@War: The Rise of the Military-Internet Complex
Page 6
The companies were not powerless to resist—one major firm, Qwest Communications, rebuffed the agency’s requests for telephone metadata because the government lacked a warrant. But most companies complied with the administration’s requests, owing largely to assurances that the president had authorized the collection, which, officials argued, made it legal. The companies became indispensable partners in a new global surveillance system. Only a handful of executives within each firm even knew that the NSA had spy portals inside their facilities. Corporate employees were cleared into the program on a strictly need-to-know basis, meant to limit the risk of exposure of the NSA’s clandestine mission. NSA employees were handpicked to work on the program. The product line grew rapidly. Thirty days after Bush had signed the emergency order, the new surveillance program was fully up and running. The military-Internet complex was born.
As significant as the NSA’s new authorities to listen in on phone calls and read e-mails were, it was the bulk collection of phone and Internet metadata that put the most power in Stellar Wind’s sails. A human analyst would never have enough time to listen to all those calls and read so many messages, and presumably the terrorists would mostly be communicating in code and not explicitly stating where they planned to attack and when. But contact chaining could illuminate the network based on how targets were connected to one another.
Metadata was pouring into the agency’s computers and databases, faster than it could be analyzed in real time. Eventually, the agency would start to run out of storage space to keep its intelligence haul and electricity to power the computers that churned the information into intelligible graphs. And intelligible was a debatable term. NSA analysts created bigger contact chains than ever before. They fed the metadata into a massive graphing system that displayed connections as a bewildering array of hundreds of overlapping lines. Analysts called it the BAG, for “big ass graph.”
The FBI and the CIA also used the metadata NSA obtained. These agencies either sent the NSA a specific request for information about a particular phone number or e-mail address—what the NSA called a “selector”—or they asked more broadly for information about a target’s contacts. These were known internally at the NSA as “leads.” The FBI and the CIA could submit leads in order to discover more leads, and then investigate those people. The NSA sent back reports, known as “tippers,” which contained the contact-chaining analysis that related to terrorism or potential terrorist links.
The intelligence cycle didn’t always run smoothly. FBI agents complained that many of the leads the NSA supplied were dead ends—particularly the telephone numbers of suspected terrorists whom the agency believed were in the United States or had contacts there. But this team spying was a primitive model for the fusion center that was set up in Iraq six years later. Contact chaining was also the same method of analysis that the soldier-spy team at Balad used to hunt down Iraqi insurgents and terrorists. The system was even used on targets in Iraq before the first US boots hit the ground. In 2003, prior to the United States–led invasion, Bush authorized the NSA to spy on members of the Iraqi Intelligence Service whom the CIA had determined were engaged in terrorist activity that threatened the United States. (The same claim was later used to help publicly justify the United States’ case for war, along with the CIA’s conclusion that Iraq had been manufacturing and stockpiling chemical weapons. Both claims were later proven false. The NSA stopped spying on the Iraqi Intelligence Service under the Stellar Wind program in March 2004.)
As the months passed, NSA’s contact chaining became more automated. Analysts developed tools that would send alerts about new people in the chain that they might want to examine. Anyone who had direct contact with an individual already on the NSA’s list could be reported to the FBI or the CIA. Usually, the analysts would move out two hops from a target. It was up to them to determine whether the information was reportable—that is, whether the names of people they were finding in their digital nets could be included in intelligence reports and sent around the government. This was a crucial step. If an analyst discovered that an e-mail or a phone number was connected to a US citizen or a legal resident, the law usually demanded that he stop the analysis and obtain a warrant before going any further. If a communication of one of these so-called US persons was referred to even tangentially in an intelligence report, the NSA was supposed to use an anonymous designation: “US Person 1,” for instance. This process, called minimization, was meant to keep innocent Americans’ names from ending up in covert intelligence reports and being associated with terrorists or spies. It was also meant to prevent the NSA from building dossiers on Americans.
But it wasn’t data on Americans that the NSA was most curious about. What Hayden called “the real gold of the program” was the entirely foreign communications that the NSA intercepted as they passed through telecommunications lines and equipment in the United States. The agency could spy on the world without leaving home.
From the start of the program until January 2007, the NSA collected content from 37,664 telephone and Internet selectors, of which 92 percent were foreign, according to a report by the agency’s inspector general. This does not account for metadata collection, but as with content, that too was mostly focused on foreign targets. Precisely what portion of the mix was represented by Iraqi communications is unknown. But by the time the 2007 surge began, NSA had put in place the spying infrastructure to collect every piece of electronic data going in and out of the country—every phone call, every text message, every e-mail and social media post. The infrastructure of Stellar Wind, with its pipes and monitoring equipment connected to the switching stations and offices of the United States’ biggest telecommunications providers, gave the NSA several entry points into the global network. From there it could scan and copy communications. And it could also launch cyber attacks. The spying paths created by Stellar Wind equipment for electronic eavesdropping were the same ones used to provide access to Iraqi phone and computer networks and implant malware.
Few people have ever known—and it has never been publicly reported—that the key to winning the war in Iraq was a spying program set up to win the war on terror. It was a network of cyber surveillance meant to keep tabs on Americans that allowed US forces to track down Iraqi insurgents.
When this massive intelligence-processing machine was exported to Iraq for the surge, it was given a new name: the Real Time Regional Gateway, or RTRG. In the litany of NSA code words known for their absurd inscrutability—Pinwale, EgotisticalGiraffe, Nevershakeababy—the RTRG stood apart because its name actually described what it did. It produced intelligence reports and found connections among data in real time, that is, as soon as analysts queried the system; it was focused on a geographic region, in this case Iraq; and it was a gateway of sorts, a portal through which a user stepped into a virtual space in which all the connections were visible.
General Keith Alexander was the driving force behind the RTRG. The system represented a culmination of his career-long efforts to bring high-level national intelligence directly to “the warfighter” (much like Stasio had envisioned when he first joined the army). The key to the RTRG’s success was its ability to fuse all that data coming in from raids, intercepted communications, interrogation reports, drone footage, and surveillance cameras into a single, searchable system. It was like a private Google for the new soldier-spies.
The RTRG had a few fathers. The prototype was designed under a contract to SAIC, a longtime Defense Department contractor. Headquartered in California, the company had such deep and historic ties to the spy business that it was often called NSA-West. An army colonel named Robert Harms, who worked in the Military Intelligence Corps, managed the program at NSA. He would join SAIC after his retirement in 2009.
Also among the developers was one of the most enigmatic spies of the late twentieth century, a retired air force colonel named Pedro “Pete” Rustan. His storied and secretive career gave some insight into how important the RTRG was to intelli
gence and military leaders such as Alexander and Petraeus, who believed it would be pivotal to the war in Iraq. After the 9/11 attacks Rustan, who had fled communist Cuba as a college student in 1967, left a lucrative career in private business and returned to government service at the National Reconnaissance Office, an agency more secretive than even the NSA, where he led projects to build spy satellites for the military and the CIA. Career intelligence officers who knew Rustan were tight-lipped about what precisely he did, but they described him as one of the true living legends in the spy business, and someone whose work had saved lives. In the 1980s, Rustan designed technology to protect air force jets that were hit by lightning. It worked flawlessly—the service never lost a jet to a lightning strike after it implemented Rustan’s design. In the early 1990s, Rustan managed a joint Defense Department and NASA program to build an experimental spacecraft, called Clementine, to explore the surface of the moon. It took only twenty-two months to conceive of the satellite and get it to the launch pad, a remarkable feat of engineering and project management that reinforced Rustan’s reputation for working brilliantly under tight deadlines.
His work after the 9/11 attacks was closely linked to the new intelligence war. Rustan made frequent trips to the front lines and was known and liked among the clandestine warriors of the Joint Special Operations Command. After a Navy SEAL unit killed Osama bin Laden in Pakistan, they presented Rustan with a flag that flew at their base in Afghanistan. When Rustan died in 2012, Michael Hayden told the Washington Post, “This is the kind of guy the public never hears about but who is so responsible for keeping Americans safe.”
In a 2010 interview with a trade publication, Rustan said no one agency in government had been looking for “patterns” in intelligence by putting together disparate pieces of data. The RTRG was designed to do that. He explained:
Imagine that you are in Iraq. You have insurgents. They are on the telephone, making phone calls. That signal would be intercepted by ground [antennas], by the aircraft network and by the space network. If you’re smart enough to combine all that data in real time, you can determine where Dick is out there. He’s in block 23 down there, and he just said he’s going to place a bomb. . . . The information from those three devices come[s] into a location where somebody can actually say action is needed, and the tank or the truck or the warfighters [are] right here in this location. He’s a colonel, and he can say, “We have verification that this bad guy is in this location: Go and get him.”
The RTRG was unique for the way it brought together not only intelligence but people—the top levels of the military brass and the intelligence community, the brightest minds from across government, and the expertise of private industry. It was a rare example of successful collaboration within the byzantine federal bureaucracy.
The NSA got so good at managing big data—huge data, really—by abandoning its traditional approaches. Rather than trying to store all the information in the RTRG in central databases and analyze it with supercomputers, the agency tapped into the emerging power of distributed computing. Silicon Valley entrepreneurs had developed software that broke big data sets into smaller, manageable pieces and farmed each one out to a separate computer. Now the burden of analyzing huge data sets didn’t rest on one machine. Working together, the computers could accomplish tasks faster and cheaper than if one central machine took on the workload. This revolution in data management is what allowed Facebook, Twitter, and Google to manage their own data stores, which were growing exponentially by the late 2000s. NSA used the same distributed computing technology for the RTRG. The system was like Google not only on the front end but on the back end as well. In fact, the NSA later developed its own distributed computer software, called Accumulo, based on technology from Google.
But the collection of huge amounts of electronic data by the NSA had proven controversial before. In the spring of 2004 the Justice Department’s Office of Legal Counsel reviewed the program and found that one method of collection in particular was illegal under current law. It had to do with the bulk collection of so-called Internet metadata, including information about the sender and recipients of e-mails. The NSA thought since President Bush’s order allowed them to search for keywords and other selectors in Internet metadata, it also implicitly authorized the bulk collection of that data. In the view of the agency’s lawyers and its director, Michael Hayden, no one had “acquired” the information until it was actually looked at. A computer gathering up the data and storing it didn’t count as acquisition under the law, and it certainly didn’t meet the agency’s definition of “spying.”
When the president went ahead and reauthorized the program over the Justice Department’s objections, senior officials in the department threatened to resign, including the head of the Office of Legal Counsel, Jack Goldsmith; the director of the FBI, Robert Mueller; and the attorney general, John Ashcroft, along with his deputy, Jim Comey, whom President Obama would later choose for Mueller’s replacement as head of the FBI.
The threat of mass resignation was a unique moment in the history of the Bush presidency. Had they stepped down, their reasons would eventually become known through press leaks and congressional inquiries. The American people would have discovered not only the existence of a domestic spying program but that top law enforcement officials had resigned because they thought a part of it was illegal.
But for all the high drama surrounding the Internet metadata collection program, it turned out to be only a momentary hiccup in NSA’s insatiable consumption of intelligence. Only seven days after Bush ordered the NSA to stop collecting Internet metadata in bulk, Justice Department officials told the NSA’s Office of General Counsel and officials in its Signals Intelligence Directorate to find a new legal basis for restarting the program. This time they were to seek permission from the Foreign Intelligence Surveillance Court—the same body that Bush had bypassed when he authorized warrantless surveillance after the 9/11 attacks. Justice Department officials worked closely with a judge on the court to come up with a legal foundation for the program. Hayden personally briefed her twice on what capabilities the NSA needed to acquire bulk Internet metadata. The court issued an order specifying the data links from which NSA could collect information and limiting the number of people with access to what was acquired. Less than four months after President Bush had ordered the agency to stop collecting bulk Internet data, the NSA was back in business. The future foundations of the RTRG were secured.
As the RTRG grew, its regional scope expanded too. Analysts started looking outside of Iraq in a hunt for the insurgents’ and terrorists’ financial backers. They traced many of the worst attacks back to an individual in Syria who was funneling money to the bomber cells and helping to provide safe passage for replacement fighters through Iran. When Petraeus learned that his forces had pinpointed the Syrian, he took the evidence to a council of President Bush’s top advisers, who met every week via video teleconference. Petraeus insisted to Stuart Levey, the Treasury Department’s undersecretary for terrorism and financial intelligence, that the department freeze the Syrian’s assets and lock him out of the international financial system. Everyone on the call knew better than to deny Petraeus’s requests, because if they did, the general would take his complaints directly to President Bush, with whom he had his own weekly videoconference, every Monday morning at 7:30 Washington time.
The intelligence operation also found evidence of Iran’s support of Shiite extremists in Iraq. But this information was used to wage a different kind of war—one of ideas. The United States wasn’t about to invade Iran or launch secret commando raids to target Iraqi backers. So, it gave the intelligence to the Iraqi government and shared it with local officials in face-to-face meetings.
“Clearly establishing in the eyes of the Iraqi people that Iranian elements were supporting members of the most violent Shiite militias also helped turn some Iraqis against Tehran’s meddling in their country,” Petraeus recalled in 2013. The Americans were using int
elligence for propaganda purposes of their own, and it worked.
When the last US troops left Iraq in December 2011, the nine-year war had taken nearly forty-five hundred American lives. But it had also given birth to a new way of fighting. The combination of NSA intelligence with special operations forces was repeated over and over. In May 2011, when a team of Navy SEALs descended upon the Abbottabad, Pakistan, compound of Osama bin Laden, they were directed there by NSA spies. The agency’s elite hacker unit, Tailored Access Operations, had remotely implanted spyware on the mobile phones of al-Qaeda operatives and other “persons of interest” in the bin Laden operation. The CIA helped find the geographic location of one of those phones, which pointed investigators to the compound.
The successful bin Laden mission was just the most famous of hundreds over the years. And it was fairly recent evidence of what America’s soldier-spies had long known. Wars would be fought differently now. Hacking and virtual sleuthing would be integrated into all future operations, as indispensable as the weapons and ammunition soldiers carried into battle.
THREE
Building the Cyber Army
IT TOOK ALMOST a decade to build the cyber force that proved so effective in Iraq. Success may have many fathers, but if one person could claim credit for introducing the senior leaders of the United States government to the concept of cyber warfare, it would be Mike McConnell.