Wednesday, July 17, 2013

The CIA's New Black Bag Is Digital


The CIA's New Black Bag Is Digital

When the NSA can't break into your computer, these guys break into your





During a coffee break at an intelligence conference held in The Netherlands

a few years back, a senior Scandinavian counterterrorism official regaled me

with a story. One of his service's surveillance teams was conducting routine

monitoring of a senior militant leader when they suddenly noticed through

their high-powered surveillance cameras two men breaking into the militant's

apartment. The target was at Friday evening prayers at the local mosque. But

rather than ransack the apartment and steal the computer equipment and other

valuables while he was away -- as any right-minded burglar would normally

have done -- one of the men pulled out a disk and loaded some programs onto

the resident's laptop computer while the other man kept watch at the window.

The whole operation took less than two minutes, then the two trespassers

fled the way they came, leaving no trace that they had ever been there.


It did not take long for the official to determine that the two men were, in

fact, Central Intelligence Agency (CIA) operatives conducting what is known

in the U.S. intelligence community as either a "black bag job" or a

"surreptitious entry" operation. Back in the Cold War, such a mission might

have involved cracking safes, stealing code books, or photographing the

settings on cipher machines. Today, this kind of break-in is known inside

the CIA and National Security Agency as an "off-net operation," a

clandestine human intelligence mission whose specific purpose is to

surreptitiously gain access to the computer systems and email accounts of

targets of high interest to America's spies. As we've learned in recent

weeks, the National Security Agency's ability to electronically eavesdrop

from afar is massive. But it is not infinite. There are times when the

agency cannot gain access to the computers or gadgets they'd like to listen

in on. And so they call in the CIA's black bag crew for help.


The CIA's clandestine service is now conducting these sorts of black bag

operations on behalf of the NSA, but at a tempo not seen since the height of

the Cold War. Moreover, these missions, as well as a series of parallel

signals intelligence (SIGINT) collection operations conducted by the CIA's

Office of Technical Collection, have proven to be instrumental in

facilitating and improving the NSA's SIGINT collection efforts in the years

since the 9/11 terrorist attacks.


Over the past decade specially-trained CIA clandestine operators have

mounted over one hundred extremely sensitive black bag jobs designed to

penetrate foreign government and military communications and computer

systems, as well as the computer systems of some of the world's largest

foreign multinational corporations. Spyware software has been secretly

planted in computer servers; secure telephone lines have been bugged; fiber

optic cables, data switching centers and telephone exchanges have been

tapped; and computer backup tapes and disks have been stolen or

surreptitiously copied in these operations.


In other words, the CIA has become instrumental in setting up the shadowy

surveillance dragnet that has now been thrown into public view. Sources

within the U.S. intelligence community confirm that since 9/11, CIA

clandestine operations have given the NSA access to a number of new and

critically important targets around the world, especially in China and

elsewhere in East Asia, as well as the Middle East, the Near East, and South

Asia. (I'm not aware of any such operations here on U.S. soil.) In one

particularly significant operation conducted a few years back in a

strife-ridden South Asian nation, a team of CIA technical operations

officers installed a sophisticated tap on a switching center servicing

several fiber-optic cable trunk lines, which has allowed NSA to intercept in

real time some of the most sensitive internal communications traffic by that

country's general staff and top military commanders for the past several

years. In another more recent case, CIA case officers broke into a home in

Western Europe and surreptitiously loaded Agency-developed spyware into the

personal computer of a man suspected of being a major recruiter for

individuals wishing to fight with the militant group al-Nusra Front in

Syria, allowing CIA operatives to read all of his email traffic and monitor

his Skype calls on his computer.


The fact that the NSA and CIA now work so closely together is fascinating on

a number of levels. But it's particularly remarkable accomplishment, given

the fact that the two agencies until fairly recently hated each others'



Ingenues and TBARs


As detailed in my history of the NSA, The Secret Sentry, the CIA and NSA had

what could best be described as a contentious relationship during the Cold

War era. Some NSA veterans still refer to their colleagues at the CIA as

'TBARs,' which stands for 'Those Bastards Across the River,' with the river

in question being the Potomac. Perhaps reflecting their higher level of

educational accomplishment, CIA officers have an even more lurid series of

monikers for their NSA colleagues at Fort Meade, most of which cannot be

repeated in polite company because of recurring references to fecal matter.

One retired CIA official described his NSA counterparts as "a bunch of damn

ingenues." Another CIA veteran perhaps put it best when he described the

Cold War relationship amongst and between his agency and the NSA as "the

best of enemies."


The historical antagonism between the two agencies started at the top. Allen

W. Dulles, who was the director of the CIA from 1953 to 1961, disliked NSA

director General Ralph Canine so intensely that he deliberately kept the NSA

in the dark about a number of the agency's high-profile SIGINT projects,

like the celebrated Berlin Tunnel cable tapping operation in the mid-1950s.

The late Richard M. Helms, who was director of the CIA from 1966 to 1973,

told me over drinks at the Army-Navy Club in downtown Washington, D.C. only

half jokingly that during his thirty-plus years in the U.S. intelligence

community, his relations with the KGB were, in his words, "warmer and more

collegial" than with the NSA. William E. Colby, who served as Director of

Central Intelligence from 1973-1976, had the same problem. Colby was so

frustrated by his inability to assert any degree of control over the NSA

that he told a congressional committee that "I think it is clear I do not

have command authority over the [NSA]." And the animus between CIA director

Admiral Stansfield Turner (CIA director from 1977-1981) and his counterpart

at the NSA, Admiral Bobby Ray Inman, was so intense that they could only

communicate through intermediaries.


But the 9/11 terrorist attacks changed the operational dynamic between these

two agencies, perhaps forever. In the thirteen years since the 9/11

terrorist attacks, the NSA and CIA have largely, but not completely, moved

past the Cold War animus. In addition, both agencies have become

increasingly dependent on one another for the success of their respective

intelligence operations, leading to what can best be described as an

increasingly close symbiotic relationship between these two titans of the

U.S. intelligence community.


While the increasingly intimate relationship between the NSA and CIA is not

a secret, the specific nature and extent of the work that each agency does

for the other is deemed to be extremely sensitive, especially since many of

these operations are directed against friends and allies of the United

States. For example, the Special Collection Service (SCS), the secretive

joint CIA-NSA clandestine SIGINT organization based in Beltsville, Maryland,

now operates more than 65 listening posts inside U.S. embassies and

consulates around the world. While recent media reports have focused on the

presence of SCS listening posts in certain Latin America capitals,

intelligence sources confirm that most of the organization's resources have

been focused over the past decade on the Middle East, South Asia, and East

Asia. For example, virtually every U.S. embassy in the Middle East now hosts

a SCS SIGINT station that monitors, twenty-four hours a day, the complete

spectrum of electronic communications traffic within a one hundred mile

radius of the embassy site. The biggest problem that the SCS currently faces

is that it has no presence in some of the U.S. intelligence community's top

targets, such as Iran and North Korea, because the U.S. government has no

diplomatic relations with these countries.


At the same time, SIGINT coming from the NSA has become a crucial means

whereby the CIA can not only validate the intelligence it gets from its

oftentimes unreliable agents, but SIGINT has been, and remains the lynchpin

underlying the success over the past nine years of the CIA's secret unmanned

drone strikes in Pakistan, Yemen and elsewhere around the world.


But the biggest changes have occurred in the CIA's human intelligence

(HUMINT) collection efforts on behalf of NSA. Over the past decade, foreign

government telecommunications and computer systems have become one of the

most important targeting priorities of the CIA's National Clandestine

Service (NCS), which since the spring of this year has been headed by one of

the agency's veteran Africa and Middle East hands. The previous director,

Michael J. Sulick, is widely credited with making HUMINT collection against

foreign computer and telecommunications systems one of the service's top

priority targets after he rose to the top of the NCS in September 2007.


Today, a cadre of several hundred CIA NCS case officers, known as Technical

Operations Officers, have been recruited and trained to work exclusively on

penetrating foreign communications and computer systems targets so that NSA

can gain access to the information stored on or transmitted by these

systems. Several dozen of these officers now work fulltime in several

offices at NSA headquarters at Fort George G. Meade, something which would

have been inconceivable prior to 9/11.


CIA operatives have also intensified their efforts to recruit IT specialists

and computer systems operators employed by foreign government ministries,

major military command headquarters staffs, big foreign multinational

corporations, and important international non-governmental organizations.


Since 9/11, the NCS has also developed a variety of so-called "black boxes"

which can quickly crack computer passwords, bypass commercially-available

computer security software systems, and clone cellular telephones -- all

without leaving a trace. To use one rudimentary example, computer users

oftentimes forget to erase default accounts and passwords when installing a

system, or incorrectly set protections on computer network servers or e-mail

accounts. This is a vulnerability which operatives now routinely exploit.


For many countries in the world, especially in the developing world, CIA

operatives can now relatively easily obtain telephone metadata records, such

as details of all long distance or international telephone calls, through

secret liaison arrangements with local security services and police



America's European allies are a different story. While the connections

between the NSA and, for example, the British signals intelligence service

GCHQ are well-documented, the CIA has a harder time obtaining personal

information of British citizens. The same is true in Germany, Scandinavia

and the Netherlands, which have also been most reluctant to share this sort

of data with the CIA. But the French intelligence and security services have

continued to share this sort of data with the CIA, particularly in

counterterrorism operations.


U.S. intelligence officials are generally comfortable with the new

collaboration. Those I have spoken to over the past three weeks have only

one major concern. The fear is that details of these operations, including

the identities of the targets covered by these operations, currently reside

in the four laptops reportedly held by Edward Snowden, who has spent the

past three weeks in the transit lounge at Sheremetyevo Airport outside

Moscow waiting for his fate to be decided. Officials at both the CIA and NSA

know that the public disclosure of these operations would cause incalculable

damage to U.S. intelligence operations abroad as well as massive

embarrassment to the U.S. government. If anyone wonders why the U.S.

government wants to get its hands on Edward Snowden and his computers so

badly, this is an important reason why.



(F)AIR USE NOTICE: All original content and/or articles and graphics in this

message are copyrighted, unless specifically noted otherwise. All rights to

these copyrighted items are reserved. Articles and graphics have been placed

within for educational and discussion purposes only, in compliance with

"Fair Use" criteria established in Section 107 of the Copyright Act of 1976.

The principle of "Fair Use" was established as law by Section 107 of The

Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain

permission or pay royalties for the use of previously copyrighted materials

if the purposes of display include "criticism, comment, news reporting,

teaching, scholarship, and research." Section 107 establishes four criteria

for determining whether the use of a work in any particular case qualifies

as a "fair use". A work used does not necessarily have to satisfy all four

criteria to qualify as an instance of "fair use". Rather, "fair use" is

determined by the overall extent to which the cited work does or does not

substantially satisfy the criteria in their totality. If you wish to use

copyrighted material for purposes of your own that go beyond 'fair use,' you

must obtain permission from the copyright owner. For more information go to:









No comments:

Post a Comment