, “it stays secret.” The Snowden case showed that not all failures stay secret.
The NSA can certainly quantify the amount of data it is intercepting, but it obviously cannot count the intelligence that it misses. The a priori proposition in the intelligence game is that “what is successfully hidden is never found.” But one failure that cannot be hidden is a security breach in which a perpetrator uses NSA data to publicly expose the NSA’s sources.
Until the Snowden breach in 2013, the NSA had experienced only one such public failure. It was the capture by North Korea in 1968 of the USS Pueblo, which had been carrying out highly sensitive electronic communications interception for the NSA. The Pueblo crew failed to destroy the NSA’s encoding machines, which were flown to Russia several days later. It was a horrible, costly breach. The Snowden breach was much worse because, among the thousands of documents he stole, he selected lists of the NSA’s secret sources in adversary nations.
The Snowden breach was a failure that directly traced back to the NSA’s largest and most trusted contractor, Booz Allen Hamilton, calling into question the vexing issue of privatizing secret intelligence. Booz Allen, like other private firms that did work for the government, was in the business to make money. Indeed, it had found government contracts so much more profitable than its work in the private sector that it sold its private sector unit to PricewaterhouseCoopers. The profitability of government work led the Carlyle Group’s private equity fund to acquire a controlling stake in Booz Allen in July 2008. By 2013, it had increased its revenue by more than $1.3 billion by expanding its government contracts. Even more impressive, its operating profit on these contracts had doubled. It did not need to increase its core internal staff to achieve these profits; it just had to hire outside contractors. In 2008, Booz Allen claimed 20,000 employees on its internal staff; in 2013, it claimed fewer than 5,000. The resulting “reduced headcount,” according to its January 30, 2013, quarterly report, greatly decreased its costs for incentive pay. It mainly accomplished this reduction by expanding the number of outside contractors it employed, 8,000 in these five years, by one Wall Street analyst’s calculation. They were employed as system administrators, infrastructure analysts, computer security specialists, and other “geek squad” jobs at the NSA and other government agencies. Their main qualification was their prior security clearances (which as mentioned earlier saved Booz Allen the expense of vetting them and also the loss of income while waiting many months for a clearance).
How America Lost Its Secrets Page 23
