{"id":75925,"date":"2016-07-04T12:00:26","date_gmt":"2016-07-04T11:00:26","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=75925"},"modified":"2016-07-02T17:52:55","modified_gmt":"2016-07-02T16:52:55","slug":"the-hunter-he-was-a-hacker-for-the-nsa-and-he-was-willing-to-talk-i-was-willing-to-listen","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2016\/07\/the-hunter-he-was-a-hacker-for-the-nsa-and-he-was-willing-to-talk-i-was-willing-to-listen\/","title":{"rendered":"The Hunter –> He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen."},"content":{"rendered":"

28 Jun 2016 –The message arrived at night and consisted of three words: \u201cGood evening sir!\u201d<\/em><\/p>\n

The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained \u2014 with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world \u2014 how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA\u2019s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept<\/em>.<\/p>\n

There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept<\/em> of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or \u201cshapes\u201d) the internet traffic of entire countries, and another memo was titled \u201cI Hunt Sysadmins<\/a>.\u201d I felt sure he could hack anyone\u2019s computer, including mine.<\/p>\n

Good evening sir!<\/em><\/p>\n

The only NSA workers the agency has permitted me to talk with are the ones in its public affairs office who tell me I cannot talk with anyone else. Thanks to the documents leaked by Snowden, however, I have been able to write about a few characters at the NSA.<\/em><\/p>\n

There was, for instance, a novelist-turned-linguist<\/a> who penned an ethics column for the NSA\u2019s in-house newsletter, and there was a mid-level manager who wrote an often zany advice column called \u201cAsk Zelda<\/a>!\u201d But their classified writings, while revealing, could not tell me everything I wanted to know about the mindset of the men and women who spy on the world for the U.S. government.<\/p>\n

I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA\u2019s. Fortunately, speaking out is his second nature. While working for the NSA, he had publicly written about his religious beliefs, and he was active on social media. So I replied to his greeting and we began an exchange of cordial messages. He agreed to a video chat that turned into a three-hour discussion sprawling from the ethics of surveillance to the downsides of home improvements and the difficulty of securing your laptop. \u201cI suppose why I talk is partially a personal compulsion to not necessarily reconcile two sides or different viewpoints but to just try to be honest about the way things are,\u201d he told me. \u201cDoes that make sense?\u201d<\/p>\n

The hacker was at his home, wearing a dark hoodie that bore the name of one of his favorite heavy metal bands, Lamb of God. I agreed not to use his name in my story, so I\u2019ll just refer to him as the Lamb. I could see a dime-store bubble-gum machine behind him, a cat-scratching tree, and attractive wood beams in the ceiling. But his home was not a tranquil place. Workmen were doing renovations, so the noise of a buzz saw and hammering intruded, his wife called him on the phone, and I could hear the sound of barking. \u201cSorry, my cats are taunting my dog,\u201d he said, and later the animal in question, a black-and-white pit bull, jumped onto his lap and licked his face.<\/p>\n

The Lamb wore a T-shirt under his hoodie and florid tattoos on his arms and smiled when I said, mostly in jest, that his unruly black beard made him look like a member of the Taliban, though without a turban. He looked very hacker, not very government.<\/p>\n

When most of us think of hackers, we probably don\u2019t think of government<\/em> hackers. It might even seem odd that hackers would want to work for the NSA \u2014 and that the NSA would want to employ them. But the NSA employs legions of hackers, as do other agencies, including the FBI, CIA, DEA, DHS, and Department of Defense. Additionally, there are large numbers of hackers in the corporate world, working for military contractors like Booz Allen, SAIC, and Palantir. The reason is elegantly simple: You cannot hack the world without hackers.<\/p>\n

In popular shows and movies such as \u201cMr. Robot\u201d and \u201cThe Matrix,\u201d hackers tend to be presented as unshaven geeks loosely connected to collectives like Anonymous, or to Romanian crime syndicates that steal credit cards by the millions, or they are teenagers who don\u2019t realize their online mischief will get them into a boatload of trouble when Mom finds out.<\/em><\/p>\n

The stereotypes differ in many ways but share a trait: They are transgressive anti-authoritarians with low regard for social norms and laws. You would not expect these people to work for The Man, but they do, in droves. If you could poll every hacker in the U.S. and ask whe\u00ad\u00ad\u00adther they practice their trade in dark basements or on official payrolls, a large number would likely admit to having pension plans. Who knows, it could be the majority.<\/p>\n

This may qualify as one of the quietest triumphs for the U.S. government since 9\/11: It has co-opted the skills and ideals of a group of outsiders whose anti-establishment tilt was expressed two decades ago by Matt Damon during a famous scene<\/a> in Good Will Hunting<\/em>. Damon, playing a math genius being recruited by the NSA, launches into a scathing riff about the agency serving the interests of government and corporate evil rather than ordinary people. Sure, he could break a code for the NSA and reveal the location of a rebel group in North Africa or the Middle East, but the result would be a U.S. bombing attack in which \u201c1,500 people that I never met, never had a problem with, get killed.\u201d He turns down the offer.<\/p>\n

In recent years, two developments have helped make hacking for the government a lot more attractive than hacking for yourself. First, the Department of Justice has cracked down on freelance hacking, whether it be altruistic or malignant. If the DOJ doesn\u2019t like the way you hack, you are going to jail. Meanwhile, hackers have been warmly invited to deploy their transgressive impulses in service to the homeland, because the NSA and other federal agencies have turned themselves into licensed hives of breaking into other people\u2019s computers. For many, it\u2019s a techno sandbox of irresistible delights, according to Gabriella Coleman, a professor at McGill University who studies hackers. \u201cThe NSA is a very exciting place for hackers because you have unlimited resources, you have some of the best talent in the world, whether it\u2019s cryptographers or mathematicians or hackers,\u201d she said. \u201cIt is just too intellectually exciting not to go there.\u201d<\/p>\n

Revealingly, one of the documents leaked by Snowden and published by The Intercept<\/em> last year was a classified interview<\/a> with a top NSA hacker (not the Lamb) who exulted that his job was awesome because \u201cwe do things that you can\u2019t do anywhere else in the country \u2026 at least not legally. We are gainfully employed to hack computers owned by al-Qa\u2019ida!\u201d Asked about the kind of people he works with at the NSA, he replied, \u201cHackers, geeks, nerds \u2026 There\u2019s an annual event for hackers in Las Vegas called DEF CON, and many of us attend. When there, we feel as though we are among our bretheren! [sic] We all have a similar mindset of wanting to tear things apart, to dig in, to see how things work.\u201d<\/p>\n

In 2012, Gen. Keith Alexander, the NSA director at the time, even attended DEF CON\u00a0wearing blue jeans and a black T-shirt that bore the logo<\/a> of the Electronic Frontier Foundation, an anti-surveillance organization that is beloved by hackers and other good citizens of the world. To coincide with Alexander\u2019s visit, the NSA had created a special webpage<\/a> to recruit the hackers at DEF CON. \u201cIf you have a few, shall we say, indiscretions<\/em> in your past, don\u2019t be alarmed,\u201d the webpage stated. \u201cYou shouldn\u2019t automatically assume you won\u2019t be hired.\u201d Alexander\u2019s personal pitch was even more direct: \u201cIn this room right here is the talent we need.\u201d<\/p>\n

If you are willing to become a patriot hacker, Uncle Sam wants you.<\/p>\n

\"Illustration:<\/a>

Illustration: Miguel Santamarina for The Intercept<\/p><\/div>\n

As a teenager, the Lamb was a devout Christian who attended church two or three times a week, yet he also participated in online forums for Satanists and atheists. He wanted to learn what others believed and why they believed it, and he wanted to hear their responses to questions he raised. If his beliefs could not withstand challenges from opposing ones, they might not be worth keeping.<\/em><\/p>\n

\u201cAs a Christian, I believe the Bible, and one of the things it says is if you seek the truth, you should find it,\u201d he told me. \u201cIf I started to come across facts that contradicted what I believed and contradicted the way that I thought about things, I had to be open to confronting them and determining how I would integrate them into my life and my thought system.\u201d<\/p>\n

Before he became a hacker, the Lamb had the restless spirit of one. After high school, he attended a Christian university for a year but dropped out and joined the military as a linguist. He was assigned to the NSA, and although he told me his computer skills were modest at the time, he was intrigued by the mysteries inside the machines. \u201cI started doing some basic computer training, like \u2018Oh, here\u2019s how computers talk to each other and network\u2019 and that sort of stuff,\u201d he said. \u201cI enjoyed that far more than trying to maintain a language that I rarely used.\u201d<\/p>\n

He devoured books on computers and experimented on his own time, using an application called Wireshark to see how network data was moving to and from his own computer. He picked up a bit of programming knowledge, and he asked agency veterans for tips. As he wrote in one of his memos, \u201cIf you want to learn crazy new things \u2026 why not walk around NSA, find people in offices that do things you find interesting, and talk to them about how they do what they do.\u201d<\/p>\n

\"Screenshot<\/a>

Screenshot from NSA document<\/p><\/div>\n

Like Snowden, he did not need a formal education to succeed. Snowden, after all, dropped out of high school and mastered computers through self-education. As an NSA contractor, he rose to a position that gave him access to broad swaths of the agency\u2019s networks. While Snowden was a systems administrator, the Lamb became an expert in network analysis and was well-versed in the crucial trick of shaping traffic from one place to another \u2014 for instance, sending it from an ISP in a foreign country to an NSA server.<\/p>\n

The Lamb\u2019s work was important, but his memos are remarkably irreverent, even cocky. I\u2019ve read a fair number of NSA documents, and not one contains as much hacker and internet lingo as his; he used words like \u201cskillz\u201d and \u201cinternetz\u201d and \u201cZOMG!\u201d and phrases like \u201cpwn the network\u201d and \u201cDude! Map all the networks!!!\u201d Some of what he wrote is just cheerily impudent, like the opening line of one memo: \u201cHappy Friday my esteemed and valued intelligence Community colleagues!\u201d Another memo began, \u201cWelcome back, comrade!\u201d<\/p>\n

While poking gentle fun at the government hackers he worked with, the Lamb dismissed the amateur hackers on the outside. He identified himself and his highly trained colleagues at the NSA as a breed apart \u2014 a superior breed, much in the way that soldiers look down on weekend paintballers. Perhaps this shouldn\u2019t be altogether surprising, because arrogance is one of the unfortunate hallmarks of the male-dominated hacker culture. At the NSA, this hubris can perhaps serve as an ethical lubricant that eases the task of hacking other people: They are not as special as you are, they do not have the magical powers you possess, they are targets first and humans second.<\/p>\n

As the Lamb wrote in one of his memos, \u201cWhen I first went to Blackhat\/Defcon, it was with the wide-eyed anticipation of \u2018I\u2019m going to go listen to all of the talks that I can, soak up all of the information possible, and become a supar-1337-haxxor.\u2019 What a let-down of an experience that was. You find the most interesting topics and briefings, wait in lines to get a seat, and find yourself straining your ears to listen to someone that has basically nothing new to say. Most of the talks get hyped up exponentially past any amount of substance they actually provide.\u201d<\/p>\n

Then I asked the Lamb where he was in the hierarchy of hackers at the NSA, he just smiled and said, \u201cI got to the point where more people would ask me questions than I asked other people questions.\u201d He would not delve into the classified specifics of his job \u2014 he despises Snowden for leaking classified information \u2014 but I knew a lot through his memos.<\/em><\/p>\n

Although network analysis, the Lamb\u2019s area of expertise, is interesting from a technical perspective, he was one step removed from the most challenging and menacing type of government hacking \u2014 executing finely tuned attacks that infiltrate individual computers. Nonetheless, he offered this characterization of his NSA work: \u201cThey were just ridiculously cool projects that I\u2019ll never forget.\u201d One of the quandaries of technology is that \u201ccool\u201d does not necessarily mean \u201cethical.\u201d Surveillance tools that are regarded as breakthroughs can be used to spy on innocent people as well as terrorists. This is a key part of the debate on the NSA, the concern that its formidable powers are being used, or can be used, to undermine privacy, freedom, and democracy.<\/p>\n

The Lamb\u2019s memos on cool ways to hunt sysadmins triggered a strong reaction when I wrote about them<\/a> in 2014 with my colleague Ryan Gallagher. The memos explained how the NSA tracks down the email and Facebook accounts of systems administrators who oversee computer networks. After plundering their accounts, the NSA can impersonate the admins to get into their computer networks and pilfer the data flowing through them. As the Lamb wrote, \u201csys admins generally are not my end target. My end target is the extremist\/terrorist or government official that happens to be using the network \u2026 who better to target than the person that already has the \u2018keys to the kingdom\u2019?\u201d<\/p>\n

Another of his NSA memos, \u201cNetwork Shaping 101<\/a>,\u201d used Yemen as a theoretical case study for secretly redirecting the entirety of a country\u2019s internet traffic to NSA servers. The presentation, consisting of a PowerPoint slideshow, was offbeat at times, with a reference to throwing confetti in the air when a hack worked and jokey lines like, \u201cThe following section could also be renamed the \u2018I\u2019m pulling my hair out in the fetal position while screaming \u201cWhy didn\u2019t it work?!\u201d\u2019 section.\u201d The Lamb also scribbled a hand-drawn diagram about network shaping that included a smiley face in the middle next to the phrase, \u201cYEAH!!! MAKE DATA HAPPEN!\u201d The diagram and slideshow were both classified as top secret.<\/p>\n

\"NSA<\/a>

NSA diagram on network shaping.<\/p><\/div>\n

His memos are boastful, even cackling. At the end of one of the sysadmin memos, the Lamb wrote, \u201cCurrent mood: scheming,\u201d and at the end of another, \u201cCurrent mood: devious.\u201d He also listed \u201cjuche-licious\u201d as one of his moods, ironically referring to the official ideology of North Korea. Another memo he wrote, \u201cTracking Targets Through Proxies & Anonymizers<\/a>,\u201d impishly noted that the use of identity-obscuring tools like Tor \u201cgenerally makes for sad analysts\u201d in the intelligence community; this was followed by a sad face emoji. The tone of his classified writing was consistent with some of his social media posts \u2014 the Lamb\u2019s attitude, in public as well as in private, was often outspoken and brash.<\/p>\n

What if the shoe was on the other foot, however? When I wrote about the sysadmin memos in 2014, I wondered how their author would feel if someone used the same devious rationale to hack his<\/em> computer and his life. Nearly two years later, I had the chance to find out.<\/p>\n

\u201cIf I turn the tables on you,\u201d I asked the Lamb, \u201cand say, OK, you\u2019re a target for all kinds of people for all kinds of reasons. How do you feel about being a target and that kind of justification being used to justify getting all of your credentials and the keys to your kingdom?\u201d<\/p>\n

The Lamb smiled. \u201cThere is no real safe, sacred ground on the internet,\u201d he replied. \u201cWhatever you do on the internet is an attack surface of some sort and is just something that you live with. Any time that I do something on the internet, yeah, that is on the back of my mind. Anyone from a script kiddie to some random hacker to some other foreign intelligence service, each with their different capabilities \u2014 what could they be doing to me?\u201d<\/p>\n

He seemed to be putting the blame for NSA attacks on the victims \u2014 if they were too dimwitted to protect themselves from hunters like him, it was their fault. \u201cPeople don\u2019t want to think about being targets on the internet, in spite of the fact that at this point in the game, everybody is,\u201d he added. \u201cEvery country spies.\u201d<\/p>\n

He was dead serious, no smiles any longer. \u201cAs much as we\u2019d like to say we will all beat our swords into plowshares and become a peaceful people, it\u2019s not going to happen,\u201d he continued. \u201cIntelligence agencies around the world are being asked questions by their governments, and government officials don\u2019t want to hear, \u2018That\u2019s hard to solve.\u2019 They just say, \u2018Can you solve this and can you get me the intel I\u2019m asking for?\u2019 Which is nation agnostic, whether that\u2019s the NSA, the FSB, the PLA or whoever.\u201d<\/p>\n

The Lamb\u2019s political ideology evoked the cold-blooded realpolitik of Henry Kissinger. There is the idyllic digital world we would like to live in, there is the dog-eat-dog digital world we actually live in \u2014 and the Lamb, as I understood it, was intensely focused on winning in the latter.<\/p>\n

\u201cYou know, the situation is what it is,\u201d he said. \u201cThere are protocols that were designed years ago before anybody had any care about security, because when they were developed, nobody was foreseeing that they would be taken advantage of. \u2026 A lot of people on the internet seem to approach the problem [with the attitude of] \u2018I\u2019m just going to walk naked outside of my house and hope that nobody looks at me.\u2019 From a security perspective, is that a good way to go about thinking? No, horrible \u2026 There are good ways to be more secure on the internet. But do most people use Tor? No. Do most people use Signal? No. Do most people use insecure things that most people can hack? Yes. Is that a bash against the intelligence community that people use stuff that\u2019s easily exploitable? That\u2019s a hard argument for me to make.\u201d<\/p>\n

But it wasn\u2019t a hard argument for me to make, so I tried. Back in the 1990s, in the early days of the web, the uses and hopes for the internet were thought to be joyous and non-commercial. The web would let us talk to one another and would decentralize power and revolutionize the world in good ways. Those were the years when the Lamb spent hours and hours in chatrooms with Satanists and atheists \u2014 just the sort of connect-us-to-each-other activity that made everyone so excited about the future. At the time, few people thought the internet would become, as Bruce Schneier describes it, a surveillance platform. So I asked whether the Lamb felt conflicted, as Snowden did, working for an organization that turned the web further and further away from its original potential as a global platform for speaking and thinking freely.<\/p>\n

He responded by noting that he is, by nature, a defiant type and attracted to hard problems. That\u2019s how, without a lot of formal instruction, he became an NSA hacker \u2014 he was curious about how computers worked and he wanted to figure them out. \u201cTechnically challenging things are just inherently interesting to me,\u201d he said. \u201cIf you tell me, \u2018This can\u2019t be done,\u2019 I\u2019m going to try and find a way to do it.\u201d<\/p>\n

I mentioned that lots of people, including Snowden, are now working on the problem of how to make the internet more secure, yet he seemed to do the opposite at the NSA by trying to find ways to track and identify people who use Tor and other anonymizers. Would he consider working on the other side of things? He wouldn\u2019t rule it out, he said, but dismally suggested the game was over as far as having a liberating and safe internet, because our laptops and smartphones will betray us no matter what we do with them.<\/p>\n

\u201cThere\u2019s the old adage that the only secure computer is one that is turned off, buried in a box ten feet underground, and never turned on,\u201d he said. \u201cFrom a user perspective, someone trying to find holes by day and then just live on the internet by night, there\u2019s the expectation [that] if somebody wants to have access to your computer bad enough, they\u2019re going to get it. Whether that\u2019s an intelligence agency or a cybercrimes syndicate, whoever that is, it\u2019s probably going to happen.\u201d<\/p>\n

The Lamb was comfortable with the side he joined in the surveillance wars, and this sets him apart from the most common stereotypes of the men and women who devote their lives to spying on others.<\/em><\/p>\n

Spies who do nothing but eavesdrop, slipping into computers and conversations without a trace, have a reputation in popular culture of being troubled in ways that conventional spies are not. Think of Gene Hackman in The Conversation<\/em>, or Ulrich M\u00fche in The Lives of Others<\/em> \u2014 these surveillers are haunted, as it seems they should be. Conventional spies are seen as journeying into hostile lands and committing heroic or devious acts; they are men and women of action, not thought. But the people who watch, listen, or hack are not as distracted by danger or adrenaline. They mostly labor in tranquility, in temperature-controlled offices without windows, risking bodily harm no worse than carpal tunnel syndrome, and they have an abundance of time to think about the lurking that is their occupation and the people on whom they practice it.<\/p>\n

I have a bias against the watchers, I suppose. I have been concerned about the bureaucracies of surveillance since the 1980s, when I was a student in the Soviet Union and felt like hunted prey. The telephone in the dreary lobby of my dormitory on the banks of the Neva River in Leningrad (now St. Petersburg) was assumed to be bugged, and if the KGB\u2019s devices weren\u2019t working, the dezhurnaya<\/em> who sat nearby was sure to be listening. This was my anti-surveillance Rosebud, I guess. When I visited Russian friends, I stayed silent as I walked in their ill-lit stairwells, so that the accent of my Russian would not give away the fact a foreigner was visiting them. The walls had ears. This was one of the great contrasts between the Soviet Union and America, where I could speak to my friends without worrying about the government listening.<\/p>\n

The Soviet Union is long gone, but in 2016 we live under the specter of far more surveillance than anything the KGB could have dreamed of with its rudimentary bugs and fearful informers. Not just government surveillance \u2014 law enforcement can easily obtain our phone and internet records with a warrant from the nearly always compliant courts \u2014 but corporate surveillance, too. It\u2019s not just Google and Facebook that might know more details about our lives and friends than the KGB could have imagined in its most feverish dreams of information dominance, but even Zipcar and Amazon.<\/p>\n

There are precautions one can take, and I did that with the Lamb. When we had our video chat, I used a computer that had been wiped clean of everything except its operating system and essential applications. Afterward, it was wiped clean again. My concern was that the Lamb might use the session to obtain data from or about the computer I was using; there are a lot of things he might have tried, if he was in a scheming mood. At the end of our three hours together, I mentioned to him that I had taken these precautions\u2014and he approved.<\/p>\n

\u201cThat\u2019s fair,\u201d he said. \u201cI\u2019m glad you have that appreciation. \u2026 From a perspective of a journalist who has access to classified information, it would be remiss to think you\u2019re not a target of foreign intelligence services.\u201d<\/p>\n

He was telling me the U.S. government should be the least of my worries. He was trying to help me.<\/p>\n

Documents published with this article<\/em>:<\/p>\n