American Spies Get Fooled by the Kremlin Again

The sun sets behind the Kremlin at the Red Square in Moscow. MLADEN ANTONOV/AFP/Getty Images

The National Security Agency has had a rough half-decade. Beginning with Edward’s Snowden unprecedented theft of classified information and subsequent defection to Moscow in the spring of 2013, NSA’s recent history resembles a tale of seemingly unending woe. One security disaster has been followed by another, with no remedies in sight, while the agency’s reputation is in tatters and workforce morale is at low ebb thanks to mismanagement.

Aside from the vast Snowden disaster, no setback in recent years has stung NSA as badly as the August 2016 debacle when a mysterious group calling itself the “Shadow Brokers” appeared online, offering to sell purloined agency hacking tools. As I explained at the time:

The crown jewel here is a 300-megabyte file containing “exploits”—that is, specialized sophisticated cyber tools designed to burrow through firewalls to steal data. What the Shadow Brokers has, which it claims it stole from an alleged NSA front organization termed the Equation Group, appears to be legitimate.

These exploits—or at least some of them—appear to come from NSA’s elite office of Tailored Access Operations, which is the agency’s hacking group. Arguably the world’s most proficient cyber-warriors, the shadowy TAO excels at gaining access to the computer systems of foreign adversaries. TAO veterans have confirmed that, from what they’ve seen of what the Shadow Brokers has revealed, they’re bona fide NSA exploits. This represents a security disaster for an agency that really didn’t need another one.

NSA quickly figured out the Shadow Brokers were a front for Russian intelligence; indeed, the hackers displayed scant concern for masking who they really were. This setback has produced bad headlines for the agency for well over a year now, as stolen NSA exploits have appeared online and have been employed to ransack websites worldwide for fun and profit. Such bad press could not be worse-timed for the agency, and the whole exercise appears to be a cunning effort at trolling by the Kremlin, which has had NSA on its back feet ever since Snowden appeared in Moscow nearly five years ago now.

As a result, NSA has been desperate to get its stolen top-secret exploits back before they are used to do even more damage around the globe. As recently reported by the New York Times, however, that hush-hush exercise has not gone according to plan. Throughout 2017, per the Times’ report, NSA and CIA officials parlayed with a shadowy Russian whom they knew to have ties to Russian spy agencies and organized crime groups—in other words, just the people who might have what the Shadow Brokers stole.

However, everything ultimately came up empty and U.S. intelligence paid the Russian $100,000 through an American businessman in Germany acting as an intermediary, a 10 percent down payment on the million dollars the mystery man wanted. Yet the classified material the Russian gave in exchange, although from the Shadow Brokers, had already been leaked. He quickly disappeared when the Americans pressed him for harder data. After months of back-and-forth, it seemed that Moscow had yet again taken American spies on a wild ride into the wilderness of mirrors.

There’s nothing new about that. Kremlin spies have successfully employed what they term “operational games” against American adversaries in the SpyWar for a century now. Time and again, hopeful U.S. intelligence officers have been taken in by clever Russian offensive counterintelligence operations: it’s something of a venerable, if unwanted, tradition in Washington, which never seems to learn (at least not for very long) just how slippery and cunning Russians can be when it comes to espionage.

Perhaps in wounded response to getting played by the Russians, Langley quickly and vociferously denied the Times’ report, stating acidly: “The people swindled here were James Risen and Matt Rosenberg”—those are the journalists who broke the story, adding, “The fictional story that CIA was bilked out of $100,000 is patently false.” That’s an unusually clear-cut denial by Langley, which customarily falls back on the inability to “confirm or deny” press accounts.

That forceful a denial is a clear sign that the media messed up. Based on my recent discussions with Intelligence Community insiders, it seems the Times got important parts of this sensational story wrong. They, too, appear to have been played by Russians here. NSA really has been desperate to get its stolen cyber-exploits back, and with CIA’s help they have engaged in secret discussions with several people who claimed to have access to what the Shadow Brokers stole. However, none of these efforts have panned out.

That said, one part of the Times’ account that seems to be true is also highly important. Per their report, the mysterious Russian offered to sell compromising material—that is, kompromat—on President Donald Trump. Specifically, he claimed to possess information that established the president’s secret ties to the Kremlin, as well as a video of Trump’s alleged romp with prostitutes in Moscow in 2013—a claim that featured prominently in the infamous Trump dossier assembled in 2016 by the former British spy Christopher Steele.

American spies were ambivalent about the proffered Trump kompromat: that wasn’t what they asked the Russian for, and it promised to open a nasty partisan can of worms back in Washington. The seller showed the American intermediary a 15-second clip of a man the Russian claimed was Trump—which was impossible to verify. Moreover, the viewing occurred at Russia’s embassy in Berlin, which implied direct involvement by Kremlin spies in this murky operation. At that point, CIA and NSA began to suspect that their interlocutor was just another Kremlin dangle and started to back away.

Moreover, this was just one of several efforts in recent months by mysterious Russians seeking to sell compromising videos that they claim show President Trump in flagrante. As the Times reported:

At least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat to American political operatives, private investigators and spies that would corroborate the dossier, American and European intelligence officials said. American officials suspect that at least some of the sellers are working for Russia’s spy services.

If this sounds familiar to readers of this column, it should. I reported this three months ago, explaining that the Kremlin was pushing fake Trump tapes to muddy the waters and thereby neutralize the real kompromat that exists on our president. As I explained:

As many as a dozen intelligence services worldwide, on four continents, are in possession of some sort of “Trump tape” featuring sexual escapades of a controversial nature… One Western intelligence agency with a solid professional reputation is in possession of an unpleasant Trump tape that they assess “with high confidence” is bona fide, i.e. exactly what it appears to be.

However, here’s the rub: Many of the “Trump tapes” floating around in spy circles worldwide cannot be verified, while some of them are obvious fakes. The Western spy agency that’s holding a Trump tape they’re pretty sure is real has also been approached two other times with tapes that were less solid—and one of them was transparently fake. It’s obvious to savvy Western counterspies that someone is spreading fake Trump tapes—not all of them high quality—to muddy the waters. The obvious suspect, of course, is the Kremlin.

So, the mainstream media has caught up here. It seems that the New York Times got played by Russian spies, yet again, just as our Intelligence Community did. NSA is still no closer to getting back its stolen top-secret hacking tools, and Washington has classified egg on its face. In other words, it’s just another day in the SpyWar with the Kremlin, which never ceases.

John Schindler is a security expert and former National Security Agency analyst.

American Spies Get Fooled by the Kremlin Again