Ever since Edward Snowden’s files first began leaking out, public attention has been mostly focused on the NSA and its vast surveillance networks. But newly revealed Snowden documents show that the FBI, the law enforcement organization meant to combat domestic threats, has been keeping pace with the NSA, America’s biggest overseas intelligence agency. And when the two spying outfits decided to work together, it created a new surveillance campaign, geared toward keeping tabs on foreign hackers.
The FBI’s counter-hacking campaign was growing so fast that in 2011, bureau officials approached the NSA about teaming up and using the vast infrastructure that the spy agency had built since the 9/11 attacks to monitor terrorists’ communications. The bureau thought it could help locate hackers overseas.
“Although FBI conducts numerous electronic surveillances without assistance, the vast majority of them are directed against targets located inside the United States,” according to a 2012 NSA document that described the technical support the spy agency planned to give to the FBI. The bureau wanted to turn its sites on hackers who might have compromised computers in the United States to launch attacks, but were actually based in another country.
Fortunately, the NSA had been preparing for such a request and had “expended a significant amount of resources to create collection/processing capabilities at many of the chokepoints operated by U.S. providers through which international communications enter and leave the United States,” according to the document, which was among a set given to journalists by Snowden and published Thursday by The New York Times and ProPublica.
The FBI had specialists who could work with those resources. A relatively obscure outfit called the Data Intercept Technology Unit is the bureau’s main surveillance arm and acts as the conduit between the NSA and big American tech companies, including Google, Yahoo, and Facebook, when the government wants to collect data under the surveillance law that authorizes spying on hackers, as well as on terrorists and spies. It’s the unit’s job to intercept terrorists’ telephone calls and emails inside the United States, and it works closely with the three major American telecom companies—AT&T, Verizon, and Sprint.
The surveillance unit is located in a sprawling compound at Marine Corps Base Quantico in Virginia, along with the FBI’s Operational Technology Division, which runs all of the bureau’s technical intelligence collection, processing, and reporting. Its motto is “Vigilance Through Technology.” Quantico also houses the data repository where the information the NSA gleaned from hackers on the FBI’s behalf was stored.
The FBI’s domestic surveillance operations have also expanded into the air. The bureau maintains a small air force that carry video and cellphone surveillance technology, the Associated Press reported this week. Some of that technology can identify people based on the type of phone they’re carrying, even when they’re not making a call.
The FBI’s surveillance powers also got a major boost this week when the Senate overwhelmingly passed the USA Freedom Act, which revived temporarily lapsed powers to monitors cellphones, computers, and other communications devices of suspected spies and terrorists. And USA Today reported that another powerful law enforcement agency, the Drug Enforcement Administration, more than tripled its use of wiretaps and other forms of electronic communications surveillance over the past decade.
Three former U.S. officials told The Daily Beast that the cooperation between the NSA and the FBI grew out of a mutual desire to combat foreign cyber espionage and that it was never aimed at hackers operating in the United States. Going after them is the FBI’s job.
Both the NSA and the FBI agreed that while the latter could monitor those communications chokepoints on its own, it would have to build a new infrastructure to do it, according to the document. Using the NSA’s, however, would be be easier and cheaper.
Against the backdrop of widening surveillance, the revelations of the FBI and the NSA joining forces may appear ominous. But former officials insisted that Americans would be appalled to learn that their government wasn’t trying to monitor foreign hackers who are stealing secrets from U.S. companies and money from American citizens. Based on the documents released by the news organizations and interviews with former U.S. officials, it appears that the FBI and the NSA’s work together didn’t violate any laws or regulations.
Richard Bejtlich, the chief security strategist for cybersecurity company FireEye, said that while the counter-hacking operations would surely collect some Americans’ information, it would include items that hackers had stolen, such as business plans or credit card numbers.
“It’s good that there’s an agency that’s trying to notice when data is being stolen so they can do something about it. That’s a good sign,” he said. “On whole, I think the benefits of this outweigh the other concerns.”
A briefing on surveillance rules prepared by the NSA’s office general counsel shows it was particularly concerned about the agency accidentally collecting information on Americans. The “worst thing” the NSA could do to would be to turn its intelligence apparatus into “basically doing surveillance for [law enforcement] purpose without warrant,” the general counsel’s office warned. To prevent that, the agency’s analysts—who would be helping the FBI—should focus on looking for “intrusion capabilities,” an apparent reference to types of hacking tools, known to be used by foreign hackers, and immediately report any inadvertent collection of an Americans’ communications to NSA’s lawyers. “Do not want to see any/many of these,” the briefing states.
At the time the NSA agreed to provide the FBI with technical assistance, U.S. officials were particularly concerned about cyber spying by the Chinese and Russian governments, as well as the growing threat that Iran posed to U.S. companies. Under the Foreign Intelligence Surveillance Act, the NSA had been able to spy on a foreign hacker who was reasonably believed to be located overseas and connected to a foreign government; for instance, a Russian hacker trying to steal sensitive information from the White House’s computer networks.
But a question arose in 2011 about whether certain types of “signatures,” or patterns associated with hacking activity, could be used to identify possible targets, the former officials said. Legally, the government doesn’t have to know who a hacker is in order to monitor his communications, but it must be able to demonstrate that there’s some reason to believe the hacker is connected to a foreign government. For example, is he using an Internet address that is located in a particular country? The precise criteria that intelligence agencies use to determine whether a hacker is likely abroad and working for a foreign government are classified.
In 2012, the Justice Department approved some limited hacker surveillance under the Foreign Intellignce Surveillance Act, using an existing authorization to spy on certain foreign governments, according to an internal NSA timeline. The fact that the government has been using the surveillance law to track hackers had been previously confirmed in public by several U.S. officials. But the newly disclosed documents help to explain the evolution of the counter-hacking campaign and the role that the FBI played.