Category Archives: CRYPTOME

Unveiled Donald Trumps business activities in Russia and Kremlin – TOP SECRET

 

Transcription of PDF reportedly prepared by Christopher Steele.

https://cryptome.org/2017/01/steele-trump.pdf

Contents added and arranged in chronological order.

Reports here: 080, 086, 094, 095, 097, 100, 101, 102, 105, 111, 112, 113, 130, 134, 136, 166.

Leads to 149 missing reports welcomed: send to cryptome[at]earthlink.net


Contents

COMPANY INTELLIGENCE REPORT 2016/080

US PRESIDENTIAL ELECTION: REPUBLICAN CANDIDATE DONALD TRUMP’S ACTIVITIES IN RUSSIA AND COMPROMISING RELATIONSHIP WITH THE KREMLIN

20 June 2016


COMPANY INTELLIGENCE REPORT 2016/086

RUSSIA/CYBER CRIME: A SYNOPSIS OF RUSSIAN STATE SPONSORED AND OTHER CYBER OFFENSIVE (CRIMINAL) OPERATIONS

26 July 2015


COMPANY INTELLIGENCE REPORT 2016/094

RUSSIA: SECRET KREMLIN MEETINGS ATTENDED BY TRUMP ADVISOR, CARTER PAGE IN MOSCOW (JULY 2016)

19 July 2016


COMPANY INTELLIGENCE REPORT 2016/095

RUSSIA/US PRESIDENTIAL ELECTION: FURTHER INDICATIONS OF EXTENSIVE CONSPIRACY BETWEEN TRUMP’S CAMPAIGN TEAM AND THE KREMLIN

No Date


COMPANY INTELLIGENCE REPORT 2016/097

RUSSIA-US PRESIDENTIAL ELECTION: KREMLIN CONCERN THAT POLITICAL FALLOUT FROM DNC E-MAIL HACKING AFFAIR SPIRALLING OUT OF CONTROL

30 July 2016


COMPANY INTELLIGENCE REPORT 2016/100

RUSSIA/USA: GROWING BACKLASH IN KREMLIN TO DNC HACKING AND TRUMP SUPPORT OPERATIONS

5 August 2016


COMPANY INTELLIGENCE REPORT 2016/101

RUSSIA/US PRESIDENTIAL ELECTION: SENIOR KREMLIN FIGURE OUTLlNES EVOLVING RUSSIAN TACTICS IN PRO-TRUMP, ANTI-CLINTON OPERATION

10 August 2016


COMPANY INTELLIGENCE REPORT 2016/102

RUSSIA/US PRESIDENTIAL ELECTION: REACTION IN TRUMP CAMP TO RECENT NEGATIVE PUBLICITY ABOUT RUSSIAN INTERFERENCE AND LIKELY RESULTING TACTICS GOING FORWARD

10 August 2016


COMPANY INTELLIGENCE REPORT 2016/105

RUSSIA/UKRAINE: THE DEMISE OF TRUMP’s CAMPAIGN MANAGER PAUL MANAFORT

22 August 2016


COMPANY INTELLIGENCE REPORT 2016/111

RUSSIA/US: KREMLIN FALLOUT FROM MEDIA EXPOSURE OF MOSCOW’S INTERFERENCE IN THE US PRESIDENTIAL CAMPAIGN

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/112

RUSSIA/US PRESIDENTIAL ELECTION: KREMLIN-ALPHA GROUP CO­OPERATION

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/113

RUSSIA/US PRESIDENTIAL ELECTION: REPUBLICAN CANDIDATE TRUMP’S PRIOR ACTIVITIES IN ST PETERSBURG

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/130

RUSSIA: KREMLIN ASSESSMENT OF TRUMP AND RUSSIAN INTERFERENCE IN US PRESIDENTIAL ELECTION

12 October 2016


COMPANY INTELLIGENCE REPORT 2016/134

RUSSIA/PRESIDENTIAL ELECTION: FURTHER DETAILS OF KREMLIN LIAISON WITH TRUMP CAMPAIGN

No Date


COMPANY INTELLIGENCE REPORT 2016/135

RUSSIA/US PRESIDENTIAL ELECTION: THE IMPORTANT ROLE OF TRUMP LAWYER, COHEN IN CAMPAIGN’S SECRET LIAISON WITH THE KREMLIN

19 October 2016


COMPANY INTELLIGENCE REPORT 2016/136

RUSSIA/US PRESIDENTIAL ELECTION: FURTHER DETAILS OF TRUMP LAWYER COHEN’S SECRET LIAISON WITH THE KREMLIN

20 October 2016


COMPANY INTELLIGENCE REPORT 2016/166

US/RUSSIA: FURTHER DETAILS OF SECRET DIALOGUE BETWEEN TRUMP CAMPAIGN TEAM, KREMLIN AND ASSOCIATED HACKERS IN PRAGUE

13 December 2016

_________________________________________________________________

CONFIDENTIAL/SENSITIVE SOURCE

COMPANY INTELLIGENCE REPORT 2016/080

US PRESIDENTIAL ELECTION: REPUBLICAN CANDIDATE DONALD TRUMP’S ACTIVITIES IN RUSSIA AND COMPROMISING RELATIONSHIP WITH THE KREMLIN

Summary

– Russian regime has been cultivating, supporting and assisting TRUMP for at least 5 years. Aim, endorsed by PUTIN, has been to encourage splits and divisions in western alliance- So far TRUMP has declined various sweetener real estate business deals offered him in Russia in order to further the Kremlin’s cultivation of him. However he and his inner circle have accepted a regular flow of intelligence from the Kremlin, including on his Democratic and other political rivals

– Former top Russian intelligence officer claims FSB has compromised TRUMP through his activities in Moscow sufficiently to be able to blackmail him. According to several knowledgeable sources, his conduct in Moscow has included perverted sexual acts which have been arranged/monitored by the FSB

– A dossier of compromising material on Hillary CLINTON has been collated by the Russian Intelligence Services over many years and mainly comprises bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct. The dossier is controlled by Kremlin spokesman, PESKOV, directly on PUTIN’s orders. However it has not as yet been distributed abroad, including to TRUMP. Russian intentions for its deployment still unclear

Detail

1. Speaking to a trusted compatriot in June 2016 sources A and B, a senior Russian Foreign Ministry figure and a former top level Russian intelligence officer still active inside the Kremlin respectively, the Russian authorities had been cultivating and supporting US Republican presidential candidate, Donald TRUMP for at least 5 years. Source B asserted that the TRUMP operation was both supported and directed by Russian President Vladimir PUTIN. Its aim was to sow discord and disunity both within the US itself, but more especially within the Transatlantic alliance which was viewed as inimical to Russia’s interests. Source C, a senior Russian financial said the TRUMP operation should be seen in terms of PUTIN’s desire to return to Nineteenth Century ‘Great Power’ politics anchored upon countries’ interests rather than the ideals-based international order established after World War Two. S/he had overheard PUTIN talking in this way to close associates on severa1 occasions.

2. In terms of specifics, source A confided that he Kremlin had been feeding TRUMP and his team valuable Intelligence on his opponents, including Democratic presidential candidate Hillary CLINTON, for several years (see more below). This was confirmed by Source D, a close associate of TRUMP who had organized and managed his recent trips to Moscow, and who reported, also in June 2016, that this Russian intelligence had been “very helpful”. The Kremlin’ cultivation operation on TRUMP also had comprised of offering him various lucrative real estate development business deals in Russia, specially in relation to the ongoing 2018 World Cup soccer tournament. However, so far, for reasons unknown, TRUMP had not taken up any of these.

3. However, there were other aspects to TRUMP’s engagement with he Russian authorities. One which had borne fruit for them was to exploit TRUMP’s personal obsessions and sexual perversion in order to obtain suitable ‘kompromat’ (compromising material) on him. According to Source D, where s/he had been present, TRUMP’s (perverted) conduct in Moscow included hiring the presidential suite of the Ritz Carlton Hotel, where he knew President and Mrs OBAMA (whom he hated) had stayed on one of their official trips to Russia, and defiling the bed where they had slept by employing a number of prostitutes to perform a ‘golden showers’ [urination] show in front of him. The hotel was known to be under FSB control with microphones and concealed cameras in all the main rooms to record anything they wanted to.

4. The Moscow Ritz Carlton confirmed by Source E, [redaction of half sentence, 43 characters] who said that s/he and several of the staff were aware of it at the time and subsequently. S/he believed it had happened in 2013. Source E provided an introduction for a company ethnic Russian operative to Source F, a female staffer at the hotel when TRUMP had stayed there, who also confirmed the story. Speaking separately in June 2016, Source B, (the former top level Russian intelligence officer) asserted that TRUMP’s unorthodox behavior in Russia over the years had provided the authorities there with enough embarrassing material on the now Republican presidential candidate to be able to blackmail him if they so wished.

5. Asked about the Kremlin’s reported intelligence feed on TRUMP over recent years and rumours about a Russian dossier of ‘kompromat’ on Hillary CLINTON (being circulated), Source B confirmed the file’s existence. S/he confided in a trusted compatriot that it had been collated by Department K of the FSB for many years, dating back to her husband Bill’s presidency, and comprised mainly eavesdropped conversations of various sorts rather than details/evidence of unorthodox or embarrassing behavior. Some of the conversations were from bugged comments CLINTON had made on her various trips to Russia and focused on things she had said which contradicted her current position on various issues. Others were most probably from phone intercepts.

6. Continuing on this theme, Source G, a senior Kremlin official, confided that the CLINTON dossier was controlled exclusively by chief Kremlin spokesman. Dmitriy PESKOV, who was responsible for compiling/handling it on the explicit instructions of PUTIN himself. The dossier however had not as yet been made available abroad, including to TRUMP or his campaign team. At present it was unclear what PUTIN’s intentions were in this regard.

20 June 2016


COMPANY INTELLIGENCE REPORT 2016/086

RUSSIA/CYBER CRIME: A SYNOPSIS OF RUSSIAN STATE SPONSORED AND OTHER CYBER OFFENSIVE (CRIMINAL) OPERATIONS

Summary

– Russia has extensive programme of state-sponsored offensive cyber operations. External targets include foreign governments and big corporations, especially banks. FSB leads on cyber within Russian apparatus. Limited success in attacking top foreign targets like G7 governments, security services and IFIs but much more on second tier ones through IT back doors, using corporate and other visitors to Russia- FSB often uses coercion and blackmail to recruit most capable cyber operatives in Russia into its state-sponsored programmes. Heavy use also, both wittingly and unwittingly, of CIS emigres working in western corporations and ethnic Russians employed by neighbouring governments e.g. Latvia.

– Example cited of successful Russian cyber operation targeting senior Western business visitor. Provided back door into important Western institutions.

– Example given of US citizen of Russian origin approached by FSB and offered incentive of “Investment” in his business when visiting Moseow.

– Problems however for Russian authorities themselves in countering local hackers and cyber criminals, operating outside state control. Central Bank claims there were over 20 serious attacks on correspondent accounts held by CBR in 2015, comprising Roubles several billion in fraud

Some details given of leading non-state Russian cyber criminal groups

Details

1. Speaking in June 2016, a number of Russian figures with a detailed knowledge of national cyber crime, both state-sponsored and otherwise, outlined the current situation in this area. A former senior intelligence officer divided Russian state-sponsored offensive cyber operations into four categories (in order of priority):- targeting foreign, especially western governments; penetrating leading foreign business corporations, especially banks: domestic monitoring of the elite; and attacking political opponents both at home and abroad. The former intelligence officer reported that the Federal Security Service (FSB) was the lead organization within the Russian state apparatus for cyber operations.

2. In terms of the success of Russian offensive cyber operations to date, a senior government figure reported that there had been only limited success in penetrating the “first tier” foreign targets. These comprised western (especial1y G7 and NATO) governments, security and intelligence services and central banks, and the IFIs. To compensate for this shortfall, massive effort had been invested, with much greater success. in attacking the “secondary targets”, particularly western private banks and the governments of smaller states allied to the West. S/he mentioned Latvia in this regard. Hundreds of agents, either consciously cooperating with the FSB or whose personal and professional IT systems had been unwittingly compromised, were recruited. Many were people who had ethnic and family ties to Russia and/or had been incentivized financially to cooperate. Such people often would receive monetary inducements or contractual favours from the Russian state or its agents in return. This had created difficulties for parts of the Russian state apparatus in obliging/indulging them e.g. the Central Bank of Russia knowingly having to cover up for such agents’ money laundering operations through the Russian financial system.

3. In terms of the FSB’s recruitment of capable cyber operatives to carry out its, ideally deniable, offensive cyber operations, a Russian IT specialist with direct knowledge reported in June 2016 that this was often done using coercion and blackmail. In terms of ‘foreign’ agents, the FSB was approaching US citizens of Russian (Jewish) origin on business trips to Russia. In one case a US citizen of Russian ethnicity had been visiting Moscow to attract investors in his new information technology program. The FSB clearly knew this and had offered to provide seed capital to this person in return for them being able to access and modify his IP, with a view to targeting priority foreign targets by planting a Trojan virus in the software. The US visitor was told this was common practice. The FSB also had implied significant operational success as a result of installing cheap Russian IT games containing their own malware unwittingly by targets on their PCs and other platforms.

4. In a more advanced and successful FSB operation, an IT operator inside a leading Russian SOE, who previously had been employed on conventional (defensive) IT work there, had been under instruction for the last year to conduct an offensive cyber operation against a foreign director of the company. Although the latter was apparently an infrequent visitor to Russia, the FSB now successfully had penetrated his personal IT and through this had managed to access various important institutions in the West through the back door.

5. In terms of other technical IT platforms, an FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.

6. The senior Russian government figure cited above also reported that non-state sponsored cyber crime was becoming an increasing problem inside Russia for the government and authorities there. The Central Bank of Russia claimed that in 2015 alone there had been more than 20 attempts at serious cyber embezzlement of money from corresponding accounts held there, comprising several billions Roubles. More generally, s/he understood there were circa 15 major organised crime groups in the country involved in cyber crime, all of which continued to operate largely outside state and FSB control. These included the so-called ‘Anunak’, ‘Buktrap’ and ‘Mete!’ organisations.

26 July 2015


COMPANY INTELLIGENCE REPORT 2016/094

RUSSIA: SECRET KREMLIN MEETINGS ATTENDED BY TRUMP ADVISOR, CARTER PAGE IN MOSCOW (JULY 2016)

Summary

– TRUMP advisor Carter PAGE holds secret meetings in Moscow with SECHIN and senior Kremlin Internal Affairs official, DIVYEKIN- SECHIN raises issues of future bilateral US-Russia energy co-operation and associated lifting of western sanctions against Russia over Ukraine. PAGE non-committal in response

– DIVEYKIN discusses release of Russian dossier of ‘kompromat’ on TRUMP’s opponent, Hillary CUNTON, but also hints at Kremlin possession of such material on TRUMP

Detail

1. Speaking in July 2016, a Russian source close to Rosneft President, PUTIN close associate and US-sanctioned individual, Igor SECHIN, confided the details of a recent secret meeting between hirn and visiting Foreign Affairs Advisor to Republican presidential candidate Donald TRUMP, Carter PAGE.

2. According to SECHIN’s associate, the Rosneft President (CEO) had raised with PAGE the issues of future bilateral energy cooperation and prospects for an associated move to lift Ukraine-related western sanctions against Russia. PAGE had reacted positively to this demarche by SECHIN but had been generally non-committal in response.

3. Speaking separately, also in July 2016, an official close to Presidential Administration Head, S. IVANOV, confided in a compatriot that a senior colleague in the Internal Political Department of the PA, DIVYEKIN (nfd) also had met secretly with PAGE on his recent visit. Their agenda had included DIVEYKIN raising a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.

4. However, the Kremlin official dose to S. IVANOV added that s/he believed DIVEYKIN also had hinted (or indicated more strongly) that the Russian leadership also had ‘kornpromat’ on TRUMP which the latter should bear in mind in his dealings with them.

19 July 2016


COMPANY INTELLIGENCE REPORT 2016/095

RUSSIA/US PRESIDENTIAL ELECTION: FURTHER INDICATIONS OF EXTENSIVE CONSPIRACY BETWEEN TRUMP’S CAMPAIGN TEAM AND THE KREMLIN

Summary

– Further evidence of extensive conspiracy between TRUMP’s campaign team and Kremlin, sanctioned at highest levels and involving Russian diplomatic staff based in the US- TRUMP associate admits Kremlin behind recent appearance of DNC e­mails on WikiLeaks, as means of maintaining plausible deniability

– Agreed exchange of information established in both directions. TRUMP’s team using moles within DNC and hackers in the US as well as outside in Russia. PUTIN motivated by fear and hatred of Hillary CLINTON. Russians receiving intel from TRUMP’s team on Russian oligarchs and their families in US

– Mechanism for transmitting this intelligence involves “pension” disbursements to Russian emigres living in US as cover, using consular officials in New York, DC and Miami

– Suggestion from source close to TRUMP and MANAFORT that Republican campaign team happy to have Russia as media bogeyman to mask more extensive corrupt business ties to China and other emerging countries

Detail

1. Speaking in confidence to a compatriot in late July 2016, Source E, an ethnic Russian close associate of Republican US presidential candidate Donald TRUMP, admitted that there was a well-developed conspiracy of co-operation between them and the Russian leadership. This was managed on the TRUMP side by the Republican candidate’s campaign manager, Paul MANAFORT, who was using foreign policy advisor, Carter PAGE, and others as intermediaries. The two sides had a mutual interest in defeating Democratic presidential candidate Hillary CLINTON, whom President PUTIN apparently both hated and feared.

2. Inter alia, Source E, acknowledged that the Russian regime had been behind the recent leak of embarrassing e-mail messages, emanating from the Democratic National Committee (DNC), to the WikiLeaks platform. The reason for using WikiLeaks was “plausible deniability” and the operation had been conducted with the full knowledge and support of TRUMP and senior members of his campaign team. In return the TRUMP team had agreed to sideline Russian intervention in Ukraine as a campaign issue and to raise US/NATO defence commitments in the Baltics and Eastern Europe to deflect attention away from Ukraine, a priority for PUTIN who needed to cauterise the subject.

3. In the wider context of TRUMP campaign/Kremlin co-operation, Source E claimed that the intelligence network being used against CLINTON comprised three elements. Firstly there were agents/facilitators within the Democratic Party structure itself; secondly Russian emigre and associated offensive cyber operators based in the US; and thirdly, state­sponsored cyber operatives working in Russia. All three elements had played an important role to date. On the mechanism for rewarding relevant assets based in the US, and effecting a two-way flow of intelligence and other useful Information, Source E claimed that Russian diplomatic staff in key cities such as New York, Washington DC and Miami were using the emigre ‘pension’ distribution system as cover. The operation therefore depended on key people in the US Russian emigre community for its success. Tens of thousands of dollars were involved.

4. In terms of the intelligence flow from the TRUMP team to Russia, Source E reported that much of this concerned the activities of business oligarchs and their families’ activities and assets in the US, with which PUTIN and the Kremlin seemed preoccupied.

5. Commenting on the negative media publicity surrounding alleged Russian interference in the US election campaign in support of TRUMP, Source E said he understood that the Republican candidate and his team were relatively relaxed about this because it deflected media and the Democrats’ attention away from TRUMP’s business dealings in China and other emerging markets. Unlike in Russia, these were substantial and involved the payment of large bribes and kickbacks which, were they to become public, would be potentially very damaging to their campaign.

6. Finally, regarding TRUMP’s claimed minimal investment profile in Russia, a separate source with direct knowledge said this had not been for want of trying. TRUMP’s previous efforts had included exploring the real estate sector in St Petersburg as well as Moscow but in the end TRUMP had had to settle for the use of extensive sexual services there from local prostitutes rather than business success.


COMPANY INTELLIGENCE REPORT 2016/097

RUSSIA-US PRESIDENTIAL ELECTION: KREMLIN CONCERN THAT POLITICAL FALLOUT FROM DNC E-MAIL HACKING AFFAIR SPIRALLING OUT OF CONTROL

Summary

– Kremlin concerned that political fallout from DNC e-mail hacking operation is spiralling out of contro!. Extreme nervousness among TRUMP’s associates as result of negative media attention/accusations- Russians meanwhile keen to cool situation and maintain ‘plausible deniability’ of existing /ongoing pro-TRUMP and anti-CLINTON operations. Therefore unlikely to be any ratcheting up offensive plays in immediate future

– Source close to TRUMP campaign however confirms regular exchange with Kremlin has existed for at least 8 years, including intelligence fed back to Russia on oligarchs’ activities in US

– Russians apparently have promised not to use ‘kompromat’ they hold on TRUMP as leverage, given high levels of voluntary co-operation forthcoming from his team

Detail

1. Speaking in confidence to a trusted associate in late July 2016, a Russian emigre figure dose to the Republican US presidential candidate Donald TRUMP’s campaign team commented on the fallout from publicity surrounding the Democratic National Committee (DNC) e-mail hacking scandal. The emigre said there was a high level of anxiety within the TRUMP team as a result of various accusations levelled against them and indications from the Kremlin that President PUTIN and others in the leadership thought things had gone too far now and risked spiralling out of control.

2. Continuing on this theme, the emigre associate of TRUMP opined that the Kremlin wanted the situation to calm but for ‘plausible deniability’ to be maintained concerning its (extensive) pro-TRUMP and anti-CLINTON operations. S/he therefore judged that it was unlikely these would be ratcheted up, at least for the time being.

3. However, in terms of established operational liaison between the TRUMP team and the Kremlin, the emigre confirmed that an intelligence exchange had been running between them for at least 8 years. Within this context PUTIN’s priority requirement had been for intelligence on the activities, business and otherwise, in the US of leading Russian oligarchs and their families. TRUMP and his associates duly had obtained and supplied the Kremlin with this information.

4. Finally, the emigre said s/he understood the Kremlin had more intelligence on CLINTON and her campaign but he did not know the details or when or if it would be released. As far as ‘kompromat’ (compromising information) on TRUMP were concerned, although there was plenty of this, he understood the Kremlin had given its word that it would not be deployed against the Republican presidential candidate given how helpful and co-operative his team had been over several years, and particularly of late.

30 July 2016


COMPANY INTELLIGENCE REPORT 2016/100

RUSSIA/USA: GROWING BACKLASH IN KREMLIN TO DNC HACKING AND TRUMP SUPPORT OPERATIONS

Summary

– Head of PA IVANOV laments Russian intervention in US presidential election and black PR against CLINTON and the DNC. Vows not to supply intelligence to Kremlin PR operatives again. Advocates now sitting tight and denying everything- Presidential spokesman PESKOV the main protagonist in Kremlin campaign to aid TRUMP and damage CLINTON. He is now scared and fears being made scapegoat by leadership for backlash in US. Problem compounded by his botched intervention in recent Turkish crisis

– Premier MEDVEDEV’s office furious over DNC hacking and associated anti-Russian publicity. Want good relations with US and ability to travel there. Refusing to support or help cover up after PESKOV

– Talk now in Kremlin of TRUMP withdrawing from presidential race altogether, but this still largely wishful thinking by more liberal elements in Moscow

Detail

1. Speaking in early August 2016, two well-placed and established Kremlin sources outlined the divisions and backlash in Moscow arising from the leaking of Democratic National Committee (DNC) e-mails and the wider pro-TRUMP operation being conducted in the US. Head of Presidential Administration, Sergei IVANOV, was angry at the recent turn of events. He believed the Kremlin “team” involved, led by presidential spokesman Dmitriy PESKOV, had gone too far in interfering in foreign affairs with their “elephant in a china shop black PR”. IVANOV claimed always to have opposed the handling and exploitation of intelligence by this PR “team”. Following the backlash against such foreign interference in US politics, IVANOV was advocating that the only sensible course of action now for the Russian leadership was to “sit tight and deny everything”.

2. Continuing on this theme the source close to IVANOV reported that PESKOV now was “scared shitless” that he would be scapegoated by PUTIN and the Kremlin and held responsible for the backlash against Russian political interference in the US election. IVANOV was determined to stop PESKOV playing an independent role in relation to the US going forward and the source fully expected the presidential spokesman now to lay low. PESKOV’s position was not helped by a botched attempt by him also to interfere in the recent failed coup in Turkey from a governrnent relations (GR) perspective (no further details).

3. The extent of disquiet and division within Moscow caused by the backlash against Russian interference in the US election was underlined by a second source, close to premier Dmitriy MEDVEDEV (DAM). S/he said the Russian prime minister and his colleagues wanted to have good relations with the US, regardless of who was in power there, and not least so as to be able to travel there in future, either officially or privately. They were openly refusing to cover up for PESKOV and others involved in the DNC/TRUMP operations or to support his counter-attack of allegations against the USG for its alleged hacking of the Russian government and state agencies.

4. According to the first source, close to IVANOV, there had been talk in the Kremlin of TRUMP being forced to withdraw from the presidential race altogether as a result of recent events, ostensibly on grounds of his psychological state and unsuitability for high office. This might not be so bad for Russia in the circumstances but in the view of the source, it remained largely wishful thinking on the part of those in the regime opposed to PESKOV and his “botched” operations, at least for the time being.

5 August 2016


COMPANY INTELLIGENCE REPORT 2016/101

RUSSIA/US PRESIDENTIAL ELECTION: SENIOR KREMLIN FIGURE OUTLlNES EVOLVING RUSSIAN TACTICS IN PRO-TRUMP, ANTI-CLINTON OPERATION

Summary

– Head of PA, IVANOV assesses Kremlin intervention in US presidential election and outlines leadership thinking on operational way forward- No new leaks envisaged, as too politically risky, but rather further exploitation of (WikiLeaks) material already disseminated to exacerbate divisions

– Educated US youth to be targeted as protest (againstCLINTON) and swing vote in attempt to turn them over to TRUMP

– Russian leadership, including PUTIN, celebrating perceived success to date in splitting US hawks and elite

– Kremlin engaging with several high profile US players, including STEIN, PAGE and (former DIA Director Michael Flynn), and funding their recent visits to Moscow

Details

1. Speaking in confidence to a close colleague in early August 2016, Head of the Russian Presidential Administration (PA), Sergei IVANOV, assessed the impact and results of Kremlin intervention in the US presidential election to date. Although most commentators believed that the Kremlin was behind the leaked DNC/CLINTON e-mails, this remained technically deniable. Therefore the Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks. Rather the tactics would be to spread rumours and misinformation about the content of what already had been leaked and make up new content.

2. Continuing on this theme, IVANOV said that the audience to be targeted by such operations was the educated youth in America as the PA assessed that there was still a chance they could be persuaded to vote for Republican candidate Donald TRUMP as a protest against the Washington establishment (in the form of Democratic candidate Hillary CLINTON). The hope was that even if she won, as a result of this CLINTON in power would be bogged down in working for internal reconciliation in the US, rather than being able to focus on foreign policy which would damage Russia’s interests. This also should give President PUTIN more room for manoeuvre in the run-up to Russia’s own presidential election in 2018.

3. IVANOV reported that although the Kremlin had underestimated the strength of US media and liberal reaction to the DNC hack and TRUMP’s links to Russia, PUTIN was generally satisfied with the progress of the anti-CLINTON operation to date. He recently had had a drink with PUTIN to mark this. In IVANOV’s view, the US had tried to divide the Russian elite with sanctions but failed, whilst they, by contrast, had succeeded in splitting the US hawks inimical to Russia and the Washington elite more generally, half of whom had refused to endorse any presidential candidate as a result of Russian intervention.

4. Speaking separately, also in early August 2016, a Kremlin official involved in US relations commented on aspects of the Russian operation to date. Its goal had been threefold: asking sympathetic US actors how Moscow could help them; gathering relevant intelligence; and creating and disseminating compromising information (‘kompromat’). This had involved the Kremlin supporting various US political figures, including funding indirectly their recent visits to Moscow. S/he named a delegation from Lyndon LAROUCHE; presidential candidate Jill STEIN of the Green Party; TRUMP foreign policy adviser Carter PAGE; and former DIA Director Michael Flynn, in this regard and as successful in terms of perceived outcomes.

10 August 2016


COMPANY INTELLIGENCE REPORT 2016/102

RUSSIA/US PRESIDENTIAL ELECTION: REACTION IN TRUMP CAMP TO RECENT NEGATIVE PUBLICITY ABOUT RUSSIAN INTERFERENCE AND LIKELY RESULTING TACTICS GOING FORWARD

Summary

– TRUMP campaign insider reports recent DNC e-mail leaks were aimed at switching SANDER5 (protest) voters away from CLINTON and over to TRUMP- Admits Republican campaign underestimated resulting negative reaction from U5 liberals, elite and media a nd forced to cha nge course as result

– Need now to turn tables on CLINTON’s use of PUTIN as bogeyman in election, although some resentment at Russian president’s perceived attempt to undermine USG and system over and above swinging presidential election

Detail

1. Speaking in confidence on 9 August 2016, an ethnic Russian associate of Republican US presidential candidate Donald TRUMP discussed the reaction inside his camp, and revised tactics therein resulting from recent negative publicity concerning Moscow’s clandestine involvement in the campaign. TRUMP’s associate reported that the aim of leaking the DNC e-mails to WikiLeaks during the Democratic Convention had been to swing supporters of Bernie SANDERS away from Hillary CUNTON and across to TRUMP. These voters were perceived as activist and anti-status quo and anti-establishment and in that regard sharing many features with the TRUMP campaign, including a visceral dislike of Hillary CLINTON. This objective had been conceived and promoted, inter alia, by TRUMP’s foreign policy adviser Carter PAGE who had discussed it directly with the ethnic Russian associate.

2. Continuing on this theme, the ethnic Russian associate of TRUMP assessed that the problem was that the TRUMP campaign had underestimated the strength of the negative reaction from liberals and especially the conservative elite to Russian interference. This was forcing a rethink and a likely change of tactics. The main objective in the short term was to check Democratic candidate Hillary CLINTON’s successful exploitation of the PUTIN as bogeyman/Russian interference story to tarnish TRUMP and bolster her own (patriotic) credentials. The TRUMP campaign was focusing on tapping into support in the American television media to achieve this, as they reckoned this resource had been underused by them to date.

3. However, TRUMP’s associate also admitted that there was a fair amount of anger and resentment within the Republican candidate’s team at what was perceived by PUTIN as going beyond the objective of weakening CUNTON and bolsteringTRUMP, by attempting to exploit the situation to undermine the US government and democratic system more generally. It was unclear at present how this aspect of the situation would play out in the weeks to come.

10 August 2016


COMPANY INTELLIGENCE REPORT 2016/105

RUSSIA/UKRAINE: THE DEMISE OF TRUMP’s CAMPAIGN MANAGER PAUL MANAFORT

Summary

– Ex-Ukrainian President YANUKOVYCH confides directly to PUTIN that he authorised kick-back payments to MANAFORT, as alleged in western media. Assures Russian President however there is no documentary evidence/trail- PUTIN and Russian leadership remain worried however and sceptical that YANUKOVYCH has fully covered the traces of these payments to TRUMP’s former campaign manager

– Close associate of TRUMP explains reasoning behind MANAFORT’s recent resignation. Ukraine revelations played part but others wanted MANAFORT out for various reasons, especially LEWANDOWSKI who remains influential

Detail

1. Speaking in late August 2016, in the immediate aftermath of Paul MANAFORT’s resignation as campaign manager for US Republican presidential candidate Donald TRUMP, a well-placed Russian figure reported on a recent meeting between President PUTIN and ex-President YANUKOVYCH of Ukraine. This had been held in secret on 15 August near Volgograd, Russia and the western media revelations about MANAFORT and Ukraine had featured prominently on the agenda. YANUKOVYCH had confided in PUTIN that he did authorise and order substantial kick-back payments to MANAFORT as alleged but sought to reassure him that there was no documentary trail left behind which could provide clear evidence of this.

2. Given YANUKOVYCH’s (unimpressive) record in covering up his own corrupt tracks in the past, PUTIN and others in the Russian leadership were sceptical about the ex-Ukrainian president’s reassurances on this as relating to MANAFORT. They therefore still feared the scandal had legs, especially as MANAFORT had been commercially active in Ukraine right up to the time (in March 2016) when he joined TRUMP’s campaign team. For them it therefore remained a point of potential political vulnerability and embarrassment.

3. Speaking separately, also in late August 2016, an American political figure associated with Donald TRUMP and his campaign outlined the reasons behind MANAFORT’s recent demise. S/he said it was true that the Ukraine corruption revelations had played a part in this but also, several senior players close to TRUMP had wanted MANAFORT out, primarily to loosen his control on strategy and policy formulation. Of particular importance in this regard was MANAFORT’s predecessor as campaign manager, Corey LEWANDOWSKI, who hated MANAFORT personally and remained close to TRUMP with whom he discussed the presidential campaign on a regular basis.

22 August 2016


COMPANY INTELLIGENCE REPORT 2016/111

RUSSIA/US: KREMLIN FALLOUT FROM MEDIA EXPOSURE OF MOSCOW’S INTERFERENCE IN THE US PRESIDENTIAL CAMPAIGN

Summary

– Russians do have further ‘kompromat’ on CLINTON (e-mails) and considering disseminating it after Duma (legislative elections) in late September. Presidential spokesman PESKOV continues to lead on this- Kremlin orders senior staff to remain silent in media and private on allegations of Russian interference in US presidential campaign

– Senior figure however confirms gist of allegations and reports IVANOV sacked as Head of Administration on account of giving PUTIN poor advice on issue. VAINO selected as his replacement partly because he was not involved in pro-TRUMP, anti-CLINTON operation/s

– However, equally important is Kremlin objective to shift policy consensus favourably to Russia in US post-OBAMA whoever wins. Both presidential candidates’ opposition to TPP and TTIP viewed as a result in this respect

– Senior Russian diplomat withdrawn from Washington embassy on account ofpotential exposure in US presidential election operation/s

Detail

1. Speaking in confidence to a trusted compatriot in mid-September 2016, a senior member of the Russian Presidential Administration (PA) commented on the political fallout from recent western media revelations about Moscow’s intervention, in favour of Donald TRUMP and against Hillary CLINTON, in the US presidential election. The PA official reported that the issue had become incredibly sensitive and that President PUTIN had issued direct orders that Kremlin and government insiders should not discuss it in public or even in private.

2. Despite this, the PA official confirmed, from direct knowledge, that the gist of the allegations was true. PUTIN had been receiving conflicting advice on interfering from three separate and expert groups. On one side had been the Russian ambassador to the US, Sergei KISLYAK, and the Ministry of Foreign Affairs, together with an independent and informal network run by presidential foreign policy advisor, Yuri USHAKOV (KISLYAK’s predecessor in Washington) who had urged caution and the potential negative impact on Russia from the operation/s. On the other side was former PA Head, Sergei IVANOV, backed by Russian Foreign Intelligence (SVR), who had advised PUTIN that the pro-TRUMP, anti­CLINTON operation/s would be both effective and plausibly deniable with little blowback. The first group/s had been proven right and this had been the catalyst in PUTIN’s decision to sack IVANOV (unexpectedly) as PA Head in August. His successor, Anton VAINO, had been selected for the job partly because he had not been involved in the US presidential election operation/s.

3. Continuing on this theme, the senior PA official said the situation now was that the Kremlin had further ‘komprornat’ on candidate CLINTON and had been considering releasing this via “plausibly deniable” channels after the Duma (legislative) elections were out of the way in mid­September. There was however a growing train of thought and associated lobby, arguing that the Russians could still make candidate CLINTON look “weak and stupid” by provoking her into railing against PUTIN and Russia without the need to release more of her e-mails. Presidential Spokesman, Dmitriy PESKOV remained a key figure in the operation, although any final decision on dissemination of further material would be taken by PUTIN himself.

4. The senior PA official also reported that a growing element in Moscow’s intervention in the US presidential election campaign was the objective of shifting the US political consensus in Russia’s perceived interests regardless of who won. It basically comprised of pushing candidate CUNTON away from President OBAMA’s policies. The best example of this was that both candidates now openly opposed the draft trade agreements, TPP and TTIP, which were assessed by Moscow as detrimental to Russian interests. Other issues where the Kremlin was looking to shift the US policy consensus were Ukraine and Syria. Overall however, the presidential election was considered still to be too close to call.

5. Finally, speaking separately to the same compatriot, a senior Russian MFA official reported that as a prophylactic measure, a leading Russian diplomat, Mikhail KULAGIN, had been withdrawn from Washington at short notice because Moscow feared his heavy involvement in the US presidential election operation, including the so-called veterans’ pensions ruse (reported previously), would be exposed in the media there. His replacement, Andrei BONDAREV however was clean in this regard.

Company Comment

The substance of what was reported by the senior Russian PA official in paras 1 and 2 above, including the reasons for Sergei IVANOV’s dismissal, was corroborated independently by a former top level Russian intelligence officer and Kremlin Insider, also in mid-September.

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/112

RUSSIA/US PRESIDENTIAL ELECTION: KREMLIN-ALPHA GROUP CO­ OPERATION

Summary

– Key intermediary in PUTIN-Alpha relationship identified as Oleg GOVORUN, currently Head of a Presidential Administration department but throughout the 19905, the Alpha executive who delivered illicit cash directly to PUTIN- Top level Russian official confirms current closeness of Alpha Group­ PUTIN relationship. Significant favours continue to be done in both directions and FRIDMAN and AVEN still giving informal advice to PUTIN, especially on the US

– PUTIN personally unbothered about Alpha’s current lack of investment in Russia but under pressure from colleagues over this and able to exploit it as lever over Alpha interlocutors

Detail

1. Speaking to a trusted compatriot in mid-September 2016, a top level Russian government official commented on the history and current state of relations between President PUTIN and the Alpha Group of businesses led by oligarchs Mikhail FRIDMAN, Petr AVEN and German KHAN. The Russian government figure reported that although they had had their ups and downs, the leading figures in Alpha currently were on very good terms with PUTIN. Significant favours continued to be done in both directions, primarily political ones for PUTIN and business/legal ones for Alpha. Also, FRIDMAN and AVEN continued to give informal advice to PUTIN on foreign policy, and especially about the US where he distrusted advice being given to him by officials.

2. Although FRIDMAN recently had met directly with PUTIN in Russia, much of the dialogue and business between them was mediated through a senior Presidential Administration official, Oleg GOVORUN, who currently headed the department therein responsible for Social Co-operation With the CIS. GOVORUN was trusted by PUTIN and recently had accompanied him to Uzbekistan to pay respects at the tomb of former president KARIMOV. However according to the top level Russian government official, during the 1990s GOVORUN had been Head of Government Relations at Alpha Group and in reality, the “driver” and “bag carrier” used by FRIDMAN and AVEN to deliver large amounts of illicit cash to the Russian president, at that time deputy Mayor of St Petersburg. Given that and the continuing sensitivity of the PUTIN-Alpha relationship, and need for plausible deniability, much of the contact between them was now indirect and entrusted to the relatively low profile GOVORUN.

3. The top level Russian government official described the PUTIN-Alpha relationship as both carrot and stick. Alpha held ‘kompromat’ on PUTIN and his corrupt business activities from the 1990s whilst although not personally overly bothered by Alpha’s failure to reinvest the proceeds of its TNK oil company sale into the Russian economy since, the Russian president was able to use pressure on this count from senior Kremlin colleagues as a lever on FRIDMAN and AVEN to make them do his political bidding.

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/113

RUSSIA/US PRESIDENTIAL ELECTION: REPUBLICAN CANDIDATE TRUMP’S PRIOR ACTIVITIES IN ST PETERSBURG

Summary

– Two knowledgeable St Petersburg sources claim Republican candidate TRUMP has paid bribes and engaged in sexual activities there but key witnesses silenced and evidence hard to obtain- Both believe Azeri business associate of TRUMP, Araz AGALAROV will know the details

Detail

1. Speaking to a trusted compatriot in September 2016, two well-placed sources based in St Petersburg, one in the political/business elite and the other involved in the loeal services and tourist industry, commented on Republican US presidential candidate Donald TRUMP’s prior activities in the city.

2. Both knew TRUMP had visited St Petersburg on several occasions in the past and had been interested in doing business deals there involving real estate. The local business/political elite figure reported that TRUMP had paid bribes there to further his interests but very discreetly and only through affiliated companies, making it very hard to prove. The local services industry source reported that TRUMP had participated in sex parties in the city too, but that all direct witnesses to this recently had been “silenced” i.e. bribed or coerced to disappear.

3. The two St Petersburg figures cited believed an Azeri business figure, Araz AGALAROV (with offices in Baku and London) had been closely involved with TRUMP in Russia and would know most of the details of what the Republican presidential candidate had got up to there.

14 September 2016


COMPANY INTELLIGENCE REPORT 2016/130

RUSSIA: KREMLIN ASSESSMENT OF TRUMP AND RUSSIAN INTERFERENCE IN US PRESIDENTIAL ELECTION

Summary

– Buyer’s remorse sets in with Kremlin over TRUMP support operation in US presidential election. Russian leadership disappointed that leaked e-mails on CLINTON have not had greater impact in campaign- Russians have injected further anti-CLINTON material into the ‘plausibly deniable’ leaks pipeline which will continue to surface, but best material already in public domain

– PUTIN angry with senior officials who “overpromised” on TRUMP and further heads likely to roll as result. Foreign Minister LAVIROV may be next

– TRUMP supported by Kremlin because seen as divisive anti-establishment candidate who would shake up current international status quo in Russia’s favor. Lead on TRUMP operation moved from Foreign Ministry to FSB and then to presidential administration where it now sits

Detail

1. Speaking separately in confidence to a trusted compatriot in early October 2016, a senior Russian leadership figure and a Foreign Ministry official reported on recent developments concerning the Kremlin’s operation to support Republican candidate Donald TRUMP in the US presidential election. The senior leadership figure said that a degree of buyer’s remorse was setting in among Russian leaders concerning TRUMP. PUTIN and his colleagues were surprised and disappointed that leaks of Democratic candidate, Hillary CLINTON’s hacked e-mails had not had greater impact on the campaign.

2. Continuing on this theme, the senior leadership figure commented that a stream of further hack CLINTON material already had been injected by the Kremlin into compliant western media outlets like WikiLeaks, which remained at leas “plausibly deniable”, so the stream of these would continue through October and up to the election. However s/he understood that the best material the Russians had already was out and there were no real game-changers to come.

3. The Russian Foreign Ministry official, who had direct access ot he TRUMP support operation, reported that PUTIN was angry at his subordinates “over-promising” on the Republican presidential candidate, both interms of his chances and reliability and being able to cover and/or contain the US backlash over Kremlin interference. More heads therefore were likely to roll, with the MFA the easiest target. Ironically, despite his consistent urging of caution on the issue, Foreign Minister LAVROV could be the next one to go.

4. Asked to explain why PUTIN and the Kremlin had launched such an aggressive TRUMP support operation in the first place, the MFA official said that Russian needed to upset the liberal international status quo, including on Ukraine-related sanctions, which was seriously disadvantaging the country. TRUMP was viewed as divisive in disrupting the whole US political sstem; anti-Establishment; and a pragmatist with whom they could do business. As the TRUMP support operation had gained momentum, control of it had passed from the MFA to the FSB and then into the presidential administration where it remained, a reflection of its growing significance over time. There was still a view in the Kremlin that TRUMP would continue as (divisive) political force even if he lost the presidency and may run for and be elected to another public office.

12 October 2016


COMPANY INTELLIGENCE REPORT 2016/134

RUSSIA/PRESIDENTIAL ELECTION: FURTHER DETAILS OF KREMLIN LIAISON WITH TRUMP CAMPAIGN

Summary

– Close associate of SECHIN confirms his secret meeting in Moscow with Carter PAGE in July- Substance included offer of large stake in Rosneft in return for lifting sanctions on Russia. PAGE confirms this is TRUMP’s intention

– SECHIN continued to think TRUMP would win presidency up to 17 October. Now looking to reorientate his engagement with the US

– Kremlin insider highlights importance of TRUMP’s lawyer, Michael COHEN’s covert relationship with Russia. COHEN’s wife is of Russian descent and her father a leading property developer in Moscow

Detail

1. Speaking to a trusted compatriot in mid October, a close associate of Rosneft President and PUTIN all Igor’ SECHIN elaborated on the reported secret meeting between the later and Carter PAGE, of US Republican presidential candidate’s foreign policy team, in Moscow in July 2016. The secret meeting had been confirmed to him/her by a senior member of SECHIN’s staff, in addition to by the Rosneft President himself. It took place on either 7 or 8 July, the same day or the one after Carter PAGE made a public speech to the Higher Economic School in Moscow.

2, In terms of the substance of their discussion, SECHIN’s associate said that the Rosneft President was so keen to lift personal and corporate western sanctions imposed on the company that he offered PAGE/TRUMP’s associate the brokerage of up to a 19 per cent (privatised) stake in Rosneft in return. PAGE had expressed interet and confirmed that were TRUMP elected US president, then sanctions on Russia would be lifted.

3. According to SECHIN’s close associate, the Rosneft President had continued to believe that TRUMP could win the US presidency right up to 17 October, when he assessed this was no longer possible. SECHIN was keen to re-adapt accordingly and put feelers out to other business and political contacts in the US instead.

4. Speaking separately to the same compatriot in mid-October 2016, a Kremlin insider with direct access to the leadership confirmed that a key role in the secret TRUMP campaign/Kremlin relationship was being played by the Re[publican candidate’s personal lawyer Michael COHEN. [redacted: two sentences]

Source Comment

5. SECHIN’s associate opined that although PAGE had not stated it explicitly to SECHIN, he had clearly implied that in terms of his comment on TRUMP’s intention to lifet Russian sanctions if elected president, he was speaking with the Republican candidate’s authority.

Company Comment

6. [Redacted: 4 full sentences]


COMPANY INTELLIGENCE REPORT 2016/135

RUSSIA/US PRESIDENTIAL ELECTION: THE IMPORTANT ROLE OF TRUMP LAWYER, COHEN IN CAMPAIGN’S SECRET LIAISON WITH THE KREMLIN

Summary

– Kremlin insider outlines important role played by TRUMP’s lawyer COHEN in secret liaison with Russian leadership- COHEN engaged with Russians in trying to cover up scandal of MANAFORT and exposure of PAGE and meets Kremlin officials secretly in the EU in August in pursuit of this goal.

– These secret contacts continue but are now farmed out to trusted agents in Kremlin-linked institutes so as to remain “plausibly deniable” for Russian regime

– Further confirmation that sacking of IVANOV and appointments of VAINO and KIRIYENKO linked to need to cover up Kremlin’s TRUMP support operation

Detail

1. Speaking in confidence to a longstanding compatriot friend in mid­ October 2016, a Kremlin insider highlighted the importance of Republican presidential candidate Donald TRUMP’s lawyer, Michael COHEN. In the ongoing secret liaison relationship between the New York tycoon’s campaign and the Russian leadership, COHEN’s role had grown following the departure of Paul MANNAFORT as TRUMP’s campaign manager in August 2016. Prior to that MANNAFORT had led for the TRUMP side.

2. According to the Kremlin insider, COHEN now was heavily engaged in a cover up and damage limitation operation in the attempt to prevent the full details of TRUMP’s relationship with Russia being exposed. In pursuit of this aim, COHEN had met secretly with several Russian Presidential Administration (PA) Legal Department officials in an EU country in August 2016. The immediate issues had been to contain further scandals involving MANNAFORT’s commercial and political role in Russia/Ukraine and to limit the damage arising from exposure of former TRUMP foreign policy advisor, Carter PAGE’s secret meetings with Russian leadership figures in Moscow the previous month. The overall objective had been to “to sweep it all under the carpet and make sure no connections could be fully established or proven”.

3. Things had become even “hotter” since August on the TRUMP-Russia track. According to the Kremlin insider, this had meant that direct contact between the TRUMP team and Russia had been farmed out by the Kremlin to trusted agents of influence working in pro-government policy institutes like that of Law and Comparative Jurisprudence. COHEN however continued to lead for the TRUMP team.

4. Referring back to the (surprise) sacking of Sergei IVAN OV as Head of PA in August 2016, his replacement by Anton VAINO and the appointment of former Russian premier Sergei KIRIYENKO to another senior position in the PA, the Kremlin insider repeated that this had been directly connected to the TRUMP support operation and the need to cover up now that it was being exposed by the USG and in the western media.

Company Comment

The Kremlin insider was unsure of the identities of the PA officials with whom COHEN met secretly in August, or the exact date/s and locations of the meeting/so There were significant internal security barriers being erected in the PA as the TRUMP issue became more controversial and damaging. However s/he continued to try to obtain these.

19 October 2016


COMPANY INTELLIGENCE REPORT 2016/136

RUSSIA/US PRESIDENTIAL ELECTION: FURTHER DETAILS OF TRUMP LAWYER COHEN’S SECRET LIAISON WITH THE KREMLIN

Summary

– Kremlin insider reports TRUMP lawyer COHEN’s secret meeting/s with Kremlin officials in August 2016 was/were held in Prague- Russian parastatal organisation Rossotrudnichestvo used as cover for this liaison and premises in Czech capital may have been used for the meeting/s

– Pro-PUTIN leading Duma figure, KOSACHEV, reportedly involved as “plausibly deniable” facilitator and may have participated in the August meeting/s with COHEN

Detail

1. Speaking to a compatriot and friend on 19 October 2016, a Kremlin insider provided further details of reported clandestine meeting/s between Republican presidential candidate, Donald TRUMP’s lawyer Michael COHEN and Kremlin representatives in August 2016. Although the communication between them had to be cryptic for security reasons, the Kremlin insider clearly indicated to his/her friend that the reported contact/s took place in Prague, Czech Republic.

2. Continuing on this theme, the Kremlin insider highlighted the importance of the Russian parastatal organisation, Rossotrudnichestvo, in this contact between TRUMP campaign representative/s and Kremlin officials. Rossotrudnichestvo was being used as cover for this relationship and its office in Prague may well have been used to host the COHEN/Russian Presidential Administration (PA) meeting/s. It was considered a “plausibly deniable” vehicle for this, whilst remaining entirely under Kremlin control.

3. The Kremlin insider went on to identify leading pro-PUTIN Duma figure, Konstantin KOSACHEV (Head of the Foreign Relations Committee) as an important figure in the TRUMP campaign-Kremlin liaison operation. KOSACHEV, also “plausibly deniable” being part of the Russian legislature rather than executive, had facilitated the contact in Prague and by implication, may have attended the meeting/s with COHEN there in August.

Company Comment

e reported previously, in our Company Intelligence Report 2016/135 of 19 October 2016 from the same source, that COHEN met officials from the PA Legal Department clandestinely in an EU country in August 2016. This was in order to clean up the mess left behind by western media revelations of TRUMP ex-campaign manager MANAFORT’s corrupt relationship with the former pro-Russian YANUKOVYCH regime in Ukraine and TRUMP foreign policy advisor, Carter PAGE’ s secret meetings in Moscow with senior regime figures in July 2016. According to the Kremlin advisor, these meeting/s were originally scheduled for COHEN in Moscow but shifted to what was considered an operationally “soft” EU country when it was judged too compromising for him to travel to the Russian capital.

20 October 2016


COMPANY INTELLIGENCE REPORT 2016/166

US/RUSSIA: FURTHER DETAILS OF SECRET DIALOGUE BETWEEN TRUMP CAMPAIGN TEAM, KREMLIN AND ASSOCIATED HACKERS IN PRAGUE

Summary

– TRUMP’s representative COHEN accompanied to Prague in August/September 2016 by 3 colleagues for secret discussions with Kremlin representatives and associated operators/hackers- Agenda included how to process deniable cash payments to operatives; contingency plans for covering up operations; and action in event of a CLINTON election victory

– Some further details of Russian representatives/operatives involved; Romanian hackers employed; and use of Bulgaria as bolt hole to “lie low”

– Anti-CLINTON hackers and other operatives paid by both TRUMP team and Kremlin, but with ultimate loyalty to Head of PA, IVANOV and his successor/s

Detail

1. We reported previously (2016/135 and /136) on secret meeting/s held in Prague, Czech Republic in August 2016 between then Republican presidential candidate Donald TRUMP’s representative, Michael COHEN and his interlocutors from the Kremlin working under cover of Russian ‘NGO’ Rossotrudnichestvo.

2. [Redacted: two full sentences] provided further details and anti-CLINTON/Democratic Party operations. COHEN had been accompanied to Prague by 3 colleagues and the timing of the visit was either in the last week of August or the first week of September. One of their main Russian interlocutors was Oleg SOLODUKHIN operating under Rossotrudnichestvo cover. According to [redacted: 20 characters] the agenda comprised questions on how deniable cash payments were to be made to hackers who had worked in Europe under Kremlin direction against the CLINTON campaign and various contingencies for covering up these operations and Moscow’s secret liaison with the TRUMP team more generally.

3. [Redacted: 39 characters] reported that over the period March-September 2016 a company/Webzilla and its affiliates had been using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct “altering operations” against the Democratic Party leadership. Entities linked to one Aleksei CUBAROV were involved and he and another hacking expert, both recruited under duress by the FSB, Seva KAPSUGOVICH, were significant players in this operation. In Prague. COHEN agreed contingency plans for various scenarios CO protect the operation. but in particular what was to be done in the event that Hillary CLINTON won the presidency. It was important in this event that all cash payments owed were rnade quickly and discreetly and that cyber and other operators were stood down/able to go effectively to ground to cover their traces. We reported earlier that the involvement of political operatives Paul MANAFORT and Carter PAGE in the secret TRUMP­Kremlin liaison had been exposed in the media in the run-up to Prague and that damage limitation of these also was discussed by COHEN with the Kremlin representatives).

4. In terms of practical measures to be taken, it was agreed by the two sides in Prague to stand down various “Romanian hackers” (presumably based in their homeland or neighbouring eastern Europe) and that other operatives should head for a bolt-hole in Plovdiv, Bulgaria where they should “lay low”. On payments, IVANOV·s associate said that the operatives involved had been paid by both TRUMP’s team and the Kremlin, though their orders and ultimate loyalty lay with IVANOV, as Head of the PA and thus ultimately responsible for the operation, and his designated successor/s after he was dismissed by president PUTIN in connection with the anti-CLINTON operation in mid August.

13 December 2016

[End]

 

Advertisements

TOP SECRET Congressional Snowden Report

Date: Thu, 22 Dec 2016 10:36:57 -0500
From: “James M. Atkinson” <jmatk[at]tscm.com>
To: TSCM-L Professionals List <tscm-l2006[at]googlegroups.com>
Subject: Congressional Snowden Report

Please see the attached declassified document

https://cryptome.org/2016/12/congress-snowden-report.pdf

as well as the text snipping included as text in this message. It is wise for a TSCM, CyberSecurity, CyberOperations, TEMPEST, or related counter-intelligence, IC specialists to study this report, because it will allow them to spot other spies in thier workplace, and to detect behaviors and equipment usage patterns that will result in the capture of the spy.

I took the PDF document, and performed a text recognition on it, and then copy and pasted that text into this document (the document actually is unclassifed and redacted, to please see the originl attached PDF file).

-jma

TOP SECRET//HCS O P/81 0/TK//ORCON/NOFORN
(U) Review of the Unauthorized Disclosures of
Former National Security Agency Contractor
Edward Snowden
September 15, 2016
TOP SECRET//HCS O P/81 G/TK//ORCON/NOFOR.””‘l
TOP 8ECRET,l/HC8 0 P/8I G/TK//ORCON/NOFORN
(U) Executive Summary
(U) In June 2013, former National Security Agency (NSA) contractor Edward Snowden
perpetrated the largest and most damaging public release of classified information in U.S.
intelligence history. In August 2014, the Chairman and Ranking Member of the House
Permanent Select Committee on Intelligence (HPSCI) directed Committee staff to carry out a
comprehensive review of the unauthorized disclosures. The aim of the review was to allow the
Committee to explain to other Members of Congress-and, where possible, the American
people-how this breach occurred, what the U.S. Government knows about the man who
committed it, and whether the security shortfalls it highlighted had been remedied.
(U) Over the next two years, Committee staff requested hundreds of documents from the
Intelligence Community (IC), participated in dozens of briefings and meetings with IC
personnel, conducted several interviews with key individuals with knowledge of Snowden’s
background and actions, and traveled to NSA Hawaii to visit Snowden’s last two work locations.
The review focused on Snowden’s background, how he was able to remove more than 1.5
million classified documents from secure NSA networks, what the 1.5 million documents
contained, and the damage their removal caused to national security.
(U) The Committee’s review was careful not to disturb any criminal investigation or
future prosecution of Snowden, who has remained in Russia since he fled there on June 23, 2013.
Accordingly, the Committee did not interview individuals whom the Department of Justice
identified as possible witnesses at Snowden’s trial, including Snowden himself, nor did the
Committee request any matters that may have occurred before a grand jury. Instead, the IC
provided the Committee with access to other individuals who possessed substantively similar
knowledge as the possible witnesses. Similarly, rather than interview Snowden’s NSA coworkers
and supervisors directly, Committee staff interviewed IC personnel who had reviewed
reports of interviews with Snowden’s co-workers and supervisors. The Committee remains
hopeful that Snowden will return to the United States to face justice.
(U) The bulk of the Committee’s 37-page review, which includes 237 footnotes, must
remain classified to avoid causing further harm to national security; however, the Committee has
made a number of unclassified findings. These findings demonstrate that the public narrative
popularized by Snowden and his allies is rife with falsehoods, exaggerations, and crucial
omissions, a pattern that began before he stole 1.5 million sensitive documents.
(U) First, Snowden caused tremendous damage to national security, and the vast
majority of the documents he stole have nothing to do with programs impacting individual
privacy interests-they instead pertain to military, defense, and intelligence programs of
great interest to America’s adversaries. A review of the materials Snowden compromised
makes clear that he handed over secrets that protect American troops overseas and secrets that
provide vital defenses against terrorists and nation-states. Some of Snowden’s disclosures
exacerbated and accelerated existing trends that diminished the IC’s capabilities to collect
against legitimate foreign intelligence targets, while others resulted in the loss of intelligence
streams that had saved American lives. Snowden insists he has not shared the full cache of 1.5
million classified documents with anyone; however, in June 2016, the deputy chairman of the
TOP 8ECRET//HCS O P/81 GITK//ORCON/NOFORN
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORl’l”
Russian parliament’s defense and security committee publicly conceded that “Snowden did share
intelligence” with his government. Additionally, although Snowden’s professed objective may
have been to inform the general public, the information he released is also available to Russian,
Chinese, Iranian, and North Korean government intelligence services; any terrorist with Internet
access; and many others who wish to do harm to the United States.
(U) The full scope of the damage inflicted by Snowden remains unknown. Over the past
three years, the IC and the Department of Defense (DOD) have carried out separate reviewswith
differing methodologies-of the damage Snowden caused. Out of an abundance of caution,
DOD reviewed all 1.5 million documents Snowden removed. The IC, by contrast, has carried
out a damage assessment for only a small subset of the documents. The Committee is concerned
that the IC does not plan to assess the damage of the vast majority of documents Snowden
removed. Nevertheless, even by a conservative estimate, the U.S. Government has spent
hundreds of millions of dollars, and will eventually spend billions, to attempt to mitigate the
damage Snowden caused. These dollars would have been better spent on combating America’s
adversaries in an increasingly dangerous world.
(U) Second, Snowden was not a whistleblower. Under the law, publicly revealing
classified information does not qualify someone as a whistleblower. However, disclosing
classified information that shows fraud, waste, abuse, or other illegal activity to the appropriate
law enforcement or oversight personnel-including to Congress–does make someone a
whistleblower and affords them with critical protections. Contrary to his public claims that he
notified numerous NSA officials about what he believed to be illegal intelligence collection, the
Committee found no evidence that Snowden took any official effort to express concerns about
U.S. intelligence activities-legal, moral, or otherwise-to any oversight officials within the
U.S. Government, despite numerous avenues for him to do so. Snowden was aware of these
avenues. His only attempt to contact an NSA attorney revolved around a question about the
legal precedence of executive orders, and his only contact to the Central Intelligence Agency
(CIA) Inspector General (IO) revolved around his disagreements with his managers about
training and retention of information technology specialists.
(U) Despite Snowden’s later public claim that he would have faced retribution for
voicing concerns about intelligence activities, the Committee found that laws and regulations in
effect at the time of Snowden’s actions afforded him protection. The Committee routinely
receives disclosures from IC contractors pursuant to the Intelligence Community Whistleblower
Protection Act of 1998 (IC WP A). If Snowden had been worried about possible retaliation for
voicing concerns about NSA activities, he could have made a disclosure to the Committee. He
did not. Nor did Snowden remain in the United States to face the legal consequences of his
actions, contrary to the tradition of civil disobedience he professes to embrace. Instead, he fled to
China and Russia, two countries whose governments place scant value on their citizens’ privacy
or civil liberties-and whose intelligence services aggressively collect information on both the
United States and their own citizens.
(U) To gather the files he took with him when he left the country for Hong Kong,
Snowden infringed on the privacy of thousands of government employees and contractors. He
obtained his colleagues’ security credentials through misleading means, abused his access as a
TOP 8ECRET//HC8 0 P/8I G/TK//ORCONINOFORl’t
II
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
systems administrator to search his co-workers’ personal drives, and removed the personally
identifiable information of thousands ofIC employees and contractors. From Hong Kong he
went to Russia, where he remains a guest of the Kremlin to this day.
(U) It is also not clear Snowden understood the numerous privacy protections that govern
the activities of the IC. He failed basic annual training for NSA employees on Section 702 of the
Foreign Intelligence Surveillance Act (FISA) and complained the training was rigged to be
overly difficult. This training included explanations of the privacy protections related to the
PRISM program that Snowden would later disclose.
(U) Third, two weeks before Snowden began mass downloads of classified
documents, he was reprimanded after engaging in a workplace spat with NSA managers.
Snowden was repeatedly counseled by his managers regarding his behavior at work. For
example, in June 2012, Snowden became involved in a fiery e-mail argument with a supervisor
about how computer updates should be managed. Snowden added an NSA senior executive
several levels above the supervisor to the e-mail thread, an action that earned him a swift
reprimand from his contracting officer for failing to follow the proper protocol for raising
grievances through the chain of command. Two weeks later, Snowden began his mass
downloads of classified information from NSA networks. Despite Snowden’s later claim that the
March 2013 congressional testimony of Director of National Intelligence James Clapper was a
“breaking point” for him, these mass downloads predated Director Clapper’s testimony by eight
months.
(U) Fourth, Snowden was, and remains, a serial exaggerator and fabricator. A close
review of Snowden’s official employment records and submissions reveals a pattern of
intentional lying. He claimed to have left Army basic training because of broken legs when in
fact he washed out because of shin splints. He claimed to have obtained a high school degree
equivalent when in fact he never did. He claimed to have worked for the CIA as a “senior
advisor,” which was a gross exaggeration of his entry-level duties as a computer technician. He
also doctored his performance evaluations and obtained new positions at NSA by exaggerating
his resume and stealing the answers to an employment test. In May 2013, Snowden informed his
supervisor that he would be out of the office to receive treatment for worsening epilepsy. In
reality, he was on his way to Hong Kong with stolen secrets.
(U) Finally, the Committee remains concerned that more than three years after the
start of the unauthorized disclosures, NSA, and the IC as a whole, have not done enough to
minimize the risk of another massive unauthorized disclosure. Although it is impossible to
reduce the chance of another Snowden to zero, more work can and should be done to improve
the security of the people and computer networks that keep America’s most closely held secrets.
For instance, a recent DOD Inspector General report directed by the Committee found that NSA
has yet to effectively implement its post-Snowden security improvements. The Committee has
taken actions to improve IC information security in the Intelligence Authorization Acts for Fiscal
Years 2014, 2015, 2016, and 2017, and looks forward to working with the IC to continue to
improve security.
TOP 8ECRET/-/HC8 0 P/81 G/TK//ORCON/1’lOFORN
111
TOP 8ECRET//HC8 0 P/81 G-/TK//ORCON/NOFORN
Table of Contents
Executi.v e su mmary …………………………………………………………………………………………………………. 1.
Scope and Methodology ………………………………………………………………………………………………….. 1
Early Life ………………………………………………………………………………………………………………………. 1
CIA Employment ……………………………………………………………………………………………………………. 3
Transition to NSA Contractor …………………………………………………………………………………………… 6
NSA Hawaii – Contract Systems Administrator …………………………………………………………………. 8
Snowden’ s Downloading and Removal Process ……………………………………………………………….. 10
NSA Hawaii – Gaining More Access and Departing for China and Russia …………………………… 14
Communications with Intelligence Oversight Personnel.. …………………………………………………… 16
Was Snowden a Whistleblower? …………………………………………………………………………………….. 18
Foreign Influence ………………………………………………………………………………………………………….. 19
What Did Snowden Take? ……………………………………………………………………………………………… 20
What Damage Did Snowden Cause? ……………………………………………………………………………….. 22
How Has the IC Recovered from Snowden? …………………………………………………………………….. 28
Conclusion – Efforts to Improve Security ………………………………………………………………………… 30
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
iv
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
(U) Scope and Methodology
(U) Since June 2013, the unauthorized disclosures of former NSA contractor Edward
Snowden and the impact of these disclosures on the U.S. Intelligence Community (IC) have been
a subject of continual Committee oversight. The Committee held an open hearing on the
disclosures on June 18, 2013, and, over the next year, held eight additional hearings and
briefings, followed by numerous staff-level briefings on Snowden’s disclosures.
(U) In August 2014, then-Chairman Rogers and Ranking Member Ruppersberger
directed Committee staff to begin a review of the actions and motivations of Edward Snowden
related to his removal of more than 1.5 million classified documents from secure NSA networks.
The intent was not to duplicate the damage assessments already under way in the executive
branch; rather, the report would help explain to other Members of Congress-and, where
possible, the American people-how the “most massive and damaging theft of intelligence
information in our history” occurred, 1 what the U.S. Government knows about the man who
perpetrated it, and what damage his actions caused.
(U) Over the next two years, Committee staff requested hundreds of documents from the
IC, participated in dozens of briefings and meetings with IC personnel, and conducted several
interviews with key individuals with knowledge of Snowden’s background and actions, and
traveled to NSA Hawaii to visit Snowden’s last two work locations.
(U) The Committee’s product is a review, not an investigation, largely in deference to
any criminal investigation or future prosecution. Since he arrived in Russia on June 23, 2013,
Snowden has not returned to the United States to face the criminal charges against him.
Accordingly, the Committee did not interview or seek documents from individuals whom the
Department of Justice identified as possible witnesses at Snowden’s trial, including Snowden
himself, nor did the Committee request any matters that may have occurred before a grand jury.
Instead, the IC provided the Committee with access to other individuals who possessed
substantively similar knowledge. Similarly, rather than interview Snowden’s NSA co-workers
and supervisors directly, Committee staff interviewed IC personnel who had reviewed reports of
interviews with Snowden’s co-workers and supervisors.
(U) The Committee’s review has informed numerous congressionally directed actions
and resource allocation decisions in the enacted Intelligence Authorization Acts for Fiscal Years
2014, 2015, and 2016, and in the House-passed Intelligence Authorization Act for Fiscal Year
2017.
(U) Early Life
(U) Edward Joseph Snowden was born on June 21, 1983, in Elizabeth City, North
Carolina. His parents, Lon Snowde~, a Coast Guard chief petty officer, and Elizabeth Snowden,
1 Testimony of Director of National Intelligence James R. Clapper, HPSCI Worldwide Threats Hearing (Open
Session, Feb. 4, 2014).
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
TOP SECRET//HCS O P/81 G/TK//ORCON/NOFORN
a federal court clerk, moved the family to Annapolis, Maryland, when Edward was a child.2 In
2001, his parents divorced. 3
(U) By his own account, Snowden was a poor student.4 He dropped out of high school in
his sophomore year and began taking classes at the local community college. 5 Snowden hoped
that the classes would allow him to earn a General Education Diploma (GED), but nothing the
Committee found indicates that he did so. To the contrary, on an applicant resume submitted to
NSA in 2012, Snowden indicated that he graduated from “Maryland High School” in 2001;6
earlier, in 2006, Snowden had posted on a public web forum that he did not “have a degree of
ANY type. I don’t even have a high school diploma.” 7
(U) After leaving community college, Snowden eventually enlisted in the Army Reserve
as a special forces recruit. He left after five months, receiving a discharge in September 2004
without finishing training courses. 8 Snowden would later claim he had to leave basic training
because “he broke both his legs in a training accident.” 9 An NSA security official the
Committee interviewed took a different view, telling Committee staff that Snowden was
discharged after suffering from “shin splints,” a common overuse injury. 10
(U) Unable to pursue his preferred military career, Snowden turned to security guard
work. In February 2005, the University of Maryland’s Center for the Advanced Study of
2 “NSA Leaker Edward Snowden Has Ties to North Carolina,” Raleigh News & Observer (Aug. 1, 2013).
3 John M. Broder & Scott Shane, “For Snowden, A Life of Ambition, Despite the Drifting,” New York Times (June
15, 2013).
4 Glenn Greenwald, Ewen MacAskill, and Laura Poitras, “Edward Snowden: the Whistleblower Behind the NSA
Surveillance Revelations,” The Guardian (June 11, 2013), available at
https:/ /www .theguardian.com/world/2013/j un/09/edward-snowden-nsa-whistleblower-surveillance ( accessed June
28, 2016).
5 Matthew Mosk, et al., “TIMELINE: Edward Snowden’s Life As We Know It,” ABC News, (June 13, 2013).
6 See, e.g., Edward Snowden Resume. Regarding “High School Education,” the resume Snowden submitted to
NSA’s Tailored Access Operations unit says as follows: For “Grad/Exit dt,” Snowden wrote “2001-06-21 ;” For his
“School,” Snowden wrote “Maryland High School”; and for “Level Achieved”, Snowden wrote “High School
Graduate.”
7 See supra, note 3. One of Snowden’ s associates claims to have reviewed official educational records that
demonstrate Snowden’s passage ofa high school equivalency test and receipt of high school equivalency diploma in
June 2004. Any receipt of such a diploma in 2004 stands in tension with Snowden’s 2006 claim to not have a
“degree of any type [or] … even a high school diploma”; and with his 2012 resume, which stated that he either left or
graduated from “Maryland High School” in 2001.
8 “What We Know About NSA Leaker Edward Snowden,” NBC News (June 10, 2013), available at
http://usnews.nbcnews.com/ _ news/2013/06/10/18882615-what-we-know-about-nsa-Jeaker-snowden?lite (accessed
June 28, 2016); see also “Edward Snowden Did Enlist For Special Forces, US Army Confirms,” The Guardian
(June 10, 2013), available at http://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special forces
(accessed September 15, 2016).
9 “Edward Snowden Did Enlist For Special Forces, US Army Confirms,” The Guardian (June 10, 2013), available
at http://www.theguardian.com/world/2013/jun/l 0/edward-snowden-army-special forces (accessed September 15,
2016).
10 See supra, note 6. If untreated, shin splints can progress into stress fractures, but the Committee found no
evidence that Snowden was involved in a training accident.
TOP SECRET//HCS O P/8I G/TK//ORCON/NOFORl’t
2
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/t>l”OFORN
Language (CASL) sponsored Snowden for a Top Secret security clearance. 11 The investigation
for that clearance turned up only one piece of derogatory information: ~ of
Snowden’s said she did not recommend him for access to classified information. Snowden
sought counseling ~’ and the counselor recommended him for a position
of trust with no reservations. The favorable investigation, combined with a successful
polygraph test, enabled Snowden to work at CASL’s lobby reception desk as a “security
specialist.” He worked there for four months, until he was hired by BAE Systems to work on a
CIA Global Communications Services Contract.
(S//NF) Snowden’s stint as a BAE Systems contractor was similarly short-lived. For less
than a year, he worked as a systems administrator who “managed installations and application
rollouts” in the Washington, DC, area.14 In August 2006, he converted from a contractor to a
CIA employee. As part of that conversion, Snowden went through an “entrance on duty”
s chological evaluation.
(U) CIA Employment
(U) Snowden was not, as he would later claim, a “senior advisor” at CIA. 16 Rather, his
only position as a CIA employee was as a Telecommunications Information Systems Officer, or
TISO. The job description for a TISO makes clear that the position is an entry-level IT support
function, not a senior executive. TISOs “operate, maintain, install, and manage
telecommunications systems,” and “provide project management and systems integration for
voice and data communications systems,” including “support to customers after installation.” 17
Even so, the position may have appealed to Snowden because TISOs “typically spend 60-70% of
their career abroad.” 18
(U) In November 2006–less than three months after starting with CIA-Snowden
contacted the Agency’s Inspector General (IG) seeking “guidance” because he felt he was “being
11 NSA, Edward Snowden Timeline (Sept. 30, 2014). Overall document classified Cl/NF; cited portion classified
U//FOUO.
12 NSA, FBI, and NCSC, “‘Negative Information’ Found in Edward Snowden’s Personnel Security File,” (Sept. 30,
2014). Overall document classified U//FOUO.
13 Id.
14 CIA Office of Security, “Response to HPSCI Staffer Meeting,” (Nov. 18, 2014). Overall document classified
S//NF; cited portion classified S//NF.
is Id.
16 Laura Poitras and Glenn Greenwald, “NSA Whistleblower Edward Snowden: ‘I Don’t Want To Live in a Society
that Does These Sorts of Things,” The Guardian (Jun. 9, 2013), available at
http://www.theguardian.com/world/video/2013/jun/09/nsa-whistleblower-edward-snowden-interview-video
(accessed May 2, 2016).
17 CIA, Careers and Internships, “Telecommunications Information Systems Officer – Entry/Developmental,”
www.cia.gov (Oct. 2, 2015).
is Id.
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
3
TOP SECRET,l/HCS O P/SI G/TK//ORCON/NOFORN
unfairly targeted” by his supervisor. 19 After entering on duty, Snowden believed there were
“morale and retention issues” among his fellow TISOs.20 He raised those concerns with his
training supervisor, the chief of the communications training unit, but “felt they were left
unaddressed.” 21 He next tried the chief and deputy chief of his operational group, but was
similarly dissatisfied with their response. 22
(U) Undeterred, Snowden spent the next week surveying the other TISOs who entered on
duty at the same time as him.23 He wrote up his findings and sent them to the CIA’s Strategic
Human Capital Office. Then, instead of attempting to raise his concerns again with his
supervisor or work collaboratively with other TISOs to resolve the concerns, Snowden sent his
concerns to the Deputy Director of CIA for Support-the head of the entire Directorate of
Support and one of the ten most senior executives of CIA.24
(U) In his e-mail, Snowden complained about the process of assigning new TISOs to
overseas locations, the pay of TIS Os compared to contractors who performed similar work, and
the difficulty for TISOs to transfer laterally to other jobs. 25
~ Despite his lack of experience, the 23-year-old Snowden told the Deputy Director he
felt “pretty disenfranchised” because his immediate supervisors did not take his unsolicited
recommendations to heart. 26
(U) Snowden told the IG that, after he contacted the Deputy Director for Support, his
supervisors pulled him in to their offices for unscheduled counseling. In his view, they were
“extremely hostile” and “seem[ ed] to believe I have trouble bonding with my classmates.” 27
Those counseling sessions prompted Snowden to contact the IG to help protect him from
“reprisal for speaking truth to power.”
(U) One day after receiving his complaint, an IG employee responded to Snowden and
,recommended he contact the CIA’s Ombudsman, an official who could help Snowden sort
through the options available to him and mediate disputes between managers and employees. 28
The IG employee also directed Snowden to the relevant Agency regulation regarding the factors
managers could consider when deciding to retain an employee beyond the initial three-year trial
period.29 Whether that response satisfied Snowden is unclear; shortly after receiving it, Snowden
sent another message to the IG employee instructing him to disregard the initial request because
19 E-mail from Snowden to CIA Office of Inspector General (Nov. 2, 2006), Overall document classified S; cited
portion marked U//AIUO.
20 Id. Overall document classified S; cited portion not portion-marked.
21 Id. Overall document classified S; cited portion not portion-marked.
22 Id. Overall document classified S; cited portion not portion-marked.
23 Id. Overall document classified S; cited portion not portion-marked.
24 Id. Overall document classified S; cited portion not portion-marked.
25 Id. Overall document classified S; cited portion not portion-marked.
26 Id. Overall document classified S; cited portion classified C.
27 Id. Overall document classified S; cited portion not portion-marked
28 E-mail from CIA Office oflnspector General to Edward Snowden (Nov. 3, 2006). Overall document classified S;
cited portion classified U//AIUO.
29 Id. Overall document classified S; cited portion classified U//AIUO.
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON4’J:OFORN
4
TOP 8ECRET,l/HC8 0 P/81 GITK//ORCON/NOFORN
the issue had been “addressed.” 30 During the rest of his time at CIA, Snowden did not contact
the IG.
f8) After the completion of his training, Snowden was assigned to – in March 2007
for his first TISO assignment. 31 Snowden was, in the words of his supervisor, “an energetic
officer” with a “plethora” of experience on Microsoft operating systems, but he “often does not
positively respond to advice from more senior officers, … does not recognize the chain of
command, often demonstrates a lack of maturity, and does not appear to be embracing the CIA
culture. “32
f8) A few months after starting in_, Snowden asked to apply for a more senior
position in – as a regional communications officer. His supervisor did not endorse his
application. When he was not selected for the position, Snowden responded by starting “a
controversial e-mail exchange with very senior officers” in which he questioned the selection
board’s professionaljudgment. 33 Years later, when characterizing his experience as a CIA TISO,
Snowden would write that he was “specially selected by [CIA’s] Executive Leadership Team for
[a] high-visibility assignment” that “required exceptionally wide responsibility.” 34 The
description is in tension with his supervisor’s account of a junior officer who “needed more
experience before transitioning to such a demanding position. “35
f8) Snowden also modified CIA’s performance review software in connection with his
annual performance review, by manipulating the font. 36 This behavior led to Snowden’s recall
for “professional consultations” with the head of all CIA technical officers in Europe. 37 This was
the first but not the only time more senior CIA officers attempted to correct Snowden’s behavior.
His supervisor in – cataloged six counseling sessions between October 2007 and April
2008, nearly one per month, regarding his behavior at work. 38 In September 2008, Snowden
requested to leave – “short of tour,” that is, before his scheduled rotation date to a new
assignment. 39 The request was denied. Disobeying orders, Snowden traveled back to the
Washington, D.C., area for his and his fiancee’s medical appointments. Because of his
disobedience, Snowden’s supervisors recommended he not return to __ 40
30 E-mail from Snowden to CIA Office oflnspector General (Nov. 3, 2006). Overall document classified S; cited
portion classified U//AIUO.
31 NSA, Edward Snowden Timeline (Sept. 30, 2014); overall document classified C//NF; cited portion classified
Cl/NF.
32 Memorandum for the Record by Senior Telecommunications Officer – Europe, “TISO –Edward
Snowden” (Sept. 4, 2008).
33 CIA Office of Security, “Response to HP SCI Staffer Meeting,” (Nov. 18, 2014).
34 Edward Snowden Resume.
35 Memorandum for the Record by Senior Telecommunications Officer – Europe, “TISO –Edward
Snowden” (Sept. 4, 2008). Overall document classified S//NF; cited portion classified S.
36 Id. Overall document classified S//NF; cited portion classified S.
37 Id. Overall document classified S//NF; cited portion classified S.
38 Memorandum for the Record by Office in Charge, -· “TISO –Edward Snowden” (Dec. 18, 2008).
Overall document classified S//NF; cited portion classified S.
39 Id. Overall document classified S//NF; cited portion classified S.
40 Id. Overall document classified S//NF; cited portion classified S.
TOP 8ECRET,l/HC8 0 P/81 G/TK//ORCON/NOFORN
5
TOP 8ECRET//HC8 0 P/8I G/TK,l/ORCON/NOFORN
(8//NF) In January 2009, CIA submitted a “fitness for duty” report for Snowden, an
administrative tool to determine whether Snowden had any work-related medical issues.41 The
Agency also assigned him to a ~osition in the Washington, D.C., area so he could be available
for any medical appointments. 4
(8//NF) Several years later, Snowden claimed that, while in_, he had ethical
qualms about working for CIA.43 None of the memoranda for the record detailing his numerous
counseling sessions mention Snowden expressing any concerns about
-· Neither the CIA IG nor any other CIA intelligence oversight official or manager
has a record of Snowden expressing any concerns about the legality or morality of CIA activities.
(U) Transition to NSA Contractor
(C,l/NF) Around the same time that Snowden returned to the D.C. area, he applied for a
position with an NSA contractor, Perot Systems, as a systems administrator. He was still a CIA
employee at the time and his clearance remained in good standing with no derogatory
information.44 On March 25, 2009, Perot Systems sponsored Snowden for employment; six days
later, on March 31, NSA Security checked the Intelligence Community-wide security database,
“Scattered Castles,” to verify Snowden’s clearance.45
(U) Seeing no derogatory information in Scattered Castles, NSA Security approved
Snowden for access eight days later, on April 7.46
(8//NF) On April 16, Snowden formally resigned as a CIA employee. 47 CIA’s Security
Office u dated his Scattered Castles record on April 20,
. Because NSA had checked the
database three weeks earlier, NSA Security did not learn of the – in his record at that
time.49 It is unclear ifNSA Security would have treated Snowden’s onboarding any differently
had NSA been aware of
41 CIA Office of Security, “Response to HPSCI Staffer Meeting,” (Nov. 18, 2014). Overall document classified
SI/NF; cited portion classified SI/NF.
42 Id. Overall document classified SI/NF; cited
43
NSA, Edward Snowden Timeline (Sept. 30, 2014). Overall document classified Cl/NF; cited portion classified
Cl/NF.
45 Id. Overall document classified Cl/NF; cited portion classified UI/FOUO.
46 Id. Overall document classified Cl/NF; cited portion classified UI/FOUO.
47 Id. Overall document classified Cl/NF; cited portion classified Cl/NF.
48 CIA Office of Security, “Response to HPSCI Staffer Meeting,” (Nov. 18, 2014). Overall document classified
SI/NF.
49 NSA, Edward Snowden Time Ii~ 30, 2014 ). Overall document classified Cl INF; cited portion classified
Cl/NF. The alerting function for – in Scattered Castles has since been fixed.
TOP 8ECRET//HC8 0 P/8I G,qK,l/ORCffi>UNOFORN
6
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/l’JOFORN
(U) From May 2009 to February 2012, Snowden worked in a variety of roles supporting
IC contracts for Dell, which had purchased Perot Systems in 2009. He worked as an IT systems
administrator at NSA sites in .. for a little more than a year, where he supported NSA’s
Agency Extended Information Systems Services (AXISS) contracts. 50
(U) One co-worker recalled that while he was working in .. , Snowden traveled to
Thailand to learn how to be a ship’s captain, but never finished the training course. According to
another co-worker, at some point before he was stationed in .. , Snowden took a trip to China
and spoke about his admiration for the Chinese people and Chinese martial arts. 51 The same coworker
remembered Snowden expressing his view that the U.S. government had overreached on
surveillance and that it was illegitimate for the government to obtain data on individuals’
personal computers. 52 There are no indications of how Snowden attempted to square this belief
with his continued employment in support of the foreign signals intelligence mission ofNSA.
(U) Other co-workers from Snowden’s time in 1111rec alled him as someone frustrated
with his lack of access to information. One remembered Snowden complaining how he lacked
access at CIA;53 another recalled him attemptin~ to gain access to information about the war in
Iraq that was outside of his job responsibilities. 4 Although Snowden did not obtain the
information he was looking for, he later claimed it was “typical” of the U.S. government to cover
up embarrassing information. 55
(C//NF) In September 2010, Snowden returned to the United States and Dell attempted to
move him to a position where he would support IT systems at CIA. Because of the ~ in
Scattered Castles, however, CIA refused to grant Snowden access to its information. Dell put
Snowden on leave for three months while waiting for a position that did not require a security
clearance to open up. Eventually, one did: In December 2010, Snowden started work in an
uncleared “systems engineer/pre-sales technical role” for Dell supporting a CIA contract. 57
(U) Snowden was also due for a periodic background reinvestigation in the fall of 2010.
OPM contractor U.S. Information Services completed that review in May 2011, finding no
derogatory information. According to an after-the-fact review by the National
Counterintelligence Executive, the reinvestigation was “incomplete” and “did not present a
complete picture of Mr. Snowden.” 58 Among its other flaws, the investigation never attempted
to verify Snowden’s CIA employment or speak to his CIA supervisors, nor did it attempt to
independently verify Snowden’s self-report of a past security violation-areas where further
so Id. Overall document classified C//NF; cited portion classified U//FOUO.
51 Interview with NSA Atto~(Feb. 8, 2016) (report of interview with-·
52 Id. The same co-worker, -· also mentioned that Snowden considered himself a privacy advocate.
” Interview with NSA Attom,b. 8, 2016) (report of interview with -·
54 Id. (report of interview with .
55 Id. (report of interview with .
56 NSA, Edward Snowden Timeline (Sept. 30, 2014). Overall document classified C//NF; cited portion classified
Cl/NF.
57 Id. Overall document classified C//NF; cited portion classified C//NF.
58 National Counterintelligence Executive, Technical and quality review of the April 2011 Single Scope Background
Investigation- Periodic Reinvestigation on Mr. Snowden,” (Aug. 23, 2013); overall document classified U//FOUO.
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON!l’tOFORN
7
TOP 8ECRETh’HC8 0 P/8I G/TK//ORCON/NOFORN
information could have alerted NSA to CIA’s concerns. 59 Contrary to best practices, the
investigation also failed to develop any character references beyond the two people Snowden
himself listed, his mother and his girlfriend. 60
(8) From August 31, 2011, to January 11, 2012, Snowden took a leave of absence from
His Dell co-workers offered conflicting accounts of how he spent his leave, 61
(U) NSA Hawaii – Contract Systems Administrator
(U) Snowden returned from leave in early 2012 and took a position as a general systems
administrator supporting Dell’s AXISS work at NSA’s Hawaii Cryptologic .Center.62 As part of
the change in station, he took a counterintelligence polygraph examination. The first exam was
“inconclusive,” but did not lead to NSA Security developing any further information; the second
was successful. 63 At the end of March 2012, Snowden moved to Hawaii.
(U) The job Snowden performed in Hawaii was similar to his duties during the previous
three years with Dell. He was a field systems administrator, working in technical support office
ofNSA Hawaii. Some of his work involved moving large numbers of files between different
internal Microsoft SharePoint servers for use by other NSA Hawaii employees. Although most
NSA Hawaii staff had moved to a new building at the start of 2012, Snowden and other technical
support workers remained in the Kunia “tunnel,” an underground facility originally built for
aircraft assembly during World War Two.
(U) Snowden had few friends among his co-workers at NSA Hawaii. 64 Those co-workers
described him as “smart” and “nerdy,” but also someone who was “arrogant,” “introverted,” and
“squirrelly”; an “introvert” who frequently ‘jumped to conclusions. “65 His supervisors found his
work product to be “adequate,” but he was chronically late for work, frequently not showing up
until the afternoon. 66 Snowden claimed he had trouble waking up on time because he stayed up
late playing video games. 67
(U) Few of Snowden’s Hawaii co-workers recall him expressing political opinions. One
remembered a conversation in which Snowden claimed the Stop Online Piracy Act and the
59 Id.
60 Id.
61 Interview with NSA Attorney (Feb. 8, 2016).
62 NSA, Edward Snowden Timeline (Sept. 30, 2014). Dell Federal was a subcontractor to CACI International for
NSA’s AXISS Field IT support contracts. E-mail from NSA Legislative Affairs to HPSCI Staff, “Responses to
Your Questions on Read and Return Documents for HPSCI Media Leaks Review,” (Dec. 2, 2014, at 3:47 PM).
Overall document cited U//FOUO; cited portion classified U//FOUO. ·
63 Id.
64 Interview with NSA Security Official (Jan. 28, 2016).
65 Interview with NSA Attorney (Jan. 28, 2016).
66 Id.
61 Id.
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
8
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
Protect Intellectual Property Act would lead to online censorship. 68 In the same conversation,
Snowden told his colleague that he had not read either bill.69 The same co-worker recalled
Snowden once claiming that, based on his meetings with Chinese hackers at a conference, the
United States caused problems for China but China never caused problems for the United
States.70 Although no other co-worker in Hawaii recalled Snowden expressing any sympathy for
foreign governments, a different co-worker from the Kunia tunnel remembered that Snowden
defended the actions of Private Bradley Manning. 71
(U) One incident early in Snowden’s time at NSA Hawaii merits further description. In
June 2012, Snowden installed a patch to a group of servers on classified networks that supported
NSA field sites, including NSA Hawaii. Although the patch was intended to fix a vulnerability
to the classified servers, the patch caused the servers to crash, resulting in a loss of network
access for several NSA sites.72 One ofNSA’s senior technical support managers, a government
employee, fired off an e-mail to a number of systems administrators, asking who had installed
the troublesome patch and sarcastically chiding that individual for failing to test the patch before
loading it. 73
(U) Snowden replied to all the recipients and added the deputy head ofNSA’s technical
services directorate to the e-mail thread. This individual was several levels above the immediate
government supervisors whom Snowden could have contacted first. Calling the initial e-mail
“not appropriate and … not helpful,” Snowden accused the middle manager of focusing on
“evasion and finger-pointing rather than problem resolution.” 74
(U) Snowden received a quick rebuke. The NSA civilian employee in Washington
responsible for managing field AXISS contracts sent Snowden an e-mail telling him his response
was “totally UNACCEPTABLE” because “[u]nder no circumstances will any contractor call out
or point fingers at any government manager whether you agree with their handling of an issue or
not.”75 She further instructed Snowden that ifhe “felt the need to discuss with any management
it should have been done with the site management you are working with and no one else.” 76
~ That weekend, Snowden came in to work
77
68 Interview with NSA Attorney (Jan. 28, 2016) (citing co-worker 111111).
69 Id. (citing co-worker
70 Id. (citing co-worker
71 Id.; Interview with N ttomey (Feb. 8, 2016) ( citing co-worker.).
72 Interview with (Oct. 28, 2015).
73 E-mail from , “RE: (U) ICA-tcp issues with KB2653956,” (Jun. 21, 2012, at 1:20AM). Overall
document classified U//FOUO.
74 E-mail from Edward Snowden, “RE: (U) ICA-tcp issues with KB2653956,” (Jun. 21, 2012, at 1 :OOPM). Overall
document classified U//FOUO.
75 E-mail from_, “(U) E-mail you sent in response to ICA-tcp issues with a patch,” (Jun. 22, 2012, at
3:26AM). Overall document classified U//FOUO.
76 Id.
77 Interview with NSA Security Official (Jan. 28, 2016).
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/N.OFORN
9
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
(U) The following Monday, he sent an e-mail to the NSA middle manager saying he
“understood how bad this e-mail looked for what was intended to be a relatively benign
message” and acknowledging that the e-mail “never should have happened in the first place.” 78
The manager accepted the apology, explaining that his problem with the message “had nothing
to do with the content but with distribution” because he did not understand “the elevation of the
issue to such a high management level”; that is, to the deputy head ofNSA’s technical services
directorate. 79
(U) Snowden would later publicly claim that his “breaking point”-the final impetus for
his unauthorized downloads and disclosures of troves of classified material-was March 2013
congressional testimony by Director of National Intelligence James Clapper. 80
(SI/REL TO USA, FVEY) But only a few weeks after his conflict with NSA managers,
on July 12, 2012-eight months before Director Clapper’s testimony-Snowden began the
unauthorized, mass downloading of information from NSA networks. 81
(U) Snowden ‘s Downloading and Removal Process
(U) Snowden used several methods to gather information on NSA networks, none of
which required advanced computer skills.
(U) At first, Snowden used blunt tools to download files en masse from NSA networks.
Two non-interactive downloading tools, commonly known as “scraping” tools, called “wget”
and DownThemAll! were available on NSA classified networks for legitimate system
administrator purposes. 84 Both tools were designed to allow users to download large numbers of
files over slow or unstable network connections. 85 Snowden used the two tools with a list of
website addresses, sometimes writing simple programming scripts to generate the lists. For
78 E-mail from Edward Snowden, “RE: (U) ICA-tcp issues with KB2653956” (Jun. 25, 2012, at 2:31AM). Overall
document classified U//FOUO.
79 E-mail from_, “RE: (U) ICA-tcp issues with KB2653956” (Jun. 25, 2012, at 1:51AM). Overall
document classified U//FOUO.
80 “Transcript: ARD Interview with Edward Snowden,” (Jan. 26, 2014), available at
https://edwardsnowden.com/20 14/01/27 /video-and-interview-with-edward-snowden.
81 NSA, Edward Snowden Timeline (Sept. 30, 2014). Overall document classified C//NF; cited portion classified
C//REL TO USA, FVEY.
82 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited ortion classified S//REL.
83
NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited portion classified U//FOUO
85 Id. Overall document classified S//REL TO USA, FVEY; cited portion classified U//FOUO
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
10
TOP 8ECRET//HC8 0 P/81 GffK//ORCOl’UNOFORN
instance, ifNSA webpages were set up in numerical order (i.e., page 1, page 2, page 3, and so
on), Snowden programmed a script to automatically collect the pages. 86 Neither scraping tool
targeted areas of potential privacy or civil liberties concerns; rather, Snowden downloaded all
information from internal NSA networks and classified webpages of other IC elements. 87
(U) Exceeding the access required to do his job, Snowden next began using his systems
administrator privileges to search across other NSA employees’ personal network drives and
copy what he found on their drives.91 Snowden also enlisted his unwitting colleagues to help
him, asking several of his co-workers for their securit1 credentials so he could obtain
information that they could access, but he could not.9 One of these co-workers subsequently
lost his security clearance and resigned from NSA employment. 93
(8//REL) Snowden infringed the privacy of at least • NSA personnel by searching
their network drives without their permission, removing a co y of any documents he found to be
of interest. 94 5 •
86 Id. Overall document classified S//REL TO USA, FVEY; cited portion classified U//FOUO
87 Id. Overall document classified S//REL TO USA, FVEY; cited portion classified U//FOUO
88 NSA, “HPSCI Recollection Summary Paper,” (Jan. 26, 2015). Overall document classified S//NF; cited portion
classified S//NF. See infra for a more detailed description of the files Snowden removed.
89 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited ortion classified S//REL TO USA, FVEY.
90 Interview with NSA Security Official (Jan. 28, 2016).
91 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited portion classified U//FOUO.
92 HPSCI Memorandum for the Record, NSA Briefing to HPSCI Staff(July 22, 2013).
93 NSA Legislative Affairs Memorandum to Staff Director and Minority Staff Director (Feb. 10, 2014). Overall
document classified U; document not portion-marked.
94 Interview with NSA Security Official (Jan. 28, 2016); NSA, “Number of Personal Network Drives Searched,”
(Mar. 14, 2016). Overall document classified S//REL TO USA, FVEY; cited portion classified S//REL TO USA,
FVEY.
95 Interview with NSA Security Official (Jan. 28, 2016).
96 Id.
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFOIOt
11
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFOR1’l
(U) Snowden’s searches quickly expanded beyond surveillance programs. Some of the
personal network drives Snowden searched belonged to individuals involved in the hiring
decision for a job for which Snowden had applied. On these individuals’ network drives,
Snowden searched for human resources files and files related to the promotion and hiring
decisions.97
(S//REL) Snowden first saved the information he gathered on his personal network
drive.98 At some point in 2012, a fellow systems administrator noticed that Snowden’s personal
drive used a significantly larger amount of memory than most other employees and asked him
what he was doing. 99 Snowden responded that he was downloading system atches for NSA
networks, a task that was consistent with his job responsibilities. 100
(U) In late August 2012, Snowden requested a ”thin-on-thick” machine for his desk. 102
At the time, NSA Hawaii was in the middle of a transition from “thick clients,”-physical
desktop computers at each worker’s desk, to “thin clients,”-virtual desktops hosted on servers.
On a ”thin client,” there is no traditional desktop computer at workers’ desks, rather, each user
has a client that provides a display and input, with computing processors, memory, and storage
on network servers. Snowden’s “thin-on-thick” setup meant that he had a physical desktop
computer at his desk, but he only used its computing power and hard drive to operate a virtual
computer. This “thin-on-thick” setup allowed NSA Hawaii to reap some of the benefits of thin
clients, such as uniform security policies and improved information sharing, without the cost of
buying new thin client devices. NSA Hawaii could also make use of a large quantity of “thick
client” desktop computers it had recently purchased. 103 Yet the thin-on-thick setup opened up a
loophole for Snowden to exploit.
(S//NF) Snowden knew NSA’s networks recorded and logged every action by users on
thick client workstations while connected to the network. 104 He also knew that auditing controls
97 NSA, “Number of Personal Network Drives Searched,” (Mar. 14, 2016). Overall document classified S//REL TO
USA, FVEY; cited portion classified S//REL TO USA, FVEY.
98 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited portion classified S//REL TO USA, FVEY.
99 Interview with NSA Attorney (Jan. 28, 2016).
100 Id.
101 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited portion classified S//REL TO USA, FVEY.
102 NSA Response to HPSCI Question on Thin-on-Thick Computer at Snowden’s Workstation (Mar. 2, 2016).
Overall document classified S//NF; cited portion classified S//NF. Because thin-on-thick workstations were
prevalent at NSA Hawaii at the time, Snowden did not have to go through any special approval process to obtain a
thin-on-thick workstation.
103 Interview with NSA Security Official (Jan. 28, 2016).
104 NSA, “Response to HPSCI Document Re uest – Question # IO” (Ma
S//NF; cited ortion classified S//NF.
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORl’l
12
TOP SECRET//HCS O P/81 GITKJ/ORCON/NOFORN
would send an alert to network security ersonnel if he tried to remove data from the network.
106
(SI/REL) There is no evidence that NSA was aware of this specific vulnerability to its
networks. Because Snowden’s legitimate work responsibilities involved transferring large
amounts of data between different SharePoint servers, the large quantities of data he copied as
Step I of the exfiltration process did not trigger any NSA alerts for abnormal network traffic. 109
105 NSA, “Purpose of Functioning CD-ROM and USB Drive,” (Mar. 14, 2016). Overall document classified S//REL
USA, FVEY; cited portion classified S//REL USA, FVEY.
106 NSA, “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” (Oct. 29, 2014).
Overall document classified S//REL TO USA, FVEY; cited portion classified S//REL TO USA, FVEY. See also id
for additional details on the NSA forensics rocess that allowed for the reconstruction of Snowden’ s methods.
107
Interview with NSA Security Official (Jan. 28, 2016).
109 NSA, “Response to HPSCI Document Request – Question# 1 O” (May 1, 2015). Overall document classified
S//REL USA, FVEY; cited portion classified S//REL USA, FVEY. Although Snowden, as a systems administrator,
was authorized to transfer large quantities of data on the NSA network, he was not authorized to remove data from
the network for his intended purpose of later transferring it to removable media so he could disclose it.
TOP SECRET//HCS O P/81 G-/TK//ORCON/NOFORN:
13
TOP SECRET//HCS O P/81 onK/IOR:CON/NOFORN
(U) NSA Hawaii – Gaining More Access and Departing for China and Russia
(U) After he began removing documents in the summer of 2012, Snowden spent several
months applying for employment as a NSA civilian. In September 2012, he took a test to obtain
a position in the Tailored Access Operations office, or TAO, the group within NSA responsible
for computer network exploitation operations. After finding the test and its answers among the
documents he had taken off of NSA networks, he passed the test. 111 Based on the test result and
his exaggerated resume, 112 TAO offered him a position. The pay grade TAO offered, howevera
GS-12 position that would have paid around $70,000 per year-was not sufficient for
Snowden. He instead believed he should have been offered a GS-15 position that would have
paid nearly $120,000 per year. 113
(U) In early December 2012, Snowden attempted to contact journalist Glenn Greenwald.
To hide his identity, Snowden used the pseudonym “Cincinnatus” and asked Greenwald for his
public encryption key so Snowden could send him documents securely. 115 In January 2013, he
contacted filmmaker Laura Poitras. 116
(U) In late March 2013, Snowden finally obtained a new position, not with NSA as a
civilian but with Booz Allen Hamilton as a contractor. 117 He would be a SIGINT Development
Analyst, meaning he analyzed foreign networks and cyber operators to help NSA’s National
Threat Operation Center (NTOC) in its cyber defense efforts. NTOC’s operations helped defend
U.S. military networks from attacks by foreign cyber actors, including Russia and China.
110 NSA, “Purpose of Functioning CD-ROM and USB Drive,” (Mar. 14, 2016).
111 Bryan Burrough, Sarah Ellison, and Suzanna Andrews, “The Snowden Saga: A Shadow land of Secrets and
Light,” Vanity Fair (May 2014), available at www.vanityfair.com/news/politics/2014/05/edward-snowden-politicsinterview
(quoting NSA Deputy Director Rick Ledgett).
112 Edward Snowden Resume (June 28, 2012). Snowden described himself as a “Senior Advisor” at
“Dell/NSNCIA/DIA” rather than as a systems administrator. Resume inflation was a habit for Snowden-in the
files he sent to Glenn Oreenwald, he described himself as an NSA Special Advisor “under corporate cover” and as a
former CIA “field officer.” See Glenn Greenwald, No Place to Hide at 32.
113 Interview with NSA Security Official (Jan. 28, 2016).
114 NSA, Edward Snowden Timeline (Sept. 30, 2014).
115 Glenn Greenwald, No Place to Hide at 7 (2014).
116 NSA, Edward Snowden Timeline (Sept. 30, 2014).
117 NSA, Edward Snowden Timeline (Sept. 30, 2014).
TOP SECRET//HCS O P/81 G/TK/,lQR:CON/NOFORN
14
TOP 8ECRET//HC8 0 P/8I GITKJ/ORCON/NOFORN
(C//NF) In his new position, Snowden had access to more documents on NSA networks,
many of which he later removed. 118 Because there was not a thin-on-thick workstation at
Snowden’s new desk, he had to return after hours to his old desk-located at a different NSA
facility a twenty-minute drive away-to exfiltrate documents 119
His NTOC job did not require him to visit his old building, so he had no reason other than
document removal to return. 120
(U) On May 15, 2013, Snowden told his Booz Allen Hamilton supervisor that he needed
to take two weeks of leave without pay to return to the continental United States for medical
reasons. 121 According to his supervisor, Snowden had previously claimed he suffered from
epilepsy, 122 although he never presented evidence of a diagnosis from any doctor. 123 Four days
later, Snowden flew to Hong Kong without telling either his girlfriend or his mother (who was in
Hawaii at the time visiting him) where he was going. 124 The Committee found no conclusive
evidence indicating why Snowden chose Hong Kong as his destination, but, according to later
accounts, Snowden believed he would be safe in the city based on its tradition of free speech. 125
(U) On Friday May 31, Snowden’s leave without pay ended. The following Monday,
June 3, Booz Allen Hamilton started looking for him. 126 Two days later, on June 5, Booz Allen
reported Snowden to NSA’s Office of Security and Greenwald published the first ofSnowden’s
disclosures. 127
(U) Four days after the fir

t Greenwald articles were published, Snowden revealed
himself as the source of the disclosures. 128 According to press reports, between June 10 and June
23, Snowden hid in the apartments of refugees in Hong Kong while his lawyer worked to arrange
transit for him out of the city. 129 On June 23, 2013, he flew from Hong Konf< to Moscow’s
Sheremetyvevo airport, accompanied by Wikileaks activist Sarah Harrison. 1 0 The next day, he
failed to appear on a flight to Havana and disappeared from public view until August 1, 2013,
when Russia granted him asylum and he left the airport. 131 As of September 15, 2016, Snowden
remains in Russia.
118 Interview with NSA Security Official (Jan. 28, 2016).
119 NSA, “Response to HPSCI Document Request – Question #2” (June 24, 2015). Overall document classified
S//NF; cited portion classified C//REL.
120 Id. Cited portion classified C//REL.
121 NSA, Edward Snowden Timeline (Sept. 30, 2014).
122 Interview with NSA Attorney (Jan. 28, 2016) (citing BAH supervisor).
123 Interview with NSA Security Official (Jan. 28, 2016).
124 NSA, Edward Snowden Timeline (Sept. 30, 2014); Interview with NSA Security Official (Jan. 28, 2016).
125 See Luke Harding, The Snowden Files (2014) at 108.
126 NSA, Edward Snowden Timeline (Sept. 30, 2014).
127 Glenn Greenwald, “Verizon Order: NSA Collecting Phone Records of Millions of Americans Daily,” The
Guardian (June 5, 2013).
128 See Luke Harding, The Snowden Files (2014) at 146-52.
129 Theresa Tedesco, “How Snowden Escaped,” National Post (Sept. 6, 2016), available at
http://news.nationalpost.com/features/how-edward-snowden-escaped-hong-kong/
130 Luke Harding, The Snowden Files (2014) at 224.
131 Id. at 229-30, 250.
TOP 8ECRET//HC8 0 P/8I G/TKJ/ORCON/NOFORN
15
TOP SECRETPHCS O P/81 G/TK//ORCON/NOFORN
Additionally, although
Snowden’s objective may have been to inform the public, the information he released is also
available to Russian, Chinese, Iranian, and North Korean intelligence services; any terrorist with
Internet access; and many others who wish to do harm to the United States.
(S//NF) When he fled Hong Kong, Snowden left a number of encrypted com uter hard
drives behind.
-133
(U) Communications with Intelligence Oversight Personnel
(U) In March 2014 public testimony to the European Parliament, Snowden claimed that
he reported his concerns about “clearly problematic programs to more than ten distinct officials”
at NSA. 134 Snowden also publicly stated that he “specifically expressed concern about [NSA’ s]
suspect interpretation of the law,” inviting “members of Congress to request a written answer to
this question [from the NSA].” 135 The Committee requested such an answer from NSA, 136 and
found no evidence to support these claims. The Committee further found no evidence that
Snowden attempted to communicate concerns about the legality or morality of intelligence
activities to any officials, senior or otherwise, during his time at either CIA or NSA.
(U) As already described, one of Snowden’s Hawaii co-workers recalls him defending
Bradley Manning’s actions, 137 another remembered him criticizing bills under consideration in
Congress that he regarded as harmful to online privacy 138 and criticizing U.S. foreign policy
toward China. 139 None of his co-workers or his supervisors, however, recall Snowden raising
concerns about the legality or morality of U.S. intelligence activities. 140
132 DIA, Information Review Task Force-2, “Initial Assessment” (Dec. 26, 2013), at 3. Overall document classified
TS//Sl//RSEN/OC/NF; cited portion classified S//NF.
133 HPSCI Memorandum for the Record, Insider Threat/Counterintelligence Monthly Briefing (Feb. 4, 2014).
134 Edward Snowden, Testimony to the European Parliament (Mar. 7, 2014) at 6.
135 Bryan Burrough, Sarah Ellison, and Suzanna Andrews, “The Snowden Saga: A Shadowland of Secrets and
Light,” Vanity Fair (May 2014), available at www.vanityfair.com/news/politics/20l4/05/edward-snowden-politicsinterview.
136 Letter from HPSCI Chairman Mike Rogers to Director James Clapper (Aug. 5, 2014) (requesting, among other
things, “[a]ll communications between Edward Snowden and any IC or Department of Defense compliance, legal, or
Inspector General personnel”).
137 See supra, note 71.
138 See supra, note 68.
139 See supra, note 70.
140 Interview with NSA Attorney (Jan. 28, 2016) (citing supervisors, co-workers). The co-worker who recalled
Snowden defending Manning expressly mentioned that Snowden did not believe Americans’ privacy rights were
being violated and that Snowden had no qualms about the legality of the NSA mission. See Interview with NSA
Attorney (Feb. 8, 2016) ( citing co-worker •.
TOP SECRET//HCS O P/81 onK//ORCON/NOFORN
16
TOP 8ECRET//HC8 0 P/8I GITK//ORCON/NOFORN
(U) Neither did Snowden raise any concerns with IC oversight personnel. As previously
discussed, Snowden contacted the CIA IG within a few months of his start at the Agency to
complain about training issues and management style, but he later dropped the complaint. 141 He
did not contact the NSA IG, the Department of Defense (DOD) IG, or the Intelligence
Community (IC) IG, all of whom could have responded to a complaint regarding unlawful
intelligence activities. Nor did Snowden attempt to contact the Committee or the Senate Select
Committee on Intelligence through the procedures available to him under the Intelligence
Community Whistleblower Protection Act (IC WP A). He could have done this anonymously if
he feared retribution.
(U) Snowden did, however, contact NSA personnel who worked in an internal oversight
office about his personal difficulty understanding the safeguards against unlawful intelligence
activities. While on a trip to NSA headquarters at Ft. Meade in June 2012, Snowden visited a
training officer in the internal oversight and compliance office of the Signals Intelligence
Directorate. The training officer remembered that Snowden was upset because he had failed
NSA’s internal training course on how to handle information collected under FISA Section 702,
the legal authority by which the government can target the communications of non-U.S. persons
outside the United States. 142
(U) The internal training is a rigorous computer-based course that walks NSA employees
and contractors through the laws and regulations that govern the proper handling of information
collected under the authority of FISA Section 702, including information collected under the
programs Snowden would later disclose, PRISM and “upstream” collection. At the end of the
course, NSA personnel take a scenario-based test to gauge their comprehension of the material;
if they do not receive a minimum score on the test, they must retake the computer-based training
course. All of the answers to the test questions can be found within the training material. After
three failures of the computer-based course, the individual must attend an in-person training
course to ensure they are able to understand the rules governing Section 702, including privacy
protections.
(U) According to the training officer, Snowden had failed the computer-based training
course and was afraid of the consequences. 143 He was also upset because he believed the course
was rigged. 144 After the training officer explained to Snowden that he could take the course
again-and that careful reading would allow him to find all of the answers to the test-Snowden
became calm and left the oversight and compliance office. 145 At no point during his visit to the
compliance office did Snowden raise any concerns about how NSA used Section 702, PRISM, or
“upstream” collection. 146
141 See supra, notes 19 through 30.
142 NSA, “OVSC1203 Issue Regarding Course Content and Trick Questions,” overall document classified TS/INF;
cited portion classified U//FOUO.
143 Interview with – (Oct. 28, 2015).
144 Id
14s Id.
146 Id.
TOP 8ECRETJ/HC8 0 P/8I GITK//ORCON/1′>J:OFORN
17
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
(U) In April 2013-after he had removed documents multiple times from NSA systemsSnowden
contacted the NSA Office of General Counsel with a question about a different training
course. 147 He was curious about the mandatory training on United States Signals Intelligence
Directive 18, which is the foundational authority for NSA’s collection activities overseas
targeting foreigners. 148 Specifically, he believed the training erroneously accorded the same
precedence to statutes and executive orders. A few days later, an NSA attorney clarified that
while executive orders have the force of law, they cannot trump a statute. 149 Snowden did not
respond to that e-mail; he also did not raise any concerns about the legality or morality of U.S.
intelligence activities. 150
(U) Was Snowden a Whistlehlower?
(U) As a legal matter, during his time with NSA, Edward Snowden did not use
whistleblower procedures under either law or regulation to raise his objections to U.S.
intelligence activities, and thus, is not considered a whistleblower under current law. He did not
file a complaint with the DOD or IC IG’s office, for example, or contact the intelligence
committees with concerns about fraud, waste, abuse, mismanagement, or violations of law.
Instead, Snowden disclosed classified information to the press.
(U) Snowden, however, has argued that even a lawful disclosure would have resulted in
retaliation against him.
(U) Among other things, Snowden has argued that he was unable to raise concerns about
NSA programs because he was not entitled to protection as an IC whistleblower given his status
as a contractor. (He was with Booz Allen at the time of his leaks to the press.) But the 1998 IC
WP A applies to IC employees as well as contractors. Although the statute does not explicitly
prohibit reprisals, the IC WPA channel nevertheless enables confidential, classified disclosures
and oversight, as well as a measure of informal source protection by Congress. The statute
specifically authorizes IC contractors to inform the intelligence committees of adverse actions
taken as a consequence of IC WPA-covered disclosures.
(U) Moreover, explicit protection against such actions was conferred on Snowden by
DoD regulation 5240 1-R. Snowden’s unauthorized disclosures involved Executive Order (EO)
12333 activities as well as activities conducted under FISA. At least with respect to intelligence
activities authorized under E.O. 12333-and, according to the DoD Senior Intelligence
Oversight Official, activities conducted under other authorities-5240 1-R requires employees
and contractors of a DoD intelligence element to report “questionable activities,” or “conduct
that constitutes, or is related to, [an] intelligence activity that may violate the law, any Executive
147 E-mail from Edward Snowden to NSA Office of General Counsel (Apr. 5, 2013, at 4:11PM), overall document
classified U//FOUO; cited portion classified U//FOUO.
148 Id., cited portion classified U//FOUO.
149 E-mail from NSA Office of General Counsel Attorney to Edward Snowden (Apr. 8, 2013, at 1 :37PM), overall
document classified U//FOUO; cited portion classified U//FOUO.
150 IC on the Record, “Edward J. Snowden email inquiry to the NSA Office of General Counsel,” (May 29, 2014)
(“There was not additional follow-up noted.”).
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
18
TOP SECRET//HCS O P/8I G/TKJ/ORCON/NOFORN
Order or Presidential directive … or applicable DoD policy[.]” 151 5240 1-R also says that DoD
senior leaders shall “ensure that no adverse action is taken against any employee [ or contractor]
because the employee reports [questionable activities]” pursuant to the regulation. 152 The IC
IG’s Executive Director for Intelligence Community Whistleblowing & Source Protection
(ICW&SP), a former employee of the DoD IG’s staff, has advised HPSCI staff that these
procedures applied to Snowden during his employment as an NSA contractor and would have
helped to shield him from retaliation for voicing his objections internally.
(U) Finally, Snowden also likely was covered by 10 U.S.C. § 2409 (Section 2409). As
written at the time of Snowden’s leaks, 153 Section 2409 was primarily focused on protecting
DoD contractors from reprisals if they properly disclosed a “violation of law related” to a DoD
contract. However, Snowden has not advanced any contract-related claims about NSA
surveillance. Rather, he generally disagreed with NSA surveillance programs on policy and
constitutional grounds.
(U) If Snowden did have concerns with programs related to a DoD contract, then the
prior version of Section 2409 authorized him to raise those concerns without fear of retaliation
with a “Member of Congress, a representative of a Committee of Congress, an Inspector
General, the Government Accountability Office, a Department of Defense employee responsible
for contract oversight or management, or an authorized official of an agency or the Department
of Justice[.]”
(U) Foreign Influence
151 Department of Defense Regulation 5240 1-R, Procedures Governing the Activities of DoD Intelligence
Components that Affect U.S. Persons, C.15.2.1, 3.1.1 (Dec. 7, 1982) (emphasis added).
152 Id at C.14.2.3.2.
153 Important amendments to Section 2409, which took effect in July 2013, substantially altered the statute. Among
other things, the updates extended reprisal protections to DoD subcontractors as well as contractors, and widened the
list of persons to whom contractors and subcontractors could make disclosures. At the same time, the amendments
also narrowed Section 2409’s coverage by explicitly excluding employees and contractors ofIC elements. However,
that limitation, like other alterations to Section 2409, did not take effect until July 2013-after Snowden had
unlawfully disclosed NSA material to journalists.
154 See, e.g., Testimony of Gen. Keith Alexander at 30, HPSCI Hearing (Jun. 13, 2013) (“It is not clear to us if there
is a foreign nexus. There [are] some things; it does look odd that someone would go to Hon Kong to do this.”)
155
15
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/NOFORN
19
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
(TS//HCS/OC/NF) Since Snowden’s arrival in Moscow, he has had, and continues to
have, contact with Russian intelligence services.
and in June 2016,
the deputy chairman of the Russian parliament’s defense and security committee asserted that
“Snowden did share intelligence” with his government. 161
(U) What Did Snowden Take?
In light of the volume at stake, it is likely that even
Snowden does not know the full contents of all 1.5 million documents he removed.
(U) One thing that is clear, however, is that the IC documents disclosed in public are
merely the tip of the iceberg.
(S//NF) As of August 19, 2016, press outlets had published or referenced_
taken by Snowden. 164 This represents less than one-tenth of one percent of the nearly 1.5 million
documents the IC assesses Snowden removed. 165
160 Id. Cited material classified S//OC//NF.
161 Mary Louise Kelly, “During Tenure in Russia, Edward Snowden Has Kept A Low Profile,” National Public
Radio (June 29, 2016), available at http://www.npr.org/2016/06/29/483890378/during-tenure-in-russia-edwardsnowden-
has-ke t-a-low- rofile.
16
TOP 8ECRET//HC8 0 P/81 GITK//ORCON/NOFORN
20
TOP 8ECRET//HC8 0 P/8I G/TKJ/ORCON+NOFORN
(U) The 1.5 million documents came from two classified networks, an internal NSA
network called NSANet and an IC-wide Top Secret/Sensitive Compartmented Information
network called the Joint Warfighter Information Computer System (JWICS). If printed out and
stacked, these documents would create a pile more than three miles high. 166
165 NSA, “HPSCI Recollection Summary Paper,” (Jan. 26, 2015) Overall document classified S//NF; cited portion
classified S//NF.
166 Testimony of Mr. Scott Liard, Deputy Director for Counterintelligence, Defense Intelligence Agency, HPSCI
Hearing (Jan. 27, 2014), at 7-8. The 1.5 million document count does not include 374,000 blank documents
Snowden downloaded from the Department of the Army Intelligence Information Service (DAIIS) Message
Processing System. See DIA, Information Review Task Force-2, “Fourth Quarter Report, 2014” (Dec. 31, 2014), at
xvii.
167 NSA, “HPSCI Recollection Summary Paper,” (Jan. 26, 2015). Overall document classified S//NF; cited portion
classified S//NF.
168 NSA, “Timing of Recollection and Security Flags,” (Mar. 14, 2016). Overall document classified S//REL TO
USA, FVEY; cited portion classified S//REL.
169 Id.
110 Id.
171 NSA, “HPSCI Recollection Summary Paper,” (Jan. 26, 2015).
172 Id.; see also DIA, Information Review Task Force-2, “Fourth Quarter Report, 2014” (Dec. 31, 2014), at xvii.
173 Id; see also DIA, Information Review Task Force-2, “Fourth Quarter Report, 2014” (Dec. 31, 2014), at xvii.
174 Id; see also DIA, Information Review Task Force-2, “Fourth Quarter Report, 2014” (Dec. 31, 2014), at xvii.
TOP 8ECRET//HC8 0 P/8I G/TKJ/ORCON/1’tOFORN
21
TOP SECRET//HCS O P/SI G/TK//ORCON/NOFORN
(8) The vast majority of the documents Snowden removed were unrelated to electronic
surveillance or any issues associated with privacy and civil liberties.
(U) What Damage Did Snowden Cause?
(S/INF) Over the past three years, the Intelligence Community and the Department of
Defense (DoD) have carried out separate reviews-with differing methodologies-of the
contents of all 1.5 million documents Snowden removed. It is not clear which of the documents
Snowden removed are in the hands of a foreign government. All of the documents that have
been publicly disclosed 176–can be accessed b foreign militaries
and intelligence services as well as the public.
(U) Out of an abundance of caution, DoD therefore reviewed all 1.5 million documents to
determine the maximum extent of the possible damage.
(TS/INF) As of June 2016, the most recent DoD review identified 13 high-risk issues,
which are identified in the following table. 179 Eight of the 13 relate to
capabilities ofDoD; if the Russian or Chinese
governments have access to this information, American troops will be at greater risk in any
future conflict. 180
E-mail from NSA Legislative Affairs (Aug. 22, 2016, at 4:48PM). Overall document classified S//REL TO
USA, FVY; cited portion classified S//REL TO USA, FVEY.
177 DIA, Information Review Task Force-2, “Initial Assessment” (Dec. 26, 2013), at 3. Overall document classified
TS//SV/RSEN/OC/NF; cited portion classified S//NF.
178 Mary Louise Kelly, “During Tenure in Russia, Edward Snowden Has Kept A Low Profile,” National Public
Radio (June 29, 2016), available at http://www.npr.org/2016/06/29/483890378/during-tenure-in-russia-edwardsnowden-
has-kept-a-low-profile.
179 DoD, Mitigation Oversight Task Force, “Quarterly Report” (Oct. 2015), at 8. Overall document classified
TS//Sl/TK//ORCON/NF; cited portion classified TS/INF
180 Id.
TOP SECRET//HCS O P/81 G,qKJlORCON/NOFORN
22
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/l’l”OFORN –


(U) The Intelligence Community, by contrast, has carried out a damage assessment for
only a small subset of the documents Snowden removed. And unlike IC damage assessments for
previous unauthorized disclosures , 181 the IC assessment on Snowden does not contain an
assessment of Snowden ‘s background and motive, an assessment of whether he was the agent of
a foreign intelligence service, or recommendations for how to improve security in the IC. In its
review, the National Counterintelligence and Security Center (NCSC) , a component of the Office
of the Director of National Intelligence, divided the documents Snowden removed into three
“tiers.” 182
181 See, e.g., Office of the National Counterintelligence Executive, “Ana Belen Montes : A Damage Assessment ,”
(July ! , 2004) . Overall document classified S//NF.
182 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden , 1 January 20 I 5 through 31 August 20 I 5,” (Apr. 8, 2016) , at 5. Overall document
classified TS//HCS-P/Sl-G /TK//OC/NF; cited portion classified U//FOUO.
TOP 8ECRET//HC8 0 P/8I G/TK//ORCON/l’l”OFORN
23
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
(8//REL) Tier One: Documents that have been disclosed in the media, either in whole
or in part. As of August 19, 2016, press outlets had published or referenced 1111fil es taken by
Snowden.183
(TS/181/lOC/NF) Tier Two: Documents that, based on forensic analysis, Snowden
would have collected in the course of collecting Tier One, but have not yet been disclosed to the
ublic. The IC assesses these documents are likel in the hands of the media.
(8//NF) The IC damage assessment of Tier One documents is still ongoing, but, as oflate
May 2016, the IC had no plans to c out a damage assessment of the documents in Tier Two
or Tier Three. 186
As a result, the IC’s
damage assessment cannot be considered a complete accounting of the damage Snowden caused
to U.S. intelligence.
(U) However, even the IC’s limited damage assessment of documents in Tier One
indicates that Snowden’s disclosures caused massive damage to national security. A few
examples, listed below, illustrate the scale of the damage .

183 E-mail from NSA Legislative Affairs (Aug. 22, 2016, at 4:48PM). Overall document classified S//REL TO
USA, FVEY; cited portion classified S//REL TO USA, FVEY.
184 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden, I January 2015 through 31 August 2015,” (Apr. 8, 2016), at 5. Overall document
classified TS//HCS-P/SI-G/TK//OC/NF, cited portion classified TS//SI/OC/NF.
185 Id., cited portion classified TS//SI/OC/NF.
186 HPSCI Staff Briefing with NCSC (May 25, 2016).
187 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden, I January 2015 through 31 August 2015,” (Apr. 8, 2016), at I. Overall document
classified TS//HCS-P/SI-G/TK//OC/NF; cited portion classified S//NF.
188 HPSCI Staff Memorandum for the Record, “NSA Notification of Resulting
from Recent Media Disclosures,” (July 8, 2014). Overall document classified TS//SI//NF.
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
24
1s9 Id.
190 Id.


TOP SECRET//HCS O P/SI G/TKJ/ORCON/NOFOR1’J
0
0
0
191 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Inform ation
Attributed to Edward Snowden , I August 2014 through 31 December 2014,” (Dec . 22, 2015) , at 25. Overall
document classified TS//HCS-P/SI-G/TK//OC/NF; cited portion classified S//Sl//NF .
192 Presidential Policy Directive 28, “Signals Intelligence Activities” (Jan . 17, 20 I 4) .
193 Letter from Director of National Intelligence James R. Clapper to Chairman Devin Nunes and Ranking Member
Adam Schiff (Jun. 23, 2015). Overall document classified TS//SI//NF, cited portion classified TS//SI//NF .
194 NSA, “Response to Congressionally Directed Action:
_ ,” (Nov . 17, 2014), at 2-4. Overall document classified TS//Sl//NF ; cited portion classified
TS//Sl//NF .
TOP SECRET//HCS O P/SI G/TKJ/ORCON /NOFOR1’J
25
TOP 8ECRET//HC8 0 P/81 GITK//ORCOW/NOFORN

0


195 HPSCI Staff Briefing with ODNI (Sept. 6, 2016).
196 HPSCI Staff Briefing with NCSC, NSA, CIA, and FBI (Jun. 17, 2016).
197 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden, 1 August 2014 through 31 December 2014 – HCS-0 Annex” (Dec. 22, 2015), .
Overall document classified TS//HCS-0/SI//OC//NF; cited portion classified S//HCS-0//0C/NF.
198 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden, 1 January 2015 through 31 August 2015,” (Apr. 8, 2016), at 11. Overall document
classified TS//HCS-P/SI-G/TK//OC/NF; cited portion classified TS//SI//NF.
199 HPSCI Staff Briefing with NCSC, NSA, CIA, and FBI (Jun. 17, 2016).
TOP 8ECRET//HC8 0 P/81 GffK//ORCc»YNOFORN
26
TOP SECRET//HCS O P-/SI Q,qKJ/OR:CON/NOFORN
0
0


200 NCSC, “Intelligence Community Damage Assessment: Unauthorized Disclosures of Classified Information
Attributed to Edward Snowden, I January 2015 through 31 August 2015,” (Apr. 8, 2016), at 11. Overall document
classified TS//HCS-P/SI-G/TK//OC/NF; cited portion classified S//HCS-P/SI//OC/NF.
201 Id., cited portion classified S//HCS-P/SI//OC/NF.
202 NSA, “Response to Request for Information Re: ,” (Dec. 16, 2014).
Overall document classified TS//SI//NF; cited portion classified TS//SI//NF.
203 CIA, Memorandum for Congress, “In Response to Questions on Decreased Collection Possibly Caused by
Unauthorized Disclosures since June 2013,” (July 20, 2016), at 2. Overall document classified TS//HCS-0-P
CRD/SI//OC/NF; cited portion classified TS//SI/REL TO USA, FVEY).
204 ODNI, Recouping Intelligence Capabilities Brief (Jun. 7, 2016), at 8. Overall document classified TS//SI//NF;
cited portion classified TS//SI//NF; ODNI Briefing to HPSCI Staff on Recouping Intelligence Capabilities Brief
(July 13, 2016).
20S Id.
206 ODNI, “Remediation of Unauthorized Disclosures” (June 2015), at 3. Overall document classified
TS//SI//OC/NF; cited portion classified TS//SI/OC/NF.
TOP SECRET//HC8 0 P/8I G/TK//OR:CON/NOFOID>l
27
TOP SECRET//HCS O P/SI G/TK//ORCON/NOFORN


(U) How Has the IC Recovered from Snowden?
(TS//SI//NF) There is no IC-wide estimate for the total cost to the government of
remediating Snowden’s disclosures. However, a mid-2015 study by ODNI’s Systems and
Resources Analysis Group estimated that NSA and CIA will spend over Fiscal
Years 2016 and 2017 to recover from the damage Snowden’s disclosures caused to SIGINT
capabilities. 211
(TS/1-SI//NFA) s a whole, the IC will undoubtedly spend even more. The
estimate represents a conservative assessment of the amount CIA and NSA will spend to rebuild
SIGINT capabilities that were damaged by Snowden’s disclosures. The estimate captures only
two years of spending and does not reflect investments made before Fiscal Year 2016 or planned
investments for Fiscal Year 2018 and beyond. Moreover, it does not capture the costs associated
HPSCI Staff Memorandum for the Record, “Upcoming Unauthorized Disclosures of
~ Overall document classified TS//SI//NF. ·
ODNI SRA, “FYl7 Major Issue Studies- Recouping Intelligence Capabilities,” (June 7, 2016), at 9. Overall
document classified TS//SI//NF; cited portion classified TS//SI//NF.
TOP SECRET,l/HCS O P/SI G/TK//ORCON/NOFORN
28
TOP SECRET//HCS O P/SI G/TK//ORCON/NOFORN
with the IC’s damaged relationships with foreign and corporate partners, the opportunity cost of
the time and resources the IC and DOD have spent mitigating the damage of the disclosures, or
the costs of improved security measures across the federal government.
(U) Snowden’s actions also exposed significant vulnerabilities in the IC’s information
security. Although it is impossible to reduce the risk of an insider threat like Snowden to zero,
relatively simple changes such as automatically detecting the malicious use of scraping tools like
“wget,” physically disabling removable media from the workstations ofNSA personnel who lack
a work reason to use removable media, and implementing two-person controls to transfer data by
removable media would have dramatically reduced the quantity of files Snowden could have
removed or stopped him altoge~er.
(U) The Committee remains concerned that NSA, and the IC as a whole, have not done
enough to reduce the chances of future insider threats like Snowden.
(Cl/REL TO USA, FVEY) In the aftermath ofSnowden’s disclosures, NSA compiled a
list ofllll security improvements for its networks. These improvements, called the “Secure the
Net” initiatives, contained many steps that would have stopped Snowden, such as two-person
control for transfer of data by removable media, and many broader security improvements, such
as reducing the number of privileged users and authorized data transfer agents, and moving
toward a continuous evaluation model for background investigations. 212 In July 2014, more than
a year after Snowden’s first disclosures, many of these “Secure the Net” initiatives-including
some relatively simple initiatives, such as two-stage controls for systems administrators-had
not been completed. 213 In August 2016, more than three years after Snowden’s first disclosures,
four of the 111i1ni1tia tives remained outstanding. 214
(U) In the House-passed Intelligence Authorization Act for Fiscal Year 2016, the
Committee directed the Department of Defense Inspector General (DOD IO) to carry out an
assessment of information security at NSA, including whether NSA had successfully remediated
the vulnerabilities exposed by Snowden.
(U) In August 2016, DOD IO issued its report, finding that NSA needed to take
additional steps to effectively implement the privileged access-related “Secure the Net”
initiatives.215
· (U) In particular, DOD IO found that NSA had not: fully implemented technology to
oversee privileged user activities; effectively reduced the number of privileged access users; or
effectively reduced the number of authorized data transfer agents. In addition, contrary to the
212 NSA, “Secure the Net Initiatives,” (Aug. 22, 2016). Overall document classified C//REL TO USA, FVEY.
213 NSA, “Secure the Net Initiatives,” (July 2014). Overall document classified C//REL TO USA, FVEY.
214 NSA, “Secure the Net Initiatives,” (Aug. 22, 2016). Overall document classified C//REL TO USA, FVEY.
215 Department of Defense Inspector General, Report 2016-129, “The National Security Agency Should Take
Additional Steps in Its Privileged Access-Related Secure the Net Initiatives” (Aug. 29, 2016). Overall document
classified S//NF, cited portion classified U//FOUO.
TOP SECRET//HCS O P/SI G/TK//ORCON/NOFORN
29
TOP 8ECRET//HC8 0 P/81 GITKJ/ORCON/NOFORN
“Secure the Net” initiatives, NSA did not consistently secure server racks and other sensitive
equipment in data centers, and did not extend two-stage authentication controls to all high-risk
users.216 Recent security breaches at NSA underscore the necessity for the agency to improve its
security posture.
(U) And even though NSA has been the victim ofrecent breaches, it is not the only IC
agency where information security needs to be improved. For instance, a recent CIA Inspector
General report found that CIA has not yet implemented multi-factor authentication controls such
as a physical token for general or privileged users of the Agency’s enterprise or mission
systems.217
(U) As a recent Committee report concluded, the introduction of the Intelligence
Community Information Technology Enterprise (IC ITE) should produce an improved security
environment in the IC.218 And as that report noted, although IC data will be more secure and
better protected under IC ITE than it is today, from both internal and external threats, IC ITE will
also increase risks in different areas.219 These risks will require dedicated attention to ensure IC
ITE reaches its full potential for an improved security environment.
(U) Conclusion – Efforts to Improve Security
(U) Although it is impossible to reduce the chance of another Snowden to zero, more
work can and should be done to improve the security of the people and computer networks that
keep America’s most closely held secrets.
(U) Since the beginning of Snowden’s disclosures, the Committee has directed the IC to
carry out a number of studies and security improvements to reduce the risk of another insider
threat. Among its other oversight efforts, the Committee has:
• (U) Authorized an additional for insider threat detection efforts in Fiscal
Year 2014. Consistent with a spend plan and updated insider threat strategy provided to
Congress, 60 percent of these funds were to be used for insider threat detection and the
remaining 40 percent toward continuous evaluation; 220 .
• (U) Directed the DNI to ensure that the President’s National Insider Threat Policy and
Minimum Standards were fully implemented on TS/SCI networks and all NIP-funded
216 Id., cited portion classified C//REL TO USA, FVEY.
217 CIA Office oflnspector General, “Review of National Security Systems Required by the Cybersecurity Act of
2015,” Report No. 2016-0022-AS (Aug. 2016). Overall report classified S//NF, cited portion classified S//NF.
218 HPSCI Report, “Assessing IC ITE’s Security Posture,” (Feb. 4, 2016). Overall report classified S//NF, cited
portion classified U.
219 Id. at 25, cited portion classified U//FOUO.
22° Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. 113-
126, pp. 15-16.
TOP 8ECRET//HC8 0 P/81 GITKJ/ORCON/t-l’.OFORN
30
TOP 8ECRET//HC8 0 PJ8I G/TK//ORCON,’NOFORN
networks at CIA, DIA, NSA, NGA, NRO, FBI, and DOE by October 1, 2014; 221
• (U) Directed the DNI, as the Security Executive Agent, to establish a structure for a
comprehensive continuous evaluation system for holders of TS/SCI within 270 days of
the enactment; 222
• (U) Directed the DNI, in coordination with the USD(I) to review whether the continuous
evaluation process, insider threat auditing tools, and background investigation processes
should consider different kinds of information to detect potential leakers than the current
process collects to detect traditional security threats; 223
• (U) Directed the DNI to review the management controls on privileged access, to include
Systems Administrators; 224
• (U) Directed the NSA to implement a “two person rule” for Tier 3 Systems
Administrators and select Tier 2 Systems Administrators and directed the DNI to report
to the Intelligence Committees on actions he is undertaking to lead the other IC elements
in enacting a similar two person rule, or similar safeguards; 225
• (U) Directed the DNI to attempt to reduce the number of Tier 3 System Administrators
and ensure consistency in tier ratings across the IC;226
• (U) Directed the DNI to expand Scattered Castles to contain all TS/SCI clearance holders
and list any pertinent exceptions or “flags” as close to real-time as possible; 227
• (U) Directed the DNI to ensure that insider threat security measures were fully applied to
contractors and contractor facilities; 228
221 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. I 13-
126, p. 16; Classified Annex to Accompany the Report to the House-passed Intelligence Authorization Act for
Fiscal Year 2014 pp. 32.
222 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. I 13-
126, p. 16; Classified Annex to Accompany the Report to the House-passed Intelligence Authorization Act for
Fiscal Year 2014 pp. 32-33.
223 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. I 13-
126, p. 16; Classified Annex to Accompany the Report to the House-passed Intelligence Authorization Act for
Fiscal Year 2014 p. 33.
224 Id.
22s Id.
226 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. I 13-
126, p. 16; Classified Annex to Accompany the Report to the House-passed Intelligence Authorization Act for
Fiscal Year 2014 p. 34.
221 Id.
22s Id.
TOP SECRETJ/HCS O PJSI GITK//ORCffi-1/l’J”OFORN
31
TOP 8ECRET//HC8 0 P/81 G/TK//ORCON/NOFORN
• (U) Required the IC to continuously evaluate the eligibility of personnel to access
classified information, to develop procedures for automatically sharing derogatory
information between agencies, and other improvements to the reinvestigation process; 229
• (U) Encouraged the DNI to make a determination of how periodic reinvestigations will
be handled in concert with a continuous evaluation program; 230
• (U) Directed an IC analysis of private sector policies to reduce insider threats; 231
• (U) Directed a DNI-led review once every three years of all U.S. government positions
with access to classified information; 232
• (U) Directed the DNI, in consultation with the Attorney General, the Secretary of
Defense, and the Director of the Office of Personnel Management, to develop and
implement procedures that govern whether and how publicly available information may
be used in the security clearance process; 233
• (U) Required each IC element to implement a program to enhance security reviews of
individuals applying for access to classified information; 234
• (U) Required the Inspector General of each federal agency that operates national security
systems to report on, among other things, information security practices to detect data
exfiltration and other threats; 235
• (U) Directed NSA to produce a plan for completing security improvements to its
networks by the end of Calendar Year 2018, including enclaves and systems used outside
ofNSA-controlled facilities; and236
229 Intelligence Authorization Act for Fiscal Year 2014, P.L. 113-126, Title V.
23° Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2014, P.L. 113-
126, p. 16
231 Intelligence Authorization Act for Fiscal Year 2015, P.L. 113-293, § 308.
232 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2015, P.L. 113-
293, p.11.
233 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2015, P.L. 113-
293, pp. 11-12.
234 Intelligence Authorization Act for Fiscal Year 2016, Division M, Consolidated Appropriations Act for Fiscal
Year 2016, P.L. 114-113, § 306.
235 Cybersecurity Act of 2015, Division N, Consolidated Appropriations Act for Fiscal Year 2016, P.L. 114-113,
§ 406
236 Classified Annex to Accompany the Joint Explanatory Statement to the Intelligence Authorization Act for Fiscal
Year 2016, Division M, Consolidated Appropriations Act for Fiscal Year 2016, P.L. 114-113, p. 19.
TOP 8ECRET//llC8 0 P/81 G/TK//ORCON/NOFORN
32
TOP 8ECRET//HC8 0 P/81 G/TKJ/ORCON/NOFORN
• (U) Directed the Intelligence Community Inspector General (IC IG) to carry out an
assessment of post-Snowden information security improvements at CIA, DIA, FBI,
NGA, NRO, and ODNI.237
(U) As the Fiscal Year 2017 Intelligence Authorization Act moves toward enactment and
Congress begins its consideration of the President’s Fiscal Year 2018 budget request, the
Committee looks forward to working with the IC to ensure our nation’s secrets receive the
security they deserve.
237 Classified Annex to Accompany the Report to the Intelligence Authorization Act for Fiscal Year 2017, H.R.
5077, p. 93.
TOP 8ECRET//HC8 0 P/8I G/TKJJ

Leaks Unlimited – With NSA contractor Martin arrested, other leakers may still be at large

Earlier this month we learned the name of a second person who stole top secret documents from the US National Security Agency (NSA). After Edward Snowden admitted doing so publicly in June 2013, the FBI has now arrested the 51-year old Harold T. Martin III at his home in Maryland.

Martin hoarded lots of classified documents, not only from NSA but also from a number of other military and intelligence agencies. The FBI is still comparing them with those from the recent Shadow Brokers leak and a range of other NSA leaks from the past few years, but given what’s known now, it seems likely that at least one other leaker is still at large.


The house of Harold T. Martin III in Glen Burnie, Maryland
(photo: Jose Luis Magana/The Associated Press)

The New York Times reported that when the FBI raided Martin’s house on August 27, they found paper documents and many terabytes of highly classified information, even going back the 1990s. At least six documents were from 2014. It was reported that Martin first took the classified documents on paper, later on CDs and more recently on thumb drives.

The reason why Harold Martin brought home and stored such large numbers of top secret documents isn’t yet clarified. One suggestion is that he may have used them forresearch for his dissertation about “new methods for remote analysis of heterogeneous & cloud computing architectures”, which he was working on at the University of Maryland.

Documents from multiple agencies

It should be noted that not everything Martin stole comes from NSA. In the official charges there are no names of the agencies where the documents come from, they are only described as highly classified, including ones that are marked as Top Secret and Sensitive Compartmented Information (SCI).

With the documents going back to the 1990s, he may well have started hoarding them from the places where he worked in those days. From 1987 to 2000, Martin served at the US Navy, achieving the rank of lieutenant, but he left active duty in 1992.

As the Washington Post found out, he then took a variety of tech jobs with government contractors, like at Computer Sciences Corp. (CSC) somewhere in the 1990s and later, until 2009, at Tenacity Solutions, for which he worked at the Office of the Director of National Intelligence (ODNI).

In 2009, Harold Martin started to work for Booz Allen Hamilton, for which he was a contractor at NSA from 2012 to 2015, when Booz transferred him to the Pentagon’s Office of Acquisition, Technology and Logistics (AT&L), which is responsible for often highly sensitive and classified procurement programs. There he stayed until the moment of his arrest last August.

Officials have meanwhile said that Martin took classified documents not only from NSA, but also from his other workplaces, including ODNI and AT&L.

It’s interesting as well that in the charges against Martin, a whole paragraph is dedicated to the at least six documents from 2014, which are described as being produced “through sensitive government sources, methods, and capabilities”. As signals intelligence is traditionally seen as the most sensitive capability, maybe just these six documents are from NSA.


The building of the Office of the Director of National Intelligence (ODNI)
where Harold Martin worked as a contractor before 2009
(photo: Microsoft, via Cryptome.org – click to enlarge)

Shadow Brokers investigation

After the “Shadow Brokers” disclosed a large set of secret NSA hacking tools last August, the FBI began investigating this leak. At the same time there was a lot of speculation: was NSA hacked from the outside? Had an NSA hacker been sloppy? Were the tools leaked by an insider? Maybe the same insider responsible for earlier leaks that hadn’t been attributed to Snowden?

On September 22, it was reported that during the FBI investigation, NSA officials had said that a former agency operative had carelessly left the hacking tool files available on a remote computer, where Russian hackers found them. If that’s correct, then it seems likely that the FBI traced Harold Martin when they were looking for that careless NSA hacker. It has not yet been confirmed that Martin was that person though.

Harold Martin was working at NSA’s hacking division TAO around the time when the tools were considered to be left exposed, somewhere after October 18, 2013, but a former TAO hacker told the Washington Post that Martin “worked in the unit’s front office carrying out support roles such as setting up accounts, not conducting actual operations.”

Even if Martin was the man who left the hacking tools exposed, then we still don’t know who found them and published them under the name Shadow Brokers. It’s not very likely that this was done by Martin himself, as Shadow Brokers published additional messages on August 28, October 1 and October 15, when he was already in custody. The actual publication can therefore be the work of for example Russian, Iranian or North Korean hackers or even independent hacktivists.

Other sources?

Could Harold Martin also be the source of earlier leaks, that were not attributed to Edward Snowden? In theory he could have been that “second source” next to Snowden: none of these other leaked documents (like the TAO catalog, XKEYSCORE code, tasking lists and end reports) are newer than 2015, when Martin left NSA. Contrary to this Martin is described as very patriotic, which doesn’t fit the fact that these particular leaks were clearly meant to harm and embarrass the US and NSA.

Also, Martin hasn’t (yet) been charged with espionage or the attempt to provide classified information to a third party or a foreign government – which doesn’t seem something the US government would leave out or keep secret after the recent and unprecedented statement in which the Office of the Director of National Intelligence accused Russia of hacking the Democratic National Committee (DNC) and other political organizations.

Should the FBI investigation confirm that Harold Martin was only responsible for leaking the NSA hacking tools (after which unknown others published them) and that none of his documents were provided to foreign intelligence agencies or showed up in the earlier revelations, then there’s most likely yet another leaker from inside NSA.

The Shadow Brokers leak standing alone and not related to the earlier non-Snowden leaks is of some importance, because only among the stuff published by the Shadow Brokers there are files with a date (October 18, 2013) after the day that Snowden left NSA (May 20, 2013).

This means that when Harold Martin is the initial source of the Shadow Brokers files, we can no longer exclude the possibility that the earlier leaks do come from the Snowden trove. If that would be the case, then someone with access to them went rogue and had them published on his own account. But it should also be noted that both Glenn Greenwald and Bruce Schneier explicitly said that some of these leaked documents did not come from Snowden.

The more likely option is therefore that there’s still another leaker at large, someone with a more evil intent than Harold Martin and Edward Snowden – a conclusion which is not very comforting and which also raises questions about NSA’s internal security…


Some NSA buildings at the Friendship Annex (FANX) complex near Baltimore
(photo: live.com, via Cryptome.org – click to enlarge)

NSA’s internal security measures

The NSA’s hacking division TAO, where Harold Martin worked for some time, isapparently not located in the well-known NSA headquarters building at Fort Meade, but in one or more leased office buildings outside, one of them at an office complex calledFriendship Annex (FANX) near Baltimore. TAO also has units at NSA’s four Cryptologic Centers across the US.

Entrance to the highly secured TAO headquarters building is strictly controlled: one has to go through an imposing steel door, protected by armed guards, and entrance is only possible after entering a six-digit code and passing a retinal scanner to ensure that only specially cleared individuals are allowed in.

Such security measures are more aimed at keeping outsiders out, than at insiders in. And when it comes to finding inside moles of hostile foreign intelligence agencies, the NSA is also said to have a rather bad track record. The Manning and Snowden leaks made NSA painfully aware of this and so preventive insider-threat detection programs were put in place.

It’s not clear whether these new systems failed in the case of Harold Martin, or that they simply weren’t yet implemented at the TAO location where he worked – anti-leak software that was designed by Raytheon to “spot attempts by unauthorized people to access or download data” was also not yet installed at the NSA facility in Hawaii when Snowden was working there.

Tracking what employees are doing inside is one thing, checking what they take out is another. But according to The Washington Post, the NSA (like other agencies) does notimpose universal checks of personnel and their belongings as they enter and leave agency buildings. Security guards only conduct random checks and use their discretion in order to keep en build the trust of the employees.

“If you have a bag full of stuff, you’re probably going to get stopped” said a former TAO operator to the Post, but, in general, “Disneyland has more physical security checks than we had”. Additionally, NSA facilities will have detection gates, but it seems that it was easier for Snowden to walk out with his thousands of documents than many would have thought.

As former NSA general counsel Rajesh De explained, it is unlikely “you’re going to be able to stop every incident of somebody taking documents if they’re determined to do so. But the real question is how quickly can you detect it, how quickly can you mitigate the harm of any such incident.”


An old sign inside the NSA headquarters building
showing what kind of items are not allowed in.
(screenshot from a documentary about NSA)

Conclusion

Harold Martin stole a lot of classified documents from multiple military and intelligence agencies where he worked over the past 20 years, with maybe just a small number from NSA. The still ongoing FBI investigation has to make clear whether Martin was responsible for exposing the TAO hacking tools.

If not, then there has to be yet another careless NSA employee, but then it’s also still possible that the hacking tools came from a source responsible for a range of earlier leaks. So far it seems that Martin isn’t the source of those earlier leaks, which means that the so-called “second source” is still at large.

The case of Harold Martin also made clear that security measures at NSA, and other US agencies, were not as strict and tight as outsiders would have expected: even for someone without a strong ideological or financial drive like Martin it was apparently not that difficult to regularly walk out with top secret documents.

Many things have not yet been confirmed or clarified, but at least the Shadow Brokers leak and the subsquent arrest of Harold Martin created more awareness among the American public of the fact that there have been more leaks than just those from Snowden.

In August 2014, Bruce Schneier was probably one of the first who identified a second and a third leaker besides Snowden. Many more similar leaks followed and a full listof them was compiled on this weblog in December 2015 (still being updated). As an excerpt of this listing, a short overview of the most important non-Snowden leaks was published in The New York Times last week.

UPDATE:
Shortly after this blog posting was published, The New York Times came with a new report saying that the volume of classified documents Harold Martin had in his possesion is larger than those stolen by Edward Snowden and even than those of the Panama Papers from 2015.
FBI investigators apparently also found that the TAO hacking tools were among Martin’s documents, but because he is not very cooperative, it is still not clear how they came in the hands of the mysterious Shadow Brokers, who subsequently published them. So far there’s no evidence that Martin was hacked or that he sold information.
He seems to have hoarded all these documents in order to get better at his job, as he is described as someone who imagined himself a top spy and an important player in the world of digital espionage.

On Thursday, October 20, government lawyers said they would prosecute Harold Martin under the Espionage Act because of stealing classified information. The FBI found the huge amount of 50 terabytes of data at his home, but it is not yet clear how much of that is classified. Also foundwere “hard-copy documents that were seized from various locations during the search that comprise six full bankers’ boxes worth of documents” with “Many of the documents marked ‘Secret’ and ‘Top Secret,’ also bear special handling caveats. The information stolen by the Defendant also appears to include the personal information of government employees”.

Links and Sources

– John Schindler: It’s Time to Rename NSA the National INsecurity Agency
– The Washington Post: NSA contractor thought to have taken classified material the old-fashioned way
– Daily Beast: Democrats Say WikiLeaks Is a Russian Front, U.S. Intelligence Isn’t So Sure
– Defense One: Data-Theft Arrest Shows that Insider Threat Remains Despite Post-Snowden Security Improvements
– John Schindler: Has the Russian Mole inside NSA finally been arrested?
– New York Times: N.S.A. Suspect Is a Hoarder. But a Leaker? Investigators Aren’t Sure.
– The Cipher Brief: First on The Cipher Brief: Snowden’s Boss Shares Lessons Learned