The NSA says European spy services shared phone data with it, and reports alleging otherwise are ‘false’.

MILLIONS of phone records at the centre of a firestorm in Europe over spying by the National Security Agency were secretly supplied to the US by European intelligence services – not collected by the NSA, upending a furore that cast a pall over trans-Atlantic relations.

The revelations suggest a greater level of European involvement in global surveillance, in conjunction at times with the NSA. The disclosures also put European leaders who loudly protested reports of the NSA’s spying in a difficult spot, showing how their spy agencies aided the Americans.

The phone records collected by the Europeans – in war zones and other areas outside their borders – were shared with the NSA as part of efforts to help protect American and allied troops and civilians, US officials said.

European leaders remain chagrined over revelations that the US was spying on dozens of world leaders, including close allies in Europe.

The new disclosures were separate from those programs, but they underline the complexities of intelligence relationships, and how the US and its allies co-operate in some ways and compete in others.

“That the evil NSA and the wicked US were the only ones engaged in this gross violation of international norms -that was the fairy tale,” said James Lewis, a former State Department official, now a technology-policy specialist at the Centre for Strategic and International Studies.

“It was never true. The US’s behaviour wasn’t outside the norm. It is the norm.”

Consecutive reports in French, Spanish and Italian newspapers over the past week sparked a frenzy of finger-pointing by European politicians. The reports were based on documents leaked by former NSA contractor Edward Snowden and purportedly showed the extent to which the NSA sweeps up phone records in those countries.

France’s Le Monde said the documents showed that more than 70 million French phone records between early December last year and early January this year were collected by the NSA, prompting Paris to lodge a protest with the US. In Spain, El Mundo reported that it had seen NSA documents that showed the US spy agency had intercepted 60.5 million Spanish phone calls during the same time period.

US officials initially responded to the reports by branding them as inaccurate, without specifying how. Late yesterday, The Wall Street Journal reported that the data cited by the European news reports wasn’t collected by the NSA but by its European partners.

US officials said the data was provided to the NSA under long-standing intelligence sharing arrangements.

Hours later, in a congressional hearing, the National Security Agency director, General Keith Alexander, confirmed the broad outlines of the Journal report, saying the specific documents released by Mr Snowden didn’t represent data collected by the NSA or any other US agency and didn’t include records from calls within those countries.

He said the data, displayed in computer-screen shots, was instead from a system that contained phone records collected by the US and NATO countries “in defence of our countries and in support of military operations”.

He said conclusions the US collected the data were “false. And it’s false that it was collected on European citizens. It was neither.”

The US until now had been silent about the role of European partners in these collection efforts to protect the relationships. French officials declined to comment.

A Spanish official said Spain’s intelligence collaboration with the NSA has been limited to theatres of operations in Afghanistan, Mali and international operations against jihadist groups. The data published in El Mundo was gathered during these operations, not in Spain.

At yesterday’s house intelligence committee hearing, politicians pressed General Alexander and Director of National Intelligence James Clapper on the NSA’s tapping of world leaders’ phone conversations, including the German Chancellor, Angela Merkel.

Asked whether US allies spy on the US, Mr Clapper said: “Absolutely.”

Democrat congressman Adam Schiff asked why congress had not been informed when US spies tapped a world leader’s telephone.

Mr Clapper said congress wasn’t told about each and every “selector”, the intelligence term for a phone number or other information that would identify an espionage target.

“Not all selectors are equal,” Mr Schiff responded, especially “when the selector is the chancellor of an allied nation.”

Mr Clapper said intelligence agencies followed the priorities set by the President and key departments, but did not necessarily provide top officials with details on how each requirement was being fulfilled.

The White House did, however, see the final product, he said.

Reporting to policymakers on the “plans and intentions” of world leaders was a standard request to intelligence agencies such as the NSA, Mr Clapper said, and the best way to understand a foreign leader’s intentions was to obtain their communications.

Privately, some intelligence officials disputed claims that the President and top White House officials were unaware of how such information was obtained.

“If there’s an intelligence report that says the leader of this country is likely to say X or Y, where do you think that comes from?” the official said

Adam Entous and Siobhan Gorman
The Wall Street Journal
October 31, 2013 12:00AM

Find this story at 31 October 2013

© www.theaustralian.com.au

Spain and France’s intelligence agencies carried out collection of phone records and shared them with NSA, agency says

European intelligence agencies and not American spies were responsible for the mass collection of phone records which sparked outrage in France and Spain, the US has claimed.

General Keith Alexander, the head of the National Security Agency, said reports that the US had collected millions of Spanish and French phone records were “absolutely false”.

“To be perfectly clear, this is not information that we collected on European citizens,” Gen Alexander said when asked about the reports, which were based on classified documents leaked by Edward Snowden, the former NSA contractor.

Shortly before the NSA chief appeared before a Congressional committee, US officials briefed the Wall Street Journal that in fact Spain and France’s own intelligence agencies had carried out the surveillance and then shared their findings with the NSA.

The anonymous officials claimed that the monitored calls were not even made within Spanish and French borders and could be surveillance carried on outside of Europe.
Related Articles
GCHQ monitors luxury hotel bookings made by foreign diplomats 17 Nov 2013
US spy chief defends spying on foreign leaders 30 Oct 2013
Germany, France and Spain ‘were all spying on citizens’ 01 Nov 2013
Anger in France over claims that NSA spied on politicians, business leaders as well as terrorists 21 Oct 2013
NSA spying: US should not be collecting calls on allies, says top senator 28 Oct 2013
Russia ‘spied on G20 leaders with USB sticks’ 29 Oct 2013

In an aggressive rebuttal of the reports in the French paper Le Monde and the Spanish El Mundo, Gen Alexander said “they and the person who stole the classified data [Mr Snowden] do not understand what they were looking at” when they published slides from an NSA document.

The US push back came as President Barack Obama was said to be on the verge of ordering a halt to spying on the heads of allied governments.

The White House said it was looking at all US spy activities in the wake of leaks by Mr Snowden but was putting a “special emphasis on whether we have the appropriate posture when it comes to heads of state”.

Mr Obama was reported to have already halted eavesdropping at UN’s headquarters in New York.

German officials said that while the White House’s public statements had become more conciliatory there remained deep wariness and that little progress had been made behind closed doors in formalising an American commitment to curb spying.

“An agreement that you feel might be broken at any time is not worth very much,” one diplomat told The Telegraph.

“We need to re-establish trust and then come to some kind of understanding comparable to the [no spy agreement] the US has with other English speaking countries.”

Despite the relatively close US-German relations, the White House is reluctant to be drawn into any formal agreement and especially resistant to demands that a no-spy deal be expanded to cover all 28 EU member states.

Viviane Reding, vice-president of the European Commission and EU justice commissioner, warned that the spying row could spill over and damage talks on a free-trade agreement between the EU and US.

“Friends and partners do not spy on each other,” she said in a speech in Washington. “For ambitious and complex negotiations to succeed there needs to be trust among the negotiating partners. It is urgent and essential that our US partners take clear action to rebuild trust.”

A spokesman for the US trade negotiators said it would be “unfortunate to let these issues – however important – distract us” from reaching a deal vital to freeing up transatlantic trade worth $3.3 billion dollars (£2bn) a day.

James Clapper, America’s top national intelligence, told a Congressional hearing yesterday the US does not “spy indiscriminately on the citizens of any country”.

“We do not spy on anyone except for valid foreign intelligence purposes, and we only work within the law,” Mr Clapper said. “To be sure on occasions we’ve made mistakes, some quite significant, but these are usually caused by human error or technical problems.”

Pressure from European leaders was added to as some of the US intelligence community’s key Congressional allies balked at the scale of surveillance on friendly governments.

Dianne Feinstein, the chair of powerful Senate intelligence committee, said she was “totally opposed” to tapping allied leaders and called for a wide-ranging Senate review of the activities of US spy agencies.

“I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers,” she said.

John Boehner, the Republican speaker of the house and a traditional hawk on national security, said US spy policy was “imbalanced” and backed calls for a review.

Mr Boehner has previously been a staunch advocate of the NSA and faced down a July rebellion by libertarian Republicans who tried to pass a law significantly curbing the agency’s power.

By Raf Sanchez, Peter Foster in Washington

8:35PM GMT 29 Oct 2013

Find this story at 29 October 2013

© Copyright of Telegraph Media Group Limited 2013

Gen. Keith Alexander, the National Security Agency director, says foreign governments spied on their own people and shared data with the U.S.
The NSA had been accused of snooping on 130.5 million phone calls in France and Spain, and keeping computerized records
Sen. Dianne Feinstein said newspapers in Europe ‘got it all wrong’

Alexander’s denial will fall heavily on the fugitive leaker Edward Snowden and his journalist cohorts, whom the NSA chief said ‘did not understand what they were looking at’
The National Security Agency’s director flatly denied as ‘completely false’ claims that U.S. intelligence agencies monitored tens of millions of phone calls in France and Spain during a month-long period beginning in late 2012.

Gen. Keith Alexander contradicted the news reports that said his NSA had collected data about the calls and stored it as part of a wide-ranging surveillance program, saying that the journalists who wrote them misinterpreted documents stolen by the fugitive leaker Edward Snowden.

And a key Democratic senator added that European papers that leveled the allegations ‘got it all wrong’ with respect to at least two countries – saying that it was those nations’ intelligence services that collected the data and shared it with their U.S. counterparts as part of the global war on terror.

Protests: (Left to right) NSA Deputy Director Chris Inglis, NSA Director General Keith Alexander and DNI James Clapper look on as a protestor disrupts the Capitol Hill hearing

National Security Agency Director Gen. Keith Alexander testified Tuesday that the governments of France and Spain conducted surveillance on their own citizens’ phone conversations, and then shared the intelligence data with the U.S.

On Monday newspapers in three countries published computer-screen images, reportedly provided by Snowden, showing what appeared to be data hoovered up by the United States from European citizens’ phone calls.

But Alexander testified in a House Intelligence Committee hearing that ‘those screenshots that show – or lead people to believe – that we, the NSA, or the U.S., collect that information is false.’

‘The assertions by reporters in France, Spain and Italy that NSA collected tens of millions of phone calls are completely false,’ Alexander said.

According to the French newspaper Le Monde and the Spanish daily El Mundo, the NSA had collected the records of at least 70 million phone calls in France and another 60.5 million in Spain between December and January.

Italy’s L’Espresso magazine also alleged, with help from Snowden, that the U.S. was engaged in persistent monitoring of Italy’s telecommunications networks.

General Alexander denied it all.

‘To be perfectly clear, this is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.’

Reporters, he added, ‘cite as evidence screen shots of the results of a web tool used for data management purposes, but both they and the person who stole the classified data did not understand what they were looking at.’

President Barack Obama said he is instituting a complete review of U.S. intelligence procedures in the wake of stinging allegations that the NSA has been peeping on foreign leaders through their phones and email accounts

California Democratic Sen. Dianne Feinstein, who chairs the Senate Intelligence Committee, said Tuesday that ‘the papers got it all wrong on the two programs, France and Germany.’

‘This was not the United States collecting on France and Germany. This was France and Germany collecting. And it had nothing to do with their citizens, it had to do with collecting in NATO areas of war, like Afghanistan.’

Feinstein on Monday called for a complete review of all the U.S. intelligence community’s spying programs, saying that ‘Congress needs to know exactly what our intelligence community is doing.’

In the weekend’s other intelligence bombshell, the U.S. stood accused of snooping on German Chancellor Angela Merkel’s cell phone and spying on Mexican President Felipe Calderon’s private emails.

But Director of National Intelligence James Clapper told the committee that spying on foreign leaders is nothing new.

‘That’s a hardy perennial,’ he said, ‘and as long as I’ve been in the intelligence business, 50 years, leadership intentions, in whatever form that’s expressed, is kind of a basic tenet of what we are to collect and analyze.’

‘It’s one of the first things I learned in intel school in 1963,’ he assured the members of Congress, saying that the U.S. routinely spies on foreign leaders to ascertain their intentions, ‘no matter what level you’re talking about. That can be military leaders as well.’

Clapper hinted that committee members had been briefed on such programs, saying that in cases where the NSA is surveilling foreign leaders, ‘that should be reported to the committee … in considerable detail’ as a ‘significant’ intelligence activity over which Congress has oversight.’

He added that ‘we do only what the policymakers, writ large, have actually asked us to do.’

Republican committee chair Mike Rogers of Michigan began the hearing by acknowledging that ‘every nation collects foreign intelligence’ and ‘that is not unique to the United States’.

Clapper pleaded with the panel to think carefully before restricting the government’s ability to collect foreign intelligence, warning that they would be ‘incurring greater risks’ from overseas adversaries.

Gen. Alexander dispensed with his prepared statement and spoke ‘from the heart,’ saying that his agency would rather ‘take the beatings’ from reporters and the public ‘than … give up a program’ that would prevent a future attack on the nation.

The Wall Street Journal reported Tuesday afternoon that other U.S. officials had confirmed Alexander’s version of events, and that the electronic spying in France and Spain was carried out by those nations’ governments.

The resulting phone records, they said, were then shared with the NSA as part of a program aimed at keeping U.S. military personnel and civilians safe in areas of military conflict.

None of the nations involved would speak to the Journal about their own level of involvement in a scandal that initially touched only the U.S., but which now promises to embroil intelligence services on a global scale.

By David Martosko, U.s. Political Editor

PUBLISHED: 21:45 GMT, 29 October 2013 | UPDATED: 10:59 GMT, 30 October 2013

Find this story at 29 October 2013

© Associated Newspapers Ltd

These 4 slides are from the powerpoint “BOUNDLESSINFORMANT: Describing Mission Capabilities from Metadata Records.” They include the cover page and pages 3, 5, and 6 of the presentation. The powerpoint, leaked to the Guardian newspaper’s Glenn Greenwald by Edward Snowden, was first released by the Guardian newspaper on June 8, 2013 at this web page: http://www.guardian.co.uk/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides

Also included with this collection is a “heat map” of parts of the world most subject to surveillance by Boundless Informant. This image was embedded in the Guardian’s story, which described Boundless Informant as “the NSA’s secret tool to track global surveillance data,” which collected “almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013.” http://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining

UNCLASSIFIED//FOR OFFICIAL USE ONLY
BOUNDLESSINFORMANT – Frequently Asked Questions
09-06-2012

(U/FOUO) Questions

1) What is BOUNDLESSINFORMANT! What is its purpose?

2) Who are the intended users of the tool?

3) What are the different views?

4) Where do you get your data?

5) Do you have all the data? What data is missing?

6) Why are you showing metadata record counts versus content?

7) Do you distinguish between sustained collect and survey collect?

8) What is the technical architecture for the tool?

9) What are some upcoming features/enhancements?

1 0) How are new features or views requested and prioritized?

1 1) Why are record counts different from other tools like ASDF and What’s On Cover?

12) Why is the tool NOFORN? Is there a releasable version?

13) How do you compile your record counts for each country?

Note: This document is a work-in-progress and will be updated frequently as additional
questions and guidance are provided.

1) (U) What is BOUNDLESSINFORMANT? What is its purpose?

(U//FOUO) BOUNDLESSINFORMANT is a GAO prototype tool for a self-documenting SIGINT
system. The purpose of the tool is to fundamentally shift the manner in which GAO describes its
collection posture. BOUNDLESSINFORMANT provides the ability to dynamically describe GAO’s
collection capabilities (through metadata record counts) with no human intervention and graphically
display the information in a map view, bar chart, or simple table. Prior to

BOUNDLESSINFORMANT, the method for understanding the collection capabilities of GAO’s
assets involved ad hoc surveying of repositories, sites, developers, and/or programs and offices. By
extracting information from every DNI and DNR metadata record, the tool is able to create a near real-
time snapshot of GAO’s collection capability at any given moment. The tool allows users to select a
country on a map and view the metadata volume and select details about the collection against that
country. The tool also allows users to view high level metrics by organization and then drill down to a
more actionable level – down to the program and cover term.

Sample Use Cases

• (U//FOUO) How many records are collected for an organizational unit (e.g. FORNSAT)?

• (U//FOUO) How many records (and what type) are collected against a particular country?

• (U//FOUO) Are there any visible trends for the collection?

• (U//FOUO) What assets collect against a specific country? What type of collection?

• (U//FOUO) What is the field of view for a specific site? What countriees does it collect
against? What type of collection?

2) (U) Who are the intended users of the tool?

• (U//FOUO) Mission and collection managers seeking to understand output characteristics
of a site based on what is being ingested into downstream repositories. .

(U//FOUO) Strategic Managers seeking to understand top level metrics at the

organization/office level or seeking to answer data calls on NSA collection capability.

BOUNDLESSINFORMANT – FAQ Page 1 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

BOUNDLESSINFORMANT – Frequently Asked Questions

09-06-2012

• (U//FOUO) Analysts looking for additional sites to task for coverage of a particular

technology within a specific country.

3) What are the different views?

(U//FOUO) Map View – The Map View is designed to allow users to view overall DNI, DNR, or
aggregated collection posture of the agency or a site. Clicking on a country will show the collection
posture (record counts, type of collection, and contributing SIGADs or sites) against that particular
country in addition to providing a graphical display of record count trends. In order to bin the records
into a country, a normalized phone number (DNR) or an administrative region atom (DNI) must be
populated within the record. Clicking on a site (within the Site Specific view) will show the viewshed
for that site – what countries the site collects against.

(U//FOUO) Org View – The Organization View is designed to allow users to view the metadata record
counts by organizational structure (i.e. GAO – SSO – RAM-A – SPINNERET) all the way down to the
cover term. Since it’s not necessary to have a normalized number or administrative region populated,
the numbers in the Org View will be higher than the numbers in the Map View.

(U//FOUO) Similarity View – The Similarity View is currently a placeholder view for an upcoming
feature that will graphically display sites that are similar in nature. This can be used to identify areas
for a de-duplication effort or to inform analysts of additional SIGADs to task for queries (similar to
Amazon’s “if you like this item, you’ll also like these” feature).

4) (U) Where do you get your data?

(U//FOUO) BOUNDLESSINFORMANT extracts metadata records from GM-PLACE post-
FALLOUT (DNI ingest processor) and post-TUSKATTIRE (DNR ingest processor). The records are
enriched with organization information (e.g. SSO, FORNSAT) and cover term. Every valid DNI and
DNR metadata record is aggregated to provide a count at the appropriate level. See the different views
question above for additional information.

5) (U) Do you have all the data? What data is missing?

• (U//FOUO) The tool resides on GM-PLACE which is only accredited up to TS//SI//NOFORN.
Therefore, the tool does not contain ECI or FISA data.

• (U//FOUO) The Map View only shows counts for records with a valid normalized number
(DNR) or administrative region atom (DNI).

• (U//FOUO) Only metadata records that are sent back to NSA-W through FASCIA or
FALLOUT are counted. Therefore, programs with a distributed data distribution system (e.g.
MUSCULAR and Terrestrial RF) are not currently counted.

• (U//FOUO) Only SIGINT records are currently counted. There are no ELINT or other “INT”
records included.

6) (U) Why are you showing metadata record counts versus content?

(U//FOUO)

7) (U ) Do you distin g uish between sustained collect and survey collect?

(U//FOUO) The tool currently makes no distinction between sustained collect and survey collect. This
feature is on the roadmap.

BOUNDLESSINFORMANT – FAQ Page 2 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY
BOUNDLESSINFORMANT – Frequently Asked Questions
09-06-2012

8) What is the technical architecture for the tool?

Click here for a graphical view of the tool’s architecture

(U//FOUO) DNI metadata (ASDF), DNR metadata (FASCIA) delivered to Hadoop
Distributed File System (HDFS) on GM-PLACE

(U//FOUO) Use Java MapReduce job to transform/filter and enrich FASCIA/ASDF data with
business logic to assign organization rules to data

(U//FOUO) Bulk import of DNI/DNR data (serialized Google Protobuf objects) into
Cloudbase (enabled by custom aggregators)

(U//FOUO) Use Java web app (hosted via Tomcat) on MachineShop (formerly Turkey Tower)
to query Cloudbase

(U//FOUO) GUI triggers queries to CloudBase – GXT (ExtGWT)

9) What are some upcoming features/enhancements?

• (U//FOUO) Add technology type (e.g. JUGGERNAUT, LOPER) to provide additional
granularity in the numbers

(U//FOUO) Add additional details to the Differential view

(U//FOUO) Refine the Site Specific view

(U//FOUO) Include CASN information

(U//FOUO) Add ability to export data behind any view (pddg,sigad,sysid,casn,tech,count)

(U//FOUO) Add in selected (vs. unselected) data indicators

(U//FOUO) Include filter for sustained versus survey collection

10) How are new features or views requested and prioritized?

(U//FOUO) The team uses Flawmill to accept user requests for additional functionality or
enhancements. Users are also allowed to vote on which functionality or enhancements are most
important to them (as well as add comments). The BOUNDLESSINFORMANT team will periodically
review all requests and triage according to level of effort (Easy, Medium, Hard) and mission impact
(High, Medium, Low). The team will review the queue with the project champion and government
steering committee to be added onto the BOUNDLESSINFORMANT roadmap.

1 1) Why are record counts different from other tools like ASDF and What’s On

Cover?

(U//FOUO) There are a number of reasons why record counts may vary. The purpose of the tool is to
provide

BOUNDLESSINFORMANT – FAQ

Page 3 o:

UNCLASSIFIED//FOR OFFICIAL USE ONLY

July 13, 2012

Find this story at  txt

Find this story at jpeg

Find this story at pdf

The following page from an August 13, 2010 NSA powerpoint presentation on the joint CIA-NSA clandestine SIGINT unit known as the Special Collection Service (SCS) appeared on the Der Spiegel website last week. It has since be replaced by a heavily redacted version of the same page which deletes the locations of all SCS listening posts outside of Europe.

The page shows the locations of all SCS listening posts around the world as of August 2010, of which 74 were active, 3 were listed as being dormant, 14 were unmanned remote controlled stations, three sites were then being surveyed, and two were listed as being “technical support activities.”

In Europe, SCS sites were located at Athens and embassy annex, Baku, Berlin, Budapest, RAF Croughton (UK), Frankfurt, Geneva, Kiev, Madrid, Milan, Moscow and embassy annex, Paris, Prague, Pristina, Rome, Sarajevo, Sofia, Tblisi, Tirana, Vienna and embassy annex, and Zagreb.

In Asia SCS were located at Bangkok and PSA, Beijing, Chengdu, Chiang Mai, Hong Kong, Jakarta, Kuala Lumpur, Manila, Phnom Penh, Rangoon, Shanghai, and Taipei.

In the Middle East and North Africa (MENA) region, SCS sites were located at Abu Dhabi, Algiers, Amman, Amarah, Ankara, Baghdad and embassy annex, Basrah, Beirut, Benghazi, Cairo, Damascus, Istanbul, Jeddah, Khartoum, Kirkuk, Kuwait City, Manama, Mosul, Riyadh, Sana’a, Sulaymaniyah, Talil(?), “Tehran-in-Exile”, and Tripoli.

In South Asia, SCS sites were located at one site illegible, Islamabad, Herat, Kabul and embassy annex, Karachi, Lahore, New Delhi, and Peshawar.

In Africa, SCS sites were located inside the U.S. embassies in Abuja, Addis Ababa, Bamako, Lagos, Nairobi, Monrovia, Kinshasa, Lusaka, and Luanda.

In Central America and the Caribbean, SCS sites were located at Guadalajara, Guatemala City, Havana, Hermosillo, Managua, Mexico City, Monterrey, Panama City, San Jose, and Tegucigalpa.

And in South America, SCS sites were located in Brasilia, Bogota, Caracas, La Paz, Merida and Quito.

Any corrections to the above would be gratefully received.

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror (January 2012) and The Secret Sentry, the definitive history of the National Security Agency. He is a leading intelligence historian and expert on the NSA, and a regular commentator on intelligence matters for the New York Times, the Financial Times, the National Journal, the Associated Press, CBS News, National Public Radio (NPR) and many others. He lives in Washington, DC.

October 28, 2013

Find this story at 28 October 2013

Der Spiegel pdf 

Der Spiegel unredacted image

During the Cold War there were hundreds of secret remote listening posts spread around the globe. From large stations in the moors of Scotland and mountains of Turkey that were complete with golf balllike structures called “radomes” to singly operated stations in the barren wilderness of Saint Lawrence Island between Alaska and Siberia that had only a few antennae, these stations constituted the ground-based portion of the United States Signals Intelligence (SIGINT) System or “USSS.”

Operated by the supersecret National Security Agency (NSA), these stations were designed to intercept Morse Code, telephone, telex, radar, telemetry, and other signals emanating from behind the Iron Curtain. At one time, the NSA contemplated a worldwide, continuously operated array of 4120 intercept stations. While the agency never achieved that goal, it could still boast of several hundred intercept stations. These included its ground-based “outstations,” which were supplemented by other intercept units located on ships, submarines, aircraft (from U-2s to helicopters), unmanned drones, mobile vans, aerostats (balloons and dirigibles), and even large and cumbersome backpacks.

With the collapse of the Communist “bloc” and the advent of microwaves, fiber optics, and cellular phones, NSA’s need for numerous ground-based intercept stations waned. It began to rely on a constellation of sophisticated SIGINT satellites with code names like Vortex, Magnum, Jumpseat, and Trumpet to sweep up the world’s satellite, microwave, cellular, and high-frequency communications and signals. Numerous outstations met with one of three fates: they were shut down completely, remoted to larger facilities called Regional SIGINT Operations Centers or “RSOCs,” or were turned over to host nation SIGINT agencies to be operated jointly with NSA.

However, NSA’s jump to relying primarily on satellites proved premature. In 1993, Somali clan leader Mohammed Farah Aideed taught the agency an important lesson. Aideed’s reliance on older and lower-powered walkie-talkies and radio transmitters made his communications virtually silent to the orbiting SIGINT “birds” of the NSA. Therefore, NSA technicians came to realize there was still a need to get in close in some situations to pick up signals of interest. In NSA’s jargon this is called improving “hearability.”

As NSA outstations were closed or remoted, new and relatively smaller intercept facilities such as the “gateway” facility in Bahrain, reportedly used for retransmit signals intercepted in Baghdad last year to the U.S. sprang up around the world. In addition to providing NSA operators with fresh and exotic duty stations, the new stations reflected an enhanced mission for NSA economic intelligence gathering. Scrapping its old Cold War A and B Group SIGINT organization, NSA expanded the functions of its W Group to include SIGINT operations against a multitude of targets. Another unit, M Group, would handle intercepts from new technologies like the Internet.

Many people who follow the exploits of SIGINT and NSA are eager to peruse lists of secret listening posts operated by the agency and its partners around the world. While a master list probably exists somewhere in the impenetrable lair that is the NSA’s Fort Meade, Maryland, headquarters, it is assuredly stamped with one of the highest security classifications in the U.S. intelligence community.  W.M. & J.V.

The United States SIGINT System (USSS)

The following list is the best unclassified shot at describing the locations of the ground-based “ears” of the Puzzle Palace. It is culled from press accounts, informed experts, and books written about the NSA and its intelligence partners. It does not include the numerous listening units on naval vessels and aircraft nor those operating from U.S. and foreign embassies, consulates, and other diplomatic missions.

United States

NSA Headquarters, Fort Meade, Maryland
Buckley Air National Guard Ground Base, Colorado
Fort Gordon, Georgia (RSOC)
Imperial Beach, California
Kunia, Hawaii (RSOC)
Northwest, Virginia
Sabana Seca, Puerto Rico
San Antonio, Texas (RSOC)
Shemya, Alaska -3
Sugar Grove, West Virginia
Winter Harbor, Maine
Yakima, Washington

Albania

Durres -6
Shkoder -6
Tirana -6

Ascension Island

Two Boats -1

Australia

Bamaga -6 -7
Cabarlah -7
Canberra (Defense Signals Directorate Headquarters) -5
Harman -7
Kojarena, Geraldton -1
Nurunggar -1
Pearce -1
Pine Gap, Alice Springs -1
Riverina -7
Shoal Bay, Darwin -1
Watsonia -1

Austria

Konigswarte -7
Neulengbach -7

Bahrain

Al-Muharraq Airport -3
Bosnia and Herzegovina

Tuzla

Botswana

Mapharangwane Air Base

British Indian Ocean Territory

Diego Garcia -1

Brunei

Bandar Seri Begawan -7

Canada

Alert -7
Gander -7
Leitrim -1
Masset -6 -7
Ottawa [Communications Security Establishment (CSE) Headquarters] -5

China

Korla -1 -6
Qitai -1 -6

Croatia

Brac� Island, Croatia -6
Zagreb-Lucko Airport -7

Cuba

Guantanamo Bay

Cyprus

Ayios Nikolaos -1

Denmark

Aflandshage -7
Almindingen, Bornholm -7
Dueodde, Bornholm -7
Gedser -7
Hj�rring -7
L�gumkl�ster -7

Eritrea

Dahlak Island -1 (NSA/Israel “8200” site)

Estonia

Tallinn -7

Ethiopia

Addis Ababa -1

Finland

Santahamina -7

French Guiana

Kourou -7 (German Federal Intelligence Service station)

Germany

Achern -7
Ahrweiler -7
Bad Aibling -2
Bad M�nstereifel -7
Braunschweig -7
Darmstadt -7
Frankfurt -7
Hof -7
Husum -7
Mainz -7
Monschau -7
Pullach (German Federal Intelligence Service Headquarters) -5
Rheinhausen -7
Stockdorf -7
Strassburg -7
Vogelweh, Germany

Gibraltar

Gibraltar -7

Greece

Ir�klion, Crete

Guam

Finegayan

Hong Kong

British Consulate, Victoria (“The Alamo”) -7

Iceland

Keflavik -3

India

Charbatia -7

Israel

Herzliyya (Unit 8200 Headquarters) -5
Mitzpah Ramon -7
Mount Hermon, Golan Heights -7
Mount Meiron, Golan Heights -7

Italy

San Vito -6
Sorico

Japan

Futenma, Okinawa
Hanza, Okinawa
Higashi Chitose -7
Higashi Nemuro -7
Kofunato -7
Miho -7
Misawa
Nemuro -7
Ohi -7
Rebunto -7
Shiraho -7
Tachiarai -7
Wakkanai

Korea (South)

Kanghwa-do Island -7
Osan -1
Pyong-dong Island -7
P’yongt’aek -1
Taegu -1 -2 -6
Tongduchon -1
Uijo�ngbu -1
Yongsan -1

Kuwait

Kuwait

Latvia

Ventspils -7

Lithuania

Vilnius -7

Netherlands

Amsterdam (Technical Intelligence Analysis Center (TIVC) Headquarters)-5
Emnes -7
Terschelling -7

New Zealand

Tangimoana -7
Waihopai -1
Wellington (Government Communications Security Bureau Headquarters -5

Norway

Borhaug -7
Fauske/Vetan -7
Jessheim -7
Kirkenes -1
Randaberg -7
Skage/Namdalen -7
Vads� -7
Vard� -7
Viksjofellet -7

Oman

Abut -1
Goat Island, Musandam Peninsula -3
Khasab, Musandam Peninsula -3
Masirah Island -3

Pakistan

Parachinar

Panama

Galeta Island -3

Papua New Guinea

Port Moresby -7

Portugal

Terceira Island, Azores

Rwanda

Kigali

S�o Tom� and Pr�ncipe

Pinheiro

Saudi Arabia

Araz -7
Khafji -7

Singapore

Kranji -7

Spain

Pico de las Nieves, Grand Canary Island -7
Manzanares -7
Playa de Pals -3
Rota

Solomon Islands

Honiara -7

Sri Lanka

Iranawilla

Sweden

Karlskrona -7
Lov�n (Swedish FRA Headquarters) -7
Musk� -7

Switzerland

Merishausen -7
R�thi -7

Taiwan:

Quemoy -7
Matsu -7
Shu Lin Kuo -5 (German Federal Intelligence Service/NSA/Taiwan J-3 SIGINT service site)

Turkey

Adana
Agri -7
Antalya -7
Diyarbakir
Edirne -7
Istanbul -7
Izmir -7
Kars
Sinop -7

Thailand

Aranyaprathet -7
Khon Kaen -1 -3
Surin -7
Trat -7

Uganda

Kabale
Galangala Island, Ssese Islands (Lake Victoria)

United Arab Emirates

Az-Zarqa� -3
Dalma� -3
Ras al-Khaimah -3
Sir Abu Nuayr Island -3

United Kingdom:

Belfast (Victoria Square) -7
Brora, Scotland -7
Cheltenham (Government Communications Headquarters) -5
Chicksands -7
Culm Head -7
Digby -7
Hawklaw, Scotland -7
Irton Moor -7
Menwith Hill, Harrogate -1 (RSOC)
Molesworth -1
Morwenstow -1
Westminster, London -7
(Palmer Street)
Yemen
Socotra Island (planned)

KEY:

-1 Joint facility operated with a SIGINT partner.

-2 Joint facility partially operated with a SIGINT partner.

-3 Contractor-operated facility.

-4 Remoted facility.

-5 NSA liaison is present.

-6 Joint NSA-CIA site.

-7 Foreign-operated “accommodation site” that provides occasional SIGINT product to the USSS.

February 24 – March 2, 1999
by
jason vest and wayne madsen A Most Unusual Collection Agency

Find this story at February March 1999

Copyright 1999 The Village Voice – all rights reserved.

When Saddam Hussein raised the possibility of attacking U.S. planes in Turkey last week, his threats illustrated what many in diplomatic circles regard as an international disgrace the emasculation of the UN by the U.S.

When UNSCOM, the UN’s arms-inspection group for Iraq, was created in 1991, it drew on personnel who, despite their respective nationalities, would serve the UN. Whatever success UNSCOM achieved, however, was in spite of its multinational makeup. While a devoted group of UN staffers managed to set up an independent unit aimed at finding Saddam’s weapons and ways of concealing them, other countries seeking to do business with sanctions-impaired Iraq notably France and Russia used inspectors as spies for their own ends.

But what ultimately killed UNSCOM were revelations that the U.S. government had manipulated it by assuming control of its intelligence apparatus last spring (or perhaps even earlier by using the group to slip spies into Iraq) not so much to aid UNSCOM’s mission, but to get information for use in future aerial bombardments. When stories to this effect broke last month, however, there was almost no consistency in descriptions of the agencies involved or techniques used. The New York Times, for example, said only one CIA spy had been sent into Baghdad last March to set up an automated eavesdropping device. Time had multiple Defense Intelligence Agency (DIA) operatives planting bugs around Baghdad throughout 1998. The Wall Street Journal referred to the use of one “device” from the National Security Agency (NSA) last year and “a series of espionage operations used by the U.S. [since] 1996 to monitor the communications” of Saddam and his elite.

When probing the world of espionage, rarely does a clear picture emerge. But according to a handful of published sources, as well as assessments by independent experts and interviews with current and former intelligence officers, the U.S. government’s prime mover in Iraqi electronic surveillance was most likely a super-secret organization run jointly by the the CIA and the NSA the spy agency charged with gathering signals intelligence (known as SIGINT) called the Special Collection Service. Further, there is evidence to suggest that the Baghdad operation was an example of the deployment of a highly classified, multinational SIGINT agreement one that may have used Australians to help the U.S. listen in months after the CIA failed to realize the U.S. objective of overthrowing Saddam Hussein through covert action.

According to former UNSCOM chief inspector Scott Ritter, when the U.S. took over the group’s intelligence last year, a caveat was added regarding staffing: only international personnel with U.S. clearances could participate. “This requirement,” says Ritter, “really shows the kind of perversion of mission that went on. The U.S. was in control, but the way it operated from day one was, U.S. runs it, but it had to be a foreigner [with a clearance] operating the equipment.”

Under the still-classified 1948 UKUSA signals intelligence treaty, eavesdropping agencies of the U.S., United Kingdom, Canada, Australia, and New Zealand share the same clearances. According to Federation of American Scientists intelligence analyst John Pike, this gives the U.S. proxies for electronic espionage: “In the context of UKUSA, think of NSA as one office with five branches,” he says. As UNSCOM demonstrates, though, sometimes the partnership gets prickly; the British, according to Ritter, withdrew their personnel following the U.S.’s refusal to explain “how the data was going to be used.” (According to a longtime British intelligence officer, there was another reason: lingering bad feelings over the NSA’s cracking a secret UN code used by British and French peacekeepers during a Bosnian UN mission.) At this point, says Ritter, he was instructed to ask the Australian government for a “collection” specialist. “We deployed him to Baghdad in July of 1998,” recalls Ritter. “In early August, when I went to Baghdad, he pulled me aside and told me he had concerns about what was transpiring.

He said there was a very high volume of data, and that he was getting no feedback about whether it was good, bad, or useful. He said that it was his experience that this was a massive intelligence collection operation one that was not in accordance with what UNSCOM was supposed to be doing.”

In other words, the Australian most likely an officer from the Defence Signals Directorate, Australia’s NSA subsidiary, who was supposed to have been working for the UN may have been effectively spying for the U.S. Stephanie Jones, DSD’s liaison to NSA, did not take kindly to a Voice inquiry about this subject; indeed, despite being reached at a phone number with an NSA headquarters prefix, she would not even confirm her position with DSD. However, a former high-ranking U.S. intelligence official said that such a scenario was probable. “The relationship between the UKUSA partners has always been of enormous value to U.S. intelligence, even when their governments have been on the opposite sides of policy issues,” the official said. “I would not be surprised at all if the Aussies happened to be the ones who actually did this [at U.S. behest].”

With an intelligence community of over a dozen components, billion-dollar budgets, and cutting-edge technology, the U.S. can cast a wide net, be it with human sources or signals interception. Iraq, however, has presented a special challenge since Saddam’s Ba’ath party took power in 1968. “In Iraq,” says Israeli intelligence expert Amatzai Baram, “you are dealing with what is arguably the best insulated security and counterintelligence operation in the world. The ability of Western or even unfriendly Arab states to penetrate the system is very, very limited.”

According to the former Cairo station chief of the Australian Secret Intelligence Service (ASIS), the West got this message loud and clear after Iraqi counterintelligence pulled British MI6 case officers off a Baghdad street in the mid ’80s and took them to a warehouse on the outskirts of town. “They had arrayed before them the various agents they had been running,” the exASIS officer told the Australian Broadcasting Corporation in 1994. “There were wires hanging from the rafters in the warehouse. All the men were strung up by wires around their testicles and they were killed in front of the faces of their foreign operators, and they were told, you had better get out and never come back.”

When UNSCOM was inaugurated in 1991, it quickly became apparent that the organization’s intelligence capability would depend largely on contributions from various UN member countries. According to several intelligence community sources, while the CIA did provide UNSCOM with information, and, later, serious hardware like a U-2 spy plane, the focus of the U.S. intelligence community at the time was on working with anti-Saddam groups in and around Iraq to foment a coup.

What resulted, as investigative authors Andrew and Patrick Cockburn demonstrate in their just published book Out of the Ashes: The Resurrection of Saddam Hussein, were two of the most colossally bungled CIA covert operations since the Bay of Pigs. While details of one of the failed operations were widely reported, the Cockburns fleshed out details of an arguably worse coup attempt gone awry in June 1996. Iraqi counterintelligence had not only managed to finger most of the suspects in advance, but months before had even captured an encrypted mobile satellite communications device that the CIA gave the plotters. Adding insult to injury, the Cockburns report, Iraqi counterintelligence used the CIA’s own device to notify them of their failure: “We have arrested all your people,” the CIA team in Amman, Jordan, reportedly was told via their uplink. “You might as well pack up and go home.”

Some UNSCOM staffers first under Russian Nikita Smidovich, later under American Scott Ritter managed to create what amounted to a formidable micro-espionage unit devoted to fulfilling UNSCOM’s mission. Between information passed on from various countries and use of unspecified but probably limited surveillance equipment, the inspectors were gathering a great deal. But in March 1998, according to Ritter, the U.S. told UNSCOM chair Richard Butler of Australia that it wanted to “coordinate” UNSCOM’s intelligence gathering.

Ritter insists that no U.S. spies under UNSCOM cover could have been operating in Baghdad without his knowledge prior to his resignation in August 1998. However, as veteran spies point out, if they were, Ritter probably wouldn’t have known. A number of sources interviewed by the Voice believe it possible that Special Collection Service personnel may have been operating undercover in Baghdad.

According to a former high-ranking intelligence official, SCS was formed in the late 1970s after competition between the NSA’s embassy-based eavesdroppers and the CIA’s globe-trotting bugging specialists from its Division D had become counterproductive. While sources differ on how SCS works some claim its agents never leave their secret embassy warrens where they perform close-quarters electronic eavesdropping, while others say agents operate embassy-based equipment in addition to performing riskier “black-bag” jobs, or break-ins, for purposes of bugging “there’s a lot of pride taken in what SCS has accomplished,” the former official says.

Intriguingly, the only on-the-record account of the Special Collection Service has been provided not by an American but by a Canadian. Mike Frost, formerly of the Communications Security Establishment Canada’s NSA equivalent served as deputy director of CSE’s SCS counterpart and was trained by the SCS. In a 1994 memoir, Frost describes the complexities of mounting “special collection” operations finding ways to transport sophisticated eavesdropping equipment in diplomatic pouches without arousing suspicion, surreptitiously assembling a device without arousing suspicion in his embassy, technically troubleshooting under less than ideal conditions and also devotes considerable space to describing visits to SCS’s old College Park headquarters.

“It is not the usual sanitorium-clean atmosphere you would expect to find in a top-secret installation,” writes Frost. “Wires everywhere, jerry-rigged gizmos everywhere, computers all over the place, some people buzzing around in three-piece suits, and others in jeans and t-shirts. [It was] the ultimate testing and engineering centre for any espionage equipment.” Perhaps one of its most extraordinary areas was its “live room,” a 30-foot-square area where NSA and CIA devices were put through dry runs, and where engineers simulated the electronic environment of cities where eavesdroppers are deployed. Several years ago, according to sources, SCS relocated to a new, 300-acre, three-building complex disguised as a corporate campus and shielded by a dense forest outside Beltsville, Maryland. Curious visitors to the site will find themselves stopped at a gate by a Department of Defense police officer who, if one lingers, will threaten arrest.

There are good reasons, explains an old NSA hand, for havingelectronic ears on terra firma in addition to satellites. “If you’re listening to something from thousands of miles up, the footprint to sort through is so huge, and finding what you are looking for is not a simple chore. If you know more or less specifically what you want, it’s easier to get it in close proximity. And if it happens to be a low-powered signal, it may not travel far enough.”

According to two sources familiar with intelligence activity in Iraq, the U.S. may have been aided by information delivered either to UNSCOM or SCS from Ericsson, the Swedish telecommunications firm. It’s not an unreasonable assumption; though Ericsson brushes off questions about it, in 1996 a Middle Eastern businessman filed suit against the company, claiming, among other things, that it had stiffed him on his commission for brokering a deal between the Iraqis and Ericsson for sensitive defense communications equipment, which, reportedly, included encrypted cell phones.

Speaking on condition of anonymity, a veteran intelligence official confirmed that the NSA has “arrangements” with other communications firms that allow NSA to access supposedly secure communications, but cooperation from Ericsson would be “a breakthrough despite our best efforts, they always kept their distance. But it’s not beyond the realm of possibility.” (This is not without precedent; though hardly covered in the American press, it has been reported that Switzerland’s Crypto AG long the supplier of cipher equipment to many of the world’s neutral and “rogue” states enjoyed such an “arrangement” with the NSA for decades. Crypto AG denies this.)

There is, however, another possible scenario regarding participation by Ericsson in an intelligence venture. According to FAS analyst Pike, it’s much more likely that anyone doing intelligence work in Iraq would want a schematic of Baghdad’s telephone system which Ericsson installed in the late ’60s and has subsequently updated. “I would find it to be far more plausible that the U.S. intelligence community would be interested in acquiring, and Ericsson would be interested in supplying, the wiring diagram for Baghdad’s telephone exchange than encryption algorithms for cell phones,” he says.

Also, he explains, finding ways to tap into a whole phone system or pull short-range signals out of the air without being obvious is clearly SCS’s portfolio. “This type of risky close surveillance is what SCS was formed to do,” he says. “When you think of NSA, you think satellites. When you think CIA, you think James Bond and microfilm. But you don’t really think of an agency whose sole purpose is to get up real close and use the best technology there is to listen and transmit. That’s SCS.”

Regarding any possible collaboration in Iraq with SCS or UNSCOM, Kathy Egan, Ericsson spokesperson, said she had no information on such an operation, but if there was one, “It would be classified and we would not be able to talk about it.” It’s also possible, according to Mike Frost, that cleverly disguised bugs might have been planted in Baghdad SCS, he recalls, managed to listen in on secured facilities by bugging pigeons. But, says a retired CIA veteran, with UNSCOM effectively dead, bugging is now out of the question. “I hope the take from this op,” he says, “was worth losing the only access the outside world’s disarmament experts had to Iraq.”

February 24 – March 2, 1999
by
jason vest and wayne madsen

Find this story at February March 1999

Copyright 1999 The Village Voice

Soldiers from an undercover unit used by the British army in Northern Ireland killed unarmed civilians, former members have told BBC One’s Panorama.

Speaking publicly for the first time, the ex-members of the Military Reaction Force (MRF), which was disbanded in 1973, said they had been tasked with “hunting down” IRA members in Belfast.

The former soldiers said they believed the unit had saved many lives.

The Ministry of Defence said it had referred the disclosures to police.

The details have emerged a day after Northern Ireland’s attorney general, John Larkin, suggested ending any prosecutions over Troubles-related killings that took place before the signing of the Good Friday Agreement in 1998.

The soldiers appeared on Panorama on condition their identities were disguised

The proposal has been criticised by groups representing relatives of victims.

Panorama has been told the MRF consisted of about 40 men handpicked from across the British army.

Before it was disbanded 40 years ago, after 18 months, plain-clothes soldiers carried out round-the-clock patrols of west Belfast – the heartland of the IRA – in unmarked cars.

Three former members of the unit, who agreed to be interviewed on condition their identities were disguised, said they had posed as Belfast City Council road sweepers, dustmen and even “meths drinkers”, carrying out surveillance from street gutters.

But surveillance was just one part of their work.

One of the soldiers said they had also fired on suspected IRA members.

He described their mission as “to draw out the IRA and to minimise their activities… if they needed shooting, they’d be shot”.
Continue reading the main story
Analysis
John Ware
Reporter, BBC Panorama

For 15 years, Northern Ireland has been divided about how to deal with the legacy of three decades of conflict.

The compromise has been the establishment of the Historical Enquiries Team, a group of former detectives, who are reviewing all deaths in Northern Ireland during the conflict, primarily to answer questions from their relatives.

But now the Northern Ireland attorney general has reignited the vexed issue of whether truth recovery through a virtual amnesty is preferable to prosecution.

John Larkin has called for an end to all prosecutions and inquiries in relation to Troubles-related killings.

The disclosures by Panorama are bound to add to this debate.

The closest former MRF soldiers have previously come to breaking cover is as the pseudonymous authors of two semi-fictionalised paperbacks, one of whom has referred to the MRF as a “legalised death squad”.

The factual account of the MRF may not be quite as colourful. Nonetheless, the evidence gleaned from seven former members, declassified files and witnesses, does point to a central truth – that MRF tactics did sometimes mirror the IRA’s.
‘Targets taken down’

Another former member of the unit said: “We never wore uniform – very few people knew what rank anyone was anyway.

“We were hunting down hardcore baby-killers, terrorists, people that would kill you without even thinking about it.”

A third former MRF soldier said: “If you had a player who was a well-known shooter who carried out quite a lot of assassinations… then he had to be taken out.

“[They were] killers themselves, and they had no mercy for anybody.”

In 1972 there were more than 10,600 shootings in Northern Ireland. It is not possible to say how many the unit was involved in.

The MRF’s operational records have been destroyed and its former members refused to incriminate themselves or their comrades in specific incidents when interviewed by Panorama.

But they admitted shooting and killing unarmed civilians.

When asked if on occasion the MRF would make an assumption that someone had a weapon, even if they could not see one, one of the former soldiers replied “occasionally”.

“We didn’t go around town blasting, shooting all over the place like you see on the TV, we were going down there and finding, looking for our targets, finding them and taking them down,” he said.

Patricia McVeigh says her father Patrick was shot in the back as he stopped to talk to men at a checkpoint

“We may not have seen a weapon, but there more than likely would have been weapons there in a vigilante patrol.”

Panorama has identified 10 unarmed civilians shot, according to witnesses, by the MRF:
Brothers John and Gerry Conway, on the way to their fruit stall in Belfast city centre on 15 April 1972
Aiden McAloon and Eugene Devlin, in a taxi taking them home from a disco on 12 May 1972
Joe Smith, Hugh Kenny, Patrick Murray and Tommy Shaw, on Glen Road on 22 June 1972
Daniel Rooney and Brendan Brennan, on the Falls Road on 27 September 1972

Patricia McVeigh told the BBC she believed her father, Patrick McVeigh, had been shot in the back and killed by plain clothes soldiers on 12 May 1972 and said she wanted justice for him.

“He was an innocent man, he had every right to be on the street walking home. He didn’t deserve to die like this,” she said.

Her solicitor Padraig O’Muirigh said he was considering civil action against the Ministry of Defence in light of Panorama’s revelations.

The MoD refused to say whether soldiers involved in specific shootings had been members of the MRF.
Continue reading the main story
Troubles in Northern Ireland

The conflict in Northern Ireland during the late 20th century is known as the Troubles.

More than 3,600 people were killed and thousands more injured.

During a period of 30 years, many acts of violence were carried out by paramilitaries and the security forces.
Read more about the Troubles
‘Pretty gruesome’

It said it had referred allegations that MRF soldiers shot unarmed men to police in Northern Ireland.

But the members of the MRF who Panorama interviewed said their actions had ultimately helped bring about the IRA’s decision to lay down arms.

Gen Sir Mike Jackson, the former head of the British army, and a young paratrooper captain in 1972, said he had known little of the unit’s activities at the time, but admired the bravery of soldiers involved in undercover work.

He said: “That takes a lot of courage and it’s a cold courage. It’s not the courage of hot blood [used by] soldiers in a firefight.

“You know if you are discovered, a pretty gruesome fate may well await you – torture followed by murder.”

The IRA planted nearly 1,800 bombs – an average of five a day – in 1972

Col Richard Kemp, who carried out 10 tours of Northern Ireland between 1979 and 2001, told BBC Radio 4’s Today programme charges could be brought if there was new evidence unarmed civilians had been killed.

But he added: “Soldiers often speak with bravado and I wonder how many of those soldiers are saying that they themselves shot and killed unarmed civilians.”

Panorama has learnt a Ministry of Defence review concluded the MRF had “no provision for detailed command and control”.

Forty years later and families and victims are still looking for answers as to who carried out shootings.

Former detectives are reviewing all of the deaths in Northern Ireland during the conflict as part of the Historical Enquiries Team set up following the peace process.

Around 11% of the 3,260 deaths being reviewed were the responsibility of the state.

21 November 2013 Last updated at 05:50 ET

Find this story at 21 November 2013

BBC © 2013

Former members of Military Reaction Force admit on BBC Panorama they did not always follow guidelines on lethal force

Claims that members of an undercover army unit shot unarmed civilians in Northern Ireland during the 1970s have been referred to the police, according to the Ministry of Defence.

The allegations against the Military Reaction Force (MRF) are contained in a BBC Panorama programme, Britain’s Secret Terror Force, to be broadcast on Thursday evening.

Seven former members of the plain-clothes detachment – which carried out surveillance and, allegedly, unprovoked attacks – have spoken to the programme. The existence of the MRF is well known but its unorthodox methods and the scope of its activities have been the source of continuing speculation.

The soldiers in the Panorama report are not identified. One said that surveillance had been the MRF’s main purpose, but that it also had a “hard-hitting anti-terrorist” role. “We were not there to act like an army unit,” he explained. “We were there to act like a terror group. We had our own rules, but I don’t recall being involved in the shooting of an innocent person.”

Their weaponry was not always standard issue. On one occasion, the programme reports, a Thompson sub-machine gun was used. The men drove Hillmans and Ford Cortinas with microphones built into the sun visors; some were cars that had been stolen and recovered.

The year 1972 was the most violent of the Troubles: 497 people were killed including 134 were soldiers.

All seven former MRF soldiers told the programme that they sometimes acted in contravention of the “yellow card” – the strict rules that spelled out the circumstances under which soldiers could open fire. Lethal force was generally only lawful when the lives of security forces or others were in immediate danger.

One soldier explained: “If you had a player who was a well-known shooter who carried out quite a lot of assassinations …it would have been very simple – he had to be taken out.” All the soldiers, however, denied that they were part of a “death” or “assassination squad”.

Two fatal shootings have been linked to the MRF. On the night of 12 May 1972, an MRF patrol shot dead Patrick McVeigh, a father of six children and a member of the Catholic Ex-Servicemen’s Club whose members had been manning barricades in Belfast.

The soldiers involved made statements to the Royal Military Police saying they had been shot at and returned fire. However, the programme, made by the production company twenty2vision for Panorama, says there is no evidence that McVeigh or anyone beside him were members of the IRA. Those hit tested negative when swabbed by the police for firearms deposits, the programme says.

In September that year, another MRF patrol, the BBC programme says, shot dead 18-year-old Daniel Rooney in West Belfast. An MRF sergeant was acquitted of attempted murder following a trial in 1973. After 18 months’ duty, the MRF was dissolved in late 1972 following army concerns about the adequacy of its command and control structures.

An MoD spokesperson told the Guardian: “This is a matter for the Police Service of Northern Ireland Historical Enquiries Team (PSNI HET), who are examining all deaths that occurred during Operation Banner; the Ministry of Defence has co-operated fully with their inquiries.

“The UK has strict rules of engagement which are in accordance with UK law and international humanitarian law. This applied to operations in Northern Ireland. Soldiers were at all times subject to the general criminal law on the use of force, which was made clear to them in training and before operations.”

The PSNI said it would wait to see the programme. A spokesman added: “It would be inappropriate to comment at this point.”

Owen Bowcott, legal affairs correspondent
theguardian.com, Thursday 21 November 2013 06.12 GMT

Find this story at 21 November 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Britain’s secret listening service, GCHQ, uses a spying system codenamed “Royal Concierge” to carry out detailed surveillance on foreign diplomats and government delegations at more than 350 hotels across the world, Germany’s Der Spiegel magazine reported on Sunday.

The disclosures, based on intelligence data leaked by the US whistleblower Edward Snowden, follow reports that British intelligence installs secret software to spy on selected companies and revelations earlier this month by The Independent that GCHQ operates a listening post on the roof of the UK’s Berlin embassy.

Der Spiegel said that GCHQ used “Royal Concierge” to spy on the booking arrangements of the hotels involved in order to gain information about the travel plans of diplomats and government delegations. It said the system was used to “prepare” their hotel rooms for more detailed surveillance.

The magazine said the information gained enabled the GCHQ’s so-called “technical departments” to bug the telephones and computers used by diplomats in their hotel rooms. It said “Royal Concierge” was also used to prepare the ground for the setting up of the GCHQ’s so-called “Humint Operations” – an abbreviation for “Human Intelligence” surveillance involving the deployment of agents to spy on diplomats.

Der Spiegel did not say which hotels were targeted. Contacted by the magazine, a spokesman for GCHQ said he could “neither confirm nor deny” Der Spiegel’s report.

The disclosures are the latest in a series of embarrassing revelations about the covert activities of GCHQ and its US counterpart, the National Security Agency, leaked to the media by fugitive whistleblower Edward Snowden.

The intelligence leaks have revealed the existence of the GCHQ/NSA “Tempora” spying operation involving the mass surveillance of Internet, phone and email traffic which crosses the Atlantic through undersea fibre-optic cables. The British government has claimed to have had no knowledge of the programme.

Disclosures published by Der Spiegel last week said that GCHQ used doctored websites including those from the business network LinkedIn to install surveillance software on the computers of unwitting companies and individuals.

The system was said to be codenamed “Quantum Insert”. One of the targeted companies was identified as the part-state-owned Belgian telecommunications firm Belgacom. Another was a concern named Mach, which is used by several mobile phone companies to coordinate international roaming traffic.

In Germany, disclosures that the NSA used an embassy listening post to bug Chancellor Angela Merkel’s mobile phone were followed a fortnight ago by an investigation by The Independent which revealed that GCHQ runs a similar listening post.

German MPs have said they are outraged that US and British intelligence spies on the politicians of a country which is their key European ally. They have called for the setting up of no-spying agreements between Washington, London and Berlin.

Germany’s two main political parties announced yesterday that they had agreed to set up a cyber security centre to establish how networks could be better protected from invasive surveillance.

Tony Paterson
Sunday, 17 November 2013

Find this story at 17 November 2013

© independent.co.uk

Britain’s GCHQ intelligence service monitors diplomats’ travels using a sophisticated automated system that tracks hotel bookings. Once a room has been identified, it opens the door to a variety of spying options.

When diplomats travel to international summits, consultations and negotiations on behalf of governments, they generally tend to spend the night at high-end hotels. When they check-in, in addition to a comfortable room, they sometimes get a very unique form of room service that they did not order: a thorough monitoring by the British Government Communications Headquarters, or GCHQ in short.

Intelligence service documents from the archive of NSA whistleblower Edward Snowden show that, for more than three years, GCHQ has had a system to automatically monitor hotel bookings of at least 350 upscale hotels around the world in order to target, search and analyze reservations to detect diplomats and government officials.

The top secret program carries the codename “Royal Concierge,” and has a logo showing a penguin wearing a crown, a purple cape and holding a wand. The penguin is apparently meant to symbolize the black and white uniform worn by staff at luxury hotels.

The aim of the program is to inform GCHQ, at the time of the booking, of the city and hotel a foreign diplomat intends to visit. This enables the “technical operations community” to make the necessary preparations in a timely manner, the secret documents state. The documents cast doubt on the truthfulness of claims made last week to a committee in parliament by the heads of the three British intelligence agencies: Namely that the exclusive reason and purpose behind their efforts is the battle against terrorism, and to make sure they can monitor the latest postings by al-Qaida and similar entities.

The documents show that the prototype of “Royal Concierge” was first tested in 2010. The much-touted program, referred to internally as an “innovation,” was apparently so successful that further development continued.

Daily Alerts

The documents provide details on how the British program for tracking international diplomats functioned. Whenever a reservation confirmation is emailed to a conspicuous address inside a government domain (like gov.xx) from any of the 350 hotels around the world being monitored, a daily alert “tip-off” is sent to the appropriate GCHQ analysts. The documents seen by SPIEGEL do not include hotel names, but they do cite anonymized hotels in Zurich and Singapore as examples.

A further document states that this advance knowledge of which foreign diplomats will be staying in what hotels provides GCHQ with a whole palette of intelligence capabilities and options. The documents reveal an impressive listing of capabilities for monitoring a hotel room and its temporary resident that seem to exhaust the creative potential of modern spying. Among the possibilities, of course, are wiretapping the room telephone and fax machine as well as the monitoring of computers hooked up to the hotel network (“computer network exploitation”).

It also states that a “Technical Attack” is deployed by the British “TECA” team for guests of high interest. The documents state that these elite units develop a range of “specialist technologies” that are “designed to bridge the gaps to communications that our conventional accesses cannot reach.” These “Active Approach Teams” are small, but possess advanced technical skill that allow them to work within “often unique requirements.”

The guests, of course, have no clue about these advanced technical preparations that are made for their visits. In cases of “governmental hard targets,” the information obtained through “Royal Concierge” can also involve “Humint” operations. The abbreviation is short for “human intelligence” — in other words, the deployment of human spies who might then be listening in on a diplomat’s conversations at the hotel bar.

‘Wild, Wild West’

The documents seen by SPIEGEL do not state how often the program has been used, but they do indicate that it continued to be developed and that it captured the imagination of the intelligence agency’s workers, including the GCHQ unit responsible for “effects.” Given the access they had to hotel bookings through “Royal Concierge,” one document pondered: “Can we influence the hotel choice?” And: Did they have the ability to cancel visits entirely? Another slide lists “car hire” as one of the possible extensions to the program.

Contacted by SPIEGEL, GCHQ said that it “neither confirms nor denies the allegation.”

Her Royal Majesty’s agents appear to be very conscious of the fact that the automated monitoring of diplomats’ travel by the British intelligence service crosses into controversial terrain. One of the presentations describing “Royal Concierge” is titled “Tales from the Wild, Wild West of GCHQ Operational Datamining.”

11/17/2013 08:09 AM
By Laura Poitras, Marcel Rosenbach and Holger Stark

Find this story at 17 November 2013

© SPIEGEL ONLINE 2013

During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service’s surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant’s apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away — as any right-minded burglar would normally have done — one of the men pulled out a disk and loaded some programs onto the resident’s laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there.

It did not take long for the official to determine that the two men were, in fact, Central Intelligence Agency (CIA) operatives conducting what is known in the U.S. intelligence community as either a “black bag job” or a “surreptitious entry” operation. Back in the Cold War, such a mission might have involved cracking safes, stealing code books, or photographing the settings on cipher machines. Today, this kind of break-in is known inside the CIA and National Security Agency as an “off-net operation,” a clandestine human intelligence mission whose specific purpose is to surreptitiously gain access to the computer systems and email accounts of targets of high interest to America’s spies. As we’ve learned in recent weeks, the National Security Agency’s ability to electronically eavesdrop from afar is massive. But it is not infinite. There are times when the agency cannot gain access to the computers or gadgets they’d like to listen in on. And so they call in the CIA’s black bag crew for help.

The CIA’s clandestine service is now conducting these sorts of black bag operations on behalf of the NSA, but at a tempo not seen since the height of the Cold War. Moreover, these missions, as well as a series of parallel signals intelligence (SIGINT) collection operations conducted by the CIA’s Office of Technical Collection, have proven to be instrumental in facilitating and improving the NSA’s SIGINT collection efforts in the years since the 9/11 terrorist attacks.
More FP Coverage
the NSA Leaks
Meet the Spies Doing the NSA’s Dirty Work
Exclusive: Inside America’s Plan to Kill Online Privacy Rights Everywhere
Spy Copters, Lasers, and Break-In Teams

Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world’s largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centers and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations.

In other words, the CIA has become instrumental in setting up the shadowy surveillance dragnet that has now been thrown into public view. Sources within the U.S. intelligence community confirm that since 9/11, CIA clandestine operations have given the NSA access to a number of new and critically important targets around the world, especially in China and elsewhere in East Asia, as well as the Middle East, the Near East, and South Asia. (I’m not aware of any such operations here on U.S. soil.) In one particularly significant operation conducted a few years back in a strife-ridden South Asian nation, a team of CIA technical operations officers installed a sophisticated tap on a switching center servicing several fiber-optic cable trunk lines, which has allowed NSA to intercept in real time some of the most sensitive internal communications traffic by that country’s general staff and top military commanders for the past several years. In another more recent case, CIA case officers broke into a home in Western Europe and surreptitiously loaded Agency-developed spyware into the personal computer of a man suspected of being a major recruiter for individuals wishing to fight with the militant group al-Nusra Front in Syria, allowing CIA operatives to read all of his email traffic and monitor his Skype calls on his computer.

The fact that the NSA and CIA now work so closely together is fascinating on a number of levels. But it’s particularly remarkable accomplishment, given the fact that the two agencies until fairly recently hated each others’ guts.

Ingenues and TBARs

As detailed in my history of the NSA, The Secret Sentry, the CIA and NSA had what could best be described as a contentious relationship during the Cold War era. Some NSA veterans still refer to their colleagues at the CIA as ‘TBARs,’ which stands for ‘Those Bastards Across the River,’ with the river in question being the Potomac. Perhaps reflecting their higher level of educational accomplishment, CIA officers have an even more lurid series of monikers for their NSA colleagues at Fort Meade, most of which cannot be repeated in polite company because of recurring references to fecal matter. One retired CIA official described his NSA counterparts as “a bunch of damn ingenues.” Another CIA veteran perhaps put it best when he described the Cold War relationship amongst and between his agency and the NSA as “the best of enemies.”

The historical antagonism between the two agencies started at the top. Allen W. Dulles, who was the director of the CIA from 1953 to 1961, disliked NSA director General Ralph Canine so intensely that he deliberately kept the NSA in the dark about a number of the agency’s high-profile SIGINT projects, like the celebrated Berlin Tunnel cable tapping operation in the mid-1950s. The late Richard M. Helms, who was director of the CIA from 1966 to 1973, told me over drinks at the Army-Navy Club in downtown Washington, D.C. only half jokingly that during his thirty-plus years in the U.S. intelligence community, his relations with the KGB were, in his words, “warmer and more collegial” than with the NSA. William E. Colby, who served as Director of Central Intelligence from 1973-1976, had the same problem. Colby was so frustrated by his inability to assert any degree of control over the NSA that he told a congressional committee that “I think it is clear I do not have command authority over the [NSA].” And the animus between CIA director Admiral Stansfield Turner (CIA director from 1977-1981) and his counterpart at the NSA, Admiral Bobby Ray Inman, was so intense that they could only communicate through intermediaries.

But the 9/11 terrorist attacks changed the operational dynamic between these two agencies, perhaps forever. In the thirteen years since the 9/11 terrorist attacks, the NSA and CIA have largely, but not completely, moved past the Cold War animus. In addition, both agencies have become increasingly dependent on one another for the success of their respective intelligence operations, leading to what can best be described as an increasingly close symbiotic relationship between these two titans of the U.S. intelligence community.

While the increasingly intimate relationship between the NSA and CIA is not a secret, the specific nature and extent of the work that each agency does for the other is deemed to be extremely sensitive, especially since many of these operations are directed against friends and allies of the United States. For example, the Special Collection Service (SCS), the secretive joint CIA-NSA clandestine SIGINT organization based in Beltsville, Maryland, now operates more than 65 listening posts inside U.S. embassies and consulates around the world. While recent media reports have focused on the presence of SCS listening posts in certain Latin America capitals, intelligence sources confirm that most of the organization’s resources have been focused over the past decade on the Middle East, South Asia, and East Asia. For example, virtually every U.S. embassy in the Middle East now hosts a SCS SIGINT station that monitors, twenty-four hours a day, the complete spectrum of electronic communications traffic within a one hundred mile radius of the embassy site. The biggest problem that the SCS currently faces is that it has no presence in some of the U.S. intelligence community’s top targets, such as Iran and North Korea, because the U.S. government has no diplomatic relations with these countries.

At the same time, SIGINT coming from the NSA has become a crucial means whereby the CIA can not only validate the intelligence it gets from its oftentimes unreliable agents, but SIGINT has been, and remains the lynchpin underlying the success over the past nine years of the CIA’s secret unmanned drone strikes in Pakistan, Yemen and elsewhere around the world.

But the biggest changes have occurred in the CIA’s human intelligence (HUMINT) collection efforts on behalf of NSA. Over the past decade, foreign government telecommunications and computer systems have become one of the most important targeting priorities of the CIA’s National Clandestine Service (NCS), which since the spring of this year has been headed by one of the agency’s veteran Africa and Middle East hands. The previous director, Michael J. Sulick, is widely credited with making HUMINT collection against foreign computer and telecommunications systems one of the service’s top priority targets after he rose to the top of the NCS in September 2007.

Today, a cadre of several hundred CIA NCS case officers, known as Technical Operations Officers, have been recruited and trained to work exclusively on penetrating foreign communications and computer systems targets so that NSA can gain access to the information stored on or transmitted by these systems. Several dozen of these officers now work fulltime in several offices at NSA headquarters at Fort George G. Meade, something which would have been inconceivable prior to 9/11.

CIA operatives have also intensified their efforts to recruit IT specialists and computer systems operators employed by foreign government ministries, major military command headquarters staffs, big foreign multinational corporations, and important international non-governmental organizations.

Since 9/11, the NCS has also developed a variety of so-called “black boxes” which can quickly crack computer passwords, bypass commercially-available computer security software systems, and clone cellular telephones — all without leaving a trace. To use one rudimentary example, computer users oftentimes forget to erase default accounts and passwords when installing a system, or incorrectly set protections on computer network servers or e-mail accounts. This is a vulnerability which operatives now routinely exploit.

For many countries in the world, especially in the developing world, CIA operatives can now relatively easily obtain telephone metadata records, such as details of all long distance or international telephone calls, through secret liaison arrangements with local security services and police agencies.

America’s European allies are a different story. While the connections between the NSA and, for example, the British signals intelligence service GCHQ are well-documented, the CIA has a harder time obtaining personal information of British citizens. The same is true in Germany, Scandinavia and the Netherlands, which have also been most reluctant to share this sort of data with the CIA. But the French intelligence and security services have continued to share this sort of data with the CIA, particularly in counterterrorism operations.

U.S. intelligence officials are generally comfortable with the new collaboration. Those I have spoken to over the past three weeks have only one major concern. The fear is that details of these operations, including the identities of the targets covered by these operations, currently reside in the four laptops reportedly held by Edward Snowden, who has spent the past three weeks in the transit lounge at Sheremetyevo Airport outside Moscow waiting for his fate to be decided. Officials at both the CIA and NSA know that the public disclosure of these operations would cause incalculable damage to U.S. intelligence operations abroad as well as massive embarrassment to the U.S. government. If anyone wonders why the U.S. government wants to get its hands on Edward Snowden and his computers so badly, this is an important reason why.

David Burnett/Newsmakers

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond.

BY MATTHEW M. AID | JULY 17, 2013

Find this story at 17 July 2013

©2013 The Slate Group, LLC. All rights reserved.

“I’d come back from an op and couldn’t wait for what happens next,” says Douglas Groat (shown in a reenactment with tools of the trade). (James Quantz Jr. )

The six CIA officers were sweating. It was almost noon on a June day in the Middle Eastern capital, already in the 90s outside and even hotter inside the black sedan where the five men and one woman sat jammed in together. Sat and waited.

They had flown in two days earlier for this mission: to break into the embassy of a South Asian country, steal that country’s secret codes and get out without leaving a trace. During months of planning, they had been assured by the local CIA station that the building would be empty at this hour except for one person—a member of the embassy’s diplomatic staff working secretly for the agency.

But suddenly the driver’s hand-held radio crackled with a voice-encrypted warning: “Maintain position. Do not approach target.” It was the local CIA station, relaying a warning from the agency’s spy inside: a cleaning lady had arrived.

From the back seat Douglas Groat swore under his breath. A tall, muscular man of 43, he was the leader of the break-in team, at this point—1990—a seven-year veteran of this risky work. “We were white faces in a car in daytime,” Groat recalls, too noticeable for comfort. Still they waited, for an hour, he says, before the radio crackled again: “OK to proceed to target.” The cleaning lady had left.

Groat and the others were out of the car within seconds. The embassy staffer let them in the back door. Groat picked the lock on the code room—a small, windowless space secured for secret communications, a standard feature of most embassies—and the team swept inside. Groat opened the safe within 15 minutes, having practiced on a similar model back in the States. The woman and two other officers were trained in photography and what the CIA calls “flaps and seals”; they carefully opened and photographed the code books and one-time pads, or booklets of random numbers used to create almost unbreakable codes, and then resealed each document and replaced it in the safe exactly as it had been before. Two hours after entering the embassy, they were gone.

After dropping the break-in specialists off at their hotel, the driver took the photographs to the U.S. Embassy, where they were sent to CIA headquarters by diplomatic pouch. The next morning, the team flew out.

The CIA is not in the habit of discussing its clandestine operations, but the agency’s purpose is clear enough. As then-chief James Woolsey said in a 1994 speech to former intelligence operatives: “What we really exist for is stealing secrets.” Indeed, the agency declined to comment for this article, but over the course of more than 80 interviews, 25 people—including more than a dozen former agency officers—described the workings of a secret CIA unit that employed Groat and specialized in stealing codes, the most guarded secrets of any nation.

What Groat and his crew were doing followed in the tradition of all espionage agencies. During World War II, for example, Soviet spies stole the secrets of how the United States built the atom bomb, and the British secretly read Nazi communications after acquiring a copy of a German Enigma cipher machine from Polish intelligence. The Office of Strategic Services, the CIA’s predecessor, targeted the Vichy French Embassy in Washington, D.C. one night in June 1942. An operative code-named Cynthia arranged a tryst inside the embassy with her lover, who was the press attaché there. The tryst, as both knew, was a cover story—a way to explain her presence to the night watchman. After the 31-year-old, auburn-haired spy and her lover stripped in the hall outside the code room, Cynthia, naked but for her pearls and high-heeled shoes, signaled out a window to a waiting OSS safe expert, a specialist known as the “Georgia Cracker.” He soon had the safe open and the codebooks removed; an OSS team photographed the books in a hotel nearby, and Cynthia returned them to the safe before dawn. The stolen codes were said to have helped OSS undercover operations in North Africa that paved the way for the Allied invasion there six months later.

In 1956, Soviet leader Nikita Khrushchev denounced Joseph Stalin’s mass terror and “cult of personality” in a speech to a closed session of the Communist Party Congress in Moscow. Khrushchev repudiated his predecessor in such stark terms that his speech weakened the Soviet Union’s grip on Eastern Europe and contributed to Moscow’s split with China. As word of his “secret speech” filtered out, the CIA fell under enormous pressure to obtain a copy. The agency’s director, Allen W. Dulles, secured one—he never disclosed how, but by most accounts his source was Israeli intelligence—and leaked it to the New York Times. He later wrote that getting the speech was “one of the major intelligence coups” of his career.

In a secret program called HTLINGUAL, the CIA screened more than 28 million first-class letters and opened 215,000 of them between 1953 and 1973, even though the Supreme Court held as far back as 1878 in Ex parte Jackson and reaffirmed in 1970 in U.S. v. Van Leeuwen that the Fourth Amendment bars third parties from opening first-class mail without a warrant. The program’s stated purpose was to obtain foreign intelligence, but it targeted domestic peace and civil rights activists as well. In a 1962 memo to the director of the CIA’s Office of Security, the deputy chief of the counterintelligence staff warned that the program could lead “to grave charges of criminal misuse of the mails” and therefore U.S. intelligence agencies must “vigorously deny” HTLINGUAL, which should be “relatively easy to ‘hush up.’ ”

One of the agency’s most ambitious known theft attempts took place after a Soviet submarine sank in 1968 several hundred miles northwest of Hawaii, losing all hands. After spending at least $200 million to build a ship designed especially for the mission, the agency tried in 1974 to steal the sub from its resting place, 17,000 feet deep. Using a giant claw, the ship, the Glomar Explorer, lifted the sub from the ocean bottom, but it broke in two as it was raised. The agency recovered the forward third of the vessel, but former CIA director William E. Colby confirmed in the French edition of his memoir, which slipped through the agency’s censorship, that the operation fell short of its main objective—recovering the part of the sub containing Soviet nuclear missiles and codebooks.

Codes have always been primary espionage targets, but they have become more valuable as encryption programs have become both more common and more complex. Today, even the National Security Agency, the nation’s code-making and -breaking arm and its largest intelligence agency, has trouble keeping up with the flood of messages it intercepts. When decrypting other countries’ codes is so difficult, the most obvious solution is to steal them.

That is why by 1955, and probably earlier, the CIA created a special unit to perform what the agency calls “surreptitious entries.” This unit was so secret that few people inside CIA headquarters knew it existed; it wasn’t even listed in the CIA’s classified telephone book. Officially it was named the Special Operations Division, but the handful of agency officers selected for it called it the Shop.

In Doug Groat’s time there, in the 1980s and early ’90s, the Shop occupied a nondescript one-story building just south of a shopping mall in the Washington suburb of Springfield, Virginia. The building was part of a government complex surrounded by a chain-link fence; the pebbled glass in the windows let in light but allowed no view in or out. The men and women of the Shop made up a team of specialists: lock pickers, safecrackers, photographers, electronics wizards and code experts. One team member was a master at disabling alarm systems, another at flaps and seals. Their mission, put simply, was to travel the world and break into other countries’ embassies to steal codes, and it was extraordinarily dangerous. They did not have the protection of diplomatic cover; if caught, they might face imprisonment or execution. The CIA, they assumed, would claim it knew nothing about them. “It was generally understood, from talking to the other guys,” Groat recalls. “Nobody ever said it in so many words.”

Groat started working at the Shop in 1982 and became the CIA’s top burglar and premier lock picker. He planned or participated in 60 missions in Europe, Africa, South America and the Middle East. He received several $5,000 awards for successful entry missions—a significant sum for someone earning less than $40,000 a year at the time—as well as an award from the CIA’s Clandestine Service and another from the NSA. In several instances, as in the operation in the Middle East capital, he led the entry team. But that operation was Groat’s last. The simple fact that a cleaning lady had unexpectedly shown up for work set off a chain of events that pit him against his employer. The operations of the Shop, as described by Groat, other former members of the Shop and other intelligence professionals, illustrate the lengths to which the CIA went to steal other nations’ secrets. What happened to Groat illustrates the measures the agency took to protect secrets of its own.

Groat would seem an excellent candidate for the job of stealing codes. Six-foot-three, handsome and articulate, he is a former Green Beret trained in scuba diving, underwater explosives, parachuting, survival and evasion; he knows how to build homemade pistols, shotguns, silencers, booby traps and bombs. He also speaks Mandarin Chinese. He says he relished his work at the Shop—both for the opportunity to serve his country and for the adrenaline rush that came with the risks.

He grew up in Scotia, New York, near Albany. He joined the Army in 1967, before marrying his high-school sweetheart, and served as a captain in the Special Forces. He left after four years and worked in a series of law-enforcement jobs. As a police officer in Glenville, New York, Groat displayed a streak of unyielding resolve: He ticketed fire engines when he believed they were breaking the law. “The trucks would run with lights flashing even when they were not responding to a fire. They were checking the hydrants,” he says. “I warned them, ‘Do it again and I’ll ticket you.’ They did and I did.” After he ticketed the fire chief, Groat was fired. He sued and won his job back—and then, having made his point, quit to become a deputy U.S. marshal in Phoenix.

By then Groat and his wife had a daughter and a son. In 1980, he joined the CIA and moved his family to Great Falls, Virginia. At age 33, he was sent off to the Farm, the CIA’s training base near Williamsburg, to learn the black arts of espionage. Two years later, after testing well for hand coordination and the capacity to pay painstaking attention to detail, he was accepted for the Shop.

In training there he demonstrated an exceptional talent for picking locks, so the CIA sent him to vocational courses in opening both locks and safes. As a result, the CIA’s top burglar was also a bonded locksmith, member number 13526 of the Associated Locksmiths of America. He was also a duly certified member of the Safe and Vault Technicians Association.

Although Hollywood films show burglars with an ear glued to a safe to listen for the tumblers, Groat says it doesn’t work that way. “You feel the tumblers. In your fingers,” he says. “There are three to four wheels in a typical safe combination lock. As you turn the dial you can feel it as you hit each wheel, because there’s extra tension on the dial. Then you manipulate one wheel at a time until the drop lever inside falls into the open position and the safe is unlocked.”

After training came the real thing. “It was exhilarating,” Groat recalls of his first mission, targeting a South American embassy in Northern Europe. When he traveled to a target, he used an alias and carried phony ID—”pocket litter,” as it is known in the trade. His fake identities were backstopped, meaning that if anyone called to check with the real companies listed on his cards, someone would vouch for him as an employee. He also was given bank and credit cards in an alias to pay his travel expenses.

Because Groat’s work was so sensitive, he had to conceal it. Although his wife understood the nature of his work, for years his children did not. “I didn’t know where my father worked until I was in high school, in the ninth or tenth grade,” says Groat’s son, Shawn. “My sister typed a report on special paper that dissolved in water, although we didn’t know it. My father realized what she was doing and said, ‘You can’t use that paper.’ Then he ate the paper.

“He then sat us down and said, ‘I don’t work for the State Department. I work for the CIA.’” The State Department had been his cover story to explain his frequent travels to friends, relatives and neighbors. He said he inspected security at U.S. embassies.

Groat would not talk about which countries’ codes he and his colleagues stole. Other intelligence sources said that in 1989, he led an extraordinary mission to Nepal to steal a code machine from the East German Embassy there—the CIA and the NSA, which worked closely with the Shop, wanted the device so badly that Groat was told to go in, grab the safe containing the code machine and get out. Never mind the rule about leaving no trace; in this case it would be immediately obvious that a very large object was missing.

According to two CIA sources, the agency and the NSA had collected three decades’ worth of encrypted East German communications traffic; the machine would allow them to read it and, if the Soviets and the other Warsaw Pact countries were linked in a common system, perhaps to decrypt Soviet traffic as well.

The CIA station in Katmandu arranged for an official ceremony to be held more than an hour away from the capital and for all foreign diplomats to be invited. The agency knew the East Germans could not refuse to attend. That would leave Groat’s team about three hours to work. Posing as tourists, they arrived in Katmandu two days before the mission and slipped into a safe house. On the appointed day, they left the safe house wearing disguises crafted by a CIA specialist—whole-face latex masks that transformed them into Nepalese, with darker skin and jet-black hair. At the embassy, Groat popped the front door open with a small pry bar. Inside, the intruders peeled off their stifling masks and with a bolt-cutter removed a padlock barring the way to the embassy’s security area. Once in the code room, Groat and two teammates strained to lift the safe from the floorboards and wrestled it down the stairs and out to a waiting van.

They drove the safe to the American Embassy, where it was opened—and found to contain no code machine. Based on faulty intelligence, the CIA had sent its break-in team on a Himalayan goose chase.

In planning an operation, Groat says, he would normally reconnoiter the target personally. But he was told there was no budget to send him before his 1990 mission to the Middle East capital, so he had to rely on assurances from the local CIA station. Although the team accomplished its mission and returned to the Shop within two days, Groat was enraged at what he believed was sloppy advance work.

“It was a near miss, very scary,” he says. “I had to complain. It could have been disastrous for the U.S. government and the officers involved.”

Not to worry, Groat’s boss told him; he would personally tell the official who supervised the Shop what had happened. Groat says his boss warned him that if he went outside channels and briefed the supervisor on his own, “it would end my career.” He went to the supervisor anyway. “I told [him] if we had been caught our agent would be killed,” he says. “He said he didn’t care. That it was an aberration and wouldn’t happen again.” Groat did not back down; in fact, he escalated matters by taking his complaint to the CIA inspector general. The IG at the time was Frederick P. Hitz, who now teaches law at the University of Virginia. Hitz recalls that his office investigated the matter.

“On the issue that preparations for that entry had not been properly made, we did find there was merit in his complaint,” Hitz says. “His grievances had some justification in fact. He felt there was sloppiness that endangered himself and his crew, the safety of the men for whom he was responsible. We felt there was some reason for his being upset at the way his operation was prepared.”

Given the tensions rising between Groat and his managers, the IG also recommended that Groat be transferred to another unit. Hitz says he is fairly certain that he also urged that steps be taken to avoid a repeat of the problems Groat had encountered and that “we expected this not to happen again.” But the recommendation that Groat be transferred created a problem: There was no other unit like the Shop. Groat says he was given a desk at a CIA building in Tysons Corner, in Northern Virginia, but no work to do—for 14 months. In October 1992, he says, he was moved to another office in Northern Virginia but still given no duties. He worked out at a gym in a nearby CIA building and went home by 11 a.m.

By then Groat was at the end of his rope. “I was under more and more pressure” to quit, he says. “I was being pushed out and I was looking at losing my retirement.” He called the inspector general, “and he told me to find another job because I wasn’t going to get my job [at the Shop] back.”

The way Groat saw it, he had risked his life for nearly a decade to perform some of his country’s most demanding, valuable and risky work. He was the best at what he did, and yet that didn’t seem to matter; some bureaucrats had forced him out of the Shop for speaking out.

So he decided to run his own operation. Against the CIA.

In September 1992, Groat sent three anonymous letters to the ambassador of an Asian country revealing an operation he had participated in about a year and a half earlier to bug computers in an embassy the country maintained in Scandinavia. “It was a last-ditch effort to get the agency to pay attention,” Groat says. Clearly, he knew he was taking a terrible risk. At least one letter was intercepted and turned over to the CIA. But one or more may have gotten through, because the bugs suddenly went silent.

By early 1993, CIA counterintelligence officers had launched an investigation to find out who wrote the letters. The FBI was brought in, and its agents combed through the library at CIA headquarters in Langley, Virginia, dusting for prints on a list of foreign embassies in case the letters’ author had found the address there. The FBI “came to my house two or three times,” Groat says. Its agents showed him a form stating that his thumbprints, and the prints of two other people, were identified on the page listing the foreign missions. Of course, that didn’t prove who had written the letters.<

Groat was called into CIA headquarters and questioned. “I knew they didn’t have anything,” he says. “Since I thought I was still in a negotiation with the Office of General Counsel to resolve this whole thing I wasn’t going to say anything. I wanted them to believe I had done it but not know that I had done it. I wanted to let that play out.” When he refused to take a polygraph, he was put on administrative leave.

By the summer of 1994 his marriage was disintegrating, and that October Groat left home. He later bought a Winnebago and began wandering the country with a girlfriend. Meanwhile, he began negotiating a retirement package with the CIA and hired an attorney, Mark Bradley, a former Pakistan analyst for the agency.

In a letter to James W. Zirkle, the CIA’s associate general counsel, Bradley noted that Groat “gave the CIA 14 years of his life….His numerous awards and citations demonstrate how well he performed his assignments, many of which were extremely dangerous. He gave his heart and soul to the Agency and feels that it has let him down.” Groat wanted $500,000 to compensate him, Bradley added, “for the loss of his career.”

In reply, Zirkle wrote that before the agency would consider “the very substantial settlement” being sought, Groat would have “to accurately identify the person…responsible for the compromise of the operation” under investigation. “If he can provide us with clear and convincing corroborating evidence confirming the information that he would provide, we would be prepared to consider not using the polygraph.” But the exchange of letters led nowhere. In September 1996 Groat was divorced, and a month later he was dismissed from the CIA, with no severance and no pension.

Seeking new leverage with the agency, Groat made another risky move: In January 1997 he telephoned Zirkle and said that without a settlement, he would have to earn a living as a security consultant to foreign governments, advising them on how to protect their codes.

Groat’s telephone call detonated like a bombshell at CIA headquarters. Senior officials had long debated what to do about him. Some favored negotiating a money settlement and keeping him quiet; others wanted to take a hard line. Groat’s call intensified the agency’s dilemma, but it seemed to have worked: Zirkle urged patience; a settlement was imminent. “We are working very hard to come to a timely and satisfactory resolution,” the lawyer wrote in a subsequent letter.

That March, Zirkle sent Groat a written offer of $50,000 a year as a contract employee until 2003, when he would be eligible to retire with a full pension. The contract amounted to $300,000—$200,000 less than what Groat had sought. Again, Zirkle reminded him, he would have to cooperate with the counterintelligence investigation. He would be required to take a polygraph, and he would have to agree not to contact any foreign government. Bradley urged his client to take the money and run, but Groat believed the agency’s offer was too low.

Later that month, he visited 15 foreign consulates in San Francisco to drop off a letter in which he identified himself as a former CIA officer whose job was “to gain access to…crypto systems of select foreign countries.” The letter offered his expertise to train security officers on ways to protect “your most sensitive information” but did not disclose any information about how the CIA stole codes. The letter included a telephone number and a mailbox in Sacramento where he could be contacted.

Groat says he had no takers—and claims he didn’t really want any. “I never intended to consult for a foreign country,” he says. “It was a negotiating ploy….Yes, I realized it was taking a risk. I did unconventional work in my career, and this was unconventional.” He did not act secretly, Groat notes; he wanted the agency and the FBI to know. He told the CIA what he planned to do, and he gave the FBI a copy of his letter after he had visited the consulates. The FBI opened another investigation of Groat.

Molly Flynn, the FBI agent assigned to the case, introduced herself to Groat and stayed in touch with him after he moved to Atlanta for training as an inspector for a gas pipeline company. In late March, Groat called Flynn to say he was heading for Pennsylvania to start on his first inspection job.

Flynn invited him to stop off in Washington for a meeting she would arrange with representatives of the CIA, the FBI and the Justice Department to try to resolve the situation. Still hoping to reach a settlement, Groat says, “I accepted eagerly.”

On April 2, 1998, he walked into an FBI building in downtown Washington. Flynn greeted him in the lobby. Had the others arrived yet? he asked as she led him to a first-floor conference room. She said they had not. As the door clicked shut behind him, she delivered unexpected news. “I told him we had resolved the matter, but not to his liking,” Flynn recalls. A man in a white shirt and tie—a Justice Department official, Groat later concluded—told him: “We decided not to negotiate with you. We indicted you instead.” Then the man turned and left.

Groat was arrested and held in the room for five hours. Flynn and two other agents remained with him, he says. His car keys were taken away. “One of the FBI agents said, ‘It probably wouldn’t do much good to ask you questions, would it?’ And I said, ‘No, it wouldn’t.’” After being strip-searched, fingerprinted and handcuffed, he says, he was driven to the Federal District Court building and locked in a cell. Held there for two days, he was strip-searched again in front of eight people, including a female officer, shackled and outfitted with a stun belt. “My eyes were covered with a pair of goggles, the lenses masked over with duct tape,” he says. He was moved by van, with a police escort, to a waiting helicopter.

After a short ride, he was taken to a windowless room that would be his home for the next six months. He was never told where he was, but he was told he was being treated as an “extreme risk” prisoner. The lights in his cell were kept on 24/7, and a ceiling-mounted camera monitored him all the time.<

Robert Tucker, a federal public defender in Washington, was assigned to Groat’s case. When Tucker wanted to visit his client, he was picked up in a van with blacked-out windows and taken to him. Tucker, too, never learned where Groat was being held.

A few days before Groat’s arrest, a federal grand jury in Washington had handed down a sealed indictment accusing him of transmitting, or trying to transmit, information on “the targeting and compromise of cryptographic systems” of unnamed foreign countries—a reference to his distributing his letter to the consulates. The formal charge was espionage, which carries a possible penalty of death. He was also charged with extortion, another reference to his approach to the consulates; the indictment accused him of attempting to reveal “activities and methods to foreign governments” unless the CIA “paid the defendant for his silence in excess of five hundred thousand dollars ($500,000).”

As a trial date approached, prosecutors offered Groat a plea agreement. Although they were not pressing for the death penalty, Groat faced the prospect of life in prison if a jury convicted him of espionage. Reluctantly, he agreed to plead guilty to extortion if the government would drop the spying charges. “I had no choice,” he says. “I was threatened with 40 years to life if I didn’t take the deal.” Groat also agreed to testify fully in the CIA and FBI counterintelligence investigations, and he subsequently confessed that he sent the letters about the bugged computers.

On September 25, 1998, Groat stood before Judge Thomas F. Hogan of the Federal District Court in Washington and entered his guilty plea. He was sentenced to five years.

The question of where Groat would serve his time was complicated by what a federal Bureau of Prisons official referred to as his “special abilities.” While still in solitary, he wrote to a friend: “The marshals are treating me like I’m a cross between MacGyver, Houdini and Rambo.” But in the end, he was sent to the minimum-security wing of the federal prison camp in Cumberland, Maryland. “My skills, after all, were not for escaping,” Groat notes. “They were for entering places.”

There Groat was assigned to a case manager, who introduced herself as Aleta. Given her new client’s reputation, she put him in solitary the first night. But officials gradually noticed she and Groat spent a lot of time talking to each other. As a result, he was transferred to the federal prison in Terre Haute, Indiana, after two years, but the two corresponded often.

In March 2002, Groat was released a month short of four years, his sentence reduced for good behavior. Aleta was waiting for him at the prison gate, and they were married that December. Today, Doug and Aleta Groat live on 80 acres in the South. He prefers not to disclose his location any more specifically than that. He has not told his neighbors or friends about his previous life as a spy; he works the land and tries to forget the past.

When he looks back, Groat tries to focus on the good parts. “I loved the work at CIA. I’d come back from an op and couldn’t wait for what happens next,” he says. “I thought the work was good for the country. I was saddened by the way I was treated by the agency, because I tried to do my job.”

The CIA was unwilling to talk about Douglas Groat or anything connected with his case. Asked whether it has a team that goes around the globe breaking into foreign embassies and stealing codes, a spokesperson provided a five-word statement: “The CIA declined to comment.”

By David Wise
Smithsonian magazine, October 2012, Subscribe

Find this story at October 2012

© smithsonianmag.com

Between 2006 and 2009, surveillance helicopters conducted daily flights over northwest Washington, D.C., taking high-resolution photographs of the new Chinese Embassy being constructed on Van Ness Street. The aircraft belonged to the Federal Bureau of Investigation, which wanted to determine where the embassy’s communications center was being located. But the Chinese construction crews hid their work on this part of the building by pulling tarpaulins over the site as it was being constructed.

The FBI also monitored the movements and activities of the Chinese construction workers building the embassy, who were staying at a Days Inn on Connecticut Avenue just north of the construction site, in the hopes of possibly recruiting one or two of them. According to one Chinese diplomat, his fellow officials detected individuals who they assumed to be FBI agents covertly monitoring the construction materials and equipment being used to build the embassy, which were stored on the University of the District of Columbia’s soccer field across the street from where the Chinese Embassy currently stands. The diplomat added that Chinese security officials assumed that the FBI agents were trying to determine whether it was possible to plant eavesdropping devices inside the construction materials stored at the site.

In recent weeks, the U.S. National Security Agency’s efforts to monitor foreign diplomats have become the stuff of worldwide headlines. But the FBI has been in the business of spying on diplomats and breaking their codes for far longer than the NSA has. The surveillance of the Chinese Embassy was just one piece of a far larger espionage operation. The FBI not only endeavors to steal or covertly compromise foreign government, military, and commercial computer, telecommunications, and encryption systems being used in the United States, but the FBI and NSA work closely to intercept the communications of all diplomatic missions and international organizations located on American soil. In some important respects, the FBI’s cryptologic work is more secretive than that being performed by the NSA because of the immense diplomatic sensitivity of these operations if they were to ever be exposed publicly.

The Bureau of Investigation, the predecessor to today’s FBI, has been monitoring diplomatic communications since at least 1910, when it periodically solved Mexican government and revolutionary group cable traffic coming in and out of the United States. And for over a century, the FBI and its predecessors have been aggressive practitioners of the age-old art of stealing codes and ciphers. In June 1916, Bureau of Investigations agents surreptitiously obtained a copy of the new Mexican consular code by picking the pockets of a Mexican diplomatic courier while he cavorted with “fast women” in one of the innumerable border fleshpots along the Rio Grande.
More FP Coverage
the NSA Leaks
Meet the Spies Doing the NSA’s Dirty Work
Exclusive: Inside America’s Plan to Kill Online Privacy Rights Everywhere
The FBI is Helping the NSA Spy, but Senators Don’t Want to Know About It

Little has changed in the intervening century. Despite the creation of the NSA in 1952 to centralize in one agency all U.S. government signals intelligence (SIGINT) collection and processing work, the FBI, which did not respond to requests for comment for this story, has never ceased its own independent cryptologic efforts, especially when those efforts have been aim at diplomats on American soil.

***

The number of foreign government targets that the FBI monitors inside the United States is huge and growing. State Department records show that 176 countries maintain embassies in Washington, not including Cuba and Iran, which the U.S. government does not have diplomatic relations with but which maintain interest sections inside the Swiss and Pakistani embassies, respectively.

In addition, 115 of the 193 members of the United Nations maintain diplomatic missions of varying sizes in New York City. There are also 62 consulates in Los Angeles, 52 in Chicago, 42 in San Francisco, 38 in Houston, 35 in Miami, and 26 in Boston and Atlanta.

All told, there are almost 600 foreign government embassies, consulates, missions, or representative offices in the United States, all of which are watched to one degree or another by the counterintelligence officers of the FBI. Only eight countries do not maintain any diplomatic presence in the United States whatsoever, the most important of which is nuclear-armed North Korea.

Every one of these embassies and consulates is watched by the FBI’s legion of counterintelligence officers to one degree or another. But some countries’ receive the vast majority of the FBI’s attention, such as Russia, China, Libya, Israel, Egypt, Syria, Jordan, Lebanon, Saudi Arabia, Iraq, Afghanistan, India, Pakistan, and Venezuela. The Cuban and Iranian interests section in Washington — and their missions to the United Nations in New York — of course receive special attention as well.

Unsurprisingly, most of the FBI’s surveillance is technical in nature. For example, with substantial technical assistance from the NSA and the “big three” American telecommunications companies (AT&T, Verizon, and Sprint), the FBI taps the phones (including cell phones) of virtually every embassy and consulate in the United States. The FBI also intercepts the home phones and emails of many diplomats. The FBI’s Washington and New York field offices have special wiretap centers that specialize in collecting all telephone, email, instant messaging, text messaging, and cellular telephone traffic coming in and out of all high-priority diplomatic targets in the United States 24 hours a day, seven days a week. According to a former Justice Department source, over the past decade these extremely sensitive intercepts have identified a number of spies working for governments that were caught in the act of stealing U.S. government secrets, as well as a larger number of cases involving the theft of industrial secrets from American companies.

Since 1978, all electronic communications, both plaintext and encrypted, between these embassies and their home countries have been routinely intercepted by the NSA’s BLARNEY fiber-optic-cable intercept program. The NSA provides copies of all these intercepts, including telephone calls and emails, to the FBI’s secretive signals-intelligence unit, the Data Intercept Technology Unit (DITU) at the Quantico Marine Corps base in Northern Virginia, and to the FBI’s electronic-eavesdropping centers in Washington and New York.

The FBI also uses a wide range of vehicles and airborne surveillance assets to monitor the movements and activities of foreign diplomats and intelligence operatives in Washington and New York. Some of the vans, aircraft, and helicopters used by the FBI for this purpose are equipped with equipment capable of intercepting cell-phone calls and other electronic forms of communication. And when that doesn’t work, the FBI calls in the burglars.

***

Another important part of the FBI’s surveillance effort is dedicated to trying to surreptitiously get inside these diplomatic establishments on behalf of the NSA, which increasingly depends on the FBI to penetrate the computer and telecommunications networks used by these embassies and compromise their information security systems.

The FBI perfected this clandestine technique, known as the Surreptitious Entry Program operation, during Cold War intelligence-gathering operations directed at the Soviet Union and its Eastern European allies. These missions remain highly classified because of the diplomatic sensitivity surrounding breaking into the embassies of friends and enemies alike. In one instance during the 1960s, FBI agents reportedly drove a garbage truck into the central courtyard of the Czech Embassy in the middle of the night and spirited away one of the embassy’s cipher machines for study by the NSA’s code breakers.

The FBI is still conducting these highly sensitive operations. Specially trained teams of FBI agents are still periodically breaking into foreign embassies and consulates in the United States, primarily in New York and Washington. In New York, a special team of FBI burglars is based in a converted warehouse in Long Island City in Queens, according to a former FBI employee who worked there. The nondescript facility is large enough that the FBI can build mock-ups of the exteriors and interiors of embassies being targeted for break-ins. The FBI has a similar facility in Northern Virginia, where full-size mock-ups of embassies in Washington are constructed to train FBI teams prior to conducting black-bag jobs of the facilities.

To facilitate these operations, the FBI has a huge library of architectural drawings, floor plans, building permits, and any other documents that it can lay its hands on concerning the layouts of every embassy and consulate in the United States. Many of these documents were obtained in close conjunction with the diplomatic security staff of the State Department and the uniformed branch of the Secret Service, which is responsible for providing security for foreign diplomatic establishments in the United States. The FBI also interviews the repair and maintenance personnel who service the leased computers and telecommunications equipment used by a host of embassies and other diplomatic establishments in Washington and New York.

Since the 9/11 terrorist attacks, the tempo of FBI clandestine operations designed to steal, compromise, or influence foreign computer, telecommunications, or encryption systems has increased by several orders of magnitude. According to a former Justice Department official, over the past decade clandestine human-intelligence operations run by the FBI’s Washington and New York field offices have been enormously successful in compromising a wide range of computer systems and encryption technology used by foreign governments and corporate entities. In a number of important cases, these FBI operations have allowed the NSA’s code-breakers to penetrate foreign encryption systems that had defied the ability of the code-breakers to solve through conventional cryptanalytic means. For example, the FBI was able to give the NSA the daily changes in cipher keys for an encryption system used by a country in the developing world. In another case, the FBI was able to covertly insert spyware into the operating system of a computer being used by a foreign mission in New York, allowing the NSA to read the plaintext versions of cables before they were encrypted.

***

But by far the most productive and sensitive intelligence source about what is going on inside embassies and consulates in the United States is a joint FBI-NSA electronic-eavesdropping program known as Close Access SIGINT. It enables the FBI and NSA to listen to what is transpiring inside these buildings by using a wide range of covert technical sensors that are monitored in real time from covert listening posts located in close proximity to the targets.

Some of these operations involve spyware software that has been covertly planted inside the computer systems of embassies and consulates, which allows the NSA’s computer-hacking organization, the Office of Tailored Access Operations (TAO), to read in real time everything that is being stored on individual computers or on the computer network itself. Some of these implants are designed and operated by TAO. Others are designed by the FBI’s SIGINT unit, the DITU. Some sensors periodically copy the contents of computer hard drives; another sensor takes screen shots of documents being processed or reviewed on compromised computer systems. The FBI is also using sophisticated laser and acoustic systems to image and record the sounds of what is being typed on computers, according to a source with access to the trove of documents leaked to the media by former NSA contractor Edward Snowden.

To pick up the signals from these clandestine sensors, the FBI uses front companies to lease office space within line of sight of nearly 50 embassies and consulates in Washington and New York. In other instances, the FBI and NSA have installed disguised receivers on building rooftops near these embassies to pick up the data signals from clandestine sensors implanted inside these embassies and consulates. Some of these disguised receivers can clearly be seen on the rooftop of a building located within line of sight of the Chinese, Israeli, and Pakistani embassies on Van Ness Street in northwest Washington. It’s a neighborhood that’s awfully familiar to the FBI and its eavesdroppers.
Save big when you subscribe to FP.

MICHAEL BRADLEY/AFP/Getty Images

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency.

BY MATTHEW M. AID | NOVEMBER 19, 2013

Find this story at 19 November 2013

© 2013 The Slate Group, LLC. All rights reserved.

The Federal Bureau of Investigation serves a crucial role in securing the United States from
criminals, terrorists, and hostile foreign agents. Just as importantly, the FBI also protects civil
rights and civil liberties, ensures honest government, and defends the rule of law. Its agents serve
around the country and around the world with a high degree of professionalism and competence,
often under difficult and dangerous conditions. But throughout its history, the FBI has also
regularly overstepped the law, infringing on Americans’ constitutional rights while
overzealously pursuing its domestic security mission.
After the September 11, 2001 terrorist attacks, Congress and successive attorneys general
loosened many of the legal and internal controls that a previous generation had placed on the FBI
to protect Americans’ constitutional rights. As a result, the FBI is repeating mistakes of the past
and is again unfairly targeting immigrants, racial and religious minorities, and political dissidents
for surveillance, infiltration, investigation, and “disruption strategies.”
But modern technological innovations have significantly increased the threat to American liberty
by giving today’s FBI the capability to collect, store, and analyze data about millions of innocent
Americans. The excessive secrecy with which it cloaks these domestic intelligence gathering
operations has crippled constitutional oversight mechanisms. Courts have been reticent to
challenge government secrecy demands and, despite years of debate in Congress regarding the
proper scope of domestic surveillance, it took unauthorized leaks by a whistleblower to finally
reveal the government’s secret interpretations of these laws and the Orwellian scope of its
domestic surveillance programs.
There is evidence the FBI’s increased intelligence collection powers have harmed, rather than
aided, its terrorism prevention efforts by overwhelming agents with a flood of irrelevant data and
false alarms. Former FBI Director William Webster evaluated the FBI’s investigation of Maj.
Nadal Hasan prior to the Ft. Hood shooting and cited the “relentless” workload resulting from a
“data explosion” within the FBI as an impediment to proper intelligence analysis. And members
of Congress questioned several other incidents in which the FBI investigated but failed to
interdict individuals who later committed murderous terrorist attacks, including the Boston
Marathon bombing. While preventing every possible act of terrorism is an impossible goal, an
examination of these cases raise serious questions regarding the efficacy of FBI methods. FBI
data showing that more than half of the violent crimes, including over a third of the murders in
the U.S., go unsolved each year calls for a broader analysis of the proper distribution of law
enforcement resources.
With the appointment of Director James Comey, the FBI has seen its first change in leadership
since the 9/11 attacks, which provides an opportunity for Congress, the president, and the
attorney general to conduct a comprehensive evaluation of the FBI’s policies and programs. This
report highlights areas in which the FBI has abused its authority and recommends reforms to ensure the FBI fulfills its law enforcement and security missions with proper public oversight
and respect for constitutional rights and democratic ideals.
The report describes major changes to law and policy that unleashed the FBI from its traditional
restraints and opened the door to abuse. Congress enhanced many of the FBI’s surveillance
powers after 9/11, primarily through the USA Patriot Act and the Foreign Intelligence
Surveillance Act Amendments. The recent revelations regarding the FBI’s use of Section 215 of
the USA Patriot Act to track all U.S. telephone calls is only the latest in a long line of abuse.
Five Justice Department Inspector General audits documented widespread FBI misuse of Patriot
Act authorities in 2007 and 2008. Congress and the American public deserve to know the full
scope of the FBI’s spying on Americans under the Patriot Act and all other surveillance
authorities.
Attorney General Michael Mukasey rewrote the FBI’s rule book in 2008, giving FBI agents
unfettered authority to investigate anyone they choose without any factual basis for suspecting
wrongdoing. The 2008 Attorney General’s Guidelines created a new kind of intrusive
investigation called an “assessment,” which requires no “factual predicate” and can include
searches through government or commercial databases, overt or covert FBI interviews, and
tasking informants to gather information about anyone or to infiltrate lawful organizations. In a
two-year period from 2009 to 2011, the FBI opened over 82,000 “assessments” of individuals or
organizations, less than 3,500 of which discovered information justifying further investigation.
The 2008 guidelines also authorized the FBI’s racial and ethnic mapping program, which
allows the FBI to collect demographic information to map American communities by race and
ethnicity for intelligence purposes, based on crass racial stereotypes about the crimes each group
commits. FBI documents obtained by the American Civil Liberties Union show the FBI mapped
Chinese and Russian communities in San Francisco for organized crime purposes, all Latino
communities in New Jersey and Alabama because there are street gangs, African Americans in
Georgia to find “Black separatists,” and Middle-Eastern communities in Detroit for terrorism.
The FBI also claimed the authority to sweep up voluminous amounts of information secretly
from state and local law enforcement and private data aggregators for data mining purposes. In
2007, the FBI said it amassed databases containing 1.5 billion records, which were predicted to
grow to 6 billion records by 2012, which is equal to 20 separate “records” for every person in the
United States. The largest of these databases, the Foreign Terrorist Tracking Task Force,
currently has 360 staff members running 40 separate projects. A 2013 Inspector General audit
determined it “did not always provide FBI field offices with timely and relevant information.”
The next section of the report discusses the ways the FBI avoids accountability by skirting
internal and external oversight. The FBI, which Congress exempted from the Whistleblower
Protection Act, effectively suppresses internal dissent by retaliating against employees who
report waste, fraud, abuse, and illegality. As a result, 28 percent of non-supervisory FBI employees surveyed by the Inspector General said they “never” reported misconduct they saw or
heard about on the job. The FBI also aggressively investigates other government whistleblowers,
which has led to an unprecedented increase in Espionage Act prosecutions over the last five
years. And the FBI’s overzealous pursuit of government whistleblowers has also resulted in the
inappropriate targeting of journalists for investigation, infringing on free press rights. Recent
coverage of overbroad subpoenas for telephone records of Associated Press journalists and an
inappropriate search warrant for a Fox News reporter are only the latest examples of abuse. In
2010 the Inspector General reported the FBI used an illegal “exigent letter” to obtain the
telephone records of 7 New York Times and Washington Post reporters. And the FBI thwarts
congressional oversight with excessive secrecy and delayed or misleading responses to
questions from Congress.
Finally, the report highlights evidence of abuse that requires greater regulation, oversight, and
public accountability. These include many examples of the FBI targeting First Amendment
activities by spying on protesters and religious groups with aggressive tactics that infringe on
their free speech, religion, and associational rights. In 2011, the ACLU exposed flawed and
biased FBI training materials that likely fueled these inappropriate investigations.
The FBI also operates increasingly outside the United States, where its activities are more
difficult to monitor. Several troubling cases indicate the FBI may have requested, facilitated,
and/or exploited the arrests of U.S. citizens by foreign governments, often without charges, so
they could be held and interrogated, sometimes tortured, and then interviewed by FBI agents.
The ACLU represents two proxy detention victims, including Amir Meshal, who was arrested
at the Kenya border in 2007 and subjected to more than four months of detention in three
different East African countries without charge, access to counsel, or presentment before a
judicial officer, at the behest of the U.S. government. FBI agents interrogated Meshal more than
thirty times during his detention.
Other Americans traveling abroad discover that their government has barred them from flying;
the number of U.S. persons on the No Fly List has doubled since 2009. There is no fair
procedure for those mistakenly placed on the list to challenge their inclusion. Many of those
prevented from flying home have been subjected to FBI interviews after seeking assistance from
U.S. Embassies. The ACLU is suing the government on behalf of 10 American citizens and
permanent residents who were prevented from flying to the U.S., arguing that barring them from
flying without due process is unconstitutional.
These FBI abuses of authority must end. We call on President Barack Obama and Attorney
General Eric Holder to tighten FBI authorities to prevent unnecessary invasions of Americans’
privacy; prohibit profiling based on race, ethnicity, religion and national origin; and protect First
Amendment activities. And we call on Congress to make these changes permanent through
statute and improve oversight to prevent future abuse. The FBI serves a crucial role in protecting
Americans, but it must protect our rights as it protects our security.

Find this story at 17 September 2013

© ACLU