Shady Companies With Ties to Israel Wiretap the U.S. for the NSA

Tue Apr 3 10:42:38 PDT 2012

http://www.wired.com/threatlevel/2012/04/shady-companies-nsa/all/1 

By James Bamford April 3, 2012 | 6:30 am | Categories: NSA

The NSA's new super-secret 1-million-square-foot data center in Utah. Photo:
Name Withheld

Army General Keith Alexander, the director of the NSA, is having a busy year
b hopping around the country, cutting ribbons at secret bases and bringing to
life the agencybs greatly expanded eavesdropping network.

In January he dedicated the new $358 million CAPT Joseph J. Rochefort
Building at NSA Hawaii, and in March he unveiled the 604,000-square-foot John
Whitelaw Building at NSA Georgia.

Designed to house about 4,000 earphone-clad intercept operators, analysts and
other specialists, many of them employed by private contractors, it will have
a 2,800-square-foot fitness center open 24/7, 47 conference rooms and VTCs,
and b22 caves,b according to an NSA brochure from the event. No television
news cameras were allowed within two miles of the ceremony.

Overseas, Menwith Hill, the NSAbs giant satellite listening post in
Yorkshire, England that sports 33 giant dome-covered eavesdropping dishes, is
also undergoing a multi-million-dollar expansion, with $68 million alone
being spent on a generator plant to provide power for new supercomputers. And
the number of people employed on the base, many of them employees of Lockheed
Martin and Northrop Grumman, is due to increase from 1,800 to 2,500 in 2015,
according to a study done in Britain. Closer to home, in May, Fort Meade will
close its 27-hole golf course to make room for a massive $2 billion,
1.8-million-square-foot expansion of the NSAbs headquarters, including a
cybercommand complex and a new supercomputer center expected to cost nearly
$1 billion.

More NSA Coverage by James Bamford

The NSA Is Building the Countrybs Biggest Spy Center (Watch What You Say)

NSA Chief Denies Domestic Spying But Whistleblowers Say Otherwise The climax,
however, will be the opening next year of the NSAbs mammoth
1-million-square-foot, $2 billion Utah Data Center. The centerpiece in the
agencybs decade-long building boom, it will be the bcloudb where the
trillions of millions of intercepted phone calls, e-mails, and data trails
will reside, to be scrutinized by distant analysts over highly encrypted
fiber-optic links.

Despite the post-9/11 warrantless wiretapping of Americans, the NSA says that
citizens should trust it not to abuse its growing power and that it takes the
Constitution and the nationbs privacy laws seriously.

But one of the agencybs biggest secrets is just how careless it is with that
ocean of very private and very personal communications, much of it to and
from Americans. Increasingly, obscure and questionable contractors b not
government employees b install the taps, run the agencybs eavesdropping
infrastructure, and do the listening and analysis.

And with some of the key companies building the U.S.bs surveillance
infrastructure for the digital age employing unstable employees, crooked
executives, and having troubling ties to foreign intelligence services, itbs
not clear that Americans should trust the secretive agency, even if its
current agency chief claims he doesnbt approve of extrajudicial spying on
Americans. His predecessor, General Michael V. Hayden, made similar claims
while secretly conducting the warrantless wiretapping program.

Until now, the actual mechanics of how the agency constructed its highly
secret U.S. eavesdropping net, code-named Stellar Wind, has never been
revealed. But in the weeks following 9/11, as the agency and the White House
agreed to secretly ignore U.S. privacy laws and bypass the Foreign
Intelligence Surveillance Court, J. Kirk Wiebe noticed something odd. A
senior analyst, he was serving as chief of staff for the agencybs Signals
Intelligence Automation Research Center (SARC), a sort of skunkworks within
the agency where bureaucratic rules were broken, red tape was cut, and
innovation was expected.

bOne day I notice out in the hallway, stacks and stacks of new servers in
boxes just lined up,b he said.

Passing by the piles of new Dell 1750 servers, Wiebe, as he often did, headed
for the Situation Room, which dealt with threat warnings. It was located
within the SARCbs Lab, on the third floor of Operations Building 2B, a few
floors directly below the directorbs office. bI walk in and I almost get
thrown out by a guy that we knew named Ben Gunn,b he said. It was the launch
of Stellar Wind and only a handful of agency officials were let in on the
secret.

bHe was the one who organized it,b said Bill Binney of Gunn. A former founder
and co-director of SARC, Binney was the agency official responsible for
automating much of the NSAbs worldwide monitoring networks. Troubled by the
unconstitutional nature of tapping into the vast domestic communications
system without a warrant, he decided to quit the agency in late 2001 after
nearly forty years.

Gunn, said Binney, was a Scotsman and naturalized U.S. citizen who had
formerly worked for GCHQ, Britainbs equivalent of the NSA, and later become a
senior analyst at the NSA. The NSA declined Wiredbs request to interview
Gunn, saying that, as policy, it doesnbt confirm or deny if a person is
employed by the agency.

Shortly after the secret meeting, the racks of Dell servers were moved to a
room down the hall, behind a door with a red seal indicating only those
specially cleared for the highly compartmented project could enter. But
rather than having NSA employees putting the hardware and software together
and setting up walls of monitors showing suspected terrorism threats and
their U.S. communications, the spying room was filled with a half-dozen
employees of a tiny mom-and-pop company with a bizarre and troubling history.

bIt was Technology Development Corporation,b said Binney.

The agency went to TDC, he says, because the company had helped him set up a
similar network in SARC b albeit one that was focused on foreign and
international communications b the kind of spying the NSA is chartered to
undertake.

bThey needed to have somebody who knew how the code works to set it up,b he
said. bAnd then it was just a matter of feeding in the attributes [U.S. phone
numbers, e-mail addresses and personal data] and any of the content you
want.b Those battributesb came from secret rooms established in large telecom
switches around the country. bI think therebs 10 to 20 of them,b Binney says.

Formed in April 1984, TDC was owned by two brothers, Randall and Paul
Jacobson, and largely run out of Randallbs Clarkesville, Maryland house, with
his wife acting as bookkeeper. But its listed address is a post office box in
Annapolis Junction, across the Baltimore-Washington Parkway from the NSA, and
the companybs phone number in various business directories is actually an NSA
number in Binneybs old office.

The companybs troubles began in June 1992 when Paul lost his security
clearance. bIf you ever met this guy, you would know hebs a really strange
guy,b Binney said of Paul. bHe did crazy stuff. I think they thought he was
unstable.b At the time, Paul was working on a contract at the NSA alongside a
rival contractor, Unisys Corporation. He later blamed Unisys for his security
problems and sued it, claiming that Unisys employees complained about him to
his NSA supervisors. According to the suit, Unisys employees referred to him
as bweirdb and that he bacted like a robot,b bnever wore decent clothes,b and
was mentally and emotionally unstable. About that time, he also began
changing his name, first to Jimmy Carter, and later to Alfred Olympus von
Ronsdorf.

With bvon Ronsdorfbsb clearance gone and no longer able to work at the NSA,
Randy Jacobson ran the company alone, though he kept his brother and fellow
shareholder employed in the company, which led to additional problems.

bWhat happened was Randy still let him have access to the funds of the
company and he squandered them,b according to Binney. bIt was so bad, Randy
couldnbt pay the people who were working for him.b According to court
records, Ronsdorf allegedly withdrew about $100,000 in unauthorized payments.
But Jacobson had troubles of his own, having failed to file any income tax
statements for three years in the 1990s, according to tax court records. Then
in March 2002, around the time the company was completing Stellar Wind,
Jacobson fired his brother for improper billing and conversion of company
funds. That led to years of suits and countersuits over mismanagement and
company ownership.

Despite that drama, Jacobson and his people appeared to have serious
misgivings about the NSAbs program once they discovered its true nature,
according to Binney. bThey came and said, bDo you realize what these people
are doing?bb he said. bbTheybre feeding us other stuff [U.S.] in there.b I
mean they knew it was unconstitutional right away.b Binney added that once
the job was finished, the NSA turned to still another contractor to run the
tapping operation. bThey made it pretty well known, so after they got it up
and running they [the NSA] brought in the SAIC people to run it after that.b
Jacobsen was then shifted to other work at the NSA, where he and his company
are still employed.

Randall Jacobsen answered his phone inside the NSA but asked for time to
respond. He never called back.

In addition to constructing the Stellar Wind center, and then running the
operation, secretive contractors with questionable histories and little
oversight were also used to do the actual bugging of the entire U.S.
telecommunications network.

According to a former Verizon employee briefed on the program, Verint, owned
by Comverse Technology, taps the communication lines at Verizon, which I
first reported in my book The Shadow Factory in 2008. Verint did not return a
call seeking comment, while Verizon said it does not comment on such matters.

At AT&T the wiretapping rooms are powered by software and hardware from
Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein
in 2004. Narus did not return a call seeking comment.

What is especially troubling is that both companies have had extensive ties
to Israel, as well as links to that countrybs intelligence service, a country
with a long and aggressive history of spying on the U.S.

In fact, according to Binney, the advanced analytical and data mining
software the NSA had developed for both its worldwide and international
eavesdropping operations was secretly passed to Israel by a mid-level
employee, apparently with close connections to the country. The employee, a
technical director in the Operations Directorate, bwho was a very strong
supporter of Israel,b said Binney, bgave, unbeknownst to us, he gave the
software that we had, doing these fast rates, to the Israelis.b

Because of his position, it was something Binney should have been alerted to,
but wasnbt.

bIn addition to being the technical director,b he said, bI was the chair of
the TAP, itbs the Technical Advisory Panel, the foreign relations council.
Webre supposed to know what all these foreign countries, technically what
theybre doingb&. They didnbt do this that way, it was under the table.b After
discovering the secret transfer of the technology, Binney argued that the
agency simply pass it to them officially, and in that way get something in
return, such as access to communications terminals. bSo we gave it to them
for switches,b he said. bFor access.b

But Binney now suspects that Israeli intelligence in turn passed the
technology on to Israeli companies who operate in countries around the world,
including the U.S. In return, the companies could act as extensions of
Israeli intelligence and pass critical military, economic and diplomatic
information back to them. bAnd then five years later, four or five years
later, you see a Narus device,b he said. bI think therebs a connection there,
we donbt know for sure.b

Narus was formed in Israel in November 1997 by six Israelis with much of its
money coming from Walden Israel, an Israeli venture capital company. Its
founder and former chairman, Ori Cohen, once told Israelbs Fortune Magazine
that his partners have done technology work for Israeli intelligence. And
among the five founders was Stanislav Khirman, a husky, bearded Russian who
had previously worked for Elta Systems, Inc. A division of Israel Aerospace
Industries, Ltd., Elta specializes in developing advanced eavesdropping
systems for Israeli defense and intelligence organizations. At Narus, Khirman
became the chief technology officer.

A few years ago, Narus boasted that it is bknown for its ability to capture
and collect data from the largest networks around the world.b The company
says its equipment is capable of bproviding unparalleled monitoring and
intercept capabilities to service providers and government organizations
around the worldb and that bAnything that comes through [an Internet protocol
network], we can record. We can reconstruct all of their e-mails, along with
attachments, see what Web pages they clicked on, we can reconstruct their
[Voice over Internet Protocol] calls.b

Like Narus, Verint was founded by in Israel by Israelis, including Jacob
bKobib Alexander, a former Israeli intelligence officer. Some 800 employees
work for Verint, including 350 who are based in Israel, primarily working in
research and development and operations, according to the Jerusalem Post.
Among its products is STAR-GATE, which according to the companybs sales
literature, lets bservice providers b& access communications on virtually any
type of network, retain communication data for as long as required, and query
and deliver content and data b&b and was b[d]esigned to manage vast numbers of
targets, concurrent sessions, call data records, and communications.b

In a rare and candid admission to Forbes, Retired Brig. Gen. Hanan Gefen, a
former commander of the highly secret Unit 8200, Israelbs NSA, noted his
former organizationbs influence on Comverse, which owns Verint, as well as
other Israeli companies that dominate the U.S. eavesdropping and surveillance
market. bTake NICE, Comverse and Check Point for example, three of the
largest high-tech companies, which were all directly influenced by 8200
technology,b said Gefen. bCheck Point was founded by Unit alumni. Comversebs
main product, the Logger, is based on the Unitbs technology.b

According to a former chief of Unit 8200, both the veterans of the group and
much of the high-tech intelligence equipment they developed are now employed
in high-tech firms around the world. bCautious estimates indicate that in the
past few years,b he told a reporter for the Israeli newspaper Habartez in
2000, bUnit 8200 veterans have set up some 30 to 40 high-tech companies,
including 5 to 10 that were floated on Wall Street.b Referred to only as
bBrigadier General B,b he added, bThis correlation between serving in the
intelligence Unit 8200 and starting successful high-tech companies is not
coincidental: Many of the technologies in use around the world and developed
in Israel were originally military technologies and were developed and
improved by Unit veterans.b

Equally troubling is the issue of corruption. Kobi Alexander, the founder and
former chairman of Verint, is now a fugitive, wanted by the FBI on nearly
three dozen charges of fraud, theft, lying, bribery, money laundering and
other crimes. And two of his top associates at Comverse, Chief Financial
Officer David Kreinberg and former General Counsel William F. Sorin, were
also indicted in the scheme and later pleaded guilty, with both serving time
in prison and paying millions of dollars in fines and penalties.

When asked about these contractors, the NSA declined to bverify the
allegations made.b

But the NSA did beagerly offerb that it bensures deliberate and appropriate
measures are taken to thoroughly investigate and resolve any legitimate
complaints or allegations of misconduct or illegal activityb and btakes
seriously its obligation to adhere to the U.S. Constitution and comply with
the U.S. laws and regulations that govern our activities.b

The NSA also added that bwe are proud of the work we do to protect the
nation, and allegations implying that there is inappropriate monitoring of
American communications are a disservice to the American public and to the
NSA civilian and military personnel who are dedicated to serving their
country.b

However, that statement elides the voluminous reporting by the New York
Times, Washington Post, USA Today, Los Angeles Times and Wired on the NSAbs
warrantless wiretapping program. Also not reflected is that in the only
anti-warrantless wiretapping lawsuit to survive the governmentbs use of the
bstate secretsb privilege to throw them out, a federal judge ruled that two
American lawyers had been spied on illegally by the government and were
entitled to compensation.

So take the NSAbs assurances as you will.

But as NSA director Alexander flies around the country, scissors in hand,
opening one top-secret, outsourced eavesdropping center after another,
someone might want to ask the question no one in Congress seems willing to
ask: Whobs listening to the listeners?