Job let leaker Edward Snowden see US lines of cyberattack

Job let leaker Edward Snowden see US lines of cyberattack
Washington:  Intelligence officials refer to Edward J. Snowden's job as a National Security Agency contractor as "systems administrator" - a bland name for the specialists who keep the computers humming. But his last job before leaking classified documents about NSA surveillance, he told the news organization The Guardian, was actually "infrastructure analyst."

It is a title that officials have carefully avoided mentioning, perhaps for fear of inviting questions about the agency's aggressive tactics: an infrastructure analyst at the NSA, like a burglar casing an apartment building, looks for new ways to break into Internet and telephone traffic around the world.

That assignment helps explain how Snowden got hold of documents laying bare the top-secret capabilities of the nation's largest intelligence agency, setting off a far-reaching political and diplomatic crisis for the Obama administration.

Even as some members of Congress have challenged the NSA's collection of logs of nearly every phone call Americans make, European officials furiously protested on Sunday after Snowden's disclosure that the NSA has bugged European Union offices in Washington and Brussels and, with its British counterpart, has tapped the Continent's major fiber-optic communications cables.

On Sunday evening, The Guardian posted an article saying documents leaked by Snowden show 38 embassies and missions on a list of United States electronic surveillance targets. Some of those offices belong to allies like France, Italy, Japan and Mexico, The Guardian said.

Snowden, who planned his leaks for at least a year, has said he took the infrastructure analyst position with Booz Allen Hamilton in Hawaii in March, evidently taking a pay cut, to gain access to a fresh supply of documents.

"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he told The South China Morning Post before leaving Hong Kong a week ago for Moscow, where he has been in limbo in the transit area of Sheremetyevo Airport. "That is why I accepted that position about three months ago."

A close reading of Snowden's documents shows the extent to which the eavesdropping agency now has two new roles: It is a data cruncher, with an appetite to sweep up, and hold for years, a staggering variety of information. And it is an intelligence force armed with cyberweapons, assigned not just to monitor foreign computers but also, if necessary, to attack.

After the 2001 terrorist attacks, the documents suggest, the NSA decided it was too risky to wait for leads on specific suspects before going after relevant phone and Internet records. So it followed the example of the hoarder who justifies stacks of paper because someday, somehow, a single page could prove vitally important.

The agency began amassing databases of "metadata" - logs of all telephone calls collected from the major carriers and similar data on email traffic. The email program was halted in 2011, though it appears possible that the same data is now gathered in some other way.The documents show that America's phone and Internet companies grew leery of NSA demands as the years passed after 9/11, fearing that customers might be angry to find out their records were shared with the government. More and more, the companies' lawyers insisted on legal orders to compel them to comply.

So the NSA came up with a solution: store the data itself. That is evidently what gave birth to a vast data storage center that the NSA is building in Utah, exploiting the declining cost of storage and the advance of sophisticated search software.

Those huge databases were once called "bit buckets" in the industry - collections of electronic bits waiting to be sifted. "They park stuff in storage in the hopes that they will eventually have time to get to it," said James Lewis, a cyberexpert at the Center for Strategic and International Studies, "or that they'll find something that they need to go back and look for in the masses of data." But, he added, "most of it sits and is never looked at by anyone."

Indeed, an obscure passage in one of the Snowden documents - rules for collecting Internet data that the Obama administration wrote in secret in 2009 and that the Foreign Intelligence Surveillance Court approved - suggested that the government was concerned about its ability to process all the data it was collecting. So it got the court to approve an exception allowing the government to hold on to that information if it could not keep up. The rules said that "the communications that may be retained" for up to five years "include electronic communications acquired because of the limitation on the NSA's ability to filter communications."

As one private expert who sometimes advises the NSA on this technology put it: "This means that if you can't desalinate all the seawater at once, you get to hold on to the ocean until you figure it out."

Collecting that ocean requires the brazen efforts of tens of thousands of technicians like Snowden. On Thursday, President Barack Obama played down Snowden's importance,  perhaps concerned that the manhunt was itself damaging the image and diplomatic relations of the United States. "No, I'm not going to be scrambling jets to get a 29-year-old hacker," the president said during a stop in Senegal.

Obama presumably meant the term to be dismissive, suggesting that Snowden (who turned 30 on June 21) was a young computer delinquent. But as an NSA infrastructure analyst, Snowden was, in a sense, part of the United States' biggest and most skilled team of hackers.

The NSA, Snowden's documents show, has worked with its British counterpart, Government Communications Headquarters, to tap into hundreds of fiber-optic cables that cross the Atlantic or go on into Europe, with the NSA helping sort the data. The disclosure revived old concerns that the British might be helping the NSA evade American privacy protections, an accusation that American officials flatly deny.And a secret presidential directive on cyberactivities unveiled by Snowden - discussing the primary new task of the NSA and its military counterpart, Cyber Command - makes clear that when the agency's technicians probe for vulnerabilities to collect intelligence, they also study foreign communications and computer systems to identify potential targets for a future cyberwar.

Infrastructure analysts like Snowden, in other words, are not just looking for electronic back doors into Chinese computers or Iranian mobile networks to steal secrets. They have a new double purpose: building a target list in case American leaders in a future conflict want to wipe out the computers' hard drives or shut down the phone system.

Snowden's collection of pilfered NSA documents has cast an awkward light on officials' past assurances to Congress and the public about their concern about Americans' privacy.

It was only in March that James R. Clapper Jr., the director of national intelligence, told a Senate committee that the NSA did not collect data on millions of Americans. Snowden's records forced Clapper to backtrack, admitting his statement was false.

Last week, two senators challenged even the accuracy of a fact sheet prepared by the NSA to counter Snowden's claims about the phone data and Internet collection programs. Agency officials did not defend themselves; the fact sheet simply disappeared, without explanation, from the agency's website.

Newly disclosed slides from an NSA PowerPoint presentation on the agency's Prism database of Internet data, posted on Saturday by The Washington Post, reveal that the FBI plays a role as middleman between the NSA and Internet companies like Google and Yahoo. The arrangement provides the NSA with a defense, however nominal, against claims that it spies on United States soil.

Even in the unaccustomed spotlight after the NSA revelations, intelligence officials have concealed more than they have revealed in careful comments, fearful of alerting potential eavesdropping targets to agency methods. They invariably discuss the NSA's role in preventing terrorist attacks, an agency priority that the public can easily grasp.

In fact, as Snowden's documents have shown, the omnivorous agency's operations range far beyond terrorism, targeting foreigners of any conceivable interest. British eavesdroppers working with the NSA penetrated London meetings of the Group of 20 industrialized nations, partly by luring delegates to fake Internet cafes, and the NSA hacked into computers at Chinese universities.

At Fort Meade, on the NSA's heavily guarded campus off the Baltimore-Washington Parkway in Maryland, such disclosures are seen as devastating tip- offs to targets. The disclosure in Snowden's documents that Skype is cooperating with orders to turn over data to the NSA, for example, undermined a widespread myth that the agency could not intercept the voice-over-Internet service. Warned, in effect, by Snowden, foreign officials, drug cartel leaders and terrorists may become far more careful about how, and how much, they communicate.

"We're seeing indications that several terrorist groups are changing their communications behavior based on these disclosures," one intelligence official said last week, speaking on the condition of anonymity. "We're going to miss tidbits that could be useful in stopping the next plot."

Snowden's breach is an unplanned test of the NSA's decades-old conviction that it can operate effectively only under absolute secrecy. The agency is conducting a damage assessment - a routine step after major leaks - but the assessment itself is likely to remain classified.

The NSA's assessment of Snowden's case will likely also consider what has become, for intelligence officials, a chilling consideration: there are thousands of people of his generation and computer skills at the agency, hired in recent years to keep up with the communications boom.

The officials fear that some of them, like young computer aficionados outside the agency, might share Snowden's professed libertarian streak and skepticism of the government's secret power. Intelligence bosses are keeping a closer eye on them now, hoping that there is not another self-appointed whistle-blower in their midst.

© 2013, The New York Times News Service

................................ Advertisement ................................

................................ Advertisement ................................