“I don’t care about apologies. What do you want?”
Where to start? I wanted a lot of things. One was an invitation to visit Snowden in Russia. I had said no, reluctantly, to the Hong Kong trip until after the PRISM story was published, by which time it was too late. After all this time I had yet to meet the man or hear him speak to me. It would be some kind of compensation if I could be the first reporter to interview him in Moscow. Snowden had been stranded there since June 23, when he tried to change planes at Sheremetyevo International Airport en route to Latin America and discovered that his passport no longer worked. The State Department had revoked it with exquisitely bad timing, hoping to keep him in Hong Kong to face extradition but in fact ensuring that he remained in one of the least accessible places to American law. It was a calculated risk, a high-ranking Justice Department official told me. “Bob Mueller was near the end of his term,” the official said, referring to the FBI director. “He wanted him bad.” Russia held Snowden in the airport’s transit zone for thirty-nine days before granting him temporary asylum on August 1. Now, just over three weeks later, it looked as though Snowden would be parked in Moscow indefinitely. Scores of reporters were looking for him. He had spoken to none of them.
I did not bring up a Moscow trip, not yet. We needed a bit of reporter-source relationship repair. Never inclined to small talk, Snowden wanted to know where my reporting would bring me next.
“My next story, already first-drafted, is on the black budget,” I wrote, referring to the government’s classified spending plans for intelligence programs.
“That’s not going to get you invited to any Christmas parties.”
“No. They’re really mobilizing on this.”
Three days earlier I had driven with my Washington Post coauthor, Greg Miller, to Liberty Crossing in northern Virginia, a high-security campus of the Office of the Director of National Intelligence. The director’s office, we were told, had assembled stakeholders from across the seventeen intelligence agencies and offices to discuss our pending stories. The black budget spanned thousands of pages and enumerated $53 billion of classified spending, which made for a lot of stakeholders. A shell-shocked public affairs officer met us at the gate, fresh from a chaotic premeeting full of raised voices and swearing, as we learned later. “These guys are coming in hot,” he warned us quietly. We found our way to a small raised dais at the front of a simmering auditorium. Bob Litt, the chief intelligence lawyer, was apparently supposed to moderate this encounter, but he was running late. With no one in charge, Greg and I cleared our throats and opened the meeting with a summary of the story we planned to publish. Two dozen intelligence officers and analysts, among them only one with a name, asked hostile questions and tried to pierce us with laser beams shot from their eyes. What gives you the right to do this? someone asked. What makes you think this is okay? Greg displayed impressive composure, but we never did get to ask any questions ourselves. Litt finally turned up and said, speaking as much to the rest of the room as to Greg and me, something very much like what he regularly told us on the phone: “For the record, not only are we not giving feedback or guidance or affirmation, we are also not acquiescing or implying any acquiescence to the publishing of any classified information you may or may not have.”
“What was that supposed to be?” I asked Greg when the meeting petered out and we escaped to the parking lot. He had done plenty of consultations as a Post intelligence reporter, he said later, “but nothing like this.” I did not believe this convocation had been staged to intimidate us. It had been too much of a hot mess to call it staged at all. Few of those men and women, I guessed, had likely interacted with a reporter before. They were afraid of what we might publish and baffled that the decision was in our hands. “True disbelief that there was no way to just stop us,” Miller recalled afterward.
Several days later, Air Force general James Clapper, the director of national intelligence, asked for a meeting with Marty Baron and Cameron Barr, the Post executive editor and national editor.
“He was dour,” Baron told the newsroom team, just after returning. “Barely said hi. He said he understands there are two kinds of media, responsible and irresponsible, and—”
“He hates them both,” Barr cut in, barely half joking.
“—he places us for the moment in the ‘responsible’ camp,” Baron said.
Clapper had four top-priority requests to keep information under wraps, Baron reported. We talked them through and agreed that they were all reasonable. One request had to do with contingency plans in case a certain very bad thing happened overseas, and if we mentioned the existence of those plans they would be less likely to work. Some of the other requests were not as obvious, but persuasive when explained. Our small newsroom group also finalized a short list of summary budget tables that we would publish, a tiny fraction of the seven thousand pages we possessed in four thick volumes.
“Truth is I think there are genuine secrets there,” I told Snowden. “I wouldn’t advocate posting the thing. But there’s a lot in there that’s legit debate and we’ll post some charts and tables etc.”
“Yes. Just stick to the ground rules: public interest, no harm.”
So much easier said than done. What counts as “harm” or “public interest,” exactly? How could I discern their weight and compare them? Why should anyone trust the likes of me, or the Post, to make that choice? And once I decided that something was harmful, did it become my job, affirmatively, to protect the secret? I had secrets of my own: confidential sources, sensitive notes, future reporting targets. How could I keep them safe from sophisticated thieves? Whom was I even up against? Journalism used to feel a lot simpler.
* * *
—
I wiped off the television makeup, unclipped my lapel microphone, and emerged into a pleasant summer Sunday outside the CBS News studio in Georgetown. The Snowden story was less than two weeks old, and I had just come off a live broadcast of Face the Nation. In the back of a cab I pulled out my iPad. The display powered on, then dissolved into static and guttered out. Huh? A few seconds passed and the screen lighted up again. White text began to scroll across an all-black background. The text moved too fast for me to take it all in, but I caught a few fragments.
# root:xnu . . .
# dumping kernel . . .
# patching file system . . .
Wait, what? It looked like a Unix Terminal window. The word “root” and the hashtag symbol meant that somehow the device had been placed in super-user mode. Someone had taken control of my iPad, blasting through Apple’s security restrictions and acquiring the power to rewrite anything that the operating system could touch. Panic fought my reporter’s instinct to take notes. I fumbled for pen and paper, dropping the tablet on the seat next to me as if it were something contagious. I had a senseless impulse to toss it out the window. I must have been mumbling exclamations out loud, because the driver asked me in some alarm what was wrong. I ignored him and mashed the power button, no longer interested in finding out what would come next. I had no secrets on the iPad, but watching it turn against me was remarkably unsettling. This sleek little slab of glass and aluminum featured a microphone, cameras on front and back, and a whole array of internal sensors. An exemplary spy device.
I took a quick mental inventory. No, I had not used the iPad to log in to my online accounts. No, I kept no sensitive notes on there. No notes at all, in fact. None of that protected me as much as I wished to believe. For one thing, this was not a novice’s hacking attempt. Breaking into an iPad remotely, without a wired connection, required scarce and perishable tools. Apple closes holes in its software as fast as it finds them. New vulnerabilities are in high demand by sophisticated criminals and intelligence agencies. Shadowy private brokers pay million-dollar bounties for software exploits of the kind I had just seen in action. Someone had devoted resources to the project of breaking into my machine. I did no
t want to be worth that kind of expenditure. I did not understand how my adversary even found the iPad. My Apple account did not use a public email address. If intruders had located this device, I had to assume that they could find my phone, too, as well as any computer I used on the internet. One thing I knew for sure: I was not meant to see the iPad do what it had just done. But for good luck, it could have happened while I slept. If the exploit worked as intended, I never would have known. The iPad would have worked normally, on the surface. It would not have been working for me.
This was the first significant intrusion into my digital life—that I knew of. It was far from the last. Working on the NSA surveillance beat exposed me to a steady stream of evidence that I faced aggressive foes.
In the last days of 2013, NSA whistleblower Tom Drake told me he had received an invitation from one of my email addresses to join me for a chat in Google Hangouts. It looked exactly like an authentic notice from Google, but Drake had the presence of mind to check whether the invitation really came from me. It did not. Somebody wanted Drake to talk to an impostor posing as me. A similar scam in mirror image caught me with my guard down. I wrote a pair of confidential messages to Tom Lowenthal, a computer scientist who sometimes advised me on security, and he wrote back to say, “I have two emails from you that I can’t read because they’re sent to an imposter key.” Someone had placed the fake encryption key on a public directory known as a keyserver, and I had foolishly used it without checking. The impostor could read my encrypted email, but Lowenthal could not. Fake keys for “Barton Gellman,” likewise, began appearing on public keyservers. Anyone who used them would be sending confidential messages to somebody else.
In early 2014, Google started refusing my login credentials on two accounts, one of them personal and one associated with my position as senior fellow at the Century Foundation. An error message popped up in my mail client: “Too many simultaneous connections.” I looked under the hood and found that most of the connections came from IP addresses I did not recognize. On the Gmail web page, a pink alert bar appeared at the top: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”
By policy, Google will not tell a targeted user more than that. Which state sponsor? That would be nice to know. Google, fearing evasion of its security protocols, will not say. I did some further reporting and learned from confidential sources the following month that the would-be intruder in my accounts was Turkey’s national intelligence service, the Millî İstihbarat Teşkilatı. I did not use email for confidential work either, but I took this as terrible news. There had to be a dozen foreign agencies with greater motive and wherewithal to go after the NSA documents, beginning with Russia, China, Israel, North Korea, and Iran. If Turkey was trying to hack me, too, the threat landscape was more crowded than I hoped. Some of the hackers were probably better than Turkey’s, maybe too good to be snared by Google’s defenses. Not encouraging.
The MacBook Air I used for everyday computing seemed a likely target. I sent a forensic image of its working memory to a leading expert on the security of the Macintosh operating system. He found unexpected daemons running on my machine, serving functions he could not ascertain. (A daemon is ordinarily benign, but the satanic flavor of the term seemed fitting here.) I decided to abandon the laptop. Some software exploits burrow in and make themselves very hard to remove, even if you wipe and reinstall the operating system. Ed Felten at Princeton told me he would assign his security engineering class a project: how can Bart transfer old files to a new machine without transferring any infection? He changed his mind, he said, because he came to believe the task could not be reasonably accomplished.
For my next laptop, I placed an anonymous order through the university, where I held a fellowship. I used two cutouts for the purchase, with my name nowhere mentioned on the paperwork, and I took care not to discuss the transaction by email. I thought all this might reduce the risk of tampering in transit, a technique used by the NSA, FBI, and foreign intelligence services alike. No need to hack into a machine if it comes preinfected. The new laptop, a MacBook Pro, began to experience cascading hardware failures, beginning with a keyboard that lagged behind what I typed, even with a virgin operating system. I never learned whether something untoward was at work, but the problems were beyond unusual.
I brought the balky machine for repair at Tekserve, a New York City institution that at the time was the largest independent Apple service provider in the United States. I had been doing business there since a couple of years after Tekserve set up shop in a Flatiron warehouse space in 1987. I liked the quirky vibe of the place, with a porch swing hung indoors and an ancient Coke machine that once charged a nickel a bottle. For my purposes, the most pertinent fact about Tekserve was that Service Manager Debra Travis allowed me to stand with a senior technician on the repair floor as he worked on my machine. I preferred not to let it out of my sight.
The technician, an affable guy named Anthony, tested and swapped out, seriatim, the keyboard, the logic board, the input/output board, and finally, still baffled, the power interface. After three visits, the problem remained unsolved. Typing keystrokes would produce nothing at first, then a burst of characters after a long delay. Tekserve consulted with supervisors at Apple. Nobody could explain it. I asked Anthony gingerly if he saw anything on the circuit boards that should not be there, and he said he was not equipped to detect spy gear like that. “All I know is I’ve replaced every single part in the machine,” he told me. “We’ve never seen this kind of behavior before.” I gave up and got another one.
I was still using a BlackBerry smartphone when the Snowden story broke. I began to receive apparently empty text messages and emails that appeared to have no content and no return address. The ghostly emails showed time stamps of midnight on January 1, 1970, which marks the beginning of time as far as Unix computers are concerned. Texts and emails without visible text are commonly used to transmit malicious payloads. I got rid of the BlackBerry and bought an iPhone, which experts told me was the most secure mobile device available to the general public. I do not do sensitive business on a smartphone, but I did not like the sense of being watched.
From time to time, I received genuine-looking emails from Michael Hayden, the former NSA director, and Attorney General Eric Holder. Each of them included a web link, which I did not click. Hayden and Holder did not actually send those emails, but the unpublished personal addresses for the two men were valid. That piqued my attention briefly, but I decided they had fallen victim themselves to a run-of-the-mill phishing attack. Most likely they had unknowingly sent the link to everyone in their address books. Memo to senior officials: close your AOL account. The security is awful.
In January 2014, I became an early adopter of SecureDrop, an anonymous, encrypted communications system for sources and journalists. It is still the safest way to reach me in confidence if you have reason for concern about repercussions. (My Twitter profile @bartongellman points to a page to get you started.) SecureDrop, which requires no technical knowledge to use, had been introduced the previous year as a newsroom tool by the Freedom of the Press Foundation, based on code written by Aaron Swartz, Kevin Poulsen, and James Dolan.
Having advertised a way to get in touch anonymously, I expected to receive malware as well as submissions from internet trolls and conspiracy theorists. I got my share of all of those, alongside valuable reporting tips. Most of the malware was run of the mill. Someone would send a standard phishing link, hoping to steal my online credentials, or a ransomware package that, if I clicked the wrong thing, would lock up my files and demand payment to unlock them. I do not, ever, run executable files or scripts that arrive by email, so these were not a big concern.
One day, however, a more interesting exploit showed up. The sender tried to make it attractive, disguising the file as a leaked presentation on surveillance. I asked Morgan Marquis-Boire, a security
researcher then affiliated with the Toronto-based Citizen Lab, if he would care to have a look. “You’ve got a juicy one,” he wrote back.
Most hacking attempts are conducted at scale. The same malicious package is sent to thousands of people at a time, or millions, as email attachments or links to infected websites. This one was customized for me. It was a class of malware known as a remote access trojan, or RAT, capable of monitoring keystrokes, capturing screenshots, recording audio and video, and exfiltrating any file on my computer. “Piss off any Russians lately?” Marquis-Boire asked me. Attribution is an imperfect art, but he had reason to ask. For one thing, the RAT was designed to link my computer to a command and control server hosted by Corbina Telecom on Kozhevnicheskiy Lane in Moscow. From there, if I had triggered the RAT, a hacker could have watched and interacted with my computer in real time. Other IP addresses called by the malware resolved to Kazakhstan. And internal evidence suggested that the coder was a native speaker of Azeri, the language of Azerbaijan and the Russian republic of Dagestan. The RAT had an interesting self-defense mechanism. The moment Marquis-Boire probed for more information, revealing an effort to trace the source, the command and control server disappeared from the internet.
* * *
—
Now and then, outsiders merely asked that I hand over sensitive documents from the archive. “Dear Mr. Barton Gellman,” came an email from a mail server in Russia, “I’d like to know could you send me original document of ‘Black budget’ for scientific purpose. Wait for your reply. Best wishes, Yaroslav Afanasiev.” I cannot say whether this was the fellow’s real name or what his affiliation might have been. I asked, out of curiosity. He did not reply.
Overtures of another kind came to my friend and colleague Ashkan Soltani soon after his byline appeared alongside mine in the Washington Post. Soltani was young and single and a regular user of the dating service OkCupid. Normally, as usually is the case for men, Soltani initiated contact with women on the site. “Within the span of a week, three hot, really attractive women messaged me out of the blue,” Soltani later told me over beers at a downtown New York City pub. OkCupid is for relationship seekers more than quick hookups—“you’re more than just a photo,” the site tells its members—but two of the women made their intentions known before they even met Soltani face-to-face.
Dark Mirror Page 24