How America Lost Its Secrets Read online

  When you gaze long into an abyss, the abyss gazes into you.

  —FRIEDRICH NIETZSCHE

  BY THE TIME that Snowden had begun hacking into NSA files in 2012, the alienated hacktivist battling to unlock the secrets of evil corporations and governments had become a stock hero of popular culture. For example, in the international best-selling Girl with the Dragon Tattoo Trilogy by Stieg Larsson, the heroine, a self-educated hacker in her twenties named Lisbeth Salander, steals incriminating documents from computers that provide the journalist Mikael Blomkvist with scoops that save from bankruptcy the progressive magazine he edits. The journalists at the magazine accept her sociopathic behavior, which includes embezzling millions of dollars, extortion, maiming, and murder, because her hacking exposes crimes and abuses of power. In the real-world universe, hacktivists also use their skills to attempt to redress perceived abuses of power.

  For example, in December 2010, the group Anonymous, whose members, called Anons, often wear Guy Fawkes masks resembling those worn in the 2006 movie V for Vendetta, launched a successful denial-of-service attack called Operation Avenge Assange. It was aimed at paralyzing companies, including PayPal and MasterCard, that refused to process donations for WikiLeaks, which these Anons believed were stifling the freedom of the Internet. Because hacktivists often use illicit means to redress their grievances, such as denial-of-service attacks, theft of passwords, and hacking into computers, they must conceal their true identities to avoid the retribution of the FBI and other law enforcement agencies. This requires them to operate on the dark side of cyberspace, which has become known as the dark net. Fortunately for hacktivists, the dark net is accessible to anyone.

  It is a place frequented by those who want to avoid laws, regulations, and government surveillance. Its denizens include cyber saboteurs, industrial spies, purveyors of illegal contraband, spammers, pranksters, identity thieves, video pirates, bullies, slanderers, drug dealers, child pornographers, money launderers, contract killers, inside traders, anarchists, terrorists, and the intelligence services of many countries.

  Sue Halpern, writing about it in The New York Review of Books, noted, “My own forays to the dark Net include visits to sites offering counterfeit drivers’ licenses, methamphetamine, a template for a US twenty-dollar bill, files to make a 3D-printed gun, and books describing how to receive illegal goods in the mail without getting caught. There were, too, links to rape and child abuse videos.”

  To operate effectively on the dark net, one often needs a mask of anonymity. But it is not easy to completely hide one’s tracks in cyberspace. The way that the Internet ordinarily works is that whenever an individual sends e-mails or instant messages or visits a website, his or her identity can be referenced by the IP address assigned to him or her by the Internet service provider. If dark net users’ IP addresses are discoverable, they obviously cannot remain anonymous. So, to evade this built-in Internet transparency, dark side users have come to rely on ingenious software to hide their IP addresses. The most commonly used software for this purpose is Tor, which was first called the Onion Router, because it moves IP addresses through multiple layers. Tor software hides the IP address by routing messages through a network of Tor-enabled relay stations, called nodes. Each node further obscures the user’s IP, even from the next node in the network. This scrambling allows messages to exit the chain of Tor nodes without an easily discoverable IP. By doing so, it “anomizes” each user of the dark side.

  Because of the anonymity it provides, Tor became the software of choice for individuals and organizations who wanted to hide their identities. For example, Tor software made possible Silk Road, which acted as an exchange for drug dealers, assassins, safecrackers, and prostitutes until it was closed down by the FBI in 2013. It was created by Ross Ulbricht, a Libertarian who wore a Ron Paul T-shirt, as a website where “people could buy anything anonymously, with no trail whatsoever that led back to them.” (Ulbricht received a life sentence for running this criminal enterprise in May 2015.)

  Tor software was also employed by Private Bradley Manning (now Chelsea Manning) to transfer some fifty thousand diplomatic cables and military reports from his laptop to Assange’s WikiLeaks website. Eventually, Manning was identified by a fellow hacker, convicted by a military court for violations of the Espionage Act, and sentenced to thirty-five years in prison. Tor enabled WikiLeaks to publish other secret data, such as material acquired in the theft of Sony’s files, allegedly by the North Korean intelligence service, in 2015. It was the means for guaranteeing anonymity to the IT workers who responded to Assange’s by now famous clarion call to unite. It allowed system administrators who opposed the “surveillance state,” as well as other disgruntled employees of government agencies or corporations, to send documents they copied to the WikiLeaks website without revealing their IP addresses.

  Because WikiLeaks did not know the identity of its sources, it could not be legally compelled to reveal them. “Tor’s importance to WikiLeaks cannot be overstated,” Assange said in an interview with Rolling Stone in 2012. Indeed, without the anonymity provided by its Tor software, WikiLeaks could not have easily entered into a document-sharing arrangement with major newspapers, including The Guardian, The New York Times, Der Spiegel, Le Monde, and El País. Through the magic of Tor, these newspapers simply attribute their sources to WikiLeaks, which, in turn, made Assange a major force in international journalism.

  Ironically, Tor was a creation of U.S. intelligence. In the early years of the twenty-first century, the U.S. Naval Research Laboratory and the Defense Advanced Research Projects Agency developed it to allow American intelligence operatives to cloak their movements on the Internet. They could anonymously manipulate websites operated by Islamic radicals, for example, and create their own Trojan horse sites to lure would-be terrorists and spies. As it turned out, that use of Tor software had a conceptual flaw. If U.S. intelligence services used it, the targets could figure out that anyone visiting a site without an IP address was using Tor software to hide it. If Tor was exclusively used by U.S. intelligence services, the targets could further deduce that all the anonymous visitors were avatars for American intelligence. It would be analogous to undercover police using pink-colored cars that civilians did not use.

  To remedy this flaw, the U.S. government made Tor software open source in 2008 and freely available to everyone in the world. It even provided funding for its promulgation, with the State Department, the National Science Foundation, and the Broadcasting Board of Governors financing Tor’s core developer. The public rationale for this generosity was that Tor could serve as a tool for, as the State Department called it, “democracy advocates in authoritarian states.” While Tor software remained a useful tool in covert operations by the CIA, the DIA, and the FBI, it was anathema to the NSA because it made it more difficult for it to track potential targets.

  As Tor software became widely used by adversaries (as well as common criminals), the NSA sought to find vulnerabilities in it. “It should hardly be surprising that our intelligence agencies seek ways to counteract targets that use Tor software to hide their communications,” explained an NSA spokesperson. The NSA’s adversaries also took an interest in identifying Tor users because they might include political dissidents and potential spies.

  Tor software also took on a cultlike importance to hacktivists concerned with the U.S. government’s tracking their activities. Catherine A. Fitzpatrick provides an illuminating insight into the mind-set of these hacktivists in her 2014 book, Privacy for Me and Not for Thee. She describes them as largely “radical anarchists” who believe “the state is all-powerful, that law-enforcement is so strong that it will prevail anyway, and that they are a persecuted minority.” As a refuge against the surveillance of the state, and in particular the NSA, they not only attempt to hide their own identities but also use encryption to obscure their messages. Their goal is to free their movements “of any interference from law-enforcement.” In this mind-set, according to Fitzpatri
ck, “they believe government intelligence agencies will stop at nothing to stop them from absolute encryption.”

  Tor software was a means to defeat the NSA, but for it to be successful, there needed to be such a proliferation of Tor servers that the NSA could not piece together IP addresses. The problem was that the Tor Project, as they called it, was still a very tiny operation in 2012. It employed fewer than a hundred core developers, who were located mainly in Germany, Iceland, Japan, Estonia, and the United States. Its staff worked mainly out of a single room in Cambridge, Massachusetts.

  The guiding spirit behind the Tor movement in the private sector was Jacob Appelbaum, a charismatic twenty-eight-year-old who had grown up in Northern California. Like Snowden, he had dropped out of high school. Appelbaum identified himself to his followers on the Internet as a “hacktivist” battling state surveillance. For him, as for many in the hacktivist culture, the main enemy was the NSA. After all, the NSA had a vast army of computer scientists working to defeat Tor software. Appelbaum was well connected in this culture, having been the North American representative for WikiLeaks before he moved to Berlin in 2013. He also managed WikiLeaks’s cyber security when it released the classified documents it obtained from Manning in 2010. He was so well regarded among hacktivists that Assange chose him as his keynote speaker replacement at the Hackers on Planet Earth (HOPE) convention in New York City. Assange told Rolling Stone, “Jake [Appelbaum] has been a tireless promoter behind the scenes of our cause.” For its part, Rolling Stone titled its profile of Appelbaum “Meet the Most Dangerous Man in Cyberspace.” (Assange needed a replacement for this particular event because he feared if he came to New York, he would be arrested for releasing the Manning files on WikiLeaks.)

  In Berlin, Appelbaum went to extreme lengths to protect himself from American surveillance. For example, when George Packer interviewed him for The New Yorker in 2014, he insisted on meeting with Packer naked in a sauna so he could be sure Packer did not have a recording device (other than his notebook). Appelbaum stated repeatedly in interviews that he was being spied upon by America. While his claims might have sounded paranoid to his interviewers, as a character in Joseph Heller’s Catch-22 famously said, “Just because you’re paranoid doesn’t mean they aren’t after you.”

  Runa Sandvik, a close associate of Appelbaum’s, also worked tirelessly to extend Tor’s cloak of anonymity in the private sector against the surveillance of the NSA and other would-be intruders of privacy. A Norwegian national in her mid-twenties, she wrote a well-followed blog on Internet privacy for Forbes in 2012, in which she identified herself as a privacy and security researcher working at the intersection of technology, law, and policy. Appelbaum and Sandvik both came in contact with Snowden before he went public and while he was still working for the NSA in Hawaii.

  In 2012, Snowden became involved in the effort to encourage the use of Tor software to protect privacy. He made no secret of his concerns about electronic interceptions. According to an anonymous co-worker, he even wore a jacket to work with a parody of the NSA insignia, which, instead of merely depicting the NSA eagle, showed the eagle clutching AT&T phone lines. He had also become a member of the Electronic Frontier Foundation, the digital rights organization that was helping finance Tor. He saw Tor software as a remedy. “Without Tor,” he later wrote, “when you walk the streets of the Internet, you’re always watched.” His efforts on behalf of Tor were not limited to symbolic gestures. In 2012, he set up a two-gigabyte server called “The Signal,” which he described as the largest Tor relay station exit node in Honolulu. He apparently paid for it himself.

  Through his work as a system administrator for Dell, he found documents revealing NSA efforts, not yet successful, to defeat Tor’s ability to camouflage a user’s identity on the Internet. He found that the NSA was attempting to build backdoor entry ways into Tor software. One of the NSA documents that he illicitly downloaded, titled “Tor Stinks,” described the agency’s continuing efforts to penetrate Tor servers. In addition, he downloaded NSA documents describing programs begun in 2012 that aimed at searching the Internet for the cyber signatures of foreign parties suspected of hacking into U.S. government systems.

  He also made efforts to directly contact Sandvik. She recalls first hearing from Snowden in November 2012. He first wrote to her under the alias Cincinnatus but later supplied his real name and mailing address in Hawaii because he wanted her to mail him authentic computer stickers from the Tor Project that he could use as “swag,” as he wrote her, to attract further interest in Tor software in Hawaii. As a result, she knew his identity seven months before he went public in Hong Kong. He would later tell Sandvik from Moscow that he had been “moonlighting” by working to advance the Tor Project. He added, with some understatement, that his moonlighting was “something the NSA might not have been too happy about.”

  On November 18, 2012, while still working for Dell at the NSA, his dual role led him to begin organizing a “CryptoParty” aimed at finding new recruits for Tor. The CryptoParty movement had been started in 2012 by Asher Wolf, a radical hacktivist and anarchist living in Melbourne, Australia. She promoted the get-togethers not unlike the Tupperware parties of the 1950s. The party organizer, usually with a representative of the Tor Project, advertised the party on the Internet. Attendees were encouraged to bring their own laptops so they could install Tor as well as encryption software in them. The attendees would then be instructed on how to use it. Finally, those converted to Tor software would be told to proselytize about its virtues by holding their own CryptoParty. Wolf’s idea was to use these gatherings to expand the realm of Tor.

  Snowden called his fete the Oahu CryptoParty. It had its own web page. He told Wolf that it would be the first CryptoParty in Honolulu. She wrote back advising him to “keep it simple.” (Wolf later said she did not know he was working at the NSA.)

  Snowden apparently had no inhibitions in staging a party that the leadership of the NSA might consider subversive of its battle against Tor. He even invited fellow NSA workers in Hawaii, as well as others in the local computer culture. He asked Sandvik, who was living in Washington, D.C., at the time, to participate, proposing that she co-host the party with him. He scheduled it for December 11, 2012, in Honolulu. According to Sandvik’s account, Snowden informed her that he “had been talking some of the more technical guys at work into setting up some additional fast servers” for Tor. His “work” place at the time was the NSA. So, if he was telling the truth, he had already attempted to find co-workers at the NSA who might be interested in attending an anti-NSA surveillance presentation.

  Sandvik not only agreed to be Snowden’s co-presenter but made the Oahu CryptoParty a Tor-sponsored event. Sandvik flew to Honolulu on December 6, 2012. It was a fourteen-hour flight and a relatively expensive one. She later told Wired magazine that the invitation from Snowden coincided with her plan to take a “vacation in Hawaii.” Whatever her reason, it brought her in direct contact with a Tor supporter with access to the computers of its main enemy, the NSA.

  On December 11, following Snowden’s instructions, Sandvik arrived shortly before 6:00 p.m. at the Fishcake gallery in downtown Honolulu. She proceeded through a maze of furniture display rooms to BoxJelly, a public space. She was then directed to a small back room in which there were folding chairs and worktables already set up for the event. Rechung Fujihira, the owner of BoxJelly, told me that Hi Capacity, a “creative collective” of computer buffs, had arranged the logistics for the event. As he recalled, Snowden had requested their help for the CryptoParty.

  Sandvik found Snowden waiting for her with Lindsay Mills, whom he introduced to Sandvik as his girlfriend. He told Sandvik that Mills was there to make a video of the event. Mills did not mention the party in her blog. But that Snowden brought her and introduced her to Sandvik suggests that he did not keep secret from her his activities to further Tor.

  The event started at 6:00 p.m. sharp. By Sandvik’s count, about twenty people gradually fill
ed the room. She reckoned that about half of the attendees were from Snowden’s workplace. Snowden began the presentation by giving reasons why Internet users needed to defend their privacy by using both encryption and Tor software. According to one attendee who asked not to be identified by name, Snowden, while not revealing that he worked for the NSA, spoke with such precise knowledge about government surveillance capabilities that the attendee suspected Snowden worked for the government. Snowden next introduced Sandvik, who took the podium and discussed the work of the Tor Project, stressing the importance of expanding the Tor network. Following their presentations, Snowden and Sandvik took questions from the audience.

  The Oahu CryptoParty, according to Sandvik, ended about 10:00 p.m. No one objected to Mills’s making a video of the meeting, even though it was dedicated to the idea of protecting personal privacy. The video was not posted on the Internet, so presumably Snowden wanted it for his own purposes. Afterward, Sandvik went to a local diner called Zippy’s for a late dinner. She left Hawaii two days later.

  Not all the hacktivists that Snowden invited were able to attend. Parker Higgins, for example, a prime mover in the Electronic Frontier Foundation and founder of the San Francisco CryptoParty, wrote back to him that he was unable to attend the December CryptoParty because of the high price of the airfare that month between San Francisco and Honolulu. He added that he would try to attend Snowden’s next CryptoParty, which was scheduled for February 23, 2013. (Higgins would make headlines in 2013 by flying a chartered blimp over the NSA’s secret facility in Utah and photographing it from the air.)

  Snowden’s double duty continued: downloading secret documents while remaining in touch with some of the leading figures in the Tor Project under his various aliases. He also continued to invite activists to his CryptoParties, and he openly advertised them on the Internet until 2013. The CIA’s former deputy director Morell, who reviewed the security situation at the NSA in 2014 as a member of President Obama’s NSA Review Committee, found that the NSA in the post–Cold War age had encouraged its technical workers to freely discuss challenges that arose in its computer operations. “The idea was to spread knowledge and learn from the successes of others,” Morell wrote, “but it created enormous security vulnerability, given the always-existent risk of an insider committed to stealing secrets.” According to a former intelligence executive, this new “open culture,” exemplified by largely unrestricted entry to the NSANet by civilian contractors, fit the culture of the young civilians on the “geek squads” who now ran the NSA’s computer networks.