Reports Reveal Sorry State of Security at the National InSecurity Agency

Hackers in Europe. Patrick Lux/Getty Images

The National Security Agency’s unending tale of counterintelligence woe has gotten even worse, based on reports in the Wall Street Journal and the New York Times this week, which reveal yet another truly shocking penetration of our country’s most important intelligence agency.

According to these reports, an NSA affiliate in early 2016 took highly classified information home—a gross violation of a raft of security rules and regulations—and placed it on a home computer, where they were stolen by hackers connected to the Russian government. This information was compromised thanks to this individual’s use of Kaspersky anti-virus software, although the precise role the software played here is under debate.

What’s not up for debate is the enormous intelligence loss this compromise represents, since what was purloined included above-top-secret information on how NSA penetrates foreign computer networks, as well as how the Agency protects American government systems from foreigners doing the same to us.

The Kremlin’s interest in NSA is intense and perennial, for reasons I’ve explained before:

It would be difficult to overstate Moscow’s interest in how the Five Eyes countries encrypt their sensitive government communications. During the Cold War, the KGB referred to NSA as Target OMEGA, and for the Kremlin there was no higher-priority espionage target on earth. That’s because by penetrating NSA you get access not just to that agency’s signals intelligence, the richest espionage source on earth, you can also crack into the top secret communications of the United States and its closest allies.

NSA’s security failures in recent years defy belief and raise awkward questions about whether the Agency and its counterintelligence structures can be reformed at all. First, we had the global media sensation created by the defection of Edward Snowden, an NSA contractor, to Moscow in June 2013. Snowden made off with some 1.5 million secret documents, many of them highly classified, which compromised literally thousands of NSA projects and programs.

Then, in August 2016, another NSA contactor was arrested for removing terabytes of highly classified information from his Agency office. Harold Thomas Martin III was not a mole, since there’s no evidence that he passed any secret files to a foreign intelligence service, yet his crime revealed yet again the sorry state of security at NSA. That said, the Martin case remains mysterious, and it’s quite a coincidence that his arrest came in the same month that the “Shadow Brokers”—in reality a front for Russian intelligence—dumped a trove of highly classified NSA hacking tools on the internet.

Most recently, there was the arrest this June of the memorably named Reality Winner, who stole an above-top-secret NSA report on Russian efforts to interfere in our 2016 election by stuffing it in her pantyhose, then passed it to The Intercept. She was so inept in her crime that Winner was in FBI custody before The Intercept posted the stolen NSA document online. Per the custom, Winner was a contractor.

The Journal reported that the Agency’s new miscreant is also a contractor, while the Times stated this person is an employee (the NSA workforce consists of civilian employees, military members, and contractors). In response to this latest debacle, Sen. Ben Sasse asserted that “NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.” This is good advice regardless of the exact circumstances of this latest compromise.

Congress should follow up with more pressing questions for the Agency. Specifically, why has Admiral Mike Rogers, Agency director for three years now, presided over so many security disasters? Why is NSA seemingly impervious to counterintelligence reform? Is this latest intelligence compromise linked to clandestine Russian efforts to influence our 2016 election? Last, are the Russians reading all our classified mail?

Last year, I lambasted my former employer by terming it the National INsecurity Agency, and this week’s news makes clear that nothing’s improved over the last 12 months. The extent of this debacle appears serious indeed, giving the Kremlin access to our most sensitive communications, while showing them what we know about them. The possibilities for the Russians to execute a truly massive deception operation against us are very real.

As I warned late last year, we need to contemplate the possibility that President Obama’s shortcomings vis-à-vis Moscow may have been about more than mere policy failures:

Putin knew what the Obama administration would (and would not) do about this massive and aggressive jump in the SpyWar thanks to his moles in Washington. It seems highly likely, based on available evidence, that Russian intelligence has been reading secret U.S. communications for years—that’s what moles inside NSA are for—which would give Putin the ability to beat American spies every step of the way, not to mention deep insights into top-level decision-making in Washington…Putin acted so brazenly in 2016, subverting our election, because he knew he could get away with it…it bears pondering that some of his underperformance may be attributable to the serious possibility that the Kremlin has been reading his mail.

This week’s news makes it increasingly obvious that my speculation was accurate—and that it has not gotten any better with Donald Trump in the White House, a man with his own raft of Russia problems. NSA and the Five Eyes espionage alliance it leads represent the most powerful and informed intelligence operation on earth. It’s the West’s secret shield against terrorism, our ace in the hole against jihadists worldwide, a major accomplishment that saves lives and remains little known to the public.

However, in recent years that shield has been repeatedly tarnished by counterintelligence failures. Although our whole Intelligence Community has long treated counterintelligence as an afterthought, NSA’s security problems are unusually serious. Whether the Agency’s present leadership and organization are capable of reforming this mess is something Congress needs to examine without delay.

At bottom, if you’re not willing to take counterintelligence and security seriously, there’s not much point in having intelligence agencies, since you’re giving away your secrets—which were obtained at high cost in treasure and sometimes blood—to your adversaries. Although NSA’s 65-year history with catching moles and keeping its secrets since the Agency’s establishment in 1952 is middling at best, it’s painfully evident that basic security is lacking at present.

It’s welcome news that Washington is finally asking why anyone in the U.S. government is using Russian software for security purposes—especially when Kaspersky has been known for years to possess troubling ties to the Kremlin—but it should be also asked why anybody thought that was a good idea in the first place. Reports that the Pentagon will continue to purchase software that’s been examined by Russian intelligence defy belief and bespeak a fundamental lack of seriousness in Washington about security in the online age. Left unchecked, these systemic shortcomings will cripple our national security and make war more likely—and that we will lose any war that comes.

John Schindler is a security expert and former National Security Agency analyst and counterintelligence officer. A specialist in espionage and terrorism, he’s also been a Navy officer and a War College professor. He’s published four books and is on Twitter at @20committee. 

More by John Schindler:

False Flag Terrorism: Myth and Reality

The Dead Sing With Dirt in Their Mouths

AfD Shakes Up German Election—but It Has an Espionage Backstory

Two Decades Later, Algeria Protects Mystery of Bentalha Massacre

Reports Reveal Sorry State of Security at the National InSecurity Agency