The Secret Sentry


in Bombs and rockets, Books and literature, Geek stuff, Politics, Security

Two red leaves

Less famous than the Central Intelligence Agency (CIA), the American National Security Agency (NSA) is actually a far larger organization. It also provides the majority of the intelligence material provided to the president daily. Matthew Aid’s The Secret Sentry: The Untold History of the National Security Agency tracks the history of the organization between the end of the Second World War and the recent past. While the book contains a fair bit of interesting information, it suffers from some significant flaws. Notably, it is very thin on technical detail, not written with a neutral point of view, and not always effective at putting the role of intelligence in context.

Aid’s book contains virtually no technical information on the main work of the NSA: codebreaking and traffic analysis. Confusingly, it doesn’t even clearly indicate that a properly implemented one-time-pad (OTP) is actually an entirely secure method of communication, if not a very convenient one. For those hoping to gain insight into the past or present capabilities of the NSA, this book is not helpful. It does provide some historical background on when the US was and was not able to read codes employed by various governments, but does not explore the reasons why that is. Is certainly doesn’t consider the kind of non-mathematical operations that often play a crucial role in overcoming enemy cryptography: whether that is exploiting mistakes in implementation, or ‘black bag’ operations where equipment and materials are stolen. On all these matters, David Khan’s book is a far superior resource. Personally, there is nothing I would rather know about the NSA than how successfully they can break public key encryption systems of the kind used in web browsers and commercial encryption software.

The Secret Sentry consists largely of brief biographies of NSA directors interspersed among accounts of the numerous conflicts with which the NSA has been involved. The most extensively described of these are the Vietnam War and the ongoing conflicts in Afghanistan and Iraq. The information on the Gulf of Tonkin incident is quite interesting, given the ways in which it shows how intelligence can be misused by politicians spoiling for a fight (as obviously happened again with Iraq in 2003). Indeed, some of the best information in the book concerns how intelligence can be both badly and poorly used. For example, it discusses how keeping sources and methods secret makes intelligence less credible in the eyes of those making choices partly based upon it. At the same time, having sources and methods revealed reduces the likelihood that current intelligence techniques will continue to work. On the politics surrounding intelligence, it was also interesting to read about how the NSA was involved in bugging UN officials and representatives during the lead-up to the 2003 invasion of Iraq. The book is also strong when it comes to providing examples of policy-makers ignoring intelligence advice that conflicts with what they want to believe – as well as explanations of why there was no prior warning before major events like the fall of the Soviet Union, the Yom Kippur War, or September 11th, 2001. Rather, it describes how the various bits of information that would have gone into such warnings were not pieced together and properly understood in time.

The book contains a number of errors and unclear statements that I was able to identify. In addition to the aforementioned matter of the cryptosecurity of the OTP, I think it is wrong to say that the 1983 marine barracks bombing in Lebanon was the world’s largest non-nuclear explosion. The Minor Scale and Misty Picture tests were larger – as was the Halifax Explosion. The term JDAM refers to a guidance kit that can be attached to regular bombs, not a kind of bunker buster. Also, GPS receivers determine their locations by measuring the amount of time signals from satellites take to reach them – they are not devices that automatically broadcast their own location in a way that can be triangulated by others. These errors make me fairly confident that the book contains others that I was not able to identify.

The book also has a somewhat perplexing structure. Roughly chronological, it is written in the form of little vignettes with headings. An example of the way this can seem disjointed is found in the chapter on the Reagan and Bush Senior administrations. One one page, it describes the tenure of William Odon as NSA director. It then jumps into short description of America’s signals intelligence (SIGINT) satellite technology at the time. Then, before the page is done, it jumps to the topic of Ronald Pelton selling NSA secrets to the Soviets. One sometimes gets the sense that the order of these chapter sub-units was jostled after they were written. Terms and abbreviations are sometimes explained well after their first use, and sometimes not at all. Bewilderingly, the Walker-Witworth spy ring is mentioned only in passing, in a single sentence, and yet is included in the index.

The Secret Sentry shows a lack of objectivity that becomes more acute as it progresses, culminating in tirades against the 2003 invasion of Iraq and the NSAs controversial domestic wiretap program. While there are certainly grounds for criticizing both, it is arguably the role of a historian to provide facts and analysis, rather than moral or legal judgments. It is also a bit odd to see the attack of one American armoured vehicle as ‘tragic’ while the destruction of large Iraqi military formations is discussed only in factual terms. It would also have been welcome for the book to include more information on how those outside the United States have perceived the NSA, and the SIGINT capabilities of states not allied with the US.

Perhaps a second edition will eventually correct some of this book’s flaws. That would be welcome, since the topic is an important one. While the record of the NSA at providing useful intelligence is checkered, it is almost certainly the most capable SIGINT organization in the world today. Its future actions will have implications for both the privacy of individuals and for geopolitics and future conflicts.

{ 20 comments… read them below or add one }

. November 2, 2009 at 9:36 am

Who’s in Big Brother’s Database?
By James Bamford
The Secret Sentry: The Untold History of the National Security Agency
by Matthew M. Aid

Bloomsbury, 423 pp., $30.00

On a remote edge of Utah’s dry and arid high desert, where temperatures often zoom past 100 degrees, hard-hatted construction workers with top-secret clearances are preparing to build what may become America’s equivalent of Jorge Luis Borges’s “Library of Babel,” a place where the collection of information is both infinite and at the same time monstrous, where the entire world’s knowledge is stored, but not a single word is understood. At a million square feet, the mammoth $2 billion structure will be one-third larger than the US Capitol and will use the same amount of energy as every house in Salt Lake City combined.

Unlike Borges’s “labyrinth of letters,” this library expects few visitors. It’s being built by the ultra-secret National Security Agency—which is primarily responsible for “signals intelligence,” the collection and analysis of various forms of communication—to house trillions of phone calls, e-mail messages, and data trails: Web searches, parking receipts, bookstore visits, and other digital “pocket litter.” Lacking adequate space and power at its city-sized Fort Meade, Maryland, headquarters, the NSA is also completing work on another data archive, this one in San Antonio, Texas, which will be nearly the size of the Alamodome.

Milan November 2, 2009 at 9:39 am

Some of the same events (such as acts of terrorism involving Hezbollah, Iran, and Libya) are discussed in Fred Burton’s Ghost: Confessions of a Counterterrorism Agent.

. November 2, 2009 at 11:18 am

“Prosecutors are using the FBI’s massive surveillance system, DCSNet, which stands for Digital Collection System Network. According to Wired magazine, this system connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It can be used to instantly wiretap almost any communications device in the U.S. — wireless or tethered. In other words, you and I have no privacy. The government can listen in on any call made in the continental U.S.”

. November 2, 2009 at 11:41 am

Blog index >> Cryptography

Milan November 2, 2009 at 4:19 pm

Lux Ex Umbra is a blog devoted to “Monitoring Canadian signals intelligence (SIGINT) activities past and present.”

. November 2, 2009 at 4:41 pm

Monday, May 25, 2009
Secret Power available online

Secret Power, investigative reporter Nicky Hager’s 1996 book on New Zealand’s SIGINT agency, the Government Communications Security Bureau (GCSB), has just become available online as a free download.

The GCSB is one of the five partner agencies in the UKUSA intelligence community. Secret Power was and is by far the most complete look inside the structure and workings of a UKUSA SIGINT agency, and it has also been the best single source of information on the infamous “ECHELON” system.

. November 2, 2009 at 4:58 pm

Wednesday, June 11, 2008
The fall and rise of cryptanalysis at CSE

Canada has been in the cryptanalysis business since the NRC Examination Unit was established in 1941. The CBNRC, now known as CSE, took over this cryptanalytic role on its inception in 1946.[1]

Cryptanalysis continued to play a prominent role in the CBNRC’s activities for more than a decade. However, during the late 1950s (probably November 1957), the organization for the most part abandoned its cryptanalytic effort against machine cipher systems: “The Communications Branch gradually got out of serious cryptanalysis. Worldwide improvements in cipher security made it too expensive.

coyote November 3, 2009 at 8:44 am

As a minor historical coda to your side-comment on the size of the marine barracks bombing – the 1964 Operation Snowball detonation at CFB Suffield, at 5oo tons of TNT, was probably also larger…

Milan November 3, 2009 at 9:39 am

The marine barracks bomb was apparently equivalent to 20,000 tonnes of TNT.

At least, that is the number Aid cites. The Wikipedia page uses the far lower figure of 5.4 tonnes of TNT.

Aid’s figure might be an error.

R.K. November 3, 2009 at 12:40 pm

While there are certainly grounds for criticizing both, it is arguably the role of a historian to provide facts and analysis, rather than moral or legal judgments.

The further back something is in the past, the easier it is to analyze it in an accurate and dispassionate way. The old joke about it being too early to say what the effects of the French Revolution are seems appropriate here. The passage of time not only provides more information with which to judge consequences. It also creates emotional distance compatible with objectie thinking.

Milan November 3, 2009 at 4:23 pm

Sometimes, it seems like history written while feelings are still fresh has a kind of validity that vanishes with enough time and distance. Compare our thinking on the Rwandan genocide, Holocaust, and ancient historical massacres, for instance. Who today really feels appalled by Genghis Khan, the sacking of Carthage, etc?

. February 8, 2010 at 5:24 pm

“The Washington Post reported on Thursday that the U.S. National Security Administration (NSA) — the U.S. intelligence agency specializing in cryptology — plans to partner with U.S. Internet company Google. The deal is still in the works, but the report — the first official and publicly acknowledged cooperation between the two entities — comes in the wake of what appears to have been a major breach of Google’s security, with hacking attempts that were apparently able to deeply penetrate Google’s defenses. Google believes the attacks emanated from China.

The NSA-Google partnership is a natural one. Google is the world’s largest search engine and the largest information aggregate. Conversely, the NSA is the world’s largest electronic data analysis organization. Together they boast an enormous capacity to monitor and influence the Internet. In the face of cyber threats, Google stands to benefit a great deal from the NSA’s capacity to process information. The NSA can help Google analyze enormous amounts of data to diagnose security breaches and head off future assaults.

The partnership is equally important for the United States. Cyberspace joins with sea and space in what has now been collectively termed the “global commons.” But cyberspace presents new challenges for ensuring the same sort of freedom of action the United States has come to enjoy on the high seas. In a world where information technology drives business and facilitates trade, a stable, functional and reliable cyberspace is a critical national security issue.

For countries around the world, this possible partnership will be seen as both a blessing and a concern. The United States has the most technological and financial resources to dedicate to the stability of Internet communication. And the Internet is as critical to most countries — particularly developed countries — as it is for the United States.

The converse, of course, is that countries such as China will worry about the security implications of such a powerful partnership between Google and the U.S. intelligence community. And while many have decried the possibility that the NSA would gain unprecedented access to information on domestic users, the NSA is specifically designed to target international data — making this agreement much more important for foreign governments than for domestic actors.”

. March 9, 2010 at 9:44 am

NSA Still Ahead In Crypto, But Not By Much

“Network World summarizes an RSA Conference panel discussion in which former NSA technical director Brian Snow said that cryptographers for the NSA have been losing ground to their counterparts in universities and commercial security vendors for 20 years, but still maintain the upper hand in the sophistication of their crypto schemes and in their ability to decrypt. ‘I do believe NSA is still ahead, but not by much — a handful of years,’ says Snow. ‘I think we’ve got the edge still.’ Snow added that that in the 1980s there was a huge gap between what the NSA could do and what commercial encryption technology was capable of. ‘Now we are very close together and moving very slowly forward in a mature field.’ The NSA has one key advantage (besides their deep staff of Ph.D. mathematicians and other cryptographic experts who work on securing traffic and breaking codes): ‘We cheat. We get to read what [academics] publish. We do not publish what we research,’ he said. Snow’s claim of NSA superiority seemed to rankle some members on the panel. Adi Shamir, the “S” in the RSA encryption algorithm. said that when the titles of papers in NSA technical journals were declassified up to 1983, none of them included public key encryption; ‘That demonstrates that NSA was behind,’ said Shamir. Snow replied that when technologies are developed separately in parallel, the developers don’t necessarily use the same terms for them.”

James M. Van Orden May 20, 2010 at 9:28 pm

The text and titles of the vignettes appear disjointed because the book is written in code; the Morticia quote should have been a “dead” giveaway.

. July 21, 2010 at 3:12 pm

“The National Security Agency, which conducts worldwide electronic surveillance, hires private firms to come up with most of its technological innovations. The NSA used to work with a small stable of firms; now it works with at least 484 and is actively recruiting more.”

. July 21, 2010 at 3:26 pm

“In the clusters of Top Secret America, a company lanyard attached to a digital smart card is often the only clue to a job location. Work is not discussed. Neither are deployments. Debate about the role of intelligence in protecting the country occurs only when something goes wrong and the government investigates, or when an unauthorized disclosure of classified information turns into news.

The existence of these clusters is so little known that most people don’t realize when they’re nearing the epicenter of Fort Meade’s, even when the GPS on their car dashboard suddenly begins giving incorrect directions, trapping the driver in a series of U-turns, because the government is jamming all nearby signals.

Once this happens, it means that ground zero – the National Security Agency – is close by. But it’s not easy to tell where. Trees, walls and a sloping landscape obscure the NSA’s presence from most vantage points, and concrete barriers, fortified guard posts and warning signs stop those without authorization from entering the grounds of the largest intelligence agency in the United States.

Beyond all those obstacles loom huge buildings with row after row of opaque, blast-resistant windows, and behind those are an estimated 30,000 people, many of them reading, listening to and analyzing an endless flood of intercepted conversations 24 hours a day, seven days a week.

From the road, it’s impossible to tell how large the NSA has become, even though its buildings occupy 6.3 million square feet – about the size of the Pentagon – and are surrounded by 112 acres of parking spaces. As massive as that might seem, documents indicate that the NSA is only going to get bigger: 10,000 more workers over the next 15 years; $2 billion to pay for just the first phase of expansion; an overall increase in size that will bring its building space throughout the Fort Meade cluster to nearly 14 million square feet.

The NSA headquarters sits on the Fort Meade Army base, which hosts 80 government tenants in all, including several large intelligence organizations.

Together, they inject $10 billion from paychecks and contracts into the region’s economy every year – a figure that helps explain the rest of the Fort Meade cluster, which fans out about 10 miles in every direction.”

. March 23, 2011 at 10:30 pm

Fearing that a powerful U.S. spy agency is listening in, a group of activists and journalists – including Canadian Naomi Klein – has persuaded a New York appeals court that it is reasonable to assume their phone and e-mail conversations are being monitored. The ruling finds that new U.S. surveillance laws are so broad as to compel certain professionals to protect their sensitive conversations. Otherwise, their dialogues with sources – such as radicals, dissidents and alleged terrorists overseas – might well be overheard.

“The plaintiffs have good reason to believe that their communications, in particular, will fall within the scope of the broad surveillance that they can assume the government will conduct,” reads the ruling from the Second Circuit appeals court in New York.

The ruling highlighting growing U.S. “signals-intelligence” – or SigInt – practices stops short of confirming any such spying. But it is a rare judicial nod to fears that laws governing “foreign” surveillance practices have been watered down to the point of permitting disturbing dragnets.

The plaintiffs – which include Human Rights Watch, Amnesty International and several journalists including Ms. Klein – now have the legal standing to challenge the post-9/11 surveillance laws. A lower court had found their concerns “too abstract” and tossed out the suit.

The American Civil Liberties Union is leading the suit.

The U.S. National Security Agency is the most powerful SigInt body in the world. Its interception technologies are growing increasingly sophisticated even as U.S. spymasters have exploited legal loopholes to permit more spying.

The Second Circuit ruling explains that while U.S. citizenry as a whole has little to fear, the plaintiffs are hardly paranoid if they take precautions to safeguard sources. “Fears of surveillance are by no means based on ‘mere conjecture,’ delusional fantasy or unfounded speculation,” the ruling says.

. June 10, 2011 at 9:12 pm

The Secret Sharer
Jane Mayer / New Yorker / May 2011

How Thomas Drake, senior executive at the NSA, came to face some of the gravest charges that can be brought against an American citizen.

anon September 6, 2013 at 4:46 pm

NSA surveillance: A guide to staying secure

The NSA has huge capabilities – and if it wants in to your computer, it’s in. With that in mind, here are five ways to stay safe

Bruce Schneier, Friday 6 September 2013 14.09 BST

The primary way the NSA eavesdrops on internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other “partners” around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake.

If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all.

. May 8, 2017 at 11:08 am

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking tools and documents from about three years ago. They continued to do so this year — ­five sets of files in all­ — and have implied that more classified documents are to come. We don’t know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA’s TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a “script” directory and working attack notes. We’re not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.

That explanation stopped making sense after the latest Shadow Brokers release, which included attack tools against Windows, PowerPoint presentations, and operational notes — ­documents that are definitely not going to be on an external NSA staging server. A credible theory, which I first heard from Nicholas Weaver, is that the Shadow Brokers are publishing NSA data from multiple sources. The first leaks were from an external staging server, but the more recent leaks are from inside the NSA itself.

So what happened? Did someone inside the NSA accidentally mount the wrong server on some external network? That’s possible, but seems very unlikely. Did someone hack the NSA itself? Could there be a mole inside the NSA, as Kevin Poulsen speculated?

Leave a Comment

{ 1 trackback }

Previous post:

Next post: