Counterspy Official: Snowden Leak Damage Increasing

Trump may expel more Russian spies for election meddling

Edward Snowden
Getty Images
April 19, 2018

Damage to U.S. electronic intelligence-gathering capabilities caused by renegade National Security Agency contractor Edward Snowden has increased over the past year, a senior U.S. counterintelligence official disclosed on Wednesday.

Bill Evanina, director of the National Counterintelligence and Security Center, also said President Trump could expel additional Russian intelligence officers still operating in the United States to further punish Moscow for election meddling.

Additionally, Evanina said during a speech at a Washington think tank that the federal government is conducting a long-term damage assessment of the 2015 cyber attack against the Office of Personnel Management carried out by China.

The OPM data breach compromised sensitive records of more than 22 million federal workers, including people who provided personal information as part of applications for security clearances.

The counterintelligence official also blamed unspecified government "policymakers" for the failure during the Obama administration to conduct counterintelligence operations aimed at the Russian cyber and influence operations during the 2016 presidential election.

On Snowden, Evanina said counterintelligence officials are finishing the seventh intelligence community damage assessment regarding the theft of some 1.7 million NSA top-secret documents.

The assessments are highly classified and have been read by only a handful of senior U.S. officials, he said.

Snowden fled his NSA job in Hawaii in 2013 for Hong Kong and later Moscow after downloading classified documents and providing them to reporters in what he said was an effort to expose improper NSA surveillance of Americans.

A House Intelligence Committee report in 2016 called the Snowden disclosures "the largest and most damaging release of classified information in intelligence history." The vast majority of the stolen documents had nothing to do with programs impacting Americans' personal privacy interests, and most compromised military, defense, and intelligence programs and assisted American adversaries, the report said.

The NSA contractor used his network access as a computer system administration to download the documents, and is currently living under Russian government protection.

"I will say that the amount of Snowden-related intelligence has not slowed down," Evanina told a gathering at the Aspen Institute.

"This past year we had more international Snowden-related documents and breaches than ever, but probably 98 percent of them were in Der Spiegel or the Guardian," he said. "Very few of these issues have been picked up by U.S. media. But our assessment is they are more damaging now."

The disclosures have affected intelligence collection capabilities and were spread by what Evanina said is a "consortium of people." The people include reporters and researchers who analyzed and interpreted the contents of the documents and revealed new, often-arcane details about electronic spying.

Foreign adversaries have then accessed the documents and the analysis of them posted online to defeat NSA tools and techniques for spying. "The more our adversaries are informed by that, the more difficult it is to collect," Evanina said.

"There has been no drop-off in Snowden-related damage but there has been less interest [by U.S. media]," he said.

Evanina said journalists such as Laura Poitras and Glenn Greenwald, initial recipients of Snowden documents, put together a network of scientists who are studying stolen NSA malware. The researchers have discovered how it works and how to defeat it.

The seventh damage assessment was described by Evanina as "really technical" about what material has been released.

The documents stolen by Snowden are now in the hands of journalists who are releasing it piecemeal after technical studies are conducted and the journalists determine who sees the material.

"Now you have world class scientists looking at some of these apps and capabilities from our collection capabilities that are being re-engineered by our adversaries," he said.

Since 2013, when Snowden made off with the documents, thousands of articles have been written on the documents containing "really sensitive" information but that accounts for only about 1 percent of the documents he took, Evanina said.

"So we don't see this issue ending anytime soon," he said.

On Russian intelligence expulsions, Evanina said the U.S. government may oust additional Russian spies—after some 90 intelligence officers were declared persona non grata over the past two years.

Trump in March ordered 60 Russian intelligence officers operating under cover as diplomats to leave the United States. The expulsions were carried out in response to Moscow's role in a clandestine nerve agent attack in England against former Russian military intelligence officer and his daughter. Officials said at the time that the 60 spies were among 100 suspect intelligence operatives.

In December 2016, then-President Obama expelled 35 Russians in response to Moscow's election meddling.

"Right now we sent 60 back, a total of 90 over the last couple of years," Evanina said. "But I think there are still a handful left and I know there are, and I think the White House is holding them out as potential sanctions in the future, if activity continues."

Asked why no counterintelligence activities were conducted to thwart the Russian election meddling in 2016, Evanina said, "we've got to separate counterintelligence activity from policy—two separate things."

"The counterintelligence world has worked against the Russian intelligence services here in the U.S. and has probably been more vibrant in the last three years than ever because of the activity of the Russians," he said.

"That is separate from a policy decision to do something in retaliation and that's the world I don't live in. We can tell our policymakers what we see from a counterintelligence perspective, where we surveil people to, what the collection is and what their intent is. But the policy decision is made by a different group of people."

Evanina said the FBI has been "overburdened" with work against the Russians in the past four years, not only with the election meddling but with other hostile intelligence activities.

Former CIA Director John Brennan disclosed last weekend that then-President Obama refused to launch a cyber action against Russia during the 2016 election over fears Moscow would step up its election interference.

Asked why Russia carried out the election interference, Evanina said Russian President Vladimir Putin and the Russian government and intelligence services regard the U.S. democratic system as "the No. 1 threat" to Russia.

"They will do anything they can to jeopardize our ability as a democracy that's vibrant and leads the world, to include the most fundamental process, our electoral process," he said, adding that American capitalism is also a Russian target.

Asked if the Russians have compromised Trump, Evanina declined to comment. But he said the Russians attempted to penetrate both the Trump and Hillary Clinton presidential campaigns during the election.

"We have assessments and intelligence on both of those but they would not be in the unclassified realm," he said.

On the OPM hacking case, Evanina said counterintelligence officials have obtained copies of the massive federal records—5 petabytes, or 5 million gigabytes of data—and have begun assessing the damage from the theft.

Evanina said all 21 million federal employees have been notified about the breach that was "potentially by a foreign actor."

Other U.S. officials have said China conducted the OPM hack and that Beijing plans to use the information for future cyber attacks and for artificial intelligence-based spying.

"This is not a two-year issue; this is going to be 20 years in the making," he said. "This data is your most sensitive secrets that potentially an adversary is going to have in 20 years."

The loss of the OPM data also could impact the children of security clearance applicants since details about offspring are part of the application process.

"This is a big problem and we hope to get a damage assessment done as quickly as we can."

Earlier this month, Michelle Van Cleave, former National Counterintelligence Executive, said the Obama administration weakened strategic counterintelligence efforts by downgrading the position she held in renaming the office the National Counterintelligence and Security Center, now headed by Evanina.

"The national head of counterintelligence was rebranded director of a security and CI center, his duties further dissipated by the fixation on leaks and insider threats driven by the grievous harm done by Snowden, Manning, et al," Van Cleave said.

"Gone was any dedicated strategic [counterintelligence] program, while elite pockets of proactive capabilities died of neglect," she said.

A spokesman for the counterintelligence center said the name change did not diminish Evanina's counterspy authority.

Published under: Edward Snowden