“Smith might say, ‘I am attending it, I’ll let you know who I chatted with. If I bump into an Iranian, I won’t run in the opposite direction.’ If he says, ‘I’d love to attend, but the travel budget at the university is pretty tight,’ I could see where the CIA or FBI guy would say, ‘Well, you know, we might be able to take care of your ticket, in economy class.’”
* * *
A SPY’S COURTSHIP of a professor often begins with a seemingly random encounter—known in the trade as a “bump”—at an academic conference. One former CIA operative overseas explained to me how it works. Let’s call him “R.”
“I recruited a ton of people at conferences,” R told me. “I was good at it, and it’s not that hard.”
Between assignments, he would peruse a list of upcoming conferences, pick one, and identify a scientist of interest who seemed likely to attend because he had spoken at least twice at the same event in previous years. R would assign trainees at the CIA and NSA to develop a profile of the target—where he had gone to college, who his instructors were, and so on. Then he would cable headquarters, asking for travel funding. The trick was to make the cable persuasive enough to score the expense money, but not so compelling that other agents who read it, and were based closer to the conference, would try to preempt him.
Next he developed his cover—typically, as a businessman. He invented a company name, used GoDaddy.com to build a website, and printed business cards. He created billing, phone, and credit card records for the nonexistent company. For his name, he chose one of his seven aliases.
R was no scientist. Unlike a physicist-agent of his acquaintance, he couldn’t use a line like “You’d think they’re trying to solve the Riemann hypothesis” as an icebreaker. Instead, figuring that most scientists are socially awkward introverts, he would sidle up to the target at the edge of the conference’s get-together session and say, “Do you hate crowds as much as I do?” Then he would walk away.
“The bump is fleeting,” R says. “You just register your face in their mind.”
No one else should notice the bump. It’s a rookie mistake to approach a target in front of other people. They might be minders assigned by the professor’s own country to monitor him. They would report the conversation, compromising the target’s security and making him unwilling or unable to entertain further overtures.
For the rest of the conference, R would “run around like crazy,” bumping into the scientist at every opportunity. With each contact, called “time on target” in CIA jargon and counted in his job performance metrics, he insinuated himself into the professor’s affections. For instance, having researched his publications, R would say he had read a wonderful article on such-and-such topic but couldn’t remember the author’s name. “That was me,” the scientist would say, blushing.
After a couple of days, R would invite the scientist to lunch or dinner and make his pitch: his company was interested in research or consulting in the scientist’s field, and would like to support his work. “Every academic I have ever met is constantly trying to figure how to get grants to continue his research. That’s all they talk about.” They would agree on a specific project, and the price, which varied by the scientist’s country: “One thousand to five thousand dollars for a Pakistani. Korea is more.” Once the CIA pays a foreign professor, even if he’s unaware at first of the funding source, it controls him, because exposure of the relationship might imperil his career or even his life in his native country.
When the conference ended, and the professor was heading home, R would instruct him on security precautions: go to a cybercafé, use a thumb drive, protect your password. “The target is suspicious. ‘Why do I have to drive thirty minutes to an Internet café?’” A possible answer: R’s company was worried about competitors stealing its trade secrets.
* * *
“I’M SURPRISED THERE’S so much open intelligence presence at these conferences,” Karsten Geier said. “There are so many people running around from so many acronyms.”
Geier, head of cybersecurity policy for the German foreign office, and I were chatting at the Sixth Annual International Conference on Cyber Engagement, held in April 2016 at Georgetown University in Washington, D.C. The religious art, stained-glass windows, and classical quotations lining Gaston Hall enveloped the directors of the NSA and the FBI like an elaborate disguise as they gave keynote addresses on combating one of the most daunting challenges of the twenty-first century: cyberattacks.
The NSA’s former top codebreaker spoke, too, as did the ex-chairman of the National Intelligence Council, the deputy director of Italy’s security department, and the director of a center that does classified research for Swedish intelligence. The name tags that almost all of the seven hundred attendees wore showed that they worked for the U.S. government, foreign embassies, intelligence contractors, or vendors of cyber-related products, or they taught at universities.
Perhaps not all of the intelligence presence was open. Officially, forty nations—from Brazil to Mauritius, Serbia to Sri Lanka—were represented at the conference, but not Russia. Yet, hovering in the rear of the balcony, a slender young man, carrying a briefcase, listened to the panels. No name tag adorned his lapel. I approached him, introduced myself, and asked his name.
“Alexander,” he said, and, after a pause, “Belousov.”
“How do you like the conference?”
“No,” he said, trying to ward off further inquiries. “I am from Russian embassy. I don’t have any opinions. I would like to know, that’s all.”
I proffered a business card, and requested his, in vain. “I am here only a month. My cards are still being produced.”
I persisted, asking about his job at the embassy. (A subsequent check of a diplomatic directory showed him as a “second secretary.”) He looked at his watch. “I am sorry. I must go.”
The unclassified conference revealed no secrets. Instead, the speeches and panel discussions offered a bonanza of what is known in intelligence parlance as “open source”: publicly available information that, especially when pieced together like a jigsaw puzzle with thousands of other tidbits, illuminates government policies or cutting-edge science. Such sources are of increasing interest to intelligence agencies.
“I built an open-source system for the CIA,” Ray Van Houtte told me outside the auditorium. He’s a system architect for CACI, a national security contractor in Arlington, Virginia. His system helps the CIA test hypotheses on topics such as cooperation between Iran and North Korea. The Chinese, he added, are “the experts” on gathering open-source material. “They have tens of thousands of people doing it every day.”
The conference also provided an opportunity, and a pretext, for networking. Several years ago, a military attaché from a foreign embassy emailed conference organizer Catherine Lotrionte, a Georgetown professor and former assistant general counsel of the CIA, and asked to talk with her. He explained that he had gone to the first conference but missed the most recent one, and wanted to catch up.
The attaché visited her three times in the ensuing year. He brought her gifts—chocolates and gold coins stamped with his country’s insignia—and asked her about cybersecurity events and experts in the United States. Lotrionte, who has a security clearance, was careful to share only unclassified information.
Then a U.S. intelligence agency let her know that it was investigating the attaché. He was neither a diplomat nor a cyber aficionado (which explained why his queries had seemed rather basic). He was a spy, assigned by his government’s most senior military leaders to gather information about cybersecurity specifically from her.
The American agent mystified her by asking if the attaché was good-looking. “I said, ‘You’re targeting him, don’t you know what he looks like?’”
She offered to end the acquaintance, but the agent said no. Instead, he gave her a list of questions for the attaché. Making a rough sketch on a napkin of possible chains of cyber-command in the attaché’s coun
try, he instructed her to ask how cybersecurity was organized there.
Lotrionte declined to help. “They wanted me to do their work for them,” she said. She never learned the outcome of the investigation, but soon afterward the attaché stopped contacting her.
* * *
WHEN THE CIA wants John Booth’s opinion, it phones him to make sure he’s available to speak at a conference. But the agency’s name is nowhere to be found on the conference’s formal invitation and agenda, which invariably list a Beltway contractor as the sponsor.
By hiding its role, the CIA makes it easier for Booth and other scholars to share their insights at its conferences. They take credit for their presentations on their curriculum vitae without disclosing that they consulted for the CIA, which might alienate some academic colleagues as well as the countries where they conduct their research.
An emeritus professor of political science at the University of North Texas, Booth specializes in studying Latin America, a region where history has taught officials to be wary of the CIA. “If you were intending to return to Latin America, it was very important that your CV not reflect” these presentations, Booth told me in March 2016. “When you go to one of these conferences, if there are intelligence or defense agency principals there, it’s invisible as a line on your vitae. It provides a fig leaf for participants.
“There’s still some bias in academia against this. I don’t go around in Latin American studies meetings saying I spent time at a conference run by CIA.”
The CIA arranges conferences on foreign policy issues so that its analysts, who are often mired in classified details, can learn from scholars who understand the big picture and are familiar with publicly available sources. Participating professors are generally paid a thousand-dollar honorarium, plus expenses. With scholarly presentations followed by questions and answers, the sessions are like those at any academic meeting, except that many attendees—presumably, CIA analysts—wear name tags with only their first names.
Of ten intelligence agency conferences that Booth attended over the years, most recently a 2015 session about a wave of Central American refugee children pouring into the United States, the CIA and Office of the Director of National Intelligence directly ran only one or two. The rest were outsourced to Centra Technology Inc., the leader of a growing Beltway industry of intermediaries—“cutouts,” in espionage parlance—that run conferences for the CIA.
“There always needs to be a cutout,” Galeotti told me.
The CIA supplies Centra with funding and a list of invitees, who gather in Centra’s Conference Center, near the Ballston Metro stop in Arlington, Virginia. It’s “an ideal setting for our clients’ conferences, meetings, games, and collaborative activities,” according to Centra’s website.
“If you know anything, when you see Centra, you know it’s likely to be CIA or ODNI [Office of the Director of National Intelligence],” said Robert Jervis, the longtime CIA consultant. “They do feel that for some academics thin cover is useful.”
Established in 1997, Centra has received more than $200 million in government contracts, including $40 million from the CIA for administrative support, such as compiling and redacting classified cables and documents for the five-year Senate Intelligence Committee study of the agency’s torture program. Its executive ranks teem with former intelligence officials. Founder and chief executive Harold Rosenbaum was a science and technology adviser to the CIA. Senior vice president Rick Bogusky headed the Korea division at the Defense Intelligence Agency. Vice president for research James Harris managed analytic programs at the CIA for twenty-two years. Peggy Lyons, director of global access, was a longtime CIA manager and officer with several tours in East Asia. David Kanin, Centra analytic director, spent thirty-one years as a CIA analyst.
Like Booth, Indiana University political scientist Sumit Ganguly has spoken at several Centra conferences. “Anybody who works with Centra knows they’re in effect working for the U.S. government,” he said. “If it said CIA, there are others who would fret about it. I make no bones about it to my colleagues. If it fits in their craw, it’s their tough luck. I am an American citizen. I feel I should proffer the best possible advice to my government.”
Another political scientist, who has given four presentations for Centra, said he was told that it represented unnamed “clients.” He didn’t realize they were U.S. intelligence agencies until he noticed audience members with first-name-only name tags. He later ran into one or two of the same people at an academic conference. They weren’t wearing name tags and weren’t listed in the program, which only identified speakers, so few attendees knew they were intelligence analysts.
Centra strives to mask its CIA connections. It removed its executives’ biographies from its website in 2015. The “featured customers” listed there include the Department of Homeland Security, the FBI, the Army, and sixteen other branches of the federal government—but not the CIA. When I phoned Rosenbaum and asked him about Centra holding conferences for the CIA, he said, “You’re calling the wrong person. We have nothing to do with that.” He then hung up.
I next dropped by Centra’s offices on the fifth floor of a building in Burlington, Massachusetts, a northern suburb of Boston. The sign-in sheet asked visitors for their citizenship and “type of visit”: classified or not. The receptionist fetched human resources director Dianne Colpitts. She politely heard me out, checked with Rosenbaum, and told me that Centra wouldn’t comment.
“To be frank, our customers prefer us not to talk to the media,” she said.
* * *
THE GRAYBEARD OF CIA-concealment conferences is the RAND Corporation. Spun off from a military aircraft manufacturer in 1948, and best known for federally funded defense research, RAND has served as a CIA stand-in for decades. On July 14, 2015, for example, RAND hosted a CIA conference on the “dynamics of militia groups and the implications for Iraq and Syria.”
Although the conference was unclassified, it was one of the best-kept secrets in Washington. It was closed to the media, and off RAND’s website. The invitation to professors on the panel didn’t mention the CIA. “The RAND Corporation, in collaboration with the U.S. government, is organizing a conference,” it read. University of California, San Diego, political scientist Barbara Walter listed her presentation on her curriculum vitae under “Policy Briefings and Talks” simply as “RAND, Washington DC, ‘Lessons for Iraq and Syria,’ July 2015.”
RAND hosts two such conferences a month, often under nondisclosure agreements with intelligence agencies. Even in RAND’s internal budgets, the conferences are not designated as funded by the intelligence community but by a “generic, nondescriptive indication,” a person familiar with the process told me. That way, if hackers penetrated RAND’s system, they couldn’t trace the money to the CIA.
Like RAND, another nonprofit, federally funded center for defense research fronts for the intelligence community. Established during World War II when the Navy brought in a group of MIT researchers to thwart German submarines, the Center for Naval Analyses, run by the nonprofit organization CNA, now works with a wide array of federal agencies.
Houchang Chehabi, a Boston University professor specializing in Iranian studies, told me that he participated in a CNA conference on Iran and religion in Arlington, Virginia, in 2012. There he encountered several of his former students who work for U.S. intelligence. The center never mentioned the CIA or any other intelligence agency as its client, he said. If it had, he wouldn’t have gone, for fear of hurting his reputation and being considered “not a genuine scholar, but a kind of expert who sells his knowledge to the highest bidder.… They know exactly what they’re doing when they contract out these conferences.” Like Centra, CNA declined comment.
* * *
THAT SAME YEAR, Chehabi attended a conference in Istanbul of the International Society for Iranian Studies. He was president of the society, which had decided to meet in Turkey because Iranian professors could obtain visas to travel there. T
he choice backfired when a media mouthpiece of Iranian hard-liners denounced the conference as a Zionist plot. While the conference did include Israeli participants, and was planning a panel on Iran-Israel relations, Iranian intelligence was likely also concerned that its scholars might be recruited by Western services, or defect. The attacks proved effective. Although sixty Iranians had submitted proposals, only five showed up, and only two delivered talks.
“I’m pretty sure, in various rooms at the hotel in Istanbul where the conference was held, there were people from Iranian intelligence,” Chehabi said. “It maintains agents in Turkey, and it would be easy to sneak them into the hotel.”
Iran’s anxiety about its scholars’ loyalty may have been justified. During the conference, an Iranian approached Chehabi in a corridor and told him that he had inside information and wanted to defect to the West. “My instinct was to believe him,” Chehabi recalled. “He had his wife with him. They were both nervous. He seemed like somebody who wanted to risk everything.”
Still, it could have been a setup, and Chehabi decided to err on the side of caution. “We’re not in that business,” he told the dissident. “This is an academic conference.”
U.S. intelligence services, like Iran’s, understand that conferences are a modern-day underground railroad for Iranian academics escaping to the West. The CIA has taken full advantage of this vulnerability. Beginning under President George W. Bush, the U.S. government had “endless money” for covert efforts to delay Iran’s development of nuclear weapons, the Institute for Science and International Security’s David Albright told me. One program was the CIA’s Operation Brain Drain, which sought to spur top Iranian nuclear scientists to defect. The Los Angeles Times revealed the program in 2007 but didn’t mention its use of academic conferences, which is described here for the first time.
Spy Schools Page 26