Snowden is a Fraud

In the two years since the Edward Snowden saga went public, a handful of people who actually understand the Western signals intelligence system have tried to explain the many ways that the Snowden Operation has smeared NSA and its partners with salacious charges of criminality and abuse. I’ve been one of the public faces of what may be called the Snowden Truth movement, and finally there are signs that reality may be intruding on this debate.

No American ally was rocked harder by Snowden’s allegations than Germany, which has endured a bout of hysteria over charges that NSA was listening in on senior German officials, including Chancellor Angela Merkel. Although these stories included a good deal of bunkum from the start, they caused a firestorm in Germany, particularly the alleged spying on Merkel, which was termed Handygate by the media.

In response, Germany tasked Federal prosecutors with looking into the matter and, they if determined there was sufficient evidence, to press charges against NSA for breaking stringent German privacy laws. The investigation, led by Harald Range, Germany’s attorney general, has been slow and diligent, examining all possible evidence about NSA spying on Germany. Here Snowden’s purloined information would play a key role.

However, the matter has become politically fraught. In the first place, senior German security officials were circumspect about the case, since Berlin is heavily dependent on NSA for intelligence on vital matters like terrorism. Worse, follow-on Snowden revelations showed that the BND, German’s foreign intelligence service, and NSA are close partners, and the BND has itself been spying on EU neighbor states that are friendly to Germany such as AustriaBelgium, and the Netherlands.

To top it off, last month’s major hack of the Bundestag, Germany’s parliament, turns out to have been the work of Russians, apparently state-sponsored. In reality, the major spy threats to Germany are not NSA, but Russians and Chinese, as I’ve been saying for some time — and, to be fair, so have German security officials, though they got drowned out in the public hysteria over Snowden.

Now we learn that Range’s prosecutors are dropping their year-long Handygate inquiry, for want of hard evidence. Federal prosecutors in Karlsruhe aren’t saying much, beyond that they simply don’t have evidence of spying that would stand up in court. Back in December, Attorney General Range offered a warning about the dubious nature of much of the “evidence” against NSA:

The document presented in public as proof of an actual tapping of the mobile phone is not an authentic surveillance order by the NSA. It does not come from the NSA database. There is no proof at the moment which could lead to charges that Chancellor Merkel’s phone connection data was collected or her calls tapped.

Got that? That’s the polite, legalistic way of saying the Snowden claims are backed by faked NSA documents, as has been clear for some time to anybody who understands counterintelligence and the SIGINT system. This should surprise no one, since using fake or doctored Western intelligence documents to embarrass democracies is a venerable tradition for Russian intelligence — the proper espionage term is Active Measures — and since Snowden’s been in Moscow for the last two years and shows no signs of going anywhere else anytime soon, two and two can be added together here.

To make matters worse for Snowden’s fans, a report about the Handygate inquiry being dropped in the magazine Der Spiegel, which has been a key player in the Snowden Operation, includes the painful truth. While some have clamored to get Snowden out of Moscow to testify before prosecutors, Berlin understood how politically tricky that would be. Moreover, prosecutors determined that Ed simply didn’t have much to say.

As a prosecutor explained, Snowden provided “no evidence that he has his own knowledge” (keine Hinweise dafür, dass er über eigene Kenntnisse verfügt). In other words, Ed doesn’t actually know what he’s talking about. This is not news to anybody who understands how NSA and the Allied SIGINT system actually work.

Snowden was an IT guy, not a SIGINT analyst, and in his final position he was working as a contracted infrastructure analyst for NSA’s Information Assurance arm, i.e. the Agency’s defensive side, which protects classified U.S. communications networks. Snowden was never a SIGINTer, working on the intelligence collection side of the house, and he doesn’t seem to understand how that complex system, built over decades, actually functions.

This is why Snowden has made so many odd, contradictory, and even outlandish statements over the past couple years about SIGINT, which have caused those who actually understand how NSA works to scratch their heads … Ed doesn’t know any better.

It’s been obvious for some time to insiders that, for reasons we still don’t fully understand, Snowden decided to steal something like 1.7 million classified documents from NSA servers through internal hacks. About 900,000 of those documents came from the Pentagon and have nothing to do with intelligence matters.

There’s no way Snowden could have read more than a tiny fraction of what he stole, nobody has that much time, and it’s clear now that Ed, an IT guy and a thief, who was never any sort of “spy” as he portrays himself, would not have understood all those NSA documents he made off with anyway.

Snowden’s been living under the protection of Putin’s Federal Security Service now for two years, functioning as a pawn of Russian intelligence. When his secret relationship with the Kremlin started remains an open question, but that he has one now can only be denied by the foolish (witness the weak lies told by his supporters about Ed’s FSB ties), since when you defect, you wind up in the care of that country’s security service. That’s how it works in America, and I don’t hear anybody seriously suggesting that Putin’s Kremlin is more liberal in these matters than the FBI or CIA.

In light of these revelations from Germany, it’s worth pondering whether Ed was always just a pawn, a talking head, for others with agendas to harm Western security. As we’re now in the Cold War 2.0 with Russia that I warned you about after Putin’s theft of Crimea, this seems like a more than academic question.

For two years now, I’ve been trying to inform the public about what’s really going on behind the Snowden Operation, using my understanding of how the SpyWar actually functions, and I’ve gotten a lot of grief for it from Ed’s hardcore fans. News out of Germany can’t help but lead me to point out that, well … I told you so.

The OPM Hacking Scandal Just Got Worse

The other day I explained in detail how the mega-hack of the Office of Personnel Management’s internal servers looks like a genuine disaster for the U.S. Government, a setback that will have long-lasting and painful counterintelligence consequences. In particular I explained what the four million Americans whose records have been purloined may be in for:

Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective.  They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86, here).

Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.

The bad news keeps piling up with this story, including reports that OPM records may have appeared, for sale, on the “darknet.” Moreover, OPM seems to have initially low-balled just how serious the breach actually was. Even more disturbing, if predictable, is a new report in the New York Times that case “investigators believe that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.”

We can safely replace “may” in that quote with “almost certainly did” since for Chinese intelligence that would be some of the most valuable information in any of those millions of OPM files. Armed with lists of Chinese citizens worldwide who are in “close and continuing contact” (to cite security clearance lingo) with American officials, Beijing can now seek to exploit those ties for espionage purposes.

This matters because, while many intelligence services exploit ties of ethnicity to further their espionage against the United States — Russians, Cubans, Israelis, even the Greeks — none of the major counterintelligence threats to America are as dependent on blood ties as the Chinese. Simply put, in its efforts at recruiting spies abroad, Beijing is often uncomfortable operating outside its ethnic milieu. Spies run by Beijing who are not ethnic Chinese are very much the exception. This poses less of a problem for them that it might seem, however, as there are something like fifty million “overseas Chinese” worldwide, including about four million living in the United States.

Nearly every espionage case in the United States involving Beijing comes down to the ethnic angle, somewhere. To cite only a few examples, among many, Larry Wu-Tai Chin, a CIA translator/analyst, passed highly classified information to Beijing for over thirty years. Katrina Leung managed to severely damage FBI intelligence against China for years, in a complex and messy operation that confounded the Bureau. Then there’s the messy case of Wen Ho Lee, a scientist employed at Los Alamos National Laboratory, whom U.S. counterintelligence believed passed significant amounts of classified nuclear information to Beijing. Most recently was there was the case of Xiafen “Sherry” Chen, a Federal worker who was caught having unreported meetings with a Chinese regime official.

It should be noted that all the persons mentioned in the previous paragraph were born in China (Lee was born in Taiwan) then immigrated to the United States. They seem to have been persuaded to betray their adopted country on behalf of their native land. Ms. Chen, against whom serious charges were recently dropped, has alleged ethnic bias in the FBI’s pursuit of her, as did Wen Ho Lee. Members of Congress and ethnic activists have joined that chorus too. Interestingly, Beijing has sung the same tune, with regime outlets alleging that anti-Chinese prejudice is at the root of U.S. counterintelligence efforts. However, whatever blame here lies in Beijing, not Washington, DC, since it is China that is exploiting its nationals abroad to further their espionage.

Beijing also uses its citizens abroad to facilitate espionage. An interesting recent case in Hawaii, which is something of a hotbed of Chinese spying, given the large number of U.S. military commands housed on Oahu, involved a retired U.S. Army officer and defense contractor working at U.S. Pacific Command who apparently got honey-trapped by a fetching young Chinese student (this is being a common Chinese tactic). Benjamin Bishop has been sentenced to more than seven years in jail for stealing classified information from work and passing it to a Chinese woman less than half his age, who was in the United States on a student visa.

The modus operandi of Chinese intelligence and its operations abroad are understood by the FBI and the Intelligence Community. However, the extent of the information loss in the OPM hack is so vast that all the counterintelligence awareness in the world may not be able to offset the advantage in the SpyWar that Beijing has won with this vast data theft. If you are (or have been) employed with the Federal government and have listed Chinese persons in any way on your SF86, it’s time to be vigilant.

Hacking as Offensive Counterintelligence

Washington, DC, is reeling from revelations that the Office of Personnel Management, the Federal government’s HR hub, has been extensively hacked. OPM is an obscure but important agency since it holds the personnel records of Federal workers, past and present, and even more, it conducts background investigations for security clearance holders across many Federal agencies.

Based on available information so far, the records of some four million Federal workers, going back to 1985, have been compromised, of whom 2.1 million are currently serving. In what has become the custom inside the Beltway, OPM had repeated warnings about its slipshod computer security practices but not much was done despite the enormously rising threat of foreign hackers. The extent of this needless debacle is truly disastrous, as I explained in a series of tweets the other day.

1/ Let me explain a bit about why the compromise of OPM information is so serious from a security & counterintelligence (CI) viewpoint ….

— John Schindler (@20committee) June 6, 2015

2/ We can take it as a given that career/HR type info has been compromised on 4M FedGov employees (2.1M current) whose data got hacked…

— John Schindler (@20committee) June 6, 2015

3/ That’s important — but far more is background investigation (BI) info which OPM first denied was compromised, now admits it has been…

— John Schindler (@20committee) June 6, 2015

4/ A USG BI, which OPM handles a lot of for many different agencies, is NOT some sort of glorified credit check, it’s much more than that…

— John Schindler (@20committee) June 6, 2015

5/ BI contains very personal & private information, supplied by security clearance applicants then verified (one hopes) by adjudicators …

— John Schindler (@20committee) June 6, 2015

6/ BI data includes your personal life, travels, full bio, details on finances and any “troubles” — legal, private, sexual, you name it…

— John Schindler (@20committee) June 6, 2015

7/ BI also goes into great detail about “foreign national contacts” of clearance holders and applicants — a goldmine for foreign intel ….

— John Schindler (@20committee) June 6, 2015

8/ Whoever has this info now can say about FedGover X that they know more about them than that person’s best friends, even spouse/partner…

— John Schindler (@20committee) June 6, 2015

9/ This is EXACTLY the sort of information any FI service would love to have in order to influence, recruit, or compromise USG personnel …

— John Schindler (@20committee) June 6, 2015

10/ From any CI viewpoint, OPM hack is a certified disaster that it will be difficult to repair in less than decades. A truly epic #FAIL

— John Schindler (@20committee) June 6, 2015

Speaking as a former counterintelligence officer, it really doesn’t get much worse than this. For our Intelligence Community to get hit by this and the Snowden debacle within two years speaks to systemic failure, not “oversights” and “mistakes” any longer. We’re not serious about stemming foreign espionage, as I recently explained, and now that neglect has caused serious pain that will last decades. Some of the damage may not be repairable, ever.

The IC is pointing the finger at China, tentatively, apparently at hacking entities that have a “close relationship” with Chinese intelligence. The case for official Chinese culpability is growing. It seems that Beijing is using aggressive hacking to establish a database of information about millions of Federal workers and security clearance holders.

Why China would do that isn’t difficult to guess. While defensive counterintelligence, the preventing and uncovering of enemy spies, is the “JV” level of counterespionage, as President Obama might put it (notwithstanding that the IC can’t manage even this), the real pros engage in offensive counterintelligence, which aims at recruiting spies inside the enemy camp, particularly inside the opposing intelligence service. That’s how you gain control of the enemy’s central nervous system: You know what he knows about you, hence you can deceive him at a strategic level. This is the essence of SpyWar, as I’ve explained, the secret struggle between the West and adversaries like China, Russia, and Iran, a clandestine battle that never ceases, yet that the public seldom gets wind of, except when something goes wrong. “May we read about you in the newspapers,” is the old Mossad curse/wag for a reason.

Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective.  They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86, here).

Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.

Perhaps the most damaging aspect of this is not merely that four million people are vulnerable to compromise, through no fault of their own, but that the other side now so dominates the information battlespace that it can halt actions against them. If they get word that a American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: run up debts falsely (they have all the relevant data), perhaps plant dirty money in bank accounts (they have all the financials too), and thereby cause any curious officials to lose their security clearances. Since that is what would happen.

If this sounds like a nightmare scenario for Washington, DC, that’s because it is. Decades of neglect have gotten us here and it will take decades to get us out of it. The first step is admitting the extent of the problem. Getting serious about security and counterintelligence, finally, is the closely related second step. Back in the 1990’s, CI professionals warned the U.S. government about the hazards of putting everything online (we also pointed this out about internal databases that were supposed to be “secure”). Any cautions or caveats were dismissed as “old think,” out of hand. We were right about this, just as we were right about insider threats like Snowden. The past is the past, it’s time to move forward and do better without delay. The SpyWar is heating up and there’s no time to waste.