Exclusive: FBI Investigated Former CIA Chief Michael Hayden in Secret-Spilling Case

The FBI sought a search warrant for the email account of former CIA and NSA chief Gen. Michael Hayden in 2012, according to a newly unsealed court filing. The warrant application was part of a broader Obama-era investigation into a leak of classified information to the press. Another official later pleaded guilty in connection to the disclosure.

The targeting of Hayden’s AOL email account drives home just how aggressively the Obama administration pursued leaks, in this case following a relatively thin lead all the way to the private email account of a retired four-star general. Hayden served as director of the National Security Agency from 1999 to 2005, and later led the CIA until his retirement in 2009.

Asked over email if he’d previously known about the search warrant, Hayden wrote, “I don’t think they announce them,” and added a smiley face emoji.

Hayden has emerged in recent years as a fierce critic of the Trump presidency. But before that, he was best known for his aggressive approach to operationalizing the intelligence agencies he ran. After the 9/11 attacks, he helped initiate the NSA’s sweeping warrantless wiretapping program, which was eventually shuttered after widespread criticism by advocacy groups and lawmakers. At the CIA, he contributed to the dramatic increase in the use of drones to hunt and kill suspected terrorists.

The search warrant application filed in November 2012, unsealed Monday, shows the bureau suspected Hayden of being a source for a June 1, 2012, New York Times article about the Stuxnet computer virus, a groundbreaking piece of nation-state malware crafted to sabotage one element of Iran’s nuclear program in 2010. The virus targeted equipment at Iran’s uranium enrichment facility in Natanz. The article, written by reporter David Sanger, confirmed suspicions that the U.S. was partly responsible for the attack, which the story said was part of a top secret American-Israeli program called Olympic Games.

Hayden was not cited as a source on the Olympic Games revelation in the Times article, but was quoted on the apparent significance of the Stuxnet virus, which was widely known. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” Hayden said in part.

The 2012 application doesn’t state whether the warrant was granted, but nearly all are. Hayden’s name and email address are redacted from the unsealed filing, but the case is captioned with Hayden’s AOL email address (PDF). Hayden did not immediately respond to inquiries for this story.

The search warrant affidavit was filed by special agent Craig Moringiello in the FBI’s counterintelligence division. It shows that the FBI first obtained transaction records for Hayden’s AOL email account. Those showed that he’d exchanged email messages with Sanger 10 times in the months before and after the story. The bureau then used that as evidence in a Nov. 15, 2012, application to obtain the entire contents of Hayden’s AOL account.

The FBI found no evidence that Hayden did anything wrong. But using similar tactics, the FBI eventually tracked the story to retired Marine Gen. James Cartwright. In 2016 Cartwright acknowledged he was a source for the article and pleaded guilty to a single count of lying to the FBI. Cartwright’s prosecution was widely criticized by freedom-of-the-press groups and government insiders, and Obama pardoned Cartwright shortly before leaving office.