The New York Times has been howling about “warrantless wiretapping” conducted in the United States by the National Security Agency and directed against al-Qaeda operatives who might be wandering around our country carrying carrying knitting needles or other household implements that are still allowed on planes.
But even as the newspaper worries about the privacy rights of suspected terrorists, why has it not said a word about the possibility that it itself is a target of warrantless surveillance, and not by the U.S. government but by far less friendly forces? Is the newspaper unaware of the problem, or does it find it inconvenient to acknowledge it, or does it simply have its head in the sand?
Without subjecting Arthur Sulzberger, Jr. to enhanced interrogation methods, we cannot say. But Jennifer Dyer, formerly a Commander in U.S. Naval Intelligence, offers her analysis of the issue in another Connecting the Dots exclusive. Her short answer is yes, such eavesdropping is probably happening. Her long answer is right here:
Russia, in particular, has an extensive history of using its diplomatic and civilian facilities abroad as bases for intelligence collection — and for collecting against civilian targets as well as government agencies. But Russia is not the only suspect; and technological advances have changed the collection targets and methods somewhat, since the public last had occasion to think very hard about this topic.
The dimensions of the problem are key factors. A Department of Defense publication from 1989 [p. 16] provides a useful overview of former-Soviet attempts and capabilities to monitor foreign communications abroad, pointing out, notably, the suitability of the Soviet consular compound in New York City for intercepting several types of voice communications in most of Manhattan. Although phone communications were overwhelmingly transmitted via landline at that time, the DOD security study observed that in more than half of all phone connections, calls were switched randomly over interim links to optimize circuit loading [p. 159], and that it was impossible to ensure that every potential connection path was secure against monitoring.
This warning was cutting-edge in the 1980’s, when physical tapping, of the phone lines associated with specific individuals or organizations, was still what the average person thought of in this regard. If there were no men in trench coats crouched in leased office spaces next door, could we not assume we were tap-free?
Foreign intelligence agencies, however, study our civil-communications infrastructure far more closely than we do, and for the specific purpose of identifying vulnerabilities. It has been quite some time since the surveillance of a phone call had to be undertaken next door, or even near a switching room in a phone company building. In the wireless microwave age, with routine satellite connections and high-data-rate transmission, 90 percent of the surveillance approach need not even involve collectors physically on the same continent. Soviet collectors in the 1980’s might seek to exploit phone junction facilities; in the 199’0s their Russian successors in New York posted vans near microwave towers. Actual exploitation of the data collected might occur within 24 hours, as linguists labored over replayed recordings.
Today, it is fairly simple not only to monitor microwave relay facilities, but to simply monitor cell-phone chatter through the airwaves. In fact, any phone call may be connected in a variety of ways, regardless of how it was placed by the originator; calling from a fixed, landline phone might once have increased the difficulty of intercept, but today it serves rather to make the originator easier to identify, as links in the transmission path are exploited. Moreover, it takes very little in the way of interception and transmission equipment to instantaneously relay anything collected to the other side of the world, where linguists — whose presence at a consulate, in a big bunker, might seem odd — can quickly interpret and report, unremarked, at home.
Such electronic surveillance produces some of the cheapest and highest-payoff intelligence there is, and we may apply a good rule of thumb from the intelligence world here: if it can be done, someone is trying to do it. It is reasonable to assume that Russia, as she has in the past, performs such monitoring from her consulate on Central Park East, and that Russian surveillance can intercept much of Manhattan via the airwaves, from its roof. Knowing the recent history of Russian attempts to exploit communications relay points with mobile collection, we may equally assume that that is an ongoing effort.
Russia, again, is not our only suspect. While there is less direct evidence available to the public on Chinese efforts at electronic surveillance, we know that espionage against the U.S. is a very high priority for China, and the rule of thumb suggests Beijing will try this method, as well as the human contact espionage China is best known for. China’s New York consulate on East 61 Street provides a useful vantage point for electronic collection. However, a nation need not have a diplomatic facility in New York to have a collection base there. The Iranian Alavi Foundation, a putative charitable foundation that has fallen under suspicion by U.S. federal agencies as a base for espionage and the support of terror cells, owns the 32-story building it occupies at 52nd and Fifth — a position with advantages for electronic collection in Manhattan.
Physical intercept of signals is, of course, only a primitive method of electronic surveillance in today’s technological environment. Because it remains cheap and high-payoff, it will continue for some time. But recent successes in information technology (IT) based espionage highlight the real feasibility of obtaining large amounts of intelligence by intercepting communications digitally. As phone and personal computer capabilities merge, it will be increasingly irrelevant to separate attacks against one from attacks against the other.
Probably the most celebrated monitoring attack to date against a phone network was the “Athens Affair” in 2004-05, when still-unidentified cyber-attackers hacked into switching computers in Greece’s Vodafone network and monitored more than 100 phones used by government officials and private civilians. (A full technical explanation of the hackers’ approach can be found here.)
Although these attackers have not been identified, China was directly implicated in the hacking of German government computers in 2007, when German authorities discovered that data was being “siphoned off” daily from computers in the German Chancellery and other government agencies, by hackers in Lanzhou, Canton Province, and Beijing. The years 2006-07 were busy ones for China’s hackers, who were fingered in network intrusions in the British government and the U. S. Departments of Defense and Commerce. Russia demonstrated some network intrusion prowess of her own in a broad scale cyber attack on Estonia’s government, public facilities, and private organizations – including news media computers — in April-May of 2007.
While only one of these data network intrusions (the Chinese attack on German systems) was characterized by officials as an attempt at extended monitoring, per se, they underscore the easy availability of the technology to manipulate computer networks, and the aptitude of, at a minimum, China and Russia for exploiting it. The applicability of such capabilities to monitoring the journalists at the New York Times is reinforced by the success of eccentric American hacker Adrian Lamo in penetrating the New York Times computer network in 2004. Lamo confessed that while online with the New York Times network, he was able to view not only employment and other personal records of the New York Times staff, but was able to obtain the private phone numbers of journalists and contributors, such as former President Jimmy Carter.
Of course, if the intelligence collector is China, “Trojan” hardware sold to IT providers may be the placement method. The U.S. government decided not to even install 16,000 computers manufactured by the Chinese firm Lenovo, in the wake of Chinese intrusions on U.S. government networks in 2006. Russia’s history of introducing Trojan hardware into U.S. embassies and consulates was certainly a historical factor in this security decision [p. 17]. However, private news organizations do not routinely consider the possibility that IT hardware — phones or computers — that they purchase from commercial vendors may contain manufacturer-embedded code or devices for long-term exploitation.
If it can be done, someone is trying to do it.