Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Snowden’s Ride, Part 13: Glenn Greenwald, David Miranda and Destructive Counterintelligence

Glenn Greenwald and David Miranda

Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained here. (The flash drive includes the anti-fascist books avail­able on this site.)

COMMENT: A very interesting story concerning the detainment of of Glenn Greenwald’s partner David Miranda at Heathrow Airport sheds a potentially defining light on “Snowden’s Ride.”

(Our series on this is long, complex and multi-layered: Part IPart IIPart IIIPart IVPart VPart VIPart VII, Part VIIIPart IXPart X, Part XI, Part XIIPart XIIIPart XIVPart XVPart XVIPart XVIIPart XVIIIPart XIXIt is impossible to do justice to this analysis within the scope of this post. Please digest the rest of the material, in order to come to terms with what we are presenting.)

A Daily Telegraph article quotes a British official’s statement that among the materials confiscated from Miranda contained some very sensitive information.

British security official Oliver Robbins stated that Miranda was carrying; ” ‘personal information of UK intelligence officers, any compromise of which would result in a risk to their lives and those of their family members.’ Robbins argued that if this data had got into the public sphere then it would have made spies and their loved ones vulnerable to attack or recruitment by hostile forces. He said that the material was, ‘highly likely to describe techniques which have been crucial in life-saving counter-terrorist operations, and other intelligence activities vital to UK national security.’ Compromising it ‘would do serious damage to UK national security and ultimately risk lives’.

Several thoughts come to mind:

  • One wonders what may have been in the rest of the 58,000 pages of documents Miranda was allegedly carrying?
  • We wonder if our speculation in a previous post about Greenwald’s previous partner (of 11 years) Austrian-born lawyer Werner Achatz possibly being some kind of case officer or Underground Reich paymaster for Greenwald’s activities on behalf of neo-Nazis and white supremacists? Was David Miranda just being cynically used by Greenwald for his alleged courier activities, or was he more involved than he maintains? (Note that Miranda disclaims having carried sensitive materials and also claims that he didn’t know the contents of what he was carrying. Both can’t be true.)
  • Eddie the Friendly Spook downloaded 58,000 pages of documents. That is the equivalent of 100 books of 580 pages each. We SERIOUSLY doubt that Snowden read all of the material he purloined and leaked. Leaking intelligence files without knowing in them is NOT whistle blowing. A whistle blower would approach superiors about correcting perceived abuses, not grabbing material willy nilly and giving it to a journalist. That is reckless, at best. How would the leaker know what was there or what the consequences of such behavior might be? In the age of WMD’s the consequences could be unimaginably destructive.
  • Greenwald has noted in interviews that he has enlisted help in deciphering and understanding what he has in his possession. Who’s help has he enlisted? Intelligence officers? If so, WHOSE intelligence officers?
  • The more time passes, the more it becomes clear that this is an intelligence operation. There can be no conceivable justification for disclosing information of the type that Snowden has apparently leaked under the rubric of civil liberties, privacy, etc. These actions constitute malicious, strategically offensive counterintelligence.

“David Miranda Accused of Carrying Secrets that Threatened Spies’ Lives. This Looks Bad for Glenn” by Tim Stanley; The Telegraph; 8/20/2013.

EXCERPT: Remember that a couple of weeks ago Glenn Greenwald’s husband was stopped at Heathrow airport, detained and had his electronic equipment seized? Well, we now have some idea of what was on it – and it doesn’t make Glenn look good.

The high court has just granted the police powers to pursue an investigation into possible crimes of terrorism and breaches of the Official Secrets Act as a result of analysing some of the data taken from Miranda. And what was that data? The Government’s accessed just a small portion of an astonishing 58,000 pages of intelligence documents and, according to a witness statement by Oliver Robbins, deputy national security adviser to the Cabinet, it includes: “personal information of UK intelligence officers, any compromise of which would result in a risk to their lives and those of their family members.” Robbins argued that if this data had got into the public sphere then it would have made spies and their loved ones vulnerable to attack or recruitment by hostile forces. He said that the material was, “highly likely to describe techniques which have been crucial in life-saving counter-terrorist operations, and other intelligence activities vital to UK national security.” Compromising it “would do serious damage to UK national security and ultimately risk lives”. The Government will now seek to discover if that compromise has taken place.

Miranda’s lawyer said in reply that, “Mr Miranda does not accept the assertions they have made.” Presumably, this means that he does not accept the assertion that the data he was carrying threatened UK national security and even the lives of its operatives. Yet this somewhat contradicts something Miranda told The Guardian two weeks ago. Back then, he said, “I don’t look at documents. I don’t even know if it was documents that I was carrying.” So if he didn’t look at the documents, how can he know that they didn’t include the kind of information that the UK Government alleges? . . . .


One comment for “Snowden’s Ride, Part 13: Glenn Greenwald, David Miranda and Destructive Counterintelligence”

  1. According to the UK government, the Snowden cache of files (the ‘blueprint’ for the NSA as Gleen Greenwald characterized it) may be in the hands of the Russian and Chinese governments. Unencrypted

    The Guardian
    Russia and China ‘broke into Snowden files to identify British and US spies’

    Sunday Times says Downing Street believes both nations have hacked into American whistleblower’s files, and that agents have been put in peril

    James Tapper

    Saturday 13 June 2015 20.02 EDT

    Downing Street believes that Russian and Chinese intelligence agencies have used documents from whistleblower Edward Snowden to identify British and US secret agents, according to a report in the Sunday Times.

    The newspaper says MI6, Britain’s Secret Intelligence Service, has withdrawn agents from overseas operations because Russian security services had broken into encrypted files held by American computer analyst Snowden.

    Snowden provided the Guardian with top secret documents from the US National Security Agency (NSA), which revealed that western intelligence agencies had been undertaking mass surveillance of phone and internet use.

    He fled to Hong Kong, then to Moscow, and the Sunday Times claims that both Chinese and Russian security officials gained access to his files as a result.

    The files held by Snowden were encrypted, but now British officials believe both countries have hacked into the files, according to the report.

    The newspaper quotes a series of anonymous sources from Downing Street, the Home Office and British intelligence saying that the documents contained intelligence techniques and information that would enable foreign powers to identify British and American spies.

    The newspaper quoted a “senior Downing Street source” saying that “Russians and Chinese have information”.

    The source said “agents have had to be moved and that knowledge of how we operate has stopped us getting vital information”. The source said they had “no evidence” that anyone had been harmed.

    A “senior Home Office source” was also quoted by the newspaper, saying: “Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”

    The Sunday Times also quoted a “British intelligence source” saying that Russian and Chinese officials would be examining Snowden’s material for “years to come”.

    Keep in mind that the giant hack of the US Office of Personnel Management (OPM) that just took place is also potentially put the identities of US spies at risk. So it’s possible that, if UK spies’ identities were also compromised in the hack, this claim by Downing Street could be a cover for the damage done by that hack. Of course, that hack could have been enabled by the information in the Snowden cache if, indeed, the Chinese and Russian governments already broke the encryption. Either way, there’s probably going to be a lot spies on the move at the moment:

    Defense One

    OPM Breach Just Put America’s Spies ‘At High Risk’

    June 12, 2015
    By Patrick Tucker

    Hackers may now have detailed biographical information and a virtual phonebook of every United States intelligence asset.


    Standard Form 86 — SF86 for short — is where current and prospective members of the intelligence community put the various bits of information the bureaucracy requires of them: Social Security numbers, names of family members, countries visited and why, etc. If hackers have gotten away with those records, as the Associated Press reported Friday, America’s spies are in trouble.

    Such a theft could yield a “virtual phonebook” of U.S. intelligence assets around the world and a working list of each one’s weak spot, said Patrick Skinner, former CIA case officer and director of special projects for the Soufan Group. He said such a vulnerability was unprecedented.

    “The spy scandals we’ve had in the past … they gave up maybe a dozen foreign spies. It was a big deal. This, basically is beyond that,” Skinner said. “It’s not giving up foreign spies…it’s administration, support, logistics. Basically, It’s a phone book for the [intelligence community]. It’s not like they have your credit card number. They have your life.”

    If there’s any good news about the disclosure, it’s that it could have been worse. Office of Personnel Management records don’t detail specific covert identities or missions, assignments, or operations. Records of that type would be held by the intelligence agencies themselves. “I don’t think it’s going to blow people’s cover but it’s going to put them at a real high counterintelligence risk,” said Skinner.

    Skinner said some of the information in SF86 records is exactly the sort of information that he, as an intelligence operative, would look to get on people he was targeting. “At my old job, you would spend a lot of time trying to get that biographical information because it can tell you a lot,” he said. “It’s why marketers try to get that much information from you. If you have somebody’s entire life history and network you can craft a pitch to them that they don’t see coming.”

    What can the intelligence community do to repair the damage? “I don’t think they can,” Skinner said. SF86 “reveals so much about the person that it makes them incredibly vulnerable. You can’t erase your past. These are the things you can’t change about people: you can’t change your parents, your contacts, or your travel. Foreign contacts? That’s a huge deal.”

    One thing that could change as a result of the hack: OPM may begin to encrypt the data in its database. It’s a simple security precaution that many in the technology community say OPM should long since have had in place.

    Certainly Skinner was taken aback. “They spend so much time training us to maintain our cover and then they keep this information in an unencrypted database? I encrypt my hard drive; why don’t they?”

    So a treasure trove of US spy identities have just been lifted by someone and just days later the UK starts reassigning all its agents while claiming the Snowden cache was hacked. It’s quite a story, especially for any spies working in the media or other high profile areas.

    Are the two events related? It’s very possible. But also keep in mind that
    we really have no idea who has the encrypted cache:


    Snowden’s Contingency: ‘Dead Man’s Switch’ Borrows From Cold War, WikiLeaks

    Kim Zetter
    07.16.13 4:31 pm

    The strategy employed by NSA whistleblower Edward Snowden to discourage a CIA hit job has been likened to a tactic employed by the U.S. and Russian governments during the Cold War.

    Snowden, a former systems administrator for the National Security Agency in Hawaii, took thousands of documents from the agency’s networks before fleeing to Hong Kong in late May, where he passed them to Guardian columnist Glenn Greenwald and documentary filmmaker Laura Poitras. The journalists have handled them with great caution. A story in the German publication Der Spiegal, co-bylined by Poitras, claims the documents include information “that could endanger the lives of NSA workers,” and an Associated Press interview with Greenwald this last weekend asserts that they include blueprints for the NSA’s surveillance systems that “would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it.”

    But Snowden also reportedly passed encrypted copies of his cache to a number of third parties who have a non-journalistic mission: If Snowden should suffer a mysterious, fatal accident, these parties will find themselves in possession of the decryption key, and they can publish the documents to the world.

    “The U.S. government should be on its knees every day begging that nothing happen to Snowden,” Greenwald said in a recent interview with the Argentinean paper La Nacion, that was highlighted in a much-circulated Reuters story, “because if something does happen to him, all the information will be revealed and it could be its worst nightmare.”

    It’s not clear if Snowden passed all of the documents to these third parties or just some of them, since Greenwald says Snowden made it clear that he doesn’t want the NSA blueprints published.

    Greenwald told the Associated Press that media descriptions of Snowden’s tactic have been over-simplified.

    “It’s not just a matter of, if he dies, things get released, it’s more nuanced than that,” he said. “It’s really just a way to protect himself against extremely rogue behavior on the part of the United States, by which I mean violent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incentivized to do that.”

    The classic application of a dead man’s switch in the real world involves nuclear warfare in which one nation tries to deter adversaries from attacking by indicating that if the government command authority is taken out, nuclear forces would launch automatically.

    It has long been believed that Russia established such a system for its nuclear forces in the mid-60s. Prados says that under the Eisenhower administration, the U.S. also pre-delegated authority to the North American Aerospace Defense Command (NORAD), the Far East command and the Missile Defense Command to use nuclear weapons if the national command authority were taken out, though the process was not automatic. These authorities would have permission to deploy the weapons, but would have to make critical decisions about whether that was the best strategy at the time.

    Snowden’s case is not the first time this scenario has been used for information distribution instead of weapons. In 2010, Wikileaks published an encrypted “insurance file” on its web site in the wake of strong U.S. government statements condemning the group’s publication of 77,000 Afghan War documents that had been leaked to it by former Army intelligence analyst Bradley Manning.

    The huge file, posted on the Afghan War page at the WikiLeaks site, was 1.4 GB and was encrypted with AES256. The file was also posted on torrent download sites.

    It’s not known what the file contains but it was presumed to contain the balance of documents and data that Manning had leaked to the group before he was arrested in 2010 and that still had not been published at the time. This included a different war log cache that contained 500,000 events from the Iraq War between 2004 and 2009, a video showing a deadly 2009 U.S. firefight near the Garani village in Afghanistan that local authorities said killed 100 civilians, most of them children, as well as 260,000 U.S. State Department cables.

    WikiLeaks has never disclosed the contents of the insurance file, though most of the outstanding documents from Manning have since been published by the group.

    So some unknown number of third parties have the encrypted documents, and if something happens to Snowden somehow they’ll get the encryption keys and proceed to release them to the world. If the documents were hacked by Russia or China, these third parties could be one way they got their hands on the full stash of documents, assuming Snowden didn’t hand them over directly under the assumption that they’re safely encrypted anyways. After all, as the article indicates, Wikileaks did the same thing with an encrypted file back in 2010 that was uploaded to the internet, and no one has apparently broken the encryption yet.

    Could Snowden have used an encryption method vulnerability that he wasn’t aware of? That seems possible, but there’s another way governments could also get their hands on the unencrypted data: hack Greenwald and the journalists working with him or anyone else with access to the documents:

    Meet the Man Hired to Make Sure the Snowden Docs Aren’t Hacked

    By Lorenzo Franceschi-Bicchierai
    May 27, 2014

    In early January, Micah Lee worried journalist Glenn Greenwald’s computer would get hacked, perhaps by the NSA, perhaps by foreign spies.

    Greenwald was a target, and he was vulnerable. He was among the first to receive tens of thousands of top secret NSA documents from former contractor Edward Snowden, a scoop that eventually helped win the most recent Pulitzer prize.

    Though Greenwald took precautions to handle the NSA documents securely, his computer could still be hacked.

    “Glenn isn’t a security person and he’s not a huge computer nerd,” Lee tells Mashable. “He is basically a normal computer user, and overall, normal computer users are vulnerable.”

    Lee, 28, is the technologist hired in November to make sure Greenwald and fellow First Look Media employees use state-of-the-art security measures when handling the NSA documents, or when exchanging emails and online chats with sensitive information. First Look was born in October 2013, after eBay founder Pierre Omydiar pledged to bankroll a new media website led by Greenwald, with documentary journalists Laura Poitras and Jeremy Scahill.

    Essentially, Lee is First Look’s digital bodyguard, or as Greenwald puts it, “the mastermind” behind its security operations.

    Lee’s position is rare in the media world. But in the age of secret-spilling and the government clampdown on reporters’ sources, news organizations are aiming to strengthen their digital savvy with hires like him.

    “Every news organization should have a Micah Lee on their staff,” Trevor Timm, executive director and cofounder of Freedom of the Press Foundation, tells Mashable.

    Timm believes the Snowden leaks have underscored digital security as a press freedom issue: If you’re a journalist, especially reporting on government and national security, you can’t do journalism and not worry about cybersecurity.

    “News organizations can no longer afford to ignore that they have to protect their journalists, their sources and even their readers,” Timm says.

    Once hired, Lee needed to travel to Brazil immediately. First Look has an office in New York City, but Greenwald works from his house located in the outskirts of Rio de Janeiro.

    Unfortunately, the consulate in San Francisco near where Lee lives didn’t have an open spot for a visa appointment. It would be at least two months before he’d be able to leave for Brazil.

    Undeterred, Lee created a smart (and legal) hack — a script that constantly scraped the consulate’s visa calendar to check for cancellations. If it found any, it would text Lee, giving him the opportunity to hop online and book.

    In less than 48 hours, he scored an appointment and flew to Rio within days.

    “That’s what he does. He’s brilliant at finding solutions for any kind of computer programming challenge,” Greenwald tells Mashable. It’s exactly the kind of industrious initiative Greenwald needed.

    When he got to Rio, Lee spent one entire day strengthening Greenwald’s computer, which at that point used Windows 8. Lee was worried spy agencies could break in, so he replaced the operating system with Linux, installed a firewall, disk encryption and miscellaneous software to make it more secure.

    The next day, Lee had a chance to do something he’d been dreaming of: peek at the treasure trove of NSA top secret documents Snowden had handed to Greenwald in Hong Kong.

    Since the beginning, Greenwald had stored the files in a computer completely disconnected from the Internet, also known as “air-gapped” in hacker lingo. He let Lee put his hands on that computer and pore through the documents. Ironically, Lee used software initially designed for cops and private investigators to sift through the mountain of seized documents.

    Lee spent hours reading and analyzing a dozen documents containing once carefully guarded secrets.

    “I wasn’t actually surprised. I was more like, ‘Wow, here’s evidence of this thing happening. This is crazy,'” he remembers. “At this point I kind of assume that all of this stuff is happening, but it’s exciting to find evidence about it.”
    Sitting inside Greenwald’s house, famously full of dogs,

    During his two days in Rio, Lee wore two hats: the digital bodyguard who secures computers against hackers and spies, and the technologist who helps reporters understand the complex NSA documents in their possession. In addition to Greenwald, he also worked with Poitras, the documentary filmmaker who has published a series of stories based on the Snowden documents as part of both The Guardian‘s and The Washington Post‘s Pulitzer-winning coverage.

    For Greenwald, Lee’s skills, as well as his political background (Lee is a longtime activist) make him the perfect guy for the job.

    “There’s a lot of really smart hackers and programmers and computer experts,” Greenwald tells Mashable. “But what distinguishes him is that he has a really sophisticated political framework where the right values drive his computer work.”

    J.P. Barlow, founder of the Electronic Frontier Foundation, where Lee used to work, agrees. There are two Lees, the activist and the hacker, he says. One couldn’t exist without the other.

    “He acquired his technical skills in the service of his activism,” Barlow tells Mashable.

    In some ways, Lee was destined to work on the Snowden leaks. At Boston University in 2005, he was involved in environmental and anti-Iraq War activism. His college experience didn’t last long, though. After just one year he dropped out to pursue advocacy full-time.

    “I had better things to do with my time than go to college, because I wanted to try and stop the war. And it didn’t work,” Lee says.

    During that time, he worked as a freelance web designer, despite no formal computer education. He started teaching himself the computer programming language C++ when he was around 14 or 15 years old, in order to make video games. (Alas, none of those games are available anymore.)

    Then in 2011, Lee was hired by the Electronic Frontier Foundation, the digital rights organization. “My dream job,” Lee says.

    As an EFF technologist, teaching security and crypto to novices was second nature for him. He was one of the people behind an initiative in which technologists taught digital security to their fellow employees over lunchtime pizza. And as CTO of the Freedom of the Press Foundation, he helped organize “cryptoparties” to teach encryption tools to journalists and activists.

    Lee became a go-to source for reporters looking for computer security and encryption answers. After the first NSA leaks were published in June 2013, many reporters, not only those working on the Snowden leak, knew they’d need to protect their own communications. Lacking technical knowledge, they turned to Lee for help.

    He recalls, for example, that he helped reporters at NBC get started using encryption. It was only when NBC News published a series of stories based on the Snowden documents, with the contribution of Glenn Greenwald, that Lee realized why they needed his guidance.

    In early July 2013, he wrote what some consider one of the best introductory texts about crypto, a 29-page white paper called “Encryption Works.” Its title was inspired by an early interview with Snowden — a Q&A on The Guardian‘s site. The whistleblower said,

    “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

    Those words had a profound effect on Lee.

    “That gave me a lot of hope, actually, because I wasn’t sure if encryption worked,” Lee says laughing, his eyes brightening behind a pair of glasses. He is lanky in jeans and a t-shirt, behind a laptop with stickers.

    He’s a true hacker, but one who happens to explain extremely complicated concepts in a way that’s easy to understand.

    He was one of the first people Greenwald and Poitras, both on the Freedom of the Press Foundation board, named for their “dream team,” Greenwald says — a group that would eventually create The Intercept, First Look Media’s first digital magazine that would later be instrumental in breaking new NSA stories.

    “He was top of my list,” Poitras tells Mashable.

    In the wake of the Snowden leaks, which revealed the pervasiveness of the NSA’s surveillance techniques, it seems no one, including journalists, is safe. And it’s not just the NSA; other branches of the U.S. government have pressured journalists to reveal their sources and have aggressively investigated information leaks.

    “Concern has grown in the news industry over the government’s surveillance of journalists,” New York Times lawyer David McCraw wrote in a recent court filing.

    At The Intercept, Lee is working to make sure nobody leaves any traces. Making websites encrypted, Lee says, “is the very bare minimum basic of making it not really easy for sources to get compromised.”

    All these practices aim to protect journalists’ and sources’ communications, but handling the Snowden documents, and making sure no one who has them gets hacked, is also key. Unfortunately, that’s not as easy as installing an antivirus or a firewall.

    When exchanging documents, journalists at The Intercept use a complicated series of precautions. First of all, Lee says, documents are never stored on Internet-connected computers; they live in separate computers disconnected from the web. To add an extra layer of precaution when logging in to air-gapped computers, journalists must use secure operating system Tails.

    So, imagine two employees at First Look Media (we’ll call them Alice and Bob) need to send each other Snowden documents. Alice goes to her air-gapped computer, picks the documents, encrypts them and then burns them onto a CD. (It has to be a CD, Lee says, because thumb drives are more vulnerable to malware.) Then Alice takes her CD to her Internet-connected computer, logs in and sends an encrypted email to Bob.

    If you’re keeping score, the documents are now protected by two layers of encryption, “just in case,” Lee says, laughing.

    Then Bob receives the email, decrypts it and burns the file on a CD. He moves it to his own air-gapped computer where he can finally remove the last layer of encryption and read the original documents.

    To prevent hackers from compromising these air-gapped computers, Lee really doesn’t want to leave any stone unturned. That’s why First Look has started removing wireless and audio cards from air-gapped computers and laptops, to protect against malware that can theoretically travel through airwaves. Security researchers have recently suggested it might be possible to develop malware that, instead of spreading through the Internet or via thumb drives, could travel between two nearby computers over airwaves, effectively making air-gapped computers vulnerable to hackers.

    If this all sounds a little paranoid, Lee is the first to acknowledge it.

    “The threat model is paranoid,” Lee tells Mashable, only half-joking. But it’s not just the NSA they’re worried about. (After all, the spy agency already has the documents.) Other spies, however, would love to get their hands on the intel.

    “Any type of adversary could be out to get the Snowden documents. But specifically large spy agencies. And I actually think that the NSA and GCHQ aren’t as much as a threat compared to other international ones,” Lee says. Apart from the NSA, Russia and China are the real concerns.

    “It’s not just this theoretical prospect that maybe the government is trying to read my emails or listens to my phone calls,” Greenwald says. “I know for certain that they are doing that.”

    “I don’t think that the threat model is paranoid at all,” Poitras says, not wanting to underestimate their enemies. “We have to be careful in terms of digital security.”

    “All of the reporters who are working on these stories have a gigantic target painted on their backs,” says Soghoian.

    Every precaution, in other words, is essential, and makes it “much safer for us to operate as adversarial journalists,” says Lee.

    Every lock on the door is necessary, and they should all be bolted. What’s more, every door should be under the control of First Look itself.

    As Greenwald’s security guru puts it:

    “Any type of adversary could be out to get the Snowden documents. But specifically large spy agencies. And I actually think that the NSA and GCHQ aren’t as much as a threat compared to other international ones,” Lee says. Apart from the NSA, Russia and China are the real concerns.

    So, as we can see, there’s no shortage of security around the documents, but there’s also no shortage in interests by powerful agencies around the globe to get their hands on that material.

    Still, given the recent mega-hack of the US OPM, there’s also no shortage of potential reasons to assign blame for a historic breach of operational cover that may have nothing to do with the Snowden documents. Then again, since the ‘blueprints’ for the NSA could come in very handy for any group that wanted to hack the OPM, it’s also possible that the the OPM hack was directly enabled by the decryption of the Snowden documents.

    What can be concluded from all this? It’s hard to say. But one thing is certain: the game of Clue could really use another makeover.

    Posted by Pterrafractyl | June 13, 2015, 6:48 pm

Post a comment