To create just one of these covers, the agency had to invent the purpose and
name of a company, secure a credible physical address somewhere in
America, register a credible URL, put up a credible website, and then rent
servers in the company’s name. Furthermore, the agency had to create an
encrypted connection from those servers that allowed it to communicate
with the CIA network without anyone noticing the connection. Here’s the
kicker: After all of that effort and money was expended just to let us
anonymously Google a name, whatever front business was being used as a
proxy would immediately be burned—by which I mean its connection to
the CIA would be revealed to our adversaries—the moment some analyst
decided to take a break from their research to log in to their personal
Facebook account on that same computer. Since few of the people at
headquarters were undercover, that Facebook account would often openly
declare, “I work at the CIA,” or just as tellingly, “I work at the State
Department, but in McLean.”
Go ahead and laugh. Back then, it happened all the time.
During my stint in Geneva, whenever a CO would ask me if there was a
safer, faster, and all-around more efficient way to do this, I introduced them
to Tor.
The Tor Project was a creation of the state that ended up becoming one
of the few effective shields against the state’s surveillance. Tor is free and
open-source software that, if used carefully, allows its users to browse
online with the closest thing to perfect anonymity that can be practically
achieved at scale. Its protocols were developed by the US Naval Research
Laboratory throughout the mid-1990s, and in 2003 it was released to the
public—to the worldwide civilian population on whom its functionality
depends. This is because Tor operates on a cooperative community model,
relying on tech-savvy volunteers all over the globe who run their own Tor
servers out of their basements, attics, and garages. By routing its users’
Internet traffic through these servers, Tor does the same job of protecting
the origin of that traffic as the CIA’s “non-attributable research” system,
with the primary difference being that Tor does it better, or at least more
efficiently. I was already convinced of this, but convincing the gruff COs
was another matter altogether.
With the Tor protocol, your traffic is distributed and bounced around
through randomly generated pathways from Tor server to Tor server, with

the purpose being to replace your identity as the source of a communication
with that of the last Tor server in the constantly shifting chain. Virtually
none of the Tor servers, which are called “layers,” know the identity of, or
any identifying information about, the origin of the traffic. And in a true
stroke of genius, the one Tor server that does know the origin—the very
first server in the chain—does not know where that traffic is headed. Put
more simply: the first Tor server that connects you to the Tor network,
called a gateway, knows you’re the one sending a request, but because it
isn’t allowed to read that request, it has no idea whether you’re looking for
pet memes or information about a protest, and the final Tor server that your
request passes through, called an exit, knows exactly what’s being asked
for, but has no idea who’s asking for it.
This layering method is called onion routing, which gives Tor its name:
it’s The Onion Router. The classified joke was that trying to surveil the Tor
network makes spies want to cry. Therein lies the project’s irony: here was
a US military–developed technology that made cyberintelligence
simultaneously harder and easier, applying hacker know-how to protect the
anonymity of IC officers, but only at the price of granting that same
anonymity to adversaries and to average users across the globe. In this
sense, Tor was even more neutral than Switzerland. For me personally, Tor
was a life changer, bringing me back to the Internet of my childhood by
giving me just the slightest taste of freedom from being observed.
N
ONE OF THIS
account of the CIA’s pivot to cyberintelligence, or SIGINT on
the Internet, is meant to imply that the agency wasn’t still doing some
significant HUMINT, in the same manner in which it had always done so, at
least since the advent of the modern IC in the aftermath of World War II.
Even I got involved, though my most memorable operation was a failure.
Geneva was the first and only time in my intelligence career in which I
made the personal acquaintance of a target—the first and only time that I
looked directly into the eyes of a human being rather than just recording
their life from afar. I have to say, I found the whole experience
unforgettably visceral and sad.

Sitting around discussing how to hack a faceless UN complex was
psychologically easier by a wide margin. Direct engagement, which can be
harsh and emotionally draining, simply doesn’t happen that much on the
technical side of intelligence, and almost never in computing. There is a
depersonalization of experience fostered by the distance of a screen.
Peering at life through a window can ultimately abstract us from our actions
and limit any meaningful confrontation with their consequences.
I met the man at an embassy function, a party. The embassy had lots of
those, and the COs always went, drawn as much by the opportunities to spot
and assess potential candidates for recruitment as by the open bars and cigar
salons.
Sometimes the COs would bring me along. I’d lectured them on my
specialty long enough, I guess, that now they were all too happy to lecture
me on theirs, cross-training me to help them play “spot the sap” in an
environment where there were always more people to meet than they could
possibly handle on their own. My native geekiness meant I could get the
young researchers from CERN (Conseil Européen pour la Recherche
Nucléaire: European Council for Nuclear Research) talking about their
work with a voluble excitement that the MBAs and political science majors
who comprised the ranks of our COs had trouble provoking on their own.
As a technologist, I found it incredibly easy to defend my cover. The
moment some bespoke-suited cosmopolite asked me what I did, and I
responded with the four words “I work in IT” (or, in my improving French,

Download 1.94 Mb.

Do'stlaringiz bilan baham: