Memes, lolz and intel incels: behind the scenes in the NSA hacker corps – British GQ
Since its debut in 2006, for reasons lost to history, the annual hackers conference in northern Virginia has been known as Jamboree. Possibly the name is meant to be tongue-in-cheek. It brings to mind incongruous scenes of Boy Scouts and Girl Scouts and campfires and songs of peace. In the wiretappers Jamboree, the setting is less pastoral a conference space and the lyrics sing of digital battlefields.
Jamboree celebrates technical brilliance, audacity on offense and a relentless drive to win. It promotes a laser focus on mission accomplishment. Those are virtues among spies, important ones. They are not the only virtues. Jamboree springs from an operational world that can be nonchalant about the privacy of innocents and contemptuous of men and women who allow themselves to be owned, as hackers say, by American cyber warriors. Sexual innuendo, ethnic slurs and mockery of the dead are neither furtive nor especially rare in the discourse of USs National Security Agency (NSA). The people who speak this language among themselves show no apparent concern for reproach by superiors. They are the same people whose work may decide who lives and who dies in a conflict zone. As many of you know, our forces in Iraq are dropping bombs on the strength of sigint alone, Charles H Berlin III, the former chief of staff of the Signals Intelligence Directorate, told his workforce in an internal newsletter in 2004.
There are many professionals in the NSA who take no part in the japery. I have little doubt that they make up a large majority. NSA personnel and veterans I have met are thoughtful about their power and conflicted about trespassing, as inevitably they do, into private terrain that does not belong to a foreign intelligence target. Among the top guns of the NSA hacker club and those who make use of their work, looser language and attitudes are commonplace. Scores of examples in documents and confidential interviews reveal a tendency in those precincts to infuse official reports with snickering insults and derisive memes invented by teenagers, gamers and nerds on the internet.
The NSAs blue-badge employees divide between civilian hires and uniformed personnel on assignment from Army, Navy, Air Force, Marine Corps and Coast Guard intelligence. Military employees arrive prescreened. Civilians run a gauntlet when they apply: a 567-question psychological test, a follow-up interview, the SF-86 Questionnaire For National Security Positions and a polygraph exam to probe for counterintelligence threats. Even so, in the internet age, the NSA has had to adaptin order to recruit the cohort of gifted hackers it needs. They do not tend to arrive with spit-shined shoes and hair cut high and tight. The culture, Edward Snowden said, is T-shirts, jeans, bleached hair, green hair, earrings, meme shirts, memes posted all over your cubicle. Screeners make allowances. Some of the top recruits would never have made the cut in the analog age of listening posts and paper files.
The larger part of the NSAs intake depends upon what the agency describes as special sources. The NSA asks for secret access to one or another piece of the backbone of the global communications network. Security-cleared executives at US internet and telecommunications companies agree to provide it. The NSA likes that arrangement. Why hot-wire a car when the owner will lend you the keys? Some executives not as many since Snowden regard support for US intelligence as a patriotic duty. Some are compelled by law. Some companies, such as AT&T, have classified arrangements with the NSA, code-named Blarney, that stretch back to the 1970s. The companies are compensated for their trouble from a classified budget for corporate partners that reached $394 million in fiscal year 2011.
When the NSA cannot negotiate access, it helps itself. Overseas, where domestic legal restrictions do not apply, the acquisitions directorate, S3, is free to tunnel just about anywhere it likes. A worldwide hacking infrastructure called Quantum deploys a broad range of tools to inject software exploits, intercept communications with methods known as man in the middle and man on the side and reroute calls and emails through NSA collection points. Most of these are known as passive operations because they collect electronic signals automatically as they pass through large trunk lines and junctions. When passive methods do not suffice, the job becomes, in NSA parlance, interactive. During one representative week in April 2012, there were 2,588 such interactive missions. That kind of bespoke hacking is the province of Tailored Access Operations (TAO).
Sexual innuendo, ethnic slurs and mockery of the dead are neither furtive nor rare in NSA discourse
Locker room bravado is one thing when it takes place in the field. The trash talk, in this case, is built into the official vocabulary of the NSA headquarters at Fort Meade, Maryland, where engineers and managers describe close access work in terms of seduction and drunken conquest. Surveillance targets, as depicted in formal accounts of expeditionary operations, are like women who would regret the night if only they remembered it in the morning.
One common mission for TAO is to hack into a local wireless network. Wi-Fi signals do not travel far, even when amplified by surveillance equipment, which means that access teams have to sneak in fairly close. Every stage of their work comes with a suggestive cover name. First comes Blinddate, in which a team member searches for vulnerable machines. He slips into the network during Happyhour, mingles among the computers there and lures his tipsy victim into a liaison. Next comes Nightstand, short for one-night stand, wherein the operator delivers a load of malware into the defenceless machine. Further exploitation and hilarity ensue on Seconddate. For all their subtlety, the cover names might as well be Bimbo, Roofie, Bareback and The Clap.
None of this is to cast shade on the operations themselves. By nature an expeditionary mission is closely targeted, the opposite of mass surveillance, and the NSA chooses the marks to fit the demands of its political masters. The targets I saw in documents are what you would expect of an intelligence agency doing its job. The question is what to make of the giggles between the lines. It is not too much, I think, to say that sexual exploitation is an official metaphor of close-access operations, passed up the chain of command in operations reports and back down to the lower ranks in training materials. The seven-part qualifying course on wireless exploitation techniques, for example, includes units called Introduction To Blindate (Grab a partner!) and Introduction To Nightstand. There are plenty more where those come from. The NSA archive features dozens of cover names in the same style, from Vixen and Badgirl to Ladylove and Pant_sparty. The latter is versatile slang in pop culture, suitable for any of several intimate acts. In surveillance speak it stands for injection of an NSA software tool into a backdoor in the targets defences. Get up close, whip out your Pant_sparty tool and stick it in her back door. The developers, briefers and trainers who trade in this kind of mirth, without exception that I could find, are men.
Alan Tu, a former threat operations analyst, told me the dick-swinging badinage is the product of a workforce that was incredibly young, young and male. Many either in their first post-college job or 19- to 21-year-old military operators. This is the age of peak testosterone. It would not occur to those men, Tu added, that anyone outside their circle would read what they wrote or find reason to object. And oversight can be thin, he recalled: Getting quality managers was sometimes a struggle because often they would pick from what seemed to be the most appropriate technical guy and give them their first leadership and management job.
Snowden turned down a job in TAO, but this was the culture he grew up in. The memes are awesome for morale and having fun but youre having fun with systems that get people literally killed, he told me. It is adolescent empowerment. Literally, I can do what I want. What are you going to do to stop me? I am all-powerful. I would point out what defines our understanding of adolescence and what it means to be juvenile is a lack of self-awareness and restraint.
Towards the end of 2018, I sat down with former FBI director James B Comey for a long conversation in a midtown New York hotel suite. He put a lot of effort into cultural change in his own agency before Donald Trump fired him in May 2017.
The FBI, like the NSA, worked hard to recruit and accommodate young technical talent. Before the Trump administration came topower, Comey was looking for ways to soften a ban on applicants with a history of marijuana use. I have to hire a great workforce to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview, he told the Wall Street Journal then. Attorney general Jeff Sessions put a stop to any squishiness on that point, but the bureau, like the NSA, relaxed some entrenched ideas about who belonged. I asked Comey whether he thought Fort Meade has come to grips with the subculture that the young hacker recruits brought with them.
Thats a great question, he said. I suspect not, because I remember the first time I went there, 2004, 2005, I was struck that Id just stepped into the 1950s. I remember walking in and seeing the old wood panelling, old-fashioned carpeting. I felt like Id gone back in time. The support staff seemed to be mostly white women with beehive hairdos, all done up, and a lot of men in short sleeves. Kind of like what you see in a Nasa movie [set in] the 1960s. Thats what it felt like. I remember, when I joked about it, someone saying a huge number of employees are legacy. Their parents worked there. Its a family business.
There are hundreds of cover names that make no effort to be opaque. They are hand-selected for meaning, simple or otherwise
By doctrine the agency is supposed to assign its cover names at random. That is only sometimes true in practice. A true cryptonym, usually a pair of randomly selected words, conceals any hint of the secret it protects. Byzantinehades, for instance, betrays no link to Chinese cyber espionage. But there are hundreds of other cover names that make no effort to be opaque. They are hand-selected for meaning, simple or otherwise. At times the names are artlessly literal. One classified compartment, shared with the United Kingdoms GCHQ, is called Voyeur. It refers to spying on another countrys spies as they spy on someone else, an especially intimate encounter. Scissors, a more prosaic choice, is a processing system that slices up data for sorting. Voyeurs peer through windows. Scissors cut. No mystery is intended or achieved.
The most revealing cover names are compact expressions of culture akin to street art. The culture owes a great deal to gamers, coders and other digital natives in the outside world. Some of its products, like the sequence from Blinddate to Nightstand, evoke the brotopia of Emily Changs eponymous book about Silicon Valley. Some, like Boundlessinformant, which is a live-updated map of surveillance intake around the world, are so tone-deaf as to verge on self-parody. (The map itself, despite some breathless commentary, is nothing sinister.) In public remarks and testimony, NSA officials often speak of their compliance culture, humble and obedient to post-Watergate laws. There is truth in that, but when the agencys hackers roam abroad, where far fewer restraints apply, they strike an outlaw pose. There is a whole branch of the acquisitions directorate, S31177, devoted to Transgression. A mysterious Badass compartment is mentioned but left unexplained. Pitiedfool, a suite of technical attacks on the Windows operating system, evokes the ferocity of Mr Ts warning to enemies (I pity the fool!) in the film Rocky III. Blackbelt, Felonycrowbar, Zombiearmy and Devilhound share the macho vibe. Another whole class of cover names, including Epicfail and Erroneousingenuity, jeer opsec errors by surveillance targets who imagine that they are covering their tracks.
The insider folkways signal membership in a tribe. The tribe likes science fiction and fantasy, comic book heroes, Star Trek, Star Wars, Harry Potter, fast food, whiskey, math jokes, programmer jokes, ethnic jokes, jokes about nontechnical people and caustic captions on photographs. NSA nerds use dork and bork as verbs. As in: dork the operating system to exploit a device, but dont bork it completely or the device will shut down. They illustrate reports with photos of animals in awkward predicaments; one of them likens a surveillance target to a horse with its head stuck in a tree. They condescend about leet (or l33t) adversaries, wannabe elite hackers who think they can swim with the NSAs sharks. They boast of dining on rivals who are honing their skillz, another term of derision. The themes and memes of NSA network operations are telltales of a coder class that lives its life on-screen, inattentive to the social cues of people who interact IRL in real life.
The keyboard geekery can be whimsical. One training officer, apropos of nothing, dropped a joke about binary numbers into a cryptography lecture. There are ten types of people in this world: those who understand binary and those that dont, the instructor wrote. A weekly briefing on surveillance operations paused to celebrate Pi Day, 14 March, when the numeric form of the date is the best-known constant in math. Then there is the NSA Round Table, an electronic discussion group that invites participants to vote one anothers comments up or down. The voting system, lifted from Reddit, rewards amusing insults as much as content in a forum ostensibly devoted to classified business. Why is a scoop of potatoes larger than a scoop of eggs in the cafeteria? a contributor named Michael wondered one day. Paul jumped in to play the troll. Let me be the first to down-vote you, Paul wrote, naming several pedantic reasons. A side debate erupted: should Michaels post be down-voted, flagged or removed? Clyde returned to the topic at hand with a facetious theory that scoop volume is proportional to the relative size of potatoes and eggs themselves. In that case, Scott replied, what would happen if we served eggs that were bigger than potatoes, like of an ostrich? Someone proposed a uniform system, One spoon to scoop them all, an homage to The Lord Of The Rings. Punsters demanded the inside scoop and lamented the waste of time on small potatoes.
The same aspirations to nerdy wit define a large universe of NSA cover names. Somebody came up with Captivated Audience for a software tool that listens in on conversations by switching on the microphone of a targets mobile handset.
Many, many cryptonyms juxtapose animal names rabbits, goats, monkeys, kittens, a whole menagerie with incongruous adjectives. Comic book heroes and villains take prominent places in the pantheon. Mjolnir, the mythical hammer of Thor, is an NSA weapon to break the anonymity of Tor. Batcave includes a digital hideout for agency hackers who emerge to steal another countrys software code. Batmans alluring foe and sometime love interest, Poisonivy, is the cover name for a remote-access trojan used by Chinese government spies. Another programme is named for Deputydawg, the cartoon sheriff in a Terrytoons childrens show. Nighttrain is harder to source with confidence, being a blues song and a country song and a Guns N Roses song, but it seems to refer in context to a volume of the Hellboy comic series. Inside the agency it is part of an especially sensitive programme: espionage on a close US ally during operations alongside the ally against a common foe. Nighttrain is the allys surveillance technology. The NSA hacks into it with Ironavenger, named for a Marvel Comics story line about robot duplicates of famous superheroes. An NSA system for automated decryption of enciphered data is named Turtlepower, after the Teenage Mutant Ninja Turtles.
So it goes. Harry Potter fans dreamed up Quidditch in honour of the exploits of the NSAs Special Collection Service. Sortinghat, the enchanted cap that selects a Hogwarts house for each young wizard, is what the NSA calls the traffic control system for information exchanged with its British counterpart. Dystopian fiction contributes Bladerunner and Alteredcarbon, a pair of stories adapted from print to film. Grok, a verb invented by science-fiction author Robert Heinlein to signify deep understanding, is an NSA key logger that records every character a victim types. Favourite libations (Makersmark, Walkerblack, Crownroyal) and junk foods (Krispykreme, Cookiedough, Lifesaver) make regular appearances. Unpacman is a nod to early arcade games.
The culture is T-shirts, jeans, bleached hair, green hair, earrings, memes posted all over your cubicle
Star Trek lore provides an especially rich source of memes. Vulcandeathgrip, first officerSpocks ultimate combat move, is a nerdy play on network lingo: the grip in this case seizes encryption keys during the handshake of two devices as they establish a secure link. Borgerking is a twofer: fast food and a nod to the Borg collective that overmatches Starfleet captain Jean-Luc Picard. Trekkies account for Vulcanmindmeld and Wharpdrive, too, but their best work is no doubt Kobayashimaru. That is what the NSA calls its contract with General Dynamics to help break into another countrys surveillance equipment. In the Star Trek oeuvre, the name refers to a simulated mission at Starfleet Academy that tests a young cadets character in the face of certain doom. Every path in the game is programmed to destroy the players ship and crew. Cadet James T Kirk, having none of that, hacks into the simulator and adds a winning scenario. The metaphor stands for more than it may intend: not only creative circumvention, an NSA speciality, but a hacker spirit that gamifies its work.
Anthony Brown / Alamy Stock Photo
The fun and games are sometimes dispiriting to read. In the NSAs Hawaii operations centre, civilian and enlisted personnel used their work machines to circulate dozens of photo memes that originated on Reddit, 4chan, and somethingawful.com. One photo showed a four-foot plastic Donald Duck with hips positioned suggestively between the legs of a pigtailed little girl. Another depicted a small boy tugging at a playmates skirt with the caption, I would tear that ass up! An image of blue balls accompanied a warning to a girl in her early teens against teasing her boyfriend without submitting to sex. Beneath a photo of smiling middle school children, one of them in a wheelchair, another caption read, Who doesnt belong? Thats right. Wheel your ass on outta here. A similar photo, overlaid with an arrow that pointed to one of the boys, declared, Everyone can be friends! Except for this little faggot. One more, shot at the finish line of a Special Olympics footrace, advised the joyful victor, Even if you win, youre still retarded.
None of that could be called official business, even if distributed at work, but ethnic and other slurs find their way into NSA briefings and training resources as well. They turn up most commonly when syllabus writers are called upon to make up foreign names. Invented names are a staple of NSA course materials because analysts in training have no need to know the identities of actual foreign surveillance targets. Instructors use fictional substitutes to teach the technical and procedural fine points of target selection.
One of the first things an analyst needs to learn is what counts as an adequate reason to judge that a prospective surveillance target is a foreign national on foreign territory.
(Fourth Amendment restrictions apply otherwise.) The NSA syllabus for its Smart Target Enhancement Program walks through 12 foreignness factors that analysts may rely upon, each illustrated with examples. Some of the ersatz target names are merely playful: Elmer Fudd, Dr Evil, Bad Dude, Bad Girl, Bad Guy and Super Bad Guy. Most of them descend into stereotype. Lotsa Casho is a Colombia-based coordinator for a drug cartel. A Beijing-based Chinese party of interest can be found online as friedrice@hotmail.com. The Turkish target (kababs4u@yahoo.com) is Master Kabob, believed by the NSA to have provided grilled kabobs for hungry Islamic cells.
The most derisive descriptions, and the ones used most often, are reserved for fictional Arabs and Muslims. Many are named with a bastardised reference to an Arabic term of respect for fatherhood. Abu Bad Guy, Abu Evil and Abu Raghead make appearances, among others. Another version takes the name of the Prophet: Mohammed Bad Guy, Mohammed Evil, and so on. Weekly programme updates in briefings prepared for supervisors display related tropes. One report on a surveillance operation in progress took a break from matters at hand to joke about what happens when the mulla [sic] mixes his Viagra with his heroin. (Now he gets an erection but cant stand up.) Save for the last example, these are bureaucratically vetted teaching materials.
In the age of Trump, I found a new openness among my bitter critics in the intelligence community. People who had shunned contact after the Snowden revelations began to talk to me again.
One of them, soon after retiring as director of national intelligence, was Air Force lieutenant general James Clapper. Both his parents had worked for a time at Fort Meade and Clapper himself did a tour there as aide to the NSA director in the course of a half-century career. In 2014, Clapper had come as close as anyone in government to accusing me, along with the documentary maker Laura Poitras and journalist Glenn Greenwald, of taking part in a criminal conspiracy with Snowden. Four years later, in the summer of 2018, he agreed to meet face-to-face. Clapper had responded crankily at first to my request for half a day of his time. I need to know what this is about before I sit for an hours-long recorded interrogation, he wrote. I made fun of his choice of noun but replied at length. Eventually he agreed to breakfast at the McLean Family Restaurant, a CIA hangout in northern Virginia, where Clapper seemed to know half the room. He made the rounds, chatting up old friends and colleagues, then ordered an egg white omelette. During several hours of conversation, long after servers cleared our plates, he listened respectfully and responded without mincing words. I recounted some of the stories I planned to tell here.
Near the end of the interview, I asked Clapper what to make of an agency culture in which hackers and analysts feel free to mock the dead and conduct official business with ethnic and sexual slurs. These are not necessarily the people you want to be in charge, I said.
His face tightened. TAO, he said, referring to Tailored Access Operations, is supposed to be, you know, our legitimate government officially sanctioned hackers.
Right. Theyre supposed to be, I replied. But if theyre snickering about...
He interrupted, sarcastic. But we want them to be nice. We dont want to do anything thats politically incorrect. Right? Isnt that what youre saying?
What you want is to think theres a certain level of maturity and respect for the amount of power they have.
Clapper softened. Well, yeah. You do. But, hey, theyre human beings too. And Im sure we could clean that up.
Open-mindedness in a leader of Clappers rank is not to be taken for granted. Even so, he could have probed more deeply. Language is the symptom, not the problem. NSA geeks are not like other geeks whose folkways they share. The NSAs top guns build and operate the machinery of a global surveillance hegemon, licensed to do things that would land them in prison if they tried them anywhere else. The eagle and serpent would not be alpha predators without them. Only judgment and self-control can govern them where there is some play in the rules, as there usually is in a sprawling enterprise. Digital weapons designers, like engineers everywhere, are inclined to do what works. The choices they make reach well beyond the terrain of Bad Girls and Bad Guys.
Dark Mirror: Edward Snowden And The American Surveillance State by Barton Gellman (The Bodley Head, 20) is out now. amazon.co.uk
Best books to read right now
In search of Myanmars billion-dollar meth lab
How rebel football helped keep Kosovan identity alive during the Yugoslav War
See the original post here:
Memes, lolz and intel incels: behind the scenes in the NSA hacker corps - British GQ