web space | free website | Business WebSite Hosting | Free Website Submission | shopping cart | php hosting
free host | website hosting | Web Hosting | Free Website Submission | shopping cart | php hosting

Breaking the Taboo on Israel's Spying Efforts on the United States

 

By Christopher Ketcham, AlterNet

Posted on March 10, 2009, Printed on March 14, 2009

http://www.alternet.org/story/130891/

 

Scratch a counterintelligence officer in the U.S. government and they'll tell you that Israel is not a friend to the United States.

This is because Israel runs one of the most aggressive and damaging espionage networks targeting the U.S..  The fact of Israeli penetration into the country is not a subject oft-discussed in the media or in the circles of governance, due to the extreme sensitivity of the U.S.-Israel relationship coupled with the burden of the Israel lobby, which punishes legislators who dare to criticize the Jewish state.  The void where the facts should sit is filled instead with the hallucinations of conspiracy theory -- the kind in which, for example, agents of the Mossad, Israel’s top intelligence agency, engineer the 9/11 attacks, while 4,000 Israelis in the Twin Towers somehow all get word to escape before the planes hit.  The effect, as disturbing as it is ironic, is that the less the truth is addressed, the more noxious the falsity that spreads.

Israel's spying on the U.S., however, is a matter of public record, and neither conspiracy nor theory is needed to present the evidence.   When the FBI produces its annual report to Congress concerning "Foreign Economic Collection and Industrial Espionage," Israel and its intelligence services often feature prominently as a threat second only to China. In 2005 the FBI noted, for example, that Israel maintains "an active program to gather proprietary information within the United States."  A key Israeli method, said the FBI report, is computer intrusion.  In 1996, the Defense Intelligence Service, a branch of the Pentagon, issued a warning that "the collection of scientific intelligence in the United States [is] the third highest priority of Israeli Intelligence after information on its Arab neighbors and information on secret U.S. policies or decisions relating to Israel."  In 1979, the Central Intelligence Agency produced a scathing survey of Israeli intelligence activities that targeted the U.S. government.  Like any worthy spy service, Israeli intelligence early on employed wiretaps as an effective tool, according to the CIA report.  In 1954, the U.S. Ambassador in Tel Aviv discovered in his office a hidden microphone "planted by the Israelis," and two years later telephone taps were found in the residence of the U.S. military attaché.  In a telegram to Washington, the ambassador at the time cabled a warning: "Department must assume that all conversations [in] my office are known to the Israelis." The former ambassador to Qatar, Andrew Killgore, who also served as a foreign officer in Jerusalem and Beirut, told me Israeli taps of U.S. missions and embassies in the Middle East were part of a "standard operating procedure."

According to the 1979 CIA report, the Israelis, while targeting political secrets, also devote "a considerable portion of their covert operations to obtaining scientific and technical intelligence." These operations involved, among other machinations, "attempts to penetrate certain classified defense projects in the United States."   The penetrations, according to the CIA report, were effected using "deep cover enterprises," which the report described as "firms and organizations, some specifically created for, or adaptable to, a specific objective."  At the time, the CIA singled out government-subsidized companies such as El Al airlines and Zim, the Israeli shipping firm, as deep cover enterprises.  Other deep cover operations included the penetration of a U.S. company that provided weapons-grade uranium to the Department of Defense during the 1960s; Israeli agents eventually spirited home an estimated 200 pounds of uranium as the bulwark in Israel’s secret nuclear weapons program.  Moles have burrowed on Israel’s behalf throughout the U.S. intelligence services.  Perhaps most infamous was the case of Jonathan Pollard, a Jewish-American employed as a civilian analyst with the U.S. Navy who purloined an estimated 800,000 code-word protected documents from inside the CIA, the Defense Intelligence Agency, and numerous other U.S. agencies.  While Pollard was sentenced to life in prison, counterintelligence investigators at the FBI suspected he was linked to a mole far higher in the food chain, ensconced somewhere in the DIA, but this suspected Israeli operative, nicknamed "Mr. X," was never found.   Following the embarrassment of the Pollard affair -- and its devastating effects on U.S. national security, as testified by then Defense Secretary Caspar Weinberger (who allegedly stated that Pollard "should have been shot") -- the Israeli government vowed never again to pursue espionage against its ally and chief benefactor.

Fast-forward a quarter century, and the vow has proven empty.  In 2004, the authoritative Jane's Intelligence Group noted that Israel's intelligence organizations "have been spying on the U.S. and running clandestine operations since Israel was established."  The former deputy director of counterintelligence at FBI, Harry B. Brandon, last year told Congressional Quarterly magazine that "the Israelis are interested in commercial as much as military secrets. They have a muscular technology sector themselves."  According to CQ, "One effective espionage tool is forming joint partnerships with U.S. companies to supply software and other technology products to U.S. government agencies."

Best-selling author James Bamford now adds another twist in this history of infiltration in a book published last October, "The Shadow Factory," which forms the latest installment in his trilogy of investigations into the super-secret National Security Agency.  Bamford is regarded among journalists and intelligence officers as the nation’s expert on the workings of the NSA, whose inner sanctums he first exposed to the public in 1982. (So precise is his reporting that NSA officers once threw him a book party, despite the fact that he continually reveals their secrets.)  The agency has come a long way in the half-century since its founding in 1952.  Armed with digital technology and handed vast new funding and an almost limitless mandate in the wake of the 9/11 attacks, Bamford writes, the NSA has today "become the largest, most costly, and most technologically sophisticated spy organization the world has ever known."  The NSA touches on every facet of U.S. communications, its mega-computers secretly filtering "millions of phone calls and e-mails" every hour of operation.  For those who have followed the revelations of the NSA’s "warrantless wiretapping" program in the New York Times in 2005 and the Wall Street Journal last year, what Bamford unveils in "The Shadow Factory" is only confirmation of the worst fears: "There is now the capacity," he writes of the NSA’s tentacular reach into the private lives of Americans, "to make tyranny total."

Much less has been reported about the high-tech Israeli wiretapping firms that service U.S. telecommunications companies, primarily AT&T and Verizon, whose networks serve as the chief conduits for NSA surveillance.  Even less is known about the links between those Israeli companies and the Israeli intelligence services.  But what Bamford suggests in his book accords with the history of Israeli spying in the U.S.: Through joint partnerships with U.S. telecoms, Israel may be a shadow arm of surveillance among the tentacles of the NSA.  In other words, when the NSA violates constitutional protections against unlawful search and seizure to vacuum up the contents of your telephone conversations and e-mail traffic, the Israeli intelligence services may be gathering it up too -- a kind of mirror tap that is effectively a two-government-in-one violation.

***

On its face, the overseas outsourcing of high-tech services would seem de rigueur in a competitive globalized marketplace.  Equipment and services from Israel’s telecom sector are among the country’s prime exports, courtesy of Israeli entrepreneurs who have helped pioneer wireless telephony, voicemail and voice recognition software, instant messaging, phone billing software, and, not least, "communications interception solutions."  Israeli telecom interception hardware and software is appraised as some of the best in the world.

By the mid-1990s, Israeli wiretap firms would arrive in the U.S. in a big way.  The key to the kingdom was the 1994 Communications Assistance for Law Enforcement Act (CALEA), which was Congress’ solution for wiretapping in the digital age.   Gone are the days when wiretaps were conducted through on-site tinkering with copper switches.  CALEA mandated that telephonic surveillance operate through computers linked directly into the routers and hubs of telecom companies -- a spyware apparatus matched in real-time, all the time, to American telephones and modems.  CALEA effectively made spy equipment an inextricable ligature in telephonic life.  Without CALEA, the NSA in its spectacular surveillance exploits could not have succeeded.

AT&T and Verizon, which together manage as much as 90 percent of the nation’s communications traffic, contracted with Israeli firms in order to comply with CALEA.  AT&T employed the services of Narus Inc., which was founded in Israel in 1997.  It was Narus technology that AT&T whistleblower Mark Klein, a 22-year technician with the company, famously unveiled in a 2006 affidavit that described the operations in AT&T’s secret tapping room at its San Francisco facilities.  (Klein’s affidavit formed the gravamen of a lawsuit against AT&T mounted by the Electronic Freedom Foundation, but the lawsuit died when Congress passed the telecom immunity bill last year.)  According to Klein, the Narus supercomputer, the STA 6400, was "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets."  The Narus system, which was maintained by Narus technicans, also provided a real-time mirror image of all data streaming through AT&T routers, an image to be rerouted into the computers of the NSA.

According to Jim Bamford, who cites knowledgeable sources, Verizon’s eavesdropping program is run by a competing Israeli firm called Verint, a subsidiary of Comverse Technology, which was founded by a former Israeli intelligence officer in 1984.  Incorporated in New York and Tel Aviv, Comverse is effectively an arm of the Israeli government: 50 percent of its R&D costs are reimbursed by the Israeli Ministry of Industry and Trade.  The Verint technology deployed throughout Verizon’s network, known as STAR-GATE, boasts an array of Orwellian capabilities.  "With STAR-GATE, service providers can access communications on virtually any type of network," according to the company’s literature.  "Designed to manage vast numbers of targets, concurrent sessions, call data records, and communications, STAR-GATE transparently accesses targeted communications without alerting subscribers or disrupting service."  As with the Narus system, the point is to be able to tap into communications unobtrusively, in real time, all the time.  A Verint spinoff firm, PerSay, takes the tap to the next stage, deploying "advanced voice mining," which singles out "a target’s voice within a large volume of intercepted calls, regardless of the conversation content or method of communication."   Verint’s interception systems have gone global since the late 1990s, and sales in 2006 reached $374 million (a doubling of its revenues over 2003).  More than 5,000 organizations -- mostly intelligence services and police units -- in at least 100 countries today use Verint technology.

What troubles Bamford is that executives and directors at companies like Narus and Verint formerly worked at or maintain close connections with the Israeli intelligence services, including Mossad; the internal security agency Shin Bet; and the Israeli version of the NSA, Unit 8200, an arm of the Israeli Defense Forces Intelligence Corps.  Unit 8200, which Bamford describes as "hypersecret," is a key player in the eavesdropping industrial complex in Israel, its retired personnel dispersed throughout dozens of companies.  According to Ha’aretz, the Israeli daily, "Many of the [eavesdropping] technologies in use around the world and developed in Israel were originally military technologies and were developed and improved by [Unit 8200] veterans."  A former commander of Unit 8200, cited by Bamford, states that Verint technology was "directly influenced by 8200 technology….[Verint parent company] Comverse’s main product, the Logger, is based on the Unit’s technology."   The implications for U.S. national security, writes Bamford, are "unnerving."  "Virtually the entire American telecommunications system," he avers, "is bugged by [Israeli-formed] companies with possible ties to Israel’s eavesdropping agency."  Congress, he says, maintains no oversight of these companies’ operations, and even their contracts with U.S. telecoms -- contracts pivotal to NSA surveillance -- are considered trade secrets and go undisclosed in company statements.

U.S. intelligence officers have not been quiet in their concerns about Verint (I reported on this matter in CounterPunch.org last September).  "Phone calls are intercepted, recorded, and transmitted to U.S. investigators by Verint, which claims that it has to be ‘hands on’ with its equipment to maintain the system," says former CIA counterterrorism officer Philip Giraldi.  The "hands on" factor is what bothers Giraldi, specifically because of the possibility of a "trojan" embedded in Verint wiretap software.   A trojan in information security hardware/software is a backdoor that can be accessed remotely by parties who normally would not have access to the secure system.   Allegations of widespread trojan spying have rocked the Israeli business community in recent years.  "Top Israeli blue chip companies," reported the AP in 2005, "are suspected of using illicit surveillance software to steal information from their rivals and enemies."  Over 40 companies have come under scrutiny.  "It is the largest cybercrime case in Israeli history," Boaz Guttmann, a veteran cybercrimes investigator with the Israeli national police, told me.  "Trojan horse espionage is part of the way of life of companies in Israel.  It’s a culture of spying."

In a wide-ranging four-part investigation into Israel-linked espionage that aired in December 2001, Carl Cameron, a correspondent at Fox News Channel, reported the distress among U.S. intelligence officials warning about possible trojans cached in Verint technology.   Sources told Cameron that "while various FBI inquiries into [Verint] have been conducted over the years," the inquiries had "been halted before the actual equipment has ever been thoroughly tested for leaks."   Cameron also cited a 1999 internal FCC document indicating that "several government agencies expressed deep concerns that too many unauthorized non-law enforcement personnel can access the wiretap system."   Much of this access was facilitated through "remote maintenance."

The Fox News report reverberated throughout U.S. law enforcement, particularly at the Drug Enforcement Agency, which makes extensive use of wiretaps for narcotics interdiction. Security officers at DEA, an adjunct of the Justice Department, began examining the agency’s own relationship with Comverse/Verint.  In 1997, DEA had transformed its wiretap infrastructure with the $25 million procurement from Comverse/Verint of a technology called "T2S2" -- "translation and transcription support services" -- with Comverse/Verint contracted to provide the hardware and software.  The company was also tasked with "support services, training, upgrades, enhancements and options throughout the life of the contract," according to the DEA’s "contracts and acquisitions" notice.  In the wake of the Fox News investigation, however, the director of security programs at DEA, Heidi Raffanello, was rattled enough to issue an internal communiqué on the matter, dated Dec. 18, 2001.  Directly referencing Fox News, she worried that "Comverse remote maintenance" was "not addressed in the C&A [contracts and acquisitions] process….It remains unclear if Comverse personnel are security cleared, and if so, who are they and what type of clearances are on record….Bottom line we should have caught it."  It is not known what resulted from DEA’s review of the issue of remote maintenance and access by Comverse/Verint.

Bamford devotes a portion of his argument to the detailing of the operations of a third Israeli wiretap company, NICE Systems, which he describes as "a major eavesdropper in the U.S." that "keeps its government and commercial client list very secret."  Formed in 1986 by seven veterans of Unit 8200, NICE software "captures voice, email, chat, screen activity, and essential call details," while offering "audio compression technology that performs continuous recordings of up to thousands of analog and digital telephone lines and radio channels."  NICE Systems has on at least one occasion shown up on the radar of U.S. counterintelligence.  During 2000-2001, when agents at the FBI and the CIA began  investigating allegations that Israeli nationals posing as "art students" were in fact conducting espionage on U.S. soil, one of the Israeli "art students" was discovered to be an employee with NICE Systems.  Among the targets of the art students were facilities and offices of the Drug Enforcement Agency nationwide. The same Israeli employee of NICE Systems, who was identified as a former operative in the Israeli intelligence services, was carrying a disk that contained a file labeled "DEA Groups."  U.S. counterintelligence officers concluded it was a highly suspicious nexus: An Israeli national and alleged spy was working for an Israeli wiretap company while carrying in his possession computer information regarding the Drug Enforcement Agency -- at the same time this Israeli was conducting what the DEA described as "intelligence gathering" about DEA facilities.

***

A former senior counterintelligence official in the Bush administration told me that as early as 1999, "CIA was very concerned about [Israeli wiretapping companies]" -- Verint in particular.  "I know that CIA has tried to monitor what the Israelis were doing -- technically watch what they were doing on the networks in terms of remote access.  Other countries were concerned as well," said the intelligence official.  Jim Bamford, who notes that Verint "can automatically access the mega-terabytes of stored and real-time data secretly and remotely from anywhere," reports that Australian lawmakers in 2004 held hearings on this remote monitoring capability. "[Y]ou can access data from overseas," the lawmakers told a Verint representative during the hearings, "but [the legislature] seems restricted to access data within that system."  The Australians found this astonishing.  In 2000, the Canadian intelligence service, the Royal Canadian Mounted Police, conducted "a probe related to allegations that [Israeli] spies used rigged software to hack into Canada's top secret intelligence files," according to an article in the Toronto Star.  Several sources in the U.S. intelligence community told me the Canadians liaised with their American counterparts to try to understand the problem.  According to the Bush administration official who spoke with me, "the Dutch also had come to the CIA very concerned about what the Israelis were doing with this."  The Dutch intelligence service, under contract with Verint, "had discovered strange things were going on -- there was activity on the network, the Israelis uploading and downloading stuff out of the switches, remotely, and apparently using it for their own wiretap purposes.  The CIA was very embarrassed to say, ‘We have the same problem.’  But the CIA didn’t have an answer for them.  ‘We hear you, we’re surprised, and we understand your concern.’"  Indeed, sources in the Dutch counterintelligence community in 2002 claimed there was "strong evidence that the Israeli secret service has uncontrolled access to confidential tapping data collected by the Dutch police and intelligence services," according to the Dutch broadcast radio station Evangelische Omroep (EO). In January 2003, the respected Dutch technology and computing magazine, C’T, ran a follow-up to the EO story, headlined "Dutch Tapping Room not Kosher." The article states: "All tapping equipment of the Dutch intelligence services and half the tapping equipment of the national police force [is] insecure and is leaking information to Israel."

"The key to this whole thing is that Australian meeting," Bamford told me in a recent interview. "They accused Verint of remote access and Verint said they won’t do it again -- which implies they were doing it in the past.  It’s a matter of a backdoor into the system, and those backdoors should not be allowed to exist.  You can tell by the Australian example that it was certainly a concern of Australian lawmakers."

Congress doesn’t seem to share the concern.  "Part of the responsibility of Congress," says Bamford, "is not just to oversee the intelligence community but to look into the companies with which the intelligence community contracts.  They’re just very sloppy about this."  According to the Bush administration intelligence official who spoke with me, "Frustratingly, I did not get the sense that our government was stepping up to this and grasping the bull by the horns."  Another former high level U.S. intelligence official told me, "The fact of the vulnerability of our telecom backbone is indisputable.  How it came to pass, why nothing has been done, who has done what -- these are the incendiary questions."  There is also the fundamental fact that the wiretap technologies implemented by Verint, Narus and other Israeli companies are fully in place and no alternative is on the horizon.  "There is a technical path dependence problem," says the Bush administration official. "I have been told nobody else makes software like this for the big digital switches, so that is part of the problem.  Other issues," he adds, "compound the problem" -- referring to the sensitivity of the U.S.-Israel relationship.

And that, of course, is the elephant in the room.  "Whether it’s a Democratic or Republican administration, you don’t bad-mouth Israel if you want to get ahead," says former CIA counterterrorism officer Philip Giraldi.  "Most of the people in the agency were very concerned about Israeli espionage and Israeli actions against U.S. interests. Everybody was aware of it.  Everybody hated it.  But they wouldn’t get promoted if they spoke out.  Israel has a privileged position and that’s the way things are.  It’s crazy.  And everybody knows it’s crazy."

Christopher Ketcham writes for Vanity Fair, Harper’s, GQ and many other magazines. He is working on a book about the history of Israeli espionage in the United States. He can be reached at [email protected]

 

Also, read this article:

http://www.counterpunch.org/ketcham09272008.html

Weekend Edition

September 27 / 28, 2008

How Israeli Backdoor Technology Penetrated the U.S. Government's Telecom System and Compromised National Security

An Israeli Trojan Horse

By CHRISTOPHER KETCHAM

Since the late 1990s, federal agents have reported systemic communications security breaches at the Department of Justice, FBI, DEA, the State Department, and the White House.  Several of the alleged breaches, these agents say, can be traced to two hi-tech communications companies, Verint Inc. (formerly Comverse Infosys), and Amdocs Ltd., that respectively provide major wiretap and phone billing/record-keeping software contracts for the U.S. government.   Together, Verint and Amdocs form part of the backbone of the government’s domestic intelligence surveillance technology.   Both companies are based in Israel – having arisen to prominence from that country’s cornering of the information technology market – and are heavily funded by the Israeli government, with connections to the Israeli military and Israeli intelligence (both companies have a long history of board memberships dominated by current and former Israeli military and intelligence officers).   Verint is considered the world leader in “electronic interception” and hence an ideal private sector candidate for wiretap outsourcing.  Amdocs is the world’s largest billing service for telecommunications, with some $2.8 billion in revenues in 2007, offices worldwide, and clients that include the top 25 phone companies in the United States that together handle 90 percent of all call traffic among U.S. residents.  The companies’ operations, sources suggest, have been infiltrated by freelance spies exploiting encrypted trapdoors in Verint/Amdocs technology and gathering data on Americans for transfer to Israeli intelligence and other willing customers (particularly organized crime).  “The fact of the vulnerability of our telecom backbone is indisputable,” says a high level U.S. intelligence officer who has monitored the fears among federal agents.  “How it came to pass, why nothing has been done, who has done what – these are the incendiary questions.”  If the allegations are true, the electronic communications gathered up by the NSA and other U.S. intelligence agencies might be falling into the hands of a foreign government.   Reviewing the available evidence, Robert David Steele, a former CIA case officer and today one of the foremost international proponents for “public intelligence in the public interest,” tells me that “Israeli penetration of the entire US telecommunications system means that NSA's warrantless wiretapping actually means Israeli warrantless wiretapping.”

As early as 1999, the National Security Agency issued a warning that records of U.S. government telephone calls were ending up in foreign hands – Israel’s, in particular.   In 2002, assistant U.S. Attorney General Robert F. Diegelman issued an eyes only memo on the matter to the chief information technology (IT) officers at the Department of Justice.  IT officers oversee everything from the kind of cell phones agents carry to the wiretap equipment they use in the field; their defining purpose is secure communications.  Diegelman’s memo was a reiteration, with overtones of reprimand, of a new IT policy instituted a year earlier, in July 2001, in an internal Justice order titled “2640.2D Information Technology Security.”  Order 2640.2D stated that “Foreign Nationals shall not be authorized to access or assist in the development, operation, management or maintenance of Department IT systems.”  This might not seem much to blink at in the post-9/11 intel and security overhaul.  Yet 2640.2D was issued a full two months before the Sept. 11 attacks.   What group or groups of foreign nationals had close access to IT systems at the Department of Justice?   Israelis, according to officials in law enforcement.  One former Justice Department computer crimes prosecutor tells me, speaking on background, “I’ve heard that the Israelis can listen in to our calls.” 

Retired CIA counterterrorism and counterintelligence officer Philip Giraldi says this is par for the course in the history of Israeli penetrations in the U.S.   He notes that Israel always features prominently in the annual FBI report called “Foreign Economic Collection and Industrial Espionage” – Israel is second only to China in stealing U.S. business secrets.  The 2005 FBI report states, for example, “Israel has an active program to gather proprietary information within the United States. These collection activities are primarily directed at obtaining information on military systems and advanced computing applications that can be used in Israel’s sizable armaments industry.”  A key Israeli method, warns the FBI report, is computer intrusion.

In the big picture of U.S. government spying on Americans, the story ties into 1994 legislation called the Communications Assistance for Law Enforcement Act, or CALEA, which effected a sea-change in methods of electronic surveillance.   Gone are the days when wiretaps were conducted through on-site tinkering with copper switches.   CALEA mandated sweeping new powers of surveillance for the digital age, by linking remote computers into the routers and hubs of telecom firms – a spyware apparatus linked in real-time, all the time, to American telephones and modems.  CALEA made spy equipment an inextricable ligature in our telephonic life.  Top officials at the FBI pushed for the legislation, claiming it would improve security, but many field agents have spoken up to complain that CALEA has done exactly the opposite.  The data-mining techniques employed by NSA in its wiretapping exploits could not have succeeded without the technology mandated by CALEA.  It could be argued that CALEA is the hidden heart of the NSA wiretap scandal.

 THE VERINT CONNECTION

According to former CIA officer Giraldi and other US intelligence sources, software manufactured and maintained by Verint, Inc. handles most of American law enforcement’s wiretaps.  Says Giraldi: “Phone calls are intercepted, recorded, and transmitted to U.S. investigators by Verint, which claims that it has to be ‘hands on’ with its equipment to maintain the system.”  Giraldi also notes Verint is reimbursed for up to 50 percent of its R&D costs by the Israeli Ministry of Industry and Trade.  According to Giraldi, the extent of the use of Verint technology “is considered classified,” but sources have spoken out and told Giraldi they are worried about the security of Verint wiretap systems.  The key concern, says Giraldi, is the issue of a “trojan” embedded in the software. 

A trojan in information security hardware/software is a backdoor that can be accessed remotely by parties who normally would not have access to the secure system.   Allegations of massive trojan spying have rocked the Israeli business community in recent years.  An AP article in 2005 noted, “Top Israeli blue chip companies…are suspected of using illicit surveillance software to steal information from their rivals and enemies.”  Over 40 companies have come under scrutiny.  “It is the largest cybercrime case in Israeli history,” Boaz Guttmann, a veteran cybercrimes investigator with the Israeli national police, tells me.  “Trojan horse espionage is part of the way of life of companies in Israel.  It’s a culture of spying.”

This is of course the culture on which the U.S. depends for much of its secure software for data encryption and telephonic security.    “There’s been a lot discussion of how much we should trust security products by Israeli telecom firms,” says Philip Zimmerman, one of the legendary pioneers of encryption technology (Zimmerman invented the cryptographic and privacy authentication system known as Pretty Good Privacy, or PGP, now one of the basic modern standards for communications encryption).  “Generally speaking, I wouldn’t trust stuff made overseas for data security,” says Zimmerman.   “A guy at NSA InfoSec” – the information security division of the National Security Agency – “once told me, ‘Foreign-made crypto is our nightmare.’  But to be fair, as our domestic electronics industry becomes weaker and weaker, foreign-made becomes inevitable.”  Look at where the expertise is, Zimmerman adds: Among the ranks of the International Association for Cryptological Research, which meets annually, there is a higher percentage of Israelis than any other nationality.   The Israeli-run Verint is today the provider of telecom interception systems deployed in over 50 countries.

Carl Cameron, chief politics correspondent at Fox News Channel, is one of the few reporters to look into federal agents’ deepening distress over possible trojans embedded in Verint technology.   In a wide-ranging four-part investigation into Israeli-linked espionage that aired in December 2001, Cameron made a number of startling discoveries regarding Verint, then known as Comverse Infosys.   Sources told Cameron that “while various FBI inquiries into Comverse have been conducted over the years,” the inquiries had “been halted before the actual equipment has ever been thoroughly tested for leaks.”   Cameron also noted a 1999 internal FCC document indicating that “several government agencies expressed deep concerns that too many unauthorized non-law enforcement personnel can access the wiretap system.”   Much of this access was facilitated through “remote maintenance.”  

Immediately following the Cameron report, Comverse Infosys changed its name to Verint, saying the company was “maturing.”  (The company issued no response to Cameron’s allegations, nor did it threaten a lawsuit.)  Meanwhile, security officers at DEA, an adjunct of the Justice Department, began examining the agency’s own relationship with Comverse/Verint.  In 1997, DEA transformed its wiretap infrastructure with the $25 million procurement from Comverse/Verint of a technology called “T2S2” – “translation and transcription support services” – with Comverse/Verint contracted to provide the hardware and software, plus “support services, training, upgrades, enhancements and options throughout the life of the contract,” according to the “contracts and acquisitions” notice posted on the DEA’s website.   This was unprecedented.   Prior to 1997, DEA staff used equipment that was developed and maintained in-house.

But now Cameron’s report raised some ugly questions of vulnerability in T2S2.

The director of security programs at DEA, Heidi Raffanello, was rattled enough to issue an internal communiqué on the matter, dated Dec. 18, 2001, four days after the final installment in the Cameron series.   Referencing the Fox News report, she worried that “Comverse remote maintenance” was “not addressed in the C&A [contracts and acquisitions] process.”  She also cited the concerns in Justice Department order 2640.2D, and noted that the “Administrator” – meaning then DEA head Asa Hutchinson – had been briefed.   Then there was this stunner: “It remains unclear if Comverse personnel are security cleared, and if so, who are they and what type of clearances are on record….Bottom line we should have caught it.” On its face, the Raffanello memo is a frightening glimpse into a bureaucracy caught with its pants down.

American law enforcement was not alone in suspecting T2S2 equipment purchased from Comverse/Verint.   In November 2002, sources in the Dutch counterintelligence community began airing what they claimed was “strong evidence that the Israeli secret service has uncontrolled access to confidential tapping data collected by the Dutch police and intelligence services,” according to the Dutch broadcast radio stationEvangelische Omroep (EO). In January 2003, the respected Dutch technology and computing magazine, c’t, ran a follow-up to the EO scoop, headlined “Dutch Tapping Room not Kosher.”  The article began: “All tapping equipment of the Dutch intelligence services and half the tapping equipment of the national police force…is insecure and is leaking information to Israel.”  The writer, Paul Wouters, goes on to discuss the T2S2 tap-ware “delivered to the government in the last few years by the Israeli company Verint,” and quoted several cryptography experts on the viability of remote monitoring of encrypted “blackbox” data.   Wouters writes of this “blackbox cryptography”:

…a very important part of strong cryptography is a good random source. Without a proper random generator, or worse, with an intentionally crippled random generator, the resulting ciphertext becomes trivial to break. If there is one single unknown chip involved with the random generation, such as a hardware accelerator chip, all bets are off….If you can trust the hardware and you have access to the source code, then it should theoretically be possible to verify the system. This, however, can just not be done without the source code.

Yet, as Wouters was careful to add, “when the equipment was bought from the Israelis, it was agreed that no one except [Verint] personnel was authorized to touch the systems....Source code would never be available to anyone.” 

Cryptography pioneer Philip Zimmerman warns that “you should never trust crypto if the source code isn’t published.   Open source code means two things: if there are deliberate backdoors in the crypto, peer review will reveal those backdoors.  If there are inadvertent bugs in the crypto, they too will be discovered.  Whether the weaknesses are by accident or design, they will be found.  If the weakness is by design, they will not want to publish the source code.   Some of the best products we know have been subject to open source review: Linux; Apache.  The most respected crypto products have been tested through open source.  The little padlock in the corner when you visit a browser?  You’re going through a protocol called Secure Socket Layer.  Open source tested and an Internet standard.  FireFox, the popular and highly secure browser, is all open source.”

 THE CALEA CONNECTION

None of U.S. law enforcement’s problems with Amdocs and Verint could have come to pass without the changes mandated by the Communications Assistance for Law Enforcement Act of 1994, which, as noted, sought to lock spyware into telecom networks.   CALEA, to cite the literature, requires that terrestrial carriers, cellular phone services and other telecom entities enable the government to intercept “all wire and oral communications carried by the carrier concurrently with their transmission.”  T2S2 technology fit the bill perfectly: Tied into the network, T2S2 bifurcates the line without interrupting the data-stream (a T2S2 bifurcation is considered virtually undetectable).  One half of the bifurcated line is recorded and stored in a remote tapping room; the other half continues on its way from your mouth or keyboard to your friend’s.  (What is “T2S2”?  To simplify: The S2 computer collects and encrypts the data; the T2 receives and decrypts.) 

CALEA was touted as a law enforcement triumph, the work of decades of lobbying by FBI.  Director Louis Freeh went so far as to call it the bureau’s “highest legislative priority.”  Indeed, CALEA was the widest expansion of the government’s electronic surveillance powers since the Crime Control and Safe Streets Act of 1968, which mandated carefully limited conditions for wiretaps.   Now the government could use coercive powers in ordering telecom providers to “devise solutions” to law enforcement’s “emerging technology-generated problems” (imposing a $10,000 per day penalty on non-compliant carriers).  The government’s hand would be permanently inserted into the design of the nation's telecom infrastructure.  Law professor Lillian BeVier, of the University of Virginia, writes extensively of the problems inherent to CALEA.   “The rosy scenario imagined by the drafters cannot survive a moment's reflection,” BeVier observes. “While it is conventionally portrayed as ‘but the latest chapter in the thirty year history of the federal wiretap laws,’ CALEA is not simply the next installment of a technologically impelled statutory evolution. Instead, in terms of the nature and magnitude of the interests it purports to ‘compromise’ and the industry it seeks to regulate, in terms of the extent to which it purports to coerce private sector solutions to public sector problems, and in terms of the foothold it gives government to control the design of telecommunications networks, the Act is a paradigm shift.  On close and disinterested inspection, moreover, CALEA appears to embody potentially wrong-headed sacrifices of privacy principles, flawed and incomplete conceptions of law enforcement's ends and means, and an imperfect appreciation of the incompatible incentives of the players in the game that would inevitably be played in the process of its implementation.”(emphasis mine)

The real novelty – and the danger – of CALEA is that telecom networks are today configured so that they are vulnerable to surveillance.  “We’ve deliberately weakened the computer and phone networks, making them much less secure, much more vulnerable both to legal surveillance and illegal hacking,” says former DOJ cybercrimes prosecutor Mark Rasch. “Everybody is much less secure in their communications since the adopting of CALEA.  So how are you going to have secure communications?  You have to secure the communications themselves, because you cannot have a secure network.  To do this, you need encryption.  What CALEA forced businesses and individuals to do is go to third parties to purchase encryption technology.  What is the major country that the U.S. purchases IT encryption from overseas?  I would say it’s a small Middle Eastern democracy.  What we’ve done is the worst of all worlds.  We’ve made sure that most communications are subject to hacking and interception by bad guys.  At the same time, the bad guys – organized crime, terrorist operations – can very easily encrypt their communications.”  It is notable that the first CALEA-compliant telecom systems installed in the U.S. were courtesy of Verint Inc. 

THE AMDOCS CONNECTION

If a phone is dialed in the U.S., Amdocs Ltd. likely has a record of it, which includes who you dialed and how long you spoke.  This is known as transactional call data.   Amdocs’ biggest customers in the U.S. are AT&T and Verizon, which have collaborated widely with the Bush Administration’s warrantless wiretapping programs.   Transactional call data has been identified as a key element in NSA data mining to look for “suspicious” patterns in communications. 

Over the last decade, Amdocs has been the target of several investigations looking into whether individuals within the company shared sensitive U.S. government data with organized crime elements and Israeli intelligence services.  Beginning in 1997, the FBI conducted a far-flung inquiry into alleged spying by an Israeli employee of Amdocs, who worked on a telephone billing program purchased by the CIA.  According to Paul Rodriguez and J. Michael Waller, of Insight Magazine, which broke the story in May of 2000, the targeted Israeli had apparently also facilitated the tapping of telephone lines at the Clinton White House (recall Monica Lewinsky’s testimony before Ken Starr: the president, she claimed, had warned her that “a foreign embassy” was listening to their phone sex, though Clinton under oath later denied saying this).   More than two dozen intelligence, counterintelligence, law-enforcement and other officials told Insight that a “daring operation,” run by Israeli intelligence, had “intercepted telephone and modem communications on some of the most sensitive lines of the U.S. government on an ongoing basis.”  Insight’s chief investigative reporter, Paul Rodriguez, told me in an e-mail that the May 2000 spy probe story “was (and is) one of the strangest I've ever worked on, considering the state of alert, concern and puzzlement” among federal agents.   According to the Insight report, FBI investigators were particularly unnerved over discovering the targeted Israeli subcontractor had somehow gotten his hands on the FBI’s “most sensitive telephone numbers, including the Bureau's ‘black’ lines used for wiretapping.” “Some of the listed numbers,” the Insight article added, “were lines that FBI counterintelligence used to keep track of the suspected Israeli spyoperation. The hunted were tracking the hunters.”  Rodriguez confirmed the panic this caused in American intel.  “It's a huge security nightmare,” one senior U.S. official told him.  “The implications are severe,” said a second official.  “All I can tell you is that we think we know how it was done,” a third intelligence executive told Rodriguez. “That alone is serious enough, but it's the unknown that has such deep consequences.” No charges, however, were made public in the case.  (What happened behind the scenes depends on who you talk to in law enforcement: When FBI counterintelligence sought a warrant for the Israeli subcontractor, the Justice Department strangely refused to cooperate, and in the end no warrant was issued.  FBI investigators were baffled.)

London Sunday Times reporter Uzi Mahnaimi quotes sources in Tel Aviv saying that during this period e-mails from President Clinton had also been intercepted by Israeli intelligence.  Mahnaimi’s May 2000 article reveals that the operation involved “hacking into White House computer systems during intense speculation about the direction of the peace process.”   Israeli intelligence had allegedly infiltrated a company called Telrad, subcontracted by Nortel, to develop a communications system for the White House.  According to the Sunday Times, “Company managers were said to have been unaware that virtually undetectable chips installed during manufacture made it possible for outside agents to tap into the flow of data from the White House.” 

In 1997, detectives with the Los Angeles Police Department, working in tandem with the Secret Service, FBI, and DEA, found themselves suffering a similar inexplicable collapse in communications security.  LAPD was investigating Israeli organized crime: drug runners and credit card thieves based in Israel and L.A., with tentacles in New York, Miami, Las Vegas, and Egypt.   The name of the crime group and its members remains classified in “threat assessment” papers this reporter obtained from LAPD, but the documents list in some detail the colorful scope of the group’s operations: $1.4 million stolen from Fidelity Investments in Boston through sophisticated computer fraud; extortion and kidnapping of Israelis in L.A. and New York; cocaine distribution in connection with Italian, Russian, Armenian and Mexican organized crime; money laundering; and murder.   The group also had access to extremely sophisticated counter-surveillance technology and data, which was a disaster for LAPD.   According to LAPD internal documents, the Israeli crime group obtained the unlisted home phone, cell phone, and pager numbers of some 500 of LAPD’s narcotics investigators, as well as the contact information for scores of federal agents – black info, numbers unknown even to the investigators’ kin.  The Israelis even set up wiretaps of LAPD investigators, grabbing from cell-phones and landlines conversations with other agents – FBI and DEA, mostly – whose names and phone numbers were also traced and grabbed. 

LAPD was horrified, and as the word got out of the seeming total breakdown in security, the shock spread to agents at DEA, FBI and even CIA, who together spearheaded an investigation.  It turned out that the source of much of this black intel could be traced to a company called J&J Beepers, which was getting its phone numbers from a billing service that happened to be a subsidiary of Amdocs.  

A source familiar with the inquiries into Amdocs put to me several theories regarding the allegations of espionage against the company.  “Back in the early 1970s, when it became clear that AT&T was going to be broken up and that there was an imminent information and technology revolution, Israel understood that it had a highly-educated and highly-worldly population and it made a few calculated economic and diplomatic discoveries,” the source says.  “One was that telecommunications was something they could do: because it doesn’t require natural resources, but just intellect, training and cash.  They became highly involved in telecommunications.  Per capita, Israel is probably the strongest telecommunications nation in the world.  AT&T break-up occurs in 1984; Internet technology explodes; and Israel has all of these companies aggressively buying up contracts in the form of companies like Amdocs.   Amdocs started out as a tiny company and now it’s the biggest billing service for telecommunications in the world.  They get this massive telecommunications network underway.   Like just about everything in Israel, it’s a government sponsored undertaking.

“So it’s been argued that Amdocs was using its billing records as an intelligence-gathering exercise because its executive board over the years has been heavily peopled by retired and current members of the Israeli government and military.  They used this as an opportunity to collect information about worldwide telephone calls.  As an intelligence-gathering phenomenon, an analyst with an MIT degree in algorithms would rather have 50 pages of who called who than 50 hours of actual conversation.  Think about conversations with friends, husbands, wives.  That raw information doesn’t mean anything.  But if there’s a pattern of 30 phone calls over the course of a day, that can mean a lot.  It’s a much simpler algorithm.”

Another anonymous source – a former CIA operative – tells me that U.S. intelligence agents who have aired their concerns about Verint and Amdocs have found themselves attacked from all sides.  “Once it’s learned that an individual is doing footwork on this [the Verint/Amdocs question], he or she is typically identified somehow as a troublemaker, an instigator, and is hammered mercilessly,” says the former CIA operative.  “Typically, what happens is the individual finds him or herself in a scenario where their retirement is jeopardized – and worse.  The fact that if you simply take a look at this question, all of a sudden you’re an Arabist or anti-Semitic – it’s pure baloney, because I will tell you first-hand that people whose heritage lies back in that country have heavily worked this matter.   You can’t buy that kind of dedication.”

The former CIA operative adds, “There is no defined policy, at this time, for how to deal with this [security issues involving Israel] – other than wall it off, contain it.  It’s not cutting it.  Not after 9/11.  The funeral pyre that burned on for months at the bottom of the rubble told a lot of people they did not need to be ‘politically correct.’  The communications nexuses [i.e. Amdocs/Verint] didn’t occur yesterday; they started many years ago.  And that’s a major embarrassment to organizations that would like to say they’re on top of things and not co-opted or compromised.   As you start to work this, you soon learn that many people have either looked the other way or have been co-opted along the way.  Some people, when they figure out what has occurred, are highly embarrassed to realize that they’ve been duped.  Because many of them are bureaucrats, they don’t want to be made to look as stupid as they are.  So they just go along with it.  Sometimes, it’s just that simple.”

Christopher Ketcham writes for Vanity Fair, GQ, Harper’s, Salon and many other magazines and websites.