Millions of phone records at the center of a firestorm in Europe over spying by the National Security Agency were secretly supplied to the U.S. by European intelligence services—not collected by the NSA, upending a furor that cast a pall over trans-Atlantic relations.

Widespread electronic spying that ignited a political firestorm in Europe was conducted by French and European intelligence services and not by the National Security Agency, as was widely reported in recent days. Adam Entous reports on the News Hub. Photo: AP.

The revelations suggest a greater level of European involvement in global surveillance, in conjunction at times with the NSA. The disclosures also put European leaders who loudly protested reports of the NSA’s spying in a difficult spot, showing how their spy agencies aided the Americans.

The phone records collected by the Europeans—in war zones and other areas outside their borders—were shared with the NSA as part of efforts to help protect American and allied troops and civilians, U.S. officials said.

European leaders remain chagrined over revelations that the U.S. was spying on dozens of world leaders, including close allies in Europe. The new disclosures were separate from those programs.

But they nevertheless underline the complexities of intelligence relationships, and how the U.S. and its allies cooperate in some ways and compete in others.
More
NSA Said to View 23 Countries Closer U.S. Intelligence Partners Than Israel
Senate to Review All U.S. Spying
Spying Revelations Add Hurdle to U.S.-EU Trade Talks
Germany Warns of Repercussions from U.S. Spying
Obama Unaware as NSA Spied on World Leaders

“That the evil NSA and the wicked U.S. were the only ones engaged in this gross violation of international norms—that was the fairy tale,” said James Lewis, a former State Department official, now a technology-policy specialist at the Center for Strategic and International Studies. “It was never true. The U.S’s behavior wasn’t outside the norm. It is the norm.”

Consecutive reports in French, Spanish and Italian newspapers over the past week sparked a frenzy of finger-pointing by European politicians. The reports were based on documents leaked by former NSA contractor Edward Snowden and purportedly showed the extent to which the NSA sweeps up phone records in those countries.

France’s Le Monde said the documents showed that more than 70 million French phone records between early December 2012 and early January 2013 were collected by the NSA, prompting Paris to lodge a protest with the U.S. In Spain, El Mundo reported that it had seen NSA documents that showed the U.S. spy agency had intercepted 60.5 million Spanish phone calls during the same time period.

U.S. officials initially responded to the reports by branding them as inaccurate, without specifying how. On Tuesday, The Wall Street Journal reported that the data cited by the European news reports wasn’t collected by the NSA, but by its European partners.

U.S. officials said the data was provided to the NSA under long-standing intelligence sharing arrangements.

In a congressional hearing Tuesday, the National Security Agency director, Gen. Keith Alexander, confirmed the broad outlines of the Journal report, saying that the specific documents released by Mr. Snowden didn’t represent data collected by the NSA or any other U.S. agency and didn’t include records from calls within those countries.
Phone Trouble

Politicians have reacted to recent disclosures about U.S. surveillance programs based on leaks from former National Security Agency contractor Edward Snowden.
View Graphics

He said the data—displayed in computer-screen shots—were instead from a system that contained phone records collected by the U.S. and North Atlantic Treaty Organization countries “in defense of our countries and in support of military operations.”

He said the conclusion that the U.S. collected the data “is false. And it’s false that it was collected on European citizens. It was neither.”

The U.S. until now had been silent about the role of European partners in these collection efforts so as to protect the relationships.

French officials declined to comment.

A Spanish official said that Spain’s intelligence collaboration with the NSA has been limited to theaters of operations in Mali, Afghanistan and certain international operations against jihadist groups. The so-called metadata published in El Mundo was gathered during these operations, not in Spain.

The Italian Embassy in Washington didn’t immediately respond to a request for comment.

The revelations that the phone data were collected by European intelligence services rather than NSA could spark a backlash against the same politicians who had been pointing their fingers at the U.S.—although that response could be tempered by assurances that the data were collected abroad and not domestically.

A U.S. analysis of the document published by Le Monde concluded the phone records the French had collected were actually from outside of France, then were shared with the U.S. The data don’t show that the French spied on their own people inside France.

U.S. intelligence officials said they hadn’t seen the documents cited by El Mundo, but that the data appear to come from similar information the NSA obtained from Spanish intelligence agencies documenting their collection efforts abroad.

At Tuesday’s House Intelligence Committee hearing, lawmakers also pressed Gen. Alexander and the Director of National Intelligence James Clapper on the NSA’s tapping of world leaders’ phone conversations, including German Chancellor Angela Merkel.

Asked whether U.S. allies spy on the U.S., Mr. Clapper said, “Absolutely.”

Rep. Adam Schiff (D., Calif.) asked why Congress hadn’t been informed when U.S. spies tapped a world leader’s telephone. Mr. Clapper said Congress isn’t told about each and every “selector,” the intelligence term for a phone number or other information that would identify an espionage target.

“Not all selectors are equal,” Mr. Schiff responded, especially “when the selector is the chancellor of an allied nation.”

The Wall Street Journal reported Monday that President Barack Obama didn’t know about NSA’s tapping of Ms. Merkel’s phone—which stretched back as far as 2002—until a review this summer turned it up.

Mr. Clapper said that intelligence agencies follow the priorities set by the president and key departments, but they don’t necessarily provide top officials with details on how each requirement is being fulfilled.

The White House does, however, see the final product, he said.

Reporting to policy makers on the “plans and intentions” of world leaders is a standard request to intelligence agencies like the NSA, Mr. Clapper said. The best way to understand a foreign leader’s intentions, he said, is to obtain that person’s communications.

Privately, some intelligence officials disputed claims that the president and top White House officials were unaware of how such information is obtained.

“If there’s an intelligence report that says the leader of this country is likely to say X or Y, where do you think that comes from?” the official said.

The House Intelligence Committee chairman, Rep. Mike Rogers (R., Mich.) remained a staunch defender of the NSA’s operations.

“I am a little concerned about where we are—that we’ve decided that we’re going to name our intelligence services at the earliest opportunity as the bad guys in the process of trying to collect information lawfully and legally, with the most oversight that I’ve ever seen,” he said. “We’re the only intelligence service in the world that is forced to go to a court before they even collect on foreign intelligence operations, which is shocking to me.”

—Christopher Bjork in Madrid and Stacy Meichtry in Paris contributed to this article.

By Adam Entous and Siobhan Gorman connect
Updated Oct. 29, 2013 7:31 p.m. ET

Find this story at 29 October 2013

©2013 Dow Jones & Company, Inc.

The NSA says European spy services shared phone data with it, and reports alleging otherwise are ‘false’.

MILLIONS of phone records at the centre of a firestorm in Europe over spying by the National Security Agency were secretly supplied to the US by European intelligence services – not collected by the NSA, upending a furore that cast a pall over trans-Atlantic relations.

The revelations suggest a greater level of European involvement in global surveillance, in conjunction at times with the NSA. The disclosures also put European leaders who loudly protested reports of the NSA’s spying in a difficult spot, showing how their spy agencies aided the Americans.

The phone records collected by the Europeans – in war zones and other areas outside their borders – were shared with the NSA as part of efforts to help protect American and allied troops and civilians, US officials said.

European leaders remain chagrined over revelations that the US was spying on dozens of world leaders, including close allies in Europe.

The new disclosures were separate from those programs, but they underline the complexities of intelligence relationships, and how the US and its allies co-operate in some ways and compete in others.

“That the evil NSA and the wicked US were the only ones engaged in this gross violation of international norms -that was the fairy tale,” said James Lewis, a former State Department official, now a technology-policy specialist at the Centre for Strategic and International Studies.

“It was never true. The US’s behaviour wasn’t outside the norm. It is the norm.”

Consecutive reports in French, Spanish and Italian newspapers over the past week sparked a frenzy of finger-pointing by European politicians. The reports were based on documents leaked by former NSA contractor Edward Snowden and purportedly showed the extent to which the NSA sweeps up phone records in those countries.

France’s Le Monde said the documents showed that more than 70 million French phone records between early December last year and early January this year were collected by the NSA, prompting Paris to lodge a protest with the US. In Spain, El Mundo reported that it had seen NSA documents that showed the US spy agency had intercepted 60.5 million Spanish phone calls during the same time period.

US officials initially responded to the reports by branding them as inaccurate, without specifying how. Late yesterday, The Wall Street Journal reported that the data cited by the European news reports wasn’t collected by the NSA but by its European partners.

US officials said the data was provided to the NSA under long-standing intelligence sharing arrangements.

Hours later, in a congressional hearing, the National Security Agency director, General Keith Alexander, confirmed the broad outlines of the Journal report, saying the specific documents released by Mr Snowden didn’t represent data collected by the NSA or any other US agency and didn’t include records from calls within those countries.

He said the data, displayed in computer-screen shots, was instead from a system that contained phone records collected by the US and NATO countries “in defence of our countries and in support of military operations”.

He said conclusions the US collected the data were “false. And it’s false that it was collected on European citizens. It was neither.”

The US until now had been silent about the role of European partners in these collection efforts to protect the relationships. French officials declined to comment.

A Spanish official said Spain’s intelligence collaboration with the NSA has been limited to theatres of operations in Afghanistan, Mali and international operations against jihadist groups. The data published in El Mundo was gathered during these operations, not in Spain.

At yesterday’s house intelligence committee hearing, politicians pressed General Alexander and Director of National Intelligence James Clapper on the NSA’s tapping of world leaders’ phone conversations, including the German Chancellor, Angela Merkel.

Asked whether US allies spy on the US, Mr Clapper said: “Absolutely.”

Democrat congressman Adam Schiff asked why congress had not been informed when US spies tapped a world leader’s telephone.

Mr Clapper said congress wasn’t told about each and every “selector”, the intelligence term for a phone number or other information that would identify an espionage target.

“Not all selectors are equal,” Mr Schiff responded, especially “when the selector is the chancellor of an allied nation.”

Mr Clapper said intelligence agencies followed the priorities set by the President and key departments, but did not necessarily provide top officials with details on how each requirement was being fulfilled.

The White House did, however, see the final product, he said.

Reporting to policymakers on the “plans and intentions” of world leaders was a standard request to intelligence agencies such as the NSA, Mr Clapper said, and the best way to understand a foreign leader’s intentions was to obtain their communications.

Privately, some intelligence officials disputed claims that the President and top White House officials were unaware of how such information was obtained.

“If there’s an intelligence report that says the leader of this country is likely to say X or Y, where do you think that comes from?” the official said

Adam Entous and Siobhan Gorman
The Wall Street Journal
October 31, 2013 12:00AM

Find this story at 31 October 2013

© www.theaustralian.com.au

Spain and France’s intelligence agencies carried out collection of phone records and shared them with NSA, agency says

European intelligence agencies and not American spies were responsible for the mass collection of phone records which sparked outrage in France and Spain, the US has claimed.

General Keith Alexander, the head of the National Security Agency, said reports that the US had collected millions of Spanish and French phone records were “absolutely false”.

“To be perfectly clear, this is not information that we collected on European citizens,” Gen Alexander said when asked about the reports, which were based on classified documents leaked by Edward Snowden, the former NSA contractor.

Shortly before the NSA chief appeared before a Congressional committee, US officials briefed the Wall Street Journal that in fact Spain and France’s own intelligence agencies had carried out the surveillance and then shared their findings with the NSA.

The anonymous officials claimed that the monitored calls were not even made within Spanish and French borders and could be surveillance carried on outside of Europe.
Related Articles
GCHQ monitors luxury hotel bookings made by foreign diplomats 17 Nov 2013
US spy chief defends spying on foreign leaders 30 Oct 2013
Germany, France and Spain ‘were all spying on citizens’ 01 Nov 2013
Anger in France over claims that NSA spied on politicians, business leaders as well as terrorists 21 Oct 2013
NSA spying: US should not be collecting calls on allies, says top senator 28 Oct 2013
Russia ‘spied on G20 leaders with USB sticks’ 29 Oct 2013

In an aggressive rebuttal of the reports in the French paper Le Monde and the Spanish El Mundo, Gen Alexander said “they and the person who stole the classified data [Mr Snowden] do not understand what they were looking at” when they published slides from an NSA document.

The US push back came as President Barack Obama was said to be on the verge of ordering a halt to spying on the heads of allied governments.

The White House said it was looking at all US spy activities in the wake of leaks by Mr Snowden but was putting a “special emphasis on whether we have the appropriate posture when it comes to heads of state”.

Mr Obama was reported to have already halted eavesdropping at UN’s headquarters in New York.

German officials said that while the White House’s public statements had become more conciliatory there remained deep wariness and that little progress had been made behind closed doors in formalising an American commitment to curb spying.

“An agreement that you feel might be broken at any time is not worth very much,” one diplomat told The Telegraph.

“We need to re-establish trust and then come to some kind of understanding comparable to the [no spy agreement] the US has with other English speaking countries.”

Despite the relatively close US-German relations, the White House is reluctant to be drawn into any formal agreement and especially resistant to demands that a no-spy deal be expanded to cover all 28 EU member states.

Viviane Reding, vice-president of the European Commission and EU justice commissioner, warned that the spying row could spill over and damage talks on a free-trade agreement between the EU and US.

“Friends and partners do not spy on each other,” she said in a speech in Washington. “For ambitious and complex negotiations to succeed there needs to be trust among the negotiating partners. It is urgent and essential that our US partners take clear action to rebuild trust.”

A spokesman for the US trade negotiators said it would be “unfortunate to let these issues – however important – distract us” from reaching a deal vital to freeing up transatlantic trade worth $3.3 billion dollars (£2bn) a day.

James Clapper, America’s top national intelligence, told a Congressional hearing yesterday the US does not “spy indiscriminately on the citizens of any country”.

“We do not spy on anyone except for valid foreign intelligence purposes, and we only work within the law,” Mr Clapper said. “To be sure on occasions we’ve made mistakes, some quite significant, but these are usually caused by human error or technical problems.”

Pressure from European leaders was added to as some of the US intelligence community’s key Congressional allies balked at the scale of surveillance on friendly governments.

Dianne Feinstein, the chair of powerful Senate intelligence committee, said she was “totally opposed” to tapping allied leaders and called for a wide-ranging Senate review of the activities of US spy agencies.

“I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers,” she said.

John Boehner, the Republican speaker of the house and a traditional hawk on national security, said US spy policy was “imbalanced” and backed calls for a review.

Mr Boehner has previously been a staunch advocate of the NSA and faced down a July rebellion by libertarian Republicans who tried to pass a law significantly curbing the agency’s power.

By Raf Sanchez, Peter Foster in Washington

8:35PM GMT 29 Oct 2013

Find this story at 29 October 2013

© Copyright of Telegraph Media Group Limited 2013

Gen. Keith Alexander, the National Security Agency director, says foreign governments spied on their own people and shared data with the U.S.
The NSA had been accused of snooping on 130.5 million phone calls in France and Spain, and keeping computerized records
Sen. Dianne Feinstein said newspapers in Europe ‘got it all wrong’

Alexander’s denial will fall heavily on the fugitive leaker Edward Snowden and his journalist cohorts, whom the NSA chief said ‘did not understand what they were looking at’
The National Security Agency’s director flatly denied as ‘completely false’ claims that U.S. intelligence agencies monitored tens of millions of phone calls in France and Spain during a month-long period beginning in late 2012.

Gen. Keith Alexander contradicted the news reports that said his NSA had collected data about the calls and stored it as part of a wide-ranging surveillance program, saying that the journalists who wrote them misinterpreted documents stolen by the fugitive leaker Edward Snowden.

And a key Democratic senator added that European papers that leveled the allegations ‘got it all wrong’ with respect to at least two countries – saying that it was those nations’ intelligence services that collected the data and shared it with their U.S. counterparts as part of the global war on terror.

Protests: (Left to right) NSA Deputy Director Chris Inglis, NSA Director General Keith Alexander and DNI James Clapper look on as a protestor disrupts the Capitol Hill hearing

National Security Agency Director Gen. Keith Alexander testified Tuesday that the governments of France and Spain conducted surveillance on their own citizens’ phone conversations, and then shared the intelligence data with the U.S.

On Monday newspapers in three countries published computer-screen images, reportedly provided by Snowden, showing what appeared to be data hoovered up by the United States from European citizens’ phone calls.

But Alexander testified in a House Intelligence Committee hearing that ‘those screenshots that show – or lead people to believe – that we, the NSA, or the U.S., collect that information is false.’

‘The assertions by reporters in France, Spain and Italy that NSA collected tens of millions of phone calls are completely false,’ Alexander said.

According to the French newspaper Le Monde and the Spanish daily El Mundo, the NSA had collected the records of at least 70 million phone calls in France and another 60.5 million in Spain between December and January.

Italy’s L’Espresso magazine also alleged, with help from Snowden, that the U.S. was engaged in persistent monitoring of Italy’s telecommunications networks.

General Alexander denied it all.

‘To be perfectly clear, this is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.’

Reporters, he added, ‘cite as evidence screen shots of the results of a web tool used for data management purposes, but both they and the person who stole the classified data did not understand what they were looking at.’

President Barack Obama said he is instituting a complete review of U.S. intelligence procedures in the wake of stinging allegations that the NSA has been peeping on foreign leaders through their phones and email accounts

California Democratic Sen. Dianne Feinstein, who chairs the Senate Intelligence Committee, said Tuesday that ‘the papers got it all wrong on the two programs, France and Germany.’

‘This was not the United States collecting on France and Germany. This was France and Germany collecting. And it had nothing to do with their citizens, it had to do with collecting in NATO areas of war, like Afghanistan.’

Feinstein on Monday called for a complete review of all the U.S. intelligence community’s spying programs, saying that ‘Congress needs to know exactly what our intelligence community is doing.’

In the weekend’s other intelligence bombshell, the U.S. stood accused of snooping on German Chancellor Angela Merkel’s cell phone and spying on Mexican President Felipe Calderon’s private emails.

But Director of National Intelligence James Clapper told the committee that spying on foreign leaders is nothing new.

‘That’s a hardy perennial,’ he said, ‘and as long as I’ve been in the intelligence business, 50 years, leadership intentions, in whatever form that’s expressed, is kind of a basic tenet of what we are to collect and analyze.’

‘It’s one of the first things I learned in intel school in 1963,’ he assured the members of Congress, saying that the U.S. routinely spies on foreign leaders to ascertain their intentions, ‘no matter what level you’re talking about. That can be military leaders as well.’

Clapper hinted that committee members had been briefed on such programs, saying that in cases where the NSA is surveilling foreign leaders, ‘that should be reported to the committee … in considerable detail’ as a ‘significant’ intelligence activity over which Congress has oversight.’

He added that ‘we do only what the policymakers, writ large, have actually asked us to do.’

Republican committee chair Mike Rogers of Michigan began the hearing by acknowledging that ‘every nation collects foreign intelligence’ and ‘that is not unique to the United States’.

Clapper pleaded with the panel to think carefully before restricting the government’s ability to collect foreign intelligence, warning that they would be ‘incurring greater risks’ from overseas adversaries.

Gen. Alexander dispensed with his prepared statement and spoke ‘from the heart,’ saying that his agency would rather ‘take the beatings’ from reporters and the public ‘than … give up a program’ that would prevent a future attack on the nation.

The Wall Street Journal reported Tuesday afternoon that other U.S. officials had confirmed Alexander’s version of events, and that the electronic spying in France and Spain was carried out by those nations’ governments.

The resulting phone records, they said, were then shared with the NSA as part of a program aimed at keeping U.S. military personnel and civilians safe in areas of military conflict.

None of the nations involved would speak to the Journal about their own level of involvement in a scandal that initially touched only the U.S., but which now promises to embroil intelligence services on a global scale.

By David Martosko, U.s. Political Editor

PUBLISHED: 21:45 GMT, 29 October 2013 | UPDATED: 10:59 GMT, 30 October 2013

Find this story at 29 October 2013

© Associated Newspapers Ltd

These 4 slides are from the powerpoint “BOUNDLESSINFORMANT: Describing Mission Capabilities from Metadata Records.” They include the cover page and pages 3, 5, and 6 of the presentation. The powerpoint, leaked to the Guardian newspaper’s Glenn Greenwald by Edward Snowden, was first released by the Guardian newspaper on June 8, 2013 at this web page: http://www.guardian.co.uk/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides

Also included with this collection is a “heat map” of parts of the world most subject to surveillance by Boundless Informant. This image was embedded in the Guardian’s story, which described Boundless Informant as “the NSA’s secret tool to track global surveillance data,” which collected “almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013.” http://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining

UNCLASSIFIED//FOR OFFICIAL USE ONLY
BOUNDLESSINFORMANT – Frequently Asked Questions
09-06-2012

(U/FOUO) Questions

1) What is BOUNDLESSINFORMANT! What is its purpose?

2) Who are the intended users of the tool?

3) What are the different views?

4) Where do you get your data?

5) Do you have all the data? What data is missing?

6) Why are you showing metadata record counts versus content?

7) Do you distinguish between sustained collect and survey collect?

8) What is the technical architecture for the tool?

9) What are some upcoming features/enhancements?

1 0) How are new features or views requested and prioritized?

1 1) Why are record counts different from other tools like ASDF and What’s On Cover?

12) Why is the tool NOFORN? Is there a releasable version?

13) How do you compile your record counts for each country?

Note: This document is a work-in-progress and will be updated frequently as additional
questions and guidance are provided.

1) (U) What is BOUNDLESSINFORMANT? What is its purpose?

(U//FOUO) BOUNDLESSINFORMANT is a GAO prototype tool for a self-documenting SIGINT
system. The purpose of the tool is to fundamentally shift the manner in which GAO describes its
collection posture. BOUNDLESSINFORMANT provides the ability to dynamically describe GAO’s
collection capabilities (through metadata record counts) with no human intervention and graphically
display the information in a map view, bar chart, or simple table. Prior to

BOUNDLESSINFORMANT, the method for understanding the collection capabilities of GAO’s
assets involved ad hoc surveying of repositories, sites, developers, and/or programs and offices. By
extracting information from every DNI and DNR metadata record, the tool is able to create a near real-
time snapshot of GAO’s collection capability at any given moment. The tool allows users to select a
country on a map and view the metadata volume and select details about the collection against that
country. The tool also allows users to view high level metrics by organization and then drill down to a
more actionable level – down to the program and cover term.

Sample Use Cases

• (U//FOUO) How many records are collected for an organizational unit (e.g. FORNSAT)?

• (U//FOUO) How many records (and what type) are collected against a particular country?

• (U//FOUO) Are there any visible trends for the collection?

• (U//FOUO) What assets collect against a specific country? What type of collection?

• (U//FOUO) What is the field of view for a specific site? What countriees does it collect
against? What type of collection?

2) (U) Who are the intended users of the tool?

• (U//FOUO) Mission and collection managers seeking to understand output characteristics
of a site based on what is being ingested into downstream repositories. .

(U//FOUO) Strategic Managers seeking to understand top level metrics at the

organization/office level or seeking to answer data calls on NSA collection capability.

BOUNDLESSINFORMANT – FAQ Page 1 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

BOUNDLESSINFORMANT – Frequently Asked Questions

09-06-2012

• (U//FOUO) Analysts looking for additional sites to task for coverage of a particular

technology within a specific country.

3) What are the different views?

(U//FOUO) Map View – The Map View is designed to allow users to view overall DNI, DNR, or
aggregated collection posture of the agency or a site. Clicking on a country will show the collection
posture (record counts, type of collection, and contributing SIGADs or sites) against that particular
country in addition to providing a graphical display of record count trends. In order to bin the records
into a country, a normalized phone number (DNR) or an administrative region atom (DNI) must be
populated within the record. Clicking on a site (within the Site Specific view) will show the viewshed
for that site – what countries the site collects against.

(U//FOUO) Org View – The Organization View is designed to allow users to view the metadata record
counts by organizational structure (i.e. GAO – SSO – RAM-A – SPINNERET) all the way down to the
cover term. Since it’s not necessary to have a normalized number or administrative region populated,
the numbers in the Org View will be higher than the numbers in the Map View.

(U//FOUO) Similarity View – The Similarity View is currently a placeholder view for an upcoming
feature that will graphically display sites that are similar in nature. This can be used to identify areas
for a de-duplication effort or to inform analysts of additional SIGADs to task for queries (similar to
Amazon’s “if you like this item, you’ll also like these” feature).

4) (U) Where do you get your data?

(U//FOUO) BOUNDLESSINFORMANT extracts metadata records from GM-PLACE post-
FALLOUT (DNI ingest processor) and post-TUSKATTIRE (DNR ingest processor). The records are
enriched with organization information (e.g. SSO, FORNSAT) and cover term. Every valid DNI and
DNR metadata record is aggregated to provide a count at the appropriate level. See the different views
question above for additional information.

5) (U) Do you have all the data? What data is missing?

• (U//FOUO) The tool resides on GM-PLACE which is only accredited up to TS//SI//NOFORN.
Therefore, the tool does not contain ECI or FISA data.

• (U//FOUO) The Map View only shows counts for records with a valid normalized number
(DNR) or administrative region atom (DNI).

• (U//FOUO) Only metadata records that are sent back to NSA-W through FASCIA or
FALLOUT are counted. Therefore, programs with a distributed data distribution system (e.g.
MUSCULAR and Terrestrial RF) are not currently counted.

• (U//FOUO) Only SIGINT records are currently counted. There are no ELINT or other “INT”
records included.

6) (U) Why are you showing metadata record counts versus content?

(U//FOUO)

7) (U ) Do you distin g uish between sustained collect and survey collect?

(U//FOUO) The tool currently makes no distinction between sustained collect and survey collect. This
feature is on the roadmap.

BOUNDLESSINFORMANT – FAQ Page 2 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY
BOUNDLESSINFORMANT – Frequently Asked Questions
09-06-2012

8) What is the technical architecture for the tool?

Click here for a graphical view of the tool’s architecture

(U//FOUO) DNI metadata (ASDF), DNR metadata (FASCIA) delivered to Hadoop
Distributed File System (HDFS) on GM-PLACE

(U//FOUO) Use Java MapReduce job to transform/filter and enrich FASCIA/ASDF data with
business logic to assign organization rules to data

(U//FOUO) Bulk import of DNI/DNR data (serialized Google Protobuf objects) into
Cloudbase (enabled by custom aggregators)

(U//FOUO) Use Java web app (hosted via Tomcat) on MachineShop (formerly Turkey Tower)
to query Cloudbase

(U//FOUO) GUI triggers queries to CloudBase – GXT (ExtGWT)

9) What are some upcoming features/enhancements?

• (U//FOUO) Add technology type (e.g. JUGGERNAUT, LOPER) to provide additional
granularity in the numbers

(U//FOUO) Add additional details to the Differential view

(U//FOUO) Refine the Site Specific view

(U//FOUO) Include CASN information

(U//FOUO) Add ability to export data behind any view (pddg,sigad,sysid,casn,tech,count)

(U//FOUO) Add in selected (vs. unselected) data indicators

(U//FOUO) Include filter for sustained versus survey collection

10) How are new features or views requested and prioritized?

(U//FOUO) The team uses Flawmill to accept user requests for additional functionality or
enhancements. Users are also allowed to vote on which functionality or enhancements are most
important to them (as well as add comments). The BOUNDLESSINFORMANT team will periodically
review all requests and triage according to level of effort (Easy, Medium, Hard) and mission impact
(High, Medium, Low). The team will review the queue with the project champion and government
steering committee to be added onto the BOUNDLESSINFORMANT roadmap.

1 1) Why are record counts different from other tools like ASDF and What’s On

Cover?

(U//FOUO) There are a number of reasons why record counts may vary. The purpose of the tool is to
provide

BOUNDLESSINFORMANT – FAQ

Page 3 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

July 13, 2012

Find this story at  txt

Find this story at jpeg

Find this story at pdf

The following page from an August 13, 2010 NSA powerpoint presentation on the joint CIA-NSA clandestine SIGINT unit known as the Special Collection Service (SCS) appeared on the Der Spiegel website last week. It has since be replaced by a heavily redacted version of the same page which deletes the locations of all SCS listening posts outside of Europe.

The page shows the locations of all SCS listening posts around the world as of August 2010, of which 74 were active, 3 were listed as being dormant, 14 were unmanned remote controlled stations, three sites were then being surveyed, and two were listed as being “technical support activities.”

In Europe, SCS sites were located at Athens and embassy annex, Baku, Berlin, Budapest, RAF Croughton (UK), Frankfurt, Geneva, Kiev, Madrid, Milan, Moscow and embassy annex, Paris, Prague, Pristina, Rome, Sarajevo, Sofia, Tblisi, Tirana, Vienna and embassy annex, and Zagreb.

In Asia SCS were located at Bangkok and PSA, Beijing, Chengdu, Chiang Mai, Hong Kong, Jakarta, Kuala Lumpur, Manila, Phnom Penh, Rangoon, Shanghai, and Taipei.

In the Middle East and North Africa (MENA) region, SCS sites were located at Abu Dhabi, Algiers, Amman, Amarah, Ankara, Baghdad and embassy annex, Basrah, Beirut, Benghazi, Cairo, Damascus, Istanbul, Jeddah, Khartoum, Kirkuk, Kuwait City, Manama, Mosul, Riyadh, Sana’a, Sulaymaniyah, Talil(?), “Tehran-in-Exile”, and Tripoli.

In South Asia, SCS sites were located at one site illegible, Islamabad, Herat, Kabul and embassy annex, Karachi, Lahore, New Delhi, and Peshawar.

In Africa, SCS sites were located inside the U.S. embassies in Abuja, Addis Ababa, Bamako, Lagos, Nairobi, Monrovia, Kinshasa, Lusaka, and Luanda.

In Central America and the Caribbean, SCS sites were located at Guadalajara, Guatemala City, Havana, Hermosillo, Managua, Mexico City, Monterrey, Panama City, San Jose, and Tegucigalpa.

And in South America, SCS sites were located in Brasilia, Bogota, Caracas, La Paz, Merida and Quito.

Any corrections to the above would be gratefully received.

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror (January 2012) and The Secret Sentry, the definitive history of the National Security Agency. He is a leading intelligence historian and expert on the NSA, and a regular commentator on intelligence matters for the New York Times, the Financial Times, the National Journal, the Associated Press, CBS News, National Public Radio (NPR) and many others. He lives in Washington, DC.

October 28, 2013

Find this story at 28 October 2013

Der Spiegel pdf 

Der Spiegel unredacted image

Britain’s secret listening service, GCHQ, uses a spying system codenamed “Royal Concierge” to carry out detailed surveillance on foreign diplomats and government delegations at more than 350 hotels across the world, Germany’s Der Spiegel magazine reported on Sunday.

The disclosures, based on intelligence data leaked by the US whistleblower Edward Snowden, follow reports that British intelligence installs secret software to spy on selected companies and revelations earlier this month by The Independent that GCHQ operates a listening post on the roof of the UK’s Berlin embassy.

Der Spiegel said that GCHQ used “Royal Concierge” to spy on the booking arrangements of the hotels involved in order to gain information about the travel plans of diplomats and government delegations. It said the system was used to “prepare” their hotel rooms for more detailed surveillance.

The magazine said the information gained enabled the GCHQ’s so-called “technical departments” to bug the telephones and computers used by diplomats in their hotel rooms. It said “Royal Concierge” was also used to prepare the ground for the setting up of the GCHQ’s so-called “Humint Operations” – an abbreviation for “Human Intelligence” surveillance involving the deployment of agents to spy on diplomats.

Der Spiegel did not say which hotels were targeted. Contacted by the magazine, a spokesman for GCHQ said he could “neither confirm nor deny” Der Spiegel’s report.

The disclosures are the latest in a series of embarrassing revelations about the covert activities of GCHQ and its US counterpart, the National Security Agency, leaked to the media by fugitive whistleblower Edward Snowden.

The intelligence leaks have revealed the existence of the GCHQ/NSA “Tempora” spying operation involving the mass surveillance of Internet, phone and email traffic which crosses the Atlantic through undersea fibre-optic cables. The British government has claimed to have had no knowledge of the programme.

Disclosures published by Der Spiegel last week said that GCHQ used doctored websites including those from the business network LinkedIn to install surveillance software on the computers of unwitting companies and individuals.

The system was said to be codenamed “Quantum Insert”. One of the targeted companies was identified as the part-state-owned Belgian telecommunications firm Belgacom. Another was a concern named Mach, which is used by several mobile phone companies to coordinate international roaming traffic.

In Germany, disclosures that the NSA used an embassy listening post to bug Chancellor Angela Merkel’s mobile phone were followed a fortnight ago by an investigation by The Independent which revealed that GCHQ runs a similar listening post.

German MPs have said they are outraged that US and British intelligence spies on the politicians of a country which is their key European ally. They have called for the setting up of no-spying agreements between Washington, London and Berlin.

Germany’s two main political parties announced yesterday that they had agreed to set up a cyber security centre to establish how networks could be better protected from invasive surveillance.

Tony Paterson
Sunday, 17 November 2013

Find this story at 17 November 2013

© independent.co.uk

Britain’s GCHQ intelligence service monitors diplomats’ travels using a sophisticated automated system that tracks hotel bookings. Once a room has been identified, it opens the door to a variety of spying options.

When diplomats travel to international summits, consultations and negotiations on behalf of governments, they generally tend to spend the night at high-end hotels. When they check-in, in addition to a comfortable room, they sometimes get a very unique form of room service that they did not order: a thorough monitoring by the British Government Communications Headquarters, or GCHQ in short.

Intelligence service documents from the archive of NSA whistleblower Edward Snowden show that, for more than three years, GCHQ has had a system to automatically monitor hotel bookings of at least 350 upscale hotels around the world in order to target, search and analyze reservations to detect diplomats and government officials.

The top secret program carries the codename “Royal Concierge,” and has a logo showing a penguin wearing a crown, a purple cape and holding a wand. The penguin is apparently meant to symbolize the black and white uniform worn by staff at luxury hotels.

The aim of the program is to inform GCHQ, at the time of the booking, of the city and hotel a foreign diplomat intends to visit. This enables the “technical operations community” to make the necessary preparations in a timely manner, the secret documents state. The documents cast doubt on the truthfulness of claims made last week to a committee in parliament by the heads of the three British intelligence agencies: Namely that the exclusive reason and purpose behind their efforts is the battle against terrorism, and to make sure they can monitor the latest postings by al-Qaida and similar entities.

The documents show that the prototype of “Royal Concierge” was first tested in 2010. The much-touted program, referred to internally as an “innovation,” was apparently so successful that further development continued.

Daily Alerts

The documents provide details on how the British program for tracking international diplomats functioned. Whenever a reservation confirmation is emailed to a conspicuous address inside a government domain (like gov.xx) from any of the 350 hotels around the world being monitored, a daily alert “tip-off” is sent to the appropriate GCHQ analysts. The documents seen by SPIEGEL do not include hotel names, but they do cite anonymized hotels in Zurich and Singapore as examples.

A further document states that this advance knowledge of which foreign diplomats will be staying in what hotels provides GCHQ with a whole palette of intelligence capabilities and options. The documents reveal an impressive listing of capabilities for monitoring a hotel room and its temporary resident that seem to exhaust the creative potential of modern spying. Among the possibilities, of course, are wiretapping the room telephone and fax machine as well as the monitoring of computers hooked up to the hotel network (“computer network exploitation”).

It also states that a “Technical Attack” is deployed by the British “TECA” team for guests of high interest. The documents state that these elite units develop a range of “specialist technologies” that are “designed to bridge the gaps to communications that our conventional accesses cannot reach.” These “Active Approach Teams” are small, but possess advanced technical skill that allow them to work within “often unique requirements.”

The guests, of course, have no clue about these advanced technical preparations that are made for their visits. In cases of “governmental hard targets,” the information obtained through “Royal Concierge” can also involve “Humint” operations. The abbreviation is short for “human intelligence” — in other words, the deployment of human spies who might then be listening in on a diplomat’s conversations at the hotel bar.

‘Wild, Wild West’

The documents seen by SPIEGEL do not state how often the program has been used, but they do indicate that it continued to be developed and that it captured the imagination of the intelligence agency’s workers, including the GCHQ unit responsible for “effects.” Given the access they had to hotel bookings through “Royal Concierge,” one document pondered: “Can we influence the hotel choice?” And: Did they have the ability to cancel visits entirely? Another slide lists “car hire” as one of the possible extensions to the program.

Contacted by SPIEGEL, GCHQ said that it “neither confirms nor denies the allegation.”

Her Royal Majesty’s agents appear to be very conscious of the fact that the automated monitoring of diplomats’ travel by the British intelligence service crosses into controversial terrain. One of the presentations describing “Royal Concierge” is titled “Tales from the Wild, Wild West of GCHQ Operational Datamining.”

11/17/2013 08:09 AM
By Laura Poitras, Marcel Rosenbach and Holger Stark

Find this story at 17 November 2013

© SPIEGEL ONLINE 2013

During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service’s surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant’s apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away — as any right-minded burglar would normally have done — one of the men pulled out a disk and loaded some programs onto the resident’s laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there.

It did not take long for the official to determine that the two men were, in fact, Central Intelligence Agency (CIA) operatives conducting what is known in the U.S. intelligence community as either a “black bag job” or a “surreptitious entry” operation. Back in the Cold War, such a mission might have involved cracking safes, stealing code books, or photographing the settings on cipher machines. Today, this kind of break-in is known inside the CIA and National Security Agency as an “off-net operation,” a clandestine human intelligence mission whose specific purpose is to surreptitiously gain access to the computer systems and email accounts of targets of high interest to America’s spies. As we’ve learned in recent weeks, the National Security Agency’s ability to electronically eavesdrop from afar is massive. But it is not infinite. There are times when the agency cannot gain access to the computers or gadgets they’d like to listen in on. And so they call in the CIA’s black bag crew for help.

The CIA’s clandestine service is now conducting these sorts of black bag operations on behalf of the NSA, but at a tempo not seen since the height of the Cold War. Moreover, these missions, as well as a series of parallel signals intelligence (SIGINT) collection operations conducted by the CIA’s Office of Technical Collection, have proven to be instrumental in facilitating and improving the NSA’s SIGINT collection efforts in the years since the 9/11 terrorist attacks.
More FP Coverage
the NSA Leaks
Meet the Spies Doing the NSA’s Dirty Work
Exclusive: Inside America’s Plan to Kill Online Privacy Rights Everywhere
Spy Copters, Lasers, and Break-In Teams

Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world’s largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centers and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations.

In other words, the CIA has become instrumental in setting up the shadowy surveillance dragnet that has now been thrown into public view. Sources within the U.S. intelligence community confirm that since 9/11, CIA clandestine operations have given the NSA access to a number of new and critically important targets around the world, especially in China and elsewhere in East Asia, as well as the Middle East, the Near East, and South Asia. (I’m not aware of any such operations here on U.S. soil.) In one particularly significant operation conducted a few years back in a strife-ridden South Asian nation, a team of CIA technical operations officers installed a sophisticated tap on a switching center servicing several fiber-optic cable trunk lines, which has allowed NSA to intercept in real time some of the most sensitive internal communications traffic by that country’s general staff and top military commanders for the past several years. In another more recent case, CIA case officers broke into a home in Western Europe and surreptitiously loaded Agency-developed spyware into the personal computer of a man suspected of being a major recruiter for individuals wishing to fight with the militant group al-Nusra Front in Syria, allowing CIA operatives to read all of his email traffic and monitor his Skype calls on his computer.

The fact that the NSA and CIA now work so closely together is fascinating on a number of levels. But it’s particularly remarkable accomplishment, given the fact that the two agencies until fairly recently hated each others’ guts.

Ingenues and TBARs

As detailed in my history of the NSA, The Secret Sentry, the CIA and NSA had what could best be described as a contentious relationship during the Cold War era. Some NSA veterans still refer to their colleagues at the CIA as ‘TBARs,’ which stands for ‘Those Bastards Across the River,’ with the river in question being the Potomac. Perhaps reflecting their higher level of educational accomplishment, CIA officers have an even more lurid series of monikers for their NSA colleagues at Fort Meade, most of which cannot be repeated in polite company because of recurring references to fecal matter. One retired CIA official described his NSA counterparts as “a bunch of damn ingenues.” Another CIA veteran perhaps put it best when he described the Cold War relationship amongst and between his agency and the NSA as “the best of enemies.”

The historical antagonism between the two agencies started at the top. Allen W. Dulles, who was the director of the CIA from 1953 to 1961, disliked NSA director General Ralph Canine so intensely that he deliberately kept the NSA in the dark about a number of the agency’s high-profile SIGINT projects, like the celebrated Berlin Tunnel cable tapping operation in the mid-1950s. The late Richard M. Helms, who was director of the CIA from 1966 to 1973, told me over drinks at the Army-Navy Club in downtown Washington, D.C. only half jokingly that during his thirty-plus years in the U.S. intelligence community, his relations with the KGB were, in his words, “warmer and more collegial” than with the NSA. William E. Colby, who served as Director of Central Intelligence from 1973-1976, had the same problem. Colby was so frustrated by his inability to assert any degree of control over the NSA that he told a congressional committee that “I think it is clear I do not have command authority over the [NSA].” And the animus between CIA director Admiral Stansfield Turner (CIA director from 1977-1981) and his counterpart at the NSA, Admiral Bobby Ray Inman, was so intense that they could only communicate through intermediaries.

But the 9/11 terrorist attacks changed the operational dynamic between these two agencies, perhaps forever. In the thirteen years since the 9/11 terrorist attacks, the NSA and CIA have largely, but not completely, moved past the Cold War animus. In addition, both agencies have become increasingly dependent on one another for the success of their respective intelligence operations, leading to what can best be described as an increasingly close symbiotic relationship between these two titans of the U.S. intelligence community.

While the increasingly intimate relationship between the NSA and CIA is not a secret, the specific nature and extent of the work that each agency does for the other is deemed to be extremely sensitive, especially since many of these operations are directed against friends and allies of the United States. For example, the Special Collection Service (SCS), the secretive joint CIA-NSA clandestine SIGINT organization based in Beltsville, Maryland, now operates more than 65 listening posts inside U.S. embassies and consulates around the world. While recent media reports have focused on the presence of SCS listening posts in certain Latin America capitals, intelligence sources confirm that most of the organization’s resources have been focused over the past decade on the Middle East, South Asia, and East Asia. For example, virtually every U.S. embassy in the Middle East now hosts a SCS SIGINT station that monitors, twenty-four hours a day, the complete spectrum of electronic communications traffic within a one hundred mile radius of the embassy site. The biggest problem that the SCS currently faces is that it has no presence in some of the U.S. intelligence community’s top targets, such as Iran and North Korea, because the U.S. government has no diplomatic relations with these countries.

At the same time, SIGINT coming from the NSA has become a crucial means whereby the CIA can not only validate the intelligence it gets from its oftentimes unreliable agents, but SIGINT has been, and remains the lynchpin underlying the success over the past nine years of the CIA’s secret unmanned drone strikes in Pakistan, Yemen and elsewhere around the world.

But the biggest changes have occurred in the CIA’s human intelligence (HUMINT) collection efforts on behalf of NSA. Over the past decade, foreign government telecommunications and computer systems have become one of the most important targeting priorities of the CIA’s National Clandestine Service (NCS), which since the spring of this year has been headed by one of the agency’s veteran Africa and Middle East hands. The previous director, Michael J. Sulick, is widely credited with making HUMINT collection against foreign computer and telecommunications systems one of the service’s top priority targets after he rose to the top of the NCS in September 2007.

Today, a cadre of several hundred CIA NCS case officers, known as Technical Operations Officers, have been recruited and trained to work exclusively on penetrating foreign communications and computer systems targets so that NSA can gain access to the information stored on or transmitted by these systems. Several dozen of these officers now work fulltime in several offices at NSA headquarters at Fort George G. Meade, something which would have been inconceivable prior to 9/11.

CIA operatives have also intensified their efforts to recruit IT specialists and computer systems operators employed by foreign government ministries, major military command headquarters staffs, big foreign multinational corporations, and important international non-governmental organizations.

Since 9/11, the NCS has also developed a variety of so-called “black boxes” which can quickly crack computer passwords, bypass commercially-available computer security software systems, and clone cellular telephones — all without leaving a trace. To use one rudimentary example, computer users oftentimes forget to erase default accounts and passwords when installing a system, or incorrectly set protections on computer network servers or e-mail accounts. This is a vulnerability which operatives now routinely exploit.

For many countries in the world, especially in the developing world, CIA operatives can now relatively easily obtain telephone metadata records, such as details of all long distance or international telephone calls, through secret liaison arrangements with local security services and police agencies.

America’s European allies are a different story. While the connections between the NSA and, for example, the British signals intelligence service GCHQ are well-documented, the CIA has a harder time obtaining personal information of British citizens. The same is true in Germany, Scandinavia and the Netherlands, which have also been most reluctant to share this sort of data with the CIA. But the French intelligence and security services have continued to share this sort of data with the CIA, particularly in counterterrorism operations.

U.S. intelligence officials are generally comfortable with the new collaboration. Those I have spoken to over the past three weeks have only one major concern. The fear is that details of these operations, including the identities of the targets covered by these operations, currently reside in the four laptops reportedly held by Edward Snowden, who has spent the past three weeks in the transit lounge at Sheremetyevo Airport outside Moscow waiting for his fate to be decided. Officials at both the CIA and NSA know that the public disclosure of these operations would cause incalculable damage to U.S. intelligence operations abroad as well as massive embarrassment to the U.S. government. If anyone wonders why the U.S. government wants to get its hands on Edward Snowden and his computers so badly, this is an important reason why.

David Burnett/Newsmakers

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond.

BY MATTHEW M. AID | JULY 17, 2013

Find this story at 17 July 2013

©2013 The Slate Group, LLC. All rights reserved.

“I’d come back from an op and couldn’t wait for what happens next,” says Douglas Groat (shown in a reenactment with tools of the trade). (James Quantz Jr. )

The six CIA officers were sweating. It was almost noon on a June day in the Middle Eastern capital, already in the 90s outside and even hotter inside the black sedan where the five men and one woman sat jammed in together. Sat and waited.

They had flown in two days earlier for this mission: to break into the embassy of a South Asian country, steal that country’s secret codes and get out without leaving a trace. During months of planning, they had been assured by the local CIA station that the building would be empty at this hour except for one person—a member of the embassy’s diplomatic staff working secretly for the agency.

But suddenly the driver’s hand-held radio crackled with a voice-encrypted warning: “Maintain position. Do not approach target.” It was the local CIA station, relaying a warning from the agency’s spy inside: a cleaning lady had arrived.

From the back seat Douglas Groat swore under his breath. A tall, muscular man of 43, he was the leader of the break-in team, at this point—1990—a seven-year veteran of this risky work. “We were white faces in a car in daytime,” Groat recalls, too noticeable for comfort. Still they waited, for an hour, he says, before the radio crackled again: “OK to proceed to target.” The cleaning lady had left.

Groat and the others were out of the car within seconds. The embassy staffer let them in the back door. Groat picked the lock on the code room—a small, windowless space secured for secret communications, a standard feature of most embassies—and the team swept inside. Groat opened the safe within 15 minutes, having practiced on a similar model back in the States. The woman and two other officers were trained in photography and what the CIA calls “flaps and seals”; they carefully opened and photographed the code books and one-time pads, or booklets of random numbers used to create almost unbreakable codes, and then resealed each document and replaced it in the safe exactly as it had been before. Two hours after entering the embassy, they were gone.

After dropping the break-in specialists off at their hotel, the driver took the photographs to the U.S. Embassy, where they were sent to CIA headquarters by diplomatic pouch. The next morning, the team flew out.

The CIA is not in the habit of discussing its clandestine operations, but the agency’s purpose is clear enough. As then-chief James Woolsey said in a 1994 speech to former intelligence operatives: “What we really exist for is stealing secrets.” Indeed, the agency declined to comment for this article, but over the course of more than 80 interviews, 25 people—including more than a dozen former agency officers—described the workings of a secret CIA unit that employed Groat and specialized in stealing codes, the most guarded secrets of any nation.

What Groat and his crew were doing followed in the tradition of all espionage agencies. During World War II, for example, Soviet spies stole the secrets of how the United States built the atom bomb, and the British secretly read Nazi communications after acquiring a copy of a German Enigma cipher machine from Polish intelligence. The Office of Strategic Services, the CIA’s predecessor, targeted the Vichy French Embassy in Washington, D.C. one night in June 1942. An operative code-named Cynthia arranged a tryst inside the embassy with her lover, who was the press attaché there. The tryst, as both knew, was a cover story—a way to explain her presence to the night watchman. After the 31-year-old, auburn-haired spy and her lover stripped in the hall outside the code room, Cynthia, naked but for her pearls and high-heeled shoes, signaled out a window to a waiting OSS safe expert, a specialist known as the “Georgia Cracker.” He soon had the safe open and the codebooks removed; an OSS team photographed the books in a hotel nearby, and Cynthia returned them to the safe before dawn. The stolen codes were said to have helped OSS undercover operations in North Africa that paved the way for the Allied invasion there six months later.

In 1956, Soviet leader Nikita Khrushchev denounced Joseph Stalin’s mass terror and “cult of personality” in a speech to a closed session of the Communist Party Congress in Moscow. Khrushchev repudiated his predecessor in such stark terms that his speech weakened the Soviet Union’s grip on Eastern Europe and contributed to Moscow’s split with China. As word of his “secret speech” filtered out, the CIA fell under enormous pressure to obtain a copy. The agency’s director, Allen W. Dulles, secured one—he never disclosed how, but by most accounts his source was Israeli intelligence—and leaked it to the New York Times. He later wrote that getting the speech was “one of the major intelligence coups” of his career.

In a secret program called HTLINGUAL, the CIA screened more than 28 million first-class letters and opened 215,000 of them between 1953 and 1973, even though the Supreme Court held as far back as 1878 in Ex parte Jackson and reaffirmed in 1970 in U.S. v. Van Leeuwen that the Fourth Amendment bars third parties from opening first-class mail without a warrant. The program’s stated purpose was to obtain foreign intelligence, but it targeted domestic peace and civil rights activists as well. In a 1962 memo to the director of the CIA’s Office of Security, the deputy chief of the counterintelligence staff warned that the program could lead “to grave charges of criminal misuse of the mails” and therefore U.S. intelligence agencies must “vigorously deny” HTLINGUAL, which should be “relatively easy to ‘hush up.’ ”

One of the agency’s most ambitious known theft attempts took place after a Soviet submarine sank in 1968 several hundred miles northwest of Hawaii, losing all hands. After spending at least $200 million to build a ship designed especially for the mission, the agency tried in 1974 to steal the sub from its resting place, 17,000 feet deep. Using a giant claw, the ship, the Glomar Explorer, lifted the sub from the ocean bottom, but it broke in two as it was raised. The agency recovered the forward third of the vessel, but former CIA director William E. Colby confirmed in the French edition of his memoir, which slipped through the agency’s censorship, that the operation fell short of its main objective—recovering the part of the sub containing Soviet nuclear missiles and codebooks.

Codes have always been primary espionage targets, but they have become more valuable as encryption programs have become both more common and more complex. Today, even the National Security Agency, the nation’s code-making and -breaking arm and its largest intelligence agency, has trouble keeping up with the flood of messages it intercepts. When decrypting other countries’ codes is so difficult, the most obvious solution is to steal them.

That is why by 1955, and probably earlier, the CIA created a special unit to perform what the agency calls “surreptitious entries.” This unit was so secret that few people inside CIA headquarters knew it existed; it wasn’t even listed in the CIA’s classified telephone book. Officially it was named the Special Operations Division, but the handful of agency officers selected for it called it the Shop.

In Doug Groat’s time there, in the 1980s and early ’90s, the Shop occupied a nondescript one-story building just south of a shopping mall in the Washington suburb of Springfield, Virginia. The building was part of a government complex surrounded by a chain-link fence; the pebbled glass in the windows let in light but allowed no view in or out. The men and women of the Shop made up a team of specialists: lock pickers, safecrackers, photographers, electronics wizards and code experts. One team member was a master at disabling alarm systems, another at flaps and seals. Their mission, put simply, was to travel the world and break into other countries’ embassies to steal codes, and it was extraordinarily dangerous. They did not have the protection of diplomatic cover; if caught, they might face imprisonment or execution. The CIA, they assumed, would claim it knew nothing about them. “It was generally understood, from talking to the other guys,” Groat recalls. “Nobody ever said it in so many words.”

Groat started working at the Shop in 1982 and became the CIA’s top burglar and premier lock picker. He planned or participated in 60 missions in Europe, Africa, South America and the Middle East. He received several $5,000 awards for successful entry missions—a significant sum for someone earning less than $40,000 a year at the time—as well as an award from the CIA’s Clandestine Service and another from the NSA. In several instances, as in the operation in the Middle East capital, he led the entry team. But that operation was Groat’s last. The simple fact that a cleaning lady had unexpectedly shown up for work set off a chain of events that pit him against his employer. The operations of the Shop, as described by Groat, other former members of the Shop and other intelligence professionals, illustrate the lengths to which the CIA went to steal other nations’ secrets. What happened to Groat illustrates the measures the agency took to protect secrets of its own.

Groat would seem an excellent candidate for the job of stealing codes. Six-foot-three, handsome and articulate, he is a former Green Beret trained in scuba diving, underwater explosives, parachuting, survival and evasion; he knows how to build homemade pistols, shotguns, silencers, booby traps and bombs. He also speaks Mandarin Chinese. He says he relished his work at the Shop—both for the opportunity to serve his country and for the adrenaline rush that came with the risks.

He grew up in Scotia, New York, near Albany. He joined the Army in 1967, before marrying his high-school sweetheart, and served as a captain in the Special Forces. He left after four years and worked in a series of law-enforcement jobs. As a police officer in Glenville, New York, Groat displayed a streak of unyielding resolve: He ticketed fire engines when he believed they were breaking the law. “The trucks would run with lights flashing even when they were not responding to a fire. They were checking the hydrants,” he says. “I warned them, ‘Do it again and I’ll ticket you.’ They did and I did.” After he ticketed the fire chief, Groat was fired. He sued and won his job back—and then, having made his point, quit to become a deputy U.S. marshal in Phoenix.

By then Groat and his wife had a daughter and a son. In 1980, he joined the CIA and moved his family to Great Falls, Virginia. At age 33, he was sent off to the Farm, the CIA’s training base near Williamsburg, to learn the black arts of espionage. Two years later, after testing well for hand coordination and the capacity to pay painstaking attention to detail, he was accepted for the Shop.

In training there he demonstrated an exceptional talent for picking locks, so the CIA sent him to vocational courses in opening both locks and safes. As a result, the CIA’s top burglar was also a bonded locksmith, member number 13526 of the Associated Locksmiths of America. He was also a duly certified member of the Safe and Vault Technicians Association.

Although Hollywood films show burglars with an ear glued to a safe to listen for the tumblers, Groat says it doesn’t work that way. “You feel the tumblers. In your fingers,” he says. “There are three to four wheels in a typical safe combination lock. As you turn the dial you can feel it as you hit each wheel, because there’s extra tension on the dial. Then you manipulate one wheel at a time until the drop lever inside falls into the open position and the safe is unlocked.”

After training came the real thing. “It was exhilarating,” Groat recalls of his first mission, targeting a South American embassy in Northern Europe. When he traveled to a target, he used an alias and carried phony ID—”pocket litter,” as it is known in the trade. His fake identities were backstopped, meaning that if anyone called to check with the real companies listed on his cards, someone would vouch for him as an employee. He also was given bank and credit cards in an alias to pay his travel expenses.

Because Groat’s work was so sensitive, he had to conceal it. Although his wife understood the nature of his work, for years his children did not. “I didn’t know where my father worked until I was in high school, in the ninth or tenth grade,” says Groat’s son, Shawn. “My sister typed a report on special paper that dissolved in water, although we didn’t know it. My father realized what she was doing and said, ‘You can’t use that paper.’ Then he ate the paper.

“He then sat us down and said, ‘I don’t work for the State Department. I work for the CIA.’” The State Department had been his cover story to explain his frequent travels to friends, relatives and neighbors. He said he inspected security at U.S. embassies.

Groat would not talk about which countries’ codes he and his colleagues stole. Other intelligence sources said that in 1989, he led an extraordinary mission to Nepal to steal a code machine from the East German Embassy there—the CIA and the NSA, which worked closely with the Shop, wanted the device so badly that Groat was told to go in, grab the safe containing the code machine and get out. Never mind the rule about leaving no trace; in this case it would be immediately obvious that a very large object was missing.

According to two CIA sources, the agency and the NSA had collected three decades’ worth of encrypted East German communications traffic; the machine would allow them to read it and, if the Soviets and the other Warsaw Pact countries were linked in a common system, perhaps to decrypt Soviet traffic as well.

The CIA station in Katmandu arranged for an official ceremony to be held more than an hour away from the capital and for all foreign diplomats to be invited. The agency knew the East Germans could not refuse to attend. That would leave Groat’s team about three hours to work. Posing as tourists, they arrived in Katmandu two days before the mission and slipped into a safe house. On the appointed day, they left the safe house wearing disguises crafted by a CIA specialist—whole-face latex masks that transformed them into Nepalese, with darker skin and jet-black hair. At the embassy, Groat popped the front door open with a small pry bar. Inside, the intruders peeled off their stifling masks and with a bolt-cutter removed a padlock barring the way to the embassy’s security area. Once in the code room, Groat and two teammates strained to lift the safe from the floorboards and wrestled it down the stairs and out to a waiting van.

They drove the safe to the American Embassy, where it was opened—and found to contain no code machine. Based on faulty intelligence, the CIA had sent its break-in team on a Himalayan goose chase.

In planning an operation, Groat says, he would normally reconnoiter the target personally. But he was told there was no budget to send him before his 1990 mission to the Middle East capital, so he had to rely on assurances from the local CIA station. Although the team accomplished its mission and returned to the Shop within two days, Groat was enraged at what he believed was sloppy advance work.

“It was a near miss, very scary,” he says. “I had to complain. It could have been disastrous for the U.S. government and the officers involved.”

Not to worry, Groat’s boss told him; he would personally tell the official who supervised the Shop what had happened. Groat says his boss warned him that if he went outside channels and briefed the supervisor on his own, “it would end my career.” He went to the supervisor anyway. “I told [him] if we had been caught our agent would be killed,” he says. “He said he didn’t care. That it was an aberration and wouldn’t happen again.” Groat did not back down; in fact, he escalated matters by taking his complaint to the CIA inspector general. The IG at the time was Frederick P. Hitz, who now teaches law at the University of Virginia. Hitz recalls that his office investigated the matter.

“On the issue that preparations for that entry had not been properly made, we did find there was merit in his complaint,” Hitz says. “His grievances had some justification in fact. He felt there was sloppiness that endangered himself and his crew, the safety of the men for whom he was responsible. We felt there was some reason for his being upset at the way his operation was prepared.”

Given the tensions rising between Groat and his managers, the IG also recommended that Groat be transferred to another unit. Hitz says he is fairly certain that he also urged that steps be taken to avoid a repeat of the problems Groat had encountered and that “we expected this not to happen again.” But the recommendation that Groat be transferred created a problem: There was no other unit like the Shop. Groat says he was given a desk at a CIA building in Tysons Corner, in Northern Virginia, but no work to do—for 14 months. In October 1992, he says, he was moved to another office in Northern Virginia but still given no duties. He worked out at a gym in a nearby CIA building and went home by 11 a.m.

By then Groat was at the end of his rope. “I was under more and more pressure” to quit, he says. “I was being pushed out and I was looking at losing my retirement.” He called the inspector general, “and he told me to find another job because I wasn’t going to get my job [at the Shop] back.”

The way Groat saw it, he had risked his life for nearly a decade to perform some of his country’s most demanding, valuable and risky work. He was the best at what he did, and yet that didn’t seem to matter; some bureaucrats had forced him out of the Shop for speaking out.

So he decided to run his own operation. Against the CIA.

In September 1992, Groat sent three anonymous letters to the ambassador of an Asian country revealing an operation he had participated in about a year and a half earlier to bug computers in an embassy the country maintained in Scandinavia. “It was a last-ditch effort to get the agency to pay attention,” Groat says. Clearly, he knew he was taking a terrible risk. At least one letter was intercepted and turned over to the CIA. But one or more may have gotten through, because the bugs suddenly went silent.

By early 1993, CIA counterintelligence officers had launched an investigation to find out who wrote the letters. The FBI was brought in, and its agents combed through the library at CIA headquarters in Langley, Virginia, dusting for prints on a list of foreign embassies in case the letters’ author had found the address there. The FBI “came to my house two or three times,” Groat says. Its agents showed him a form stating that his thumbprints, and the prints of two other people, were identified on the page listing the foreign missions. Of course, that didn’t prove who had written the letters.<

Groat was called into CIA headquarters and questioned. “I knew they didn’t have anything,” he says. “Since I thought I was still in a negotiation with the Office of General Counsel to resolve this whole thing I wasn’t going to say anything. I wanted them to believe I had done it but not know that I had done it. I wanted to let that play out.” When he refused to take a polygraph, he was put on administrative leave.

By the summer of 1994 his marriage was disintegrating, and that October Groat left home. He later bought a Winnebago and began wandering the country with a girlfriend. Meanwhile, he began negotiating a retirement package with the CIA and hired an attorney, Mark Bradley, a former Pakistan analyst for the agency.

In a letter to James W. Zirkle, the CIA’s associate general counsel, Bradley noted that Groat “gave the CIA 14 years of his life….His numerous awards and citations demonstrate how well he performed his assignments, many of which were extremely dangerous. He gave his heart and soul to the Agency and feels that it has let him down.” Groat wanted $500,000 to compensate him, Bradley added, “for the loss of his career.”

In reply, Zirkle wrote that before the agency would consider “the very substantial settlement” being sought, Groat would have “to accurately identify the person…responsible for the compromise of the operation” under investigation. “If he can provide us with clear and convincing corroborating evidence confirming the information that he would provide, we would be prepared to consider not using the polygraph.” But the exchange of letters led nowhere. In September 1996 Groat was divorced, and a month later he was dismissed from the CIA, with no severance and no pension.

Seeking new leverage with the agency, Groat made another risky move: In January 1997 he telephoned Zirkle and said that without a settlement, he would have to earn a living as a security consultant to foreign governments, advising them on how to protect their codes.

Groat’s telephone call detonated like a bombshell at CIA headquarters. Senior officials had long debated what to do about him. Some favored negotiating a money settlement and keeping him quiet; others wanted to take a hard line. Groat’s call intensified the agency’s dilemma, but it seemed to have worked: Zirkle urged patience; a settlement was imminent. “We are working very hard to come to a timely and satisfactory resolution,” the lawyer wrote in a subsequent letter.

That March, Zirkle sent Groat a written offer of $50,000 a year as a contract employee until 2003, when he would be eligible to retire with a full pension. The contract amounted to $300,000—$200,000 less than what Groat had sought. Again, Zirkle reminded him, he would have to cooperate with the counterintelligence investigation. He would be required to take a polygraph, and he would have to agree not to contact any foreign government. Bradley urged his client to take the money and run, but Groat believed the agency’s offer was too low.

Later that month, he visited 15 foreign consulates in San Francisco to drop off a letter in which he identified himself as a former CIA officer whose job was “to gain access to…crypto systems of select foreign countries.” The letter offered his expertise to train security officers on ways to protect “your most sensitive information” but did not disclose any information about how the CIA stole codes. The letter included a telephone number and a mailbox in Sacramento where he could be contacted.

Groat says he had no takers—and claims he didn’t really want any. “I never intended to consult for a foreign country,” he says. “It was a negotiating ploy….Yes, I realized it was taking a risk. I did unconventional work in my career, and this was unconventional.” He did not act secretly, Groat notes; he wanted the agency and the FBI to know. He told the CIA what he planned to do, and he gave the FBI a copy of his letter after he had visited the consulates. The FBI opened another investigation of Groat.

Molly Flynn, the FBI agent assigned to the case, introduced herself to Groat and stayed in touch with him after he moved to Atlanta for training as an inspector for a gas pipeline company. In late March, Groat called Flynn to say he was heading for Pennsylvania to start on his first inspection job.

Flynn invited him to stop off in Washington for a meeting she would arrange with representatives of the CIA, the FBI and the Justice Department to try to resolve the situation. Still hoping to reach a settlement, Groat says, “I accepted eagerly.”

On April 2, 1998, he walked into an FBI building in downtown Washington. Flynn greeted him in the lobby. Had the others arrived yet? he asked as she led him to a first-floor conference room. She said they had not. As the door clicked shut behind him, she delivered unexpected news. “I told him we had resolved the matter, but not to his liking,” Flynn recalls. A man in a white shirt and tie—a Justice Department official, Groat later concluded—told him: “We decided not to negotiate with you. We indicted you instead.” Then the man turned and left.

Groat was arrested and held in the room for five hours. Flynn and two other agents remained with him, he says. His car keys were taken away. “One of the FBI agents said, ‘It probably wouldn’t do much good to ask you questions, would it?’ And I said, ‘No, it wouldn’t.’” After being strip-searched, fingerprinted and handcuffed, he says, he was driven to the Federal District Court building and locked in a cell. Held there for two days, he was strip-searched again in front of eight people, including a female officer, shackled and outfitted with a stun belt. “My eyes were covered with a pair of goggles, the lenses masked over with duct tape,” he says. He was moved by van, with a police escort, to a waiting helicopter.

After a short ride, he was taken to a windowless room that would be his home for the next six months. He was never told where he was, but he was told he was being treated as an “extreme risk” prisoner. The lights in his cell were kept on 24/7, and a ceiling-mounted camera monitored him all the time.<

Robert Tucker, a federal public defender in Washington, was assigned to Groat’s case. When Tucker wanted to visit his client, he was picked up in a van with blacked-out windows and taken to him. Tucker, too, never learned where Groat was being held.

A few days before Groat’s arrest, a federal grand jury in Washington had handed down a sealed indictment accusing him of transmitting, or trying to transmit, information on “the targeting and compromise of cryptographic systems” of unnamed foreign countries—a reference to his distributing his letter to the consulates. The formal charge was espionage, which carries a possible penalty of death. He was also charged with extortion, another reference to his approach to the consulates; the indictment accused him of attempting to reveal “activities and methods to foreign governments” unless the CIA “paid the defendant for his silence in excess of five hundred thousand dollars ($500,000).”

As a trial date approached, prosecutors offered Groat a plea agreement. Although they were not pressing for the death penalty, Groat faced the prospect of life in prison if a jury convicted him of espionage. Reluctantly, he agreed to plead guilty to extortion if the government would drop the spying charges. “I had no choice,” he says. “I was threatened with 40 years to life if I didn’t take the deal.” Groat also agreed to testify fully in the CIA and FBI counterintelligence investigations, and he subsequently confessed that he sent the letters about the bugged computers.

On September 25, 1998, Groat stood before Judge Thomas F. Hogan of the Federal District Court in Washington and entered his guilty plea. He was sentenced to five years.

The question of where Groat would serve his time was complicated by what a federal Bureau of Prisons official referred to as his “special abilities.” While still in solitary, he wrote to a friend: “The marshals are treating me like I’m a cross between MacGyver, Houdini and Rambo.” But in the end, he was sent to the minimum-security wing of the federal prison camp in Cumberland, Maryland. “My skills, after all, were not for escaping,” Groat notes. “They were for entering places.”

There Groat was assigned to a case manager, who introduced herself as Aleta. Given her new client’s reputation, she put him in solitary the first night. But officials gradually noticed she and Groat spent a lot of time talking to each other. As a result, he was transferred to the federal prison in Terre Haute, Indiana, after two years, but the two corresponded often.

In March 2002, Groat was released a month short of four years, his sentence reduced for good behavior. Aleta was waiting for him at the prison gate, and they were married that December. Today, Doug and Aleta Groat live on 80 acres in the South. He prefers not to disclose his location any more specifically than that. He has not told his neighbors or friends about his previous life as a spy; he works the land and tries to forget the past.

When he looks back, Groat tries to focus on the good parts. “I loved the work at CIA. I’d come back from an op and couldn’t wait for what happens next,” he says. “I thought the work was good for the country. I was saddened by the way I was treated by the agency, because I tried to do my job.”

The CIA was unwilling to talk about Douglas Groat or anything connected with his case. Asked whether it has a team that goes around the globe breaking into foreign embassies and stealing codes, a spokesperson provided a five-word statement: “The CIA declined to comment.”

By David Wise
Smithsonian magazine, October 2012, Subscribe

Find this story at October 2012

© smithsonianmag.com

Between 2006 and 2009, surveillance helicopters conducted daily flights over northwest Washington, D.C., taking high-resolution photographs of the new Chinese Embassy being constructed on Van Ness Street. The aircraft belonged to the Federal Bureau of Investigation, which wanted to determine where the embassy’s communications center was being located. But the Chinese construction crews hid their work on this part of the building by pulling tarpaulins over the site as it was being constructed.

The FBI also monitored the movements and activities of the Chinese construction workers building the embassy, who were staying at a Days Inn on Connecticut Avenue just north of the construction site, in the hopes of possibly recruiting one or two of them. According to one Chinese diplomat, his fellow officials detected individuals who they assumed to be FBI agents covertly monitoring the construction materials and equipment being used to build the embassy, which were stored on the University of the District of Columbia’s soccer field across the street from where the Chinese Embassy currently stands. The diplomat added that Chinese security officials assumed that the FBI agents were trying to determine whether it was possible to plant eavesdropping devices inside the construction materials stored at the site.

In recent weeks, the U.S. National Security Agency’s efforts to monitor foreign diplomats have become the stuff of worldwide headlines. But the FBI has been in the business of spying on diplomats and breaking their codes for far longer than the NSA has. The surveillance of the Chinese Embassy was just one piece of a far larger espionage operation. The FBI not only endeavors to steal or covertly compromise foreign government, military, and commercial computer, telecommunications, and encryption systems being used in the United States, but the FBI and NSA work closely to intercept the communications of all diplomatic missions and international organizations located on American soil. In some important respects, the FBI’s cryptologic work is more secretive than that being performed by the NSA because of the immense diplomatic sensitivity of these operations if they were to ever be exposed publicly.

The Bureau of Investigation, the predecessor to today’s FBI, has been monitoring diplomatic communications since at least 1910, when it periodically solved Mexican government and revolutionary group cable traffic coming in and out of the United States. And for over a century, the FBI and its predecessors have been aggressive practitioners of the age-old art of stealing codes and ciphers. In June 1916, Bureau of Investigations agents surreptitiously obtained a copy of the new Mexican consular code by picking the pockets of a Mexican diplomatic courier while he cavorted with “fast women” in one of the innumerable border fleshpots along the Rio Grande.
More FP Coverage
the NSA Leaks
Meet the Spies Doing the NSA’s Dirty Work
Exclusive: Inside America’s Plan to Kill Online Privacy Rights Everywhere
The FBI is Helping the NSA Spy, but Senators Don’t Want to Know About It

Little has changed in the intervening century. Despite the creation of the NSA in 1952 to centralize in one agency all U.S. government signals intelligence (SIGINT) collection and processing work, the FBI, which did not respond to requests for comment for this story, has never ceased its own independent cryptologic efforts, especially when those efforts have been aim at diplomats on American soil.

***

The number of foreign government targets that the FBI monitors inside the United States is huge and growing. State Department records show that 176 countries maintain embassies in Washington, not including Cuba and Iran, which the U.S. government does not have diplomatic relations with but which maintain interest sections inside the Swiss and Pakistani embassies, respectively.

In addition, 115 of the 193 members of the United Nations maintain diplomatic missions of varying sizes in New York City. There are also 62 consulates in Los Angeles, 52 in Chicago, 42 in San Francisco, 38 in Houston, 35 in Miami, and 26 in Boston and Atlanta.

All told, there are almost 600 foreign government embassies, consulates, missions, or representative offices in the United States, all of which are watched to one degree or another by the counterintelligence officers of the FBI. Only eight countries do not maintain any diplomatic presence in the United States whatsoever, the most important of which is nuclear-armed North Korea.

Every one of these embassies and consulates is watched by the FBI’s legion of counterintelligence officers to one degree or another. But some countries’ receive the vast majority of the FBI’s attention, such as Russia, China, Libya, Israel, Egypt, Syria, Jordan, Lebanon, Saudi Arabia, Iraq, Afghanistan, India, Pakistan, and Venezuela. The Cuban and Iranian interests section in Washington — and their missions to the United Nations in New York — of course receive special attention as well.

Unsurprisingly, most of the FBI’s surveillance is technical in nature. For example, with substantial technical assistance from the NSA and the “big three” American telecommunications companies (AT&T, Verizon, and Sprint), the FBI taps the phones (including cell phones) of virtually every embassy and consulate in the United States. The FBI also intercepts the home phones and emails of many diplomats. The FBI’s Washington and New York field offices have special wiretap centers that specialize in collecting all telephone, email, instant messaging, text messaging, and cellular telephone traffic coming in and out of all high-priority diplomatic targets in the United States 24 hours a day, seven days a week. According to a former Justice Department source, over the past decade these extremely sensitive intercepts have identified a number of spies working for governments that were caught in the act of stealing U.S. government secrets, as well as a larger number of cases involving the theft of industrial secrets from American companies.

Since 1978, all electronic communications, both plaintext and encrypted, between these embassies and their home countries have been routinely intercepted by the NSA’s BLARNEY fiber-optic-cable intercept program. The NSA provides copies of all these intercepts, including telephone calls and emails, to the FBI’s secretive signals-intelligence unit, the Data Intercept Technology Unit (DITU) at the Quantico Marine Corps base in Northern Virginia, and to the FBI’s electronic-eavesdropping centers in Washington and New York.

The FBI also uses a wide range of vehicles and airborne surveillance assets to monitor the movements and activities of foreign diplomats and intelligence operatives in Washington and New York. Some of the vans, aircraft, and helicopters used by the FBI for this purpose are equipped with equipment capable of intercepting cell-phone calls and other electronic forms of communication. And when that doesn’t work, the FBI calls in the burglars.

***

Another important part of the FBI’s surveillance effort is dedicated to trying to surreptitiously get inside these diplomatic establishments on behalf of the NSA, which increasingly depends on the FBI to penetrate the computer and telecommunications networks used by these embassies and compromise their information security systems.

The FBI perfected this clandestine technique, known as the Surreptitious Entry Program operation, during Cold War intelligence-gathering operations directed at the Soviet Union and its Eastern European allies. These missions remain highly classified because of the diplomatic sensitivity surrounding breaking into the embassies of friends and enemies alike. In one instance during the 1960s, FBI agents reportedly drove a garbage truck into the central courtyard of the Czech Embassy in the middle of the night and spirited away one of the embassy’s cipher machines for study by the NSA’s code breakers.

The FBI is still conducting these highly sensitive operations. Specially trained teams of FBI agents are still periodically breaking into foreign embassies and consulates in the United States, primarily in New York and Washington. In New York, a special team of FBI burglars is based in a converted warehouse in Long Island City in Queens, according to a former FBI employee who worked there. The nondescript facility is large enough that the FBI can build mock-ups of the exteriors and interiors of embassies being targeted for break-ins. The FBI has a similar facility in Northern Virginia, where full-size mock-ups of embassies in Washington are constructed to train FBI teams prior to conducting black-bag jobs of the facilities.

To facilitate these operations, the FBI has a huge library of architectural drawings, floor plans, building permits, and any other documents that it can lay its hands on concerning the layouts of every embassy and consulate in the United States. Many of these documents were obtained in close conjunction with the diplomatic security staff of the State Department and the uniformed branch of the Secret Service, which is responsible for providing security for foreign diplomatic establishments in the United States. The FBI also interviews the repair and maintenance personnel who service the leased computers and telecommunications equipment used by a host of embassies and other diplomatic establishments in Washington and New York.

Since the 9/11 terrorist attacks, the tempo of FBI clandestine operations designed to steal, compromise, or influence foreign computer, telecommunications, or encryption systems has increased by several orders of magnitude. According to a former Justice Department official, over the past decade clandestine human-intelligence operations run by the FBI’s Washington and New York field offices have been enormously successful in compromising a wide range of computer systems and encryption technology used by foreign governments and corporate entities. In a number of important cases, these FBI operations have allowed the NSA’s code-breakers to penetrate foreign encryption systems that had defied the ability of the code-breakers to solve through conventional cryptanalytic means. For example, the FBI was able to give the NSA the daily changes in cipher keys for an encryption system used by a country in the developing world. In another case, the FBI was able to covertly insert spyware into the operating system of a computer being used by a foreign mission in New York, allowing the NSA to read the plaintext versions of cables before they were encrypted.

***

But by far the most productive and sensitive intelligence source about what is going on inside embassies and consulates in the United States is a joint FBI-NSA electronic-eavesdropping program known as Close Access SIGINT. It enables the FBI and NSA to listen to what is transpiring inside these buildings by using a wide range of covert technical sensors that are monitored in real time from covert listening posts located in close proximity to the targets.

Some of these operations involve spyware software that has been covertly planted inside the computer systems of embassies and consulates, which allows the NSA’s computer-hacking organization, the Office of Tailored Access Operations (TAO), to read in real time everything that is being stored on individual computers or on the computer network itself. Some of these implants are designed and operated by TAO. Others are designed by the FBI’s SIGINT unit, the DITU. Some sensors periodically copy the contents of computer hard drives; another sensor takes screen shots of documents being processed or reviewed on compromised computer systems. The FBI is also using sophisticated laser and acoustic systems to image and record the sounds of what is being typed on computers, according to a source with access to the trove of documents leaked to the media by former NSA contractor Edward Snowden.

To pick up the signals from these clandestine sensors, the FBI uses front companies to lease office space within line of sight of nearly 50 embassies and consulates in Washington and New York. In other instances, the FBI and NSA have installed disguised receivers on building rooftops near these embassies to pick up the data signals from clandestine sensors implanted inside these embassies and consulates. Some of these disguised receivers can clearly be seen on the rooftop of a building located within line of sight of the Chinese, Israeli, and Pakistani embassies on Van Ness Street in northwest Washington. It’s a neighborhood that’s awfully familiar to the FBI and its eavesdroppers.
Save big when you subscribe to FP.

MICHAEL BRADLEY/AFP/Getty Images

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency.

BY MATTHEW M. AID | NOVEMBER 19, 2013

Find this story at 19 November 2013

© 2013 The Slate Group, LLC. All rights reserved.

Anonymous hacktivist told court FBI informant and fellow hacker Sabu supplied him with list of countries vulnerable to cyber-attack

Hammond said: ‘I took responsibility by pleading guilty, but when will the government be made to answer for its crimes?’ Photograph: Michael Gottschalk/AFP

The Anonymous hacktivist sentenced on Friday to 10 years in federal prison for his role in releasing thousands of emails from the private intelligence firm Stratfor has told a Manhattan court that he was directed by an FBI informant to break into the official websites of several governments around the world.

Jeremy Hammond, 28, told a federal court for the southern district of New York that a fellow hacker who went under the internet pseudonym “Sabu” had supplied him with lists of websites that were vulnerable to attack, including those of many foreign countries. The defendant mentioned specifically Brazil, Iran and Turkey before being stopped by judge Loretta Preska, who had ruled previously that the names of all the countries involved should be redacted to retain their secrecy.

Within a couple of hours of the hearing, the three countries had been identified publicly by Forbes, the Huffington Post and Twitter feeds serving more than a million followers. “I broke into numerous sites and handed over passwords and backdoors that enabled Sabu – and by extension his FBI handlers – to control these targets,” Hammond told the court.

The 28-year-old hacker has floated the theory in the past that he was used as part of an effective private army by the FBI to target vulnerable foreign government websites, using the informant Sabu – real name Hector Xavier Monsegur – as a go-between. Sabu, who was a leading figure in the Anonymous-affiliated hacking group LulzSec, was turned by the FBI into one of its primary informants on the hacker world after he was arrested in 2011, about six months before the Stratfor website was breached.

Referring to the hacking of foreign government websites, Hammond said that in one instance, he and Sabu provided details on how to crack into the websites of one particular unidentified country to other hackers who then went on to deface and destroy those websites. “I don’t know how other information I provided to [Sabu] may have been used, but I think the government’s collection and use of this data needs to be investigated,” he told the court

He added: “The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”

Hammond’s 10-year federal prison service makes it one of the longest punishments dished out for criminal hacking offences in US history. It joins a lengthening line of long jail terms imposed on hackers and whistleblowers as part of the US authorities’ attempt to contain data security of government agencies and corporations in the digital age.

Preska also imposed a three-year period of probationary supervision once Hammond is released from jail that included extraordinary measures designed to prevent him ever hacking again. The terms of the supervision state that when he is out of prison he must: have no contact with “electronic civil disobedience websites or organisations”; have all his internet activity monitored; subject himself to searches of his body, house, car or any other possessions at any time without warrant; and never do anything to hide his identity on the internet.

Hammond’s 10-year sentence was the maximum available to the judge after he pleaded guilty to one count of the Computer Fraud and Abuse Act (CFAA) relating to his December 2011 breach of the website of the Austin, Texas-based private intelligence company Strategic Forecasting, Inc. Delivering the sentence, Preska dismissed the defendant’s explanation of his motivation as one of concern for social justice, saying that he had in fact intended to create “maximum mayhem”. “There is nothing high-minded and public-spirited about causing mayhem,” the judge said.

She quoted from comments made by Hammond under various internet handles at the time of the Stratfor hack in which he had talked about his goal of “destroying the heart, hoping for bankruptcy, collapse”. She criticised what she called his “unrepentant recidivism – he has an almost unbroken record of offences that demonstrate an almost total disrespect for the law.”

Before the sentence came down, Hammond read out an outspoken statement to court in which he said he had been motivated to join the hacker group Anonymous because of a desire to “continue the work of exposing and confronting corruption”. He said he had been “particularly moved by the heroic actions of Chelsea Manning, who had exposed the atrocities committed by US forces in Iraq and Afghanistan. She took an enormous personal risk to leak this information – believing that the public had a right to know and hoping that her disclosures would be a positive step to end these abuses.”

In his own case, he said that as a result of the Stratfor hack, “some of the dangers of the unregulated private intelligence industry are now known. It has been revealed through Wikileaks and other journalists around the world that Stratfor maintained a worldwide network of informants that they used to engage in intrusive and possibly illegal surveillance activities on behalf of large multinational corporations.”

Margaret Kunstler, a prominent member of the Hammond’s defence team, told the Guardian after the sentencing that the maximum punishment was “not a great surprise”. She said that Preska had turned Hammond’s own comments in web chats against him, “but I think she doesn’t understand the language that’s used in chat rooms and the internet – for her to have used such language against him and not understand what his comments meant seemed piggy to say the least.”

• This article was amended on 17 November 2013. An earlier version incorrectly described Margaret Kunstler as Hammond’s lead defence lawyer.

Ed Pilkington in New York
theguardian.com, Friday 15 November 2013 20.22 GMT

Find this story at 15 November 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

On the day he learned he was to spend 10 years in federal prison for his involvement in an Anonymous hack, 28-year-old Jeremy Hammond read a statement to the Manhattan court. As well as framing his hacktivism as a public service, aimed at revealing the shadier operations of corporate intelligence firms, Hammond told the court that the FBI had played a significant role in cyberattacks in which he had participated, using infamous Anonymous snitch Sabu to provide information to hackers.

Hammond specifically noted that the FBI informant had provided him with information on vulnerabilities within the official websites of various governments around the world, including Brazil, Syria, Iran and Turkey. (The names of the nations were redacted from the court statement, but soon emerged online.)

Hammond stated: “I broke into numerous sites and handed over passwords and back doors that enabled Sabu — and by extension his FBI handlers — to control these targets … The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”

The hackivist’s contention here is that the U.S. government used hackers to garner information on, and cyber-advantage over, foreign governments. The hackers were then condemned as criminal, having unwittingly performed services for the U.S. government through illegal hacks. Whether or not the targets provided by Sabu were actually of interest to U.S. national intelligence, or whether they were simply valueless sting bate for hackers is unclear. What is evident, however, is that without government assistance, a number of illegal hacks would not have been carried out as they were. The decades-old question thus arises of when a government sting crosses the boundary into entrapment. In the years since 9/11, little more than a faint line in the sand seems to distinguish (legal) stings and (illegal) entrapment operations by the FBI.
advertisement

The criterion purportedly dividing sting and entrapment operations is weak. An operation counts as a sting (as opposed to entrapment) if it can be shown that a suspect would have carried out the crime, given the chance. It’s a perverse logic of hypotheticals when the government provides all the conditions for a crime to take place (e.g., providing talented hackers with government targets) — conditions that would not have been in place otherwise. A number of recent FBI cases relating to political activism have reeked of entrapment, but have been framed as stings. Recall, for example, the group of young Cleveland anarchists, strung along by an FBI agent into agreeing on a plan to blow up a bridge. The young men were, at every turn, prompted and offered materials by an FBI informant. “The alleged terrorist masterminds end up seeming, when the full story comes out, unable to terrorize their way out of a paper bag without law enforcement tutelage,” noted Rick Perlstein on the case in Rolling Stone last year.

Hammond’s case is different. The 28-year-old is a smart, articulate and experienced activist and hacker. As his guilty plea made clear, he knew what he was doing and he acted in what he felt was the public interest, to expose and hold accountable the private intelligence industry. However, Hammond also engaged in wholly government-prompted hacks and is now being ferociously punished. If it can be shown that the U.S. government used information gathered by hackers on Sabu’s tips, crucial questions arise about why the hackers and not the government agencies that used their skills are being persecuted. If, however, Sabu’s information about foreign government sites’ vulnerabilities were no more than a lure, questions of entrapment should be raised. Either way, as Hammond begins his lengthy federal prison sentence for a nonviolent crime, through which he received no personal enrichment, the FBI’s role in catching the hacktivist deserves greater scrutiny.

monday, Nov 18, 2013 05:51 PM +0100
Natasha Lennard

Find this story at 18 November 2013

© 2013 Salon Media Group, Inc.

Hammond calls his 10-year sentence a ‘vengeful, spiteful act’ by US authorities eager to put a chill on political hacking

‘I knew when I started out with Anonymous that being put in jail and having a lengthy sentence was a possibility,’ Hammond said. Photo: AP

Jeremy Hammond, the Anonymous hacktivist who released millions of emails relating to the private intelligence firm Stratfor, has denounced his prosecution and lengthy prison sentence as a “vengeful, spiteful act” designed to put a chill on politically-motivated hacking.

Hammond was sentenced on Friday at federal court in Manhattan to the maximum 10 years in jail, plus three years supervised release. He had pleaded guilty to one count under the Computer Fraud and Abuse Act (CFAA) flowing from his 2011 hack of Strategic Forecasting, Inc, known as Stratfor. In an interview with the Guardian in the Metropolitan Correction Center in New York, conducted on Thursday, he said he was resigned to a long prison term which he sees as a conscious attempt by the US authorities to put a chill on political hacking.

He had no doubt that his sentence would be long, describing it as a “vengeful, spiteful act”. He said of his prosecutors: “They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face.”

Most pointedly, Hammond suggested that the FBI may have manipulated him to carry out hacking attacks on “dozens” of foreign government websites. During his time with Anonymous, the loose collective of hackers working alongside WikiLeaks and other anti-secrecy groups, he was often directed by a individual known pseudonomously on the web as “Sabu”, the leader of the Anonymous-affiliated group Lulzsec, who turned out to be an FBI informant.

Hammond, who is under court orders restricting what he says in public, told the Guardian that Sabu presented him with a list of targets, including many foreign government sites, and encouraged him to break into their computer systems. He said he was not sure whether Sabu was in turn acting on behalf of the FBI or other US government agency, but it was even possible that the FBI was using Sabu’s internet handle directly as contact between the two hackers was always made through cyberspace, never face-to-face.

“It is kind of funny that here they are sentencing me for hacking Stratfor, but at the same time as I was doing that an FBI informant was suggesting to me foreign targets to hit. So you have to wonder how much they really care about protecting the security of websites.”

In the interview, conducted in a secure prison meeting room hours before the 28-year-old Chicagoan was sentenced, he was sanguine about his prospects. “I knew when I started out with Anonymous that being put in jail and having a lengthy sentence was a possibility. Given the nature of the targets I was going after I knew I would upset a lot of powerful people.”

Dressed in a brown prison jump suit, and with a long wispy goatee and moustache (he planned to shave both off before the sentencing hearing), Hammond was scathing about the way the CFAA was being twisted in his view for political ends. “They are widening the definition of what is covered by the Act and using it to target specifically political activists,” he said.

He invoked the memory of Aaron Swartz, the open-data crusader who killed himself in January while awaiting trial under the CFAA for releasing documents from behind the subscription-only paywall of an online research group. “The same beast bit us both,” Hammond said. “They went after Aaron because of his involvement in legitimate political causes – they railroaded charges against him, and look what happened.”

Hammond has been in custody since March 2012 having been arrested in Chicago on suspicion of the Stratfor leak of millions of emails that were eventually released by WikiLeaks as the Global Intelligence Files. His sentence is an indication of the aggression with which prosecutors have been pursuing political hackers in the US – other Anonymous members in Britain involved in the breach of Stratfor were sentenced to much shorter jail terms.

Hammond stressed that he had not benefitted personally in any way from the Stratfor email release, that exposed surveillance by private security firms on activists including Anonymous members themselves, Occupy protesters and campaigners in Bhopal, India involved in the push for compensation for victims of the 1984 industrial catastrophe. “Our main purpose in carrying out the Stratfor hack was to find out what private security and intelligence companies were doing, though none of us had any idea of the scale of it.”

Paradoxically, Hammond insists that he would never have carried out the breach of Stratfor’s computer system had he not been led into doing it by Sabu – real name Hector Xavier Monsegur – the fellow hacker who is himself awaiting sentencing having pleaded guilty to 12 hacking-related criminal charges. “I had never heard of Stratfor until Sabu brought in another hacker who told me about it. Practically, I would never have done the Stratfor hack without Sabu’s involvement.”

Hammond discovered that Monsegur was an FBI informant the day after his own arrest. As he was reading the criminal complaint against him, he saw quotes marked CW for “co-operating witness” that contained details that could only have come from Sabu.

“I felt betrayed, obviously. Though I knew these things happen. What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets.”

Part of Sabu’s interest in him, he now believes, was that Hammond had access to advanced tools including one known as PLESK that allowed him to break into web systems used by large numbers of foreign governments. “The FBI and NSA are clearly able to do their own hacking of other countries. But when a new vulnerability emerges in internet security, sometimes hackers have access to tools that are ahead of them that can be very valuable,” he said.

Looking back on his involvement with anonymous, the Chicagoan said that he had been drawn to work with Anonymous, because he saw it as “a model of resistance – it was decentralised, leaderless.” He grew increasingly political in his hacking focus, partly under the influence of the Occupy movement that began in Wall Street in September 2011 and spread across the country.

Chelsea Manning, the US soldier formerly known as Bradley who leaked a massive trove of state secrets to WikiLeaks now serving a 35-year sentence in military jail, was a major influence on him. Manning showed him that “powerful institutions – whether military or private security firms – are involved in unaccountable activities that the public is totally unaware of that can only be exposed by whistleblowers and hackers”.

Hammond has often described himself as an anarchist. He has a tattoo on his left shoulder of the anarchy symbol with the words: “Freedom, equality, anarchy”. Another tattoo on his left forearm shows the Chinese representation of “leader” or “army”, and a third tattoo on his right forearm is a glider signifying the hacking open-source movement that is drawn from the computer simulation Game of Life .

He says he plans to use his time in prison “reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release”. As to that release, he says he cannot predict how he will be thinking when he emerges from jail, but doubts that he would go back to hacking. “I think my days of hacking are done. That’s a role for somebody else now,” he said.

Ed Pilkington in New York
theguardian.com, Friday 15 November 2013 17.12 GMT

Find this story at 15 November 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Jeremy Hammond, the Chicago activist and hacktivist (an activist who uses computer networks for political
protests and other actions), was sentenced last week to 10 years in prison and three years of supervised release for hacking into the intelligence contractor Strategic Forcasting (or Stratfor) and other government, law enforcement and military suppliers’ websites.

The Stratfor hack resulted in a cache of 5.2 million leaked emails and account information for approximately 860,000 Stratfor subscribers and clients, including information from 60,000 credit cards. To list a few of the many revelations, the emails revealed domestic spying on activists, including Occupy Wall Street; surveillance through persona management programs or fake online personas (“sock puppets”); and attempts to link American activist and journalist Alexa O’Brien to al-Qaeda. The Stratfor hack pullled back the curtain on the ofttimes illegal goings-on in the shadowy world of intelligence contractors.

Mr. Hammond’s supervised release includes limited computer access and prohibits him using encryption and from associating with civil disobedience groups. The ban on encryption shows a fundamental misunderstanding of how the Internet works. Encryption is used in nearly every online transaction, such as email, social networking and online banking. The broad ban on freedom of association raises potential Constitutional issues. At the time of his arrest, Mr. Hammond was working under the banner of AntiSec, an offshoot of the hacktivist collective Anonymous.

Jeremy Hammond, American Political Prisoner, courtesy of @FreeAnons.

The packed courtroom looked more like a church wedding than a sentencing, with dozens of Westpoint cadets on a field trip sitting on the left and Mr. Hammond’s parents, friends and supporters — who caravanned from all over the U.S. to show solidarity for their fallen comrade — sitting on the right. Mr. Hammond, his attorneys, Sarah, Emily and Margaret Kunstler and Susan Kellman faced the stoic Judge Loretta Preska presiding over the solemn ceremony.

On September 10th I visited Jeremy Hammond at Manhattan Correctional Center where he had been incarcerated for 18 months. Mr. Hammond, who was denied bail, was also disallowed all visitors, including family members. I am the first journalist with whom Mr. Hammond met since his arrest in March 2012. This interview was held months before sentencing. At the request of Mr. Hammond’s attorneys, who feared his words would be used at sentencing against him, I delayed publishing.
____________________________

Vivien Lesnik Weisman: You are both a boots on the ground activist and a hacktivist. Can you explain hacktivisim, hacking for political purposes and off line activism?

Jeremy Hammond: Hackers are by nature critical of systems, hacking is activism. The very act of hacking is inherently activist and political.

VLW: How effective is activism without the added thread of technology, or hacktivism, in the modern world? Which is more effective?

JH: Hacking is never going to take the place of grassroots community organizing. They complement each other.

There is more to it of course than hacking. Hacktivism involves online social networking, sharing ideas. Protest is predictable; they know how to contain it. The government knows how to ignore it. Both direct action and civil disobedience are unpredictable. I’m all for it.

I see hacktivism as a direct action tool. Offensive hacking with political intent is really nothing more than one more direct action tool. What you do when you get the information is what determines its efficacy as a direct action tool.

And now because of the state of the world — foreclosures, the wars — hackers are becoming politicized. We break into systems and then movements like Occupy deliver the message. It all works together. There is street protest. There is direct action, and hacking is one more tool.

Subverzo, hacktivist, at post-sentencing rally, Foley Square. Photo credit: Still from The Reality Wars, A.J. Abucay DP

VLW: How did the decision to target the intelligence contractor, Stratfor, come about and what was your involvement?

JH: Another hacker, who has not been indicted and therefore I will not name, brought the vulnerability. He had the credit cards already, before I ever got involved, on the Dec 5th. He chose Stratfor and brought it to us. There were 12 of us in the IRC (chat room) at that time.

Stratfor was chosen by that hacker because Stratfor had targeted Anonymous and specifically #OpCartel (Anonymous action against Mexican drug cartels).

Then the 12 of us in a private IRC channel approved it on the merits, as a meritocracy, the Anon way.

None of the 12 in that chat room that included me and Sabu [hacker leader turned FBI informant] have ever been caught.

Amongst the 12 were not only hackers. Some were social media types who brought attention to the actions.

I did the Stratfor hack all by myself except for the original vulnerability. I was the main hacker in Anti-Sec.

Sabu refers to Hetcor Xavier Monsegur, hacker and leader of LulzSec, an offshoot of Anonymous. LulzSec was an elite hacker collective that obtained notoriety as much for their high profile targets as for their clever self-promotion. Sabu was arrested by the FBI and began working for them that day. The following day he announced the formation of AntiSec, “the biggest unified collective of hackers in history.” Both in private IRC and through his various public Twitter accounts he encouraged hackers to join AntiSec and commit hacking crimes. Many hacktivists and rights organizations see these — including the Statfor hack — as government created crimes given that Sabu was working for his FBI handlers at the time he was inciting hackers to join AntiSec. After Sabu was turned, all of his actions can be seen as government actions. In essence, the name Sabu and the government can be used interchangeably in this context.

He is responsible for the arrests of many Anons including Jeremy Hammond.

Hector Xavier Monsegur Jr, hacker known by his nom de guerre Sabu, FBI informant.

VLW: Did you ever suspect that Sabu was a Fed (FBI informant) before that became public?

JH: I was in a chat room with 12 hackers. Chances are someone in there was a Fed. I don’t work with anyone who has not taken risks alongside me. Sabu had taken risks and hacked himself. Still, I could have done this all on my own. I was the main hacker in Anti-Sec.

VLW: And that hacker who provided the exploits also came with the credit cards? And were the credit cards live?

JH: Yes. The credit cards were live. We all spoke on Dec 6th and planned a coordinated day of action when we would choose charities and use the credit cards to make donations for Christmas to these charities, Christmas donations.

VLW: LulzXmas?

JH: Yes.

Jeremy Hammond is often referred to as a digital Robin Hood for his participation in LulzXmas. Margaret Ratner Kunstler, Hammond’s attorney, clarified that her client did not himself make any donations or use the credit cards. He also did not personally profit from the hacked credit cards.

JH: But our main focus was the emails, to reveal the spying. Stratfor was spying on the world. We revealed the anti-WikiLeaks actions by Stratfor. Stratfor was spying on Occupy Wall Street, WikiLeaks, and Anonymous.

We didn’t even know about the Venezuelan coup discussions proving U.S. involvement in the attempted coup until we saw that in the Strafor emails later.

It was all revealed on WikLeaks but I had moved on. I’d rather be hacking.

[He smiles.]

VLW: There is speculation that the Stratfor hack was designed by the government and carried out by their informant Sabu as an attempt to entrap Julian Assange by getting him to solicit information or even sell him information. Were you aware of such a plan and if so did you make a conscious decision to foil that plan by dumping on the Pirate Bay before the transaction could be completed?

JH: No, that did not happen. Julian Assange and WikiLeaks was not a factor.

In fact, many hacktivists make the claim that the Stratfor hack was designed to entrap Julian Assange. Hammond is not necessarily in a position to know whether that was the case or not.

VLW: Stratfor was notified by the government that they had been penetrated and told to do nothing. Why did they allow Stratfor to be sacrificed?

JH: We do not know to what degree they notified Stratfor. Interesting question, but we don’t know.

VLW: Why did the Stratfor hack take so long to complete? And why destroy the servers?

JH: I had to get to the mail servers. It takes time. We always destroy the servers.

First you deface, then you take the information, then you destroy the server, for the Lulz [for fun], and so they can’t rebuild the system. We don’t want them to rebuild. And to destroy forensic information that could be used to find out who did it and how it was done.

VLW: What are your preferred targets?

JH: My preferred targets are military contractors, military suppliers and law enforcement.

VLW: Intelligence contractors like Stratfor?

JH: Tech intelligence firms are a preferred target. Tech firms — where white hat hackers are paid to target the 99% for their corporate overlord clients.

Chris Hedges, journalist, TruthDig columnist, speaks at Hammond Rally. Photo credit: Still from The Reality Wars, A.J. Abucay DP

Those firms also contain the keys to their corporate clients so there is a big payoff — Endgame Systems and Palantir, for example.

Endgame Systems is the subject of much discussion. Engame Systems is self-described as providing offensive and defensive vulnerability research, mitigation of cyber-threats and cyber operations platforms. It is in the business of selling “zero day exploits.” That is, the vulnerabilities that have not yet been detected. According to a Business Week article, these zero day exploits are militarized and include entire blueprints of the computer systems of airports and other critical infrastructure including that of our western allies for example Paris’s Charles De Gaulle Airport. It is difficult to see how the sale of these exploits makes us more secure.

A package of these zero day exploits can be purchased for 2.5 million dollars a year. The price list was revealed in a cache of emails in the HBGary hack, an earlier Anonymous operation. Endgame weaponry is sold by region — China, the Middle East, Russia, Latin America, and Europe. There are even target packs for European and other allies. That raises the question of whether these exploits are being sold to foreign actors. Even if not sold directly to enemies of the U.S., cyber munitions like conventional arms have a way of showing up in unintended places. Once these exploits are out there they are vulnerable to rouge hackers and rogue states.

JH: White hat hackers are being paid to do supposedly defensive actions but they are offensive. White hat hackers are supposed to identify a vulnerability and then announce. But instead they sell the vulnerability, the exploits. So if you hack for the thrill it’s not ok. But for money, like Endgames, then somehow it is. And instead of going to jail for hacking you get awarded a government contract.

At least, the NSA is supposed to — and that is a big “supposed to” — have some kind of government oversight and again that’s overstated; these government contractors, intel firms and tech firms like Stratfor have no oversight whatsoever. They are not bound by any laws. They are above the law. No FOIA (request for classified or other non-public information from the government under the Freedom Of Information Act) can compel them to reveal what they do. Rogue hackers have better access to vulnerabilities than government hackers.

VLW: That reminds me of The Conscience of a Hacker by the Mentor. Did you read that?

Known as the Hacker Manifesto, it could just be Jeremy Hammond’s ethos.

It reads:
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like.

My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.

JH: From the 90’s? You hate me because I’m better than you are. Yeah, yeah.

[He smiles.]

Citizen journalist/activist and Hammond supporter Tara Jill Livestreams outside the court house. Photo credit: Still from The Reality Wars, A.J. Abucay DP

VLW: What do you think about the new battlefield, or cyberwarfare?

JH: The government calls it cybersecurity, but it’s really offensive hacking not just defensive.

The Department of Defense deals in war and aggression but it is not called Department of War is it? The government calls what they do mitigation of the threat of a cyber offensive. But these are offensive acts. They are acts of war. This is the new terrain. The new battlefield.

The war is on and it’s for the Internet. They spy on us, they spy on others, intellectual property rights wars, censorship….

For example, when encryption first came out PGP (Pretty Good Privacy, the first publicly available encryption software) it was called a munition and they immediately tried to ban it.

Encryption is part of our arsenal. It trumps the surveillance state.

As Mr. Hammond was waiting to be handcuffed in order for me to be escorted out of the small room at Manhattan Correctional Center where Mr. Hammond and I had conversed for over 4 hours, I asked him one last question.

VLW: You want to challenge the political system in the US and the world with technology. Is technology your weapon in the same way rifles were weapons in the past? Are you willing to die for your cause?

Handcuffed and standing before me with the guard awaiting my exit he pondered the question. As the guard ushered me out he responded.

JH: Die for my cause? Yes.
Go to prison, die for my cause… or choose to live a life of submission.
____________________________

Mr. Hammond’s bold and principled stand is sure to inspire others to make a similar choice.

This is part one of a two part article.

I am currently working on The Reality Wars, a feature length documentary about the targeting of activists, hacktivists and journalists by the US government and the nexus between intelligence contractors and the surveillance state. Jeremy Hammond and the Stratfor hack are covered in my film.

Posted: 11/19/2013 10:18 am

Find this story at 19 November 2013

© 2013 TheHuffingtonPost.com, Inc.