Click here and learn how to make money from them today!
Excerpted from Active Measures: The Secret History of Disinformation and Political Warfare by Thomas Rid Reprinted with permission from Farrar, Straus and Giroux. Copyright 2020.
“What would active measures be without the journalist?” asked Rolf Wagenbreth in 1986. Three years later, the Berlin Wall came down. The Russian intelligence community was beset by internal turmoil for a decade or so after the KGB’s abrupt end in 1991. When the old spymasters found their footing again, the world around them had drastically changed. Internet utopianism had enveloped the West, and a new crop of internet companies had emerged, transforming the way humans read and wrote, shared images and documents, socialized, consumed news, and spread rumors. The sprawling network, as became progressively clear, was practically optimized for disinformation, at least until the mid-2010s. Active measures operators two decades after Wagenbreth would frame his question differently: What would active measures be without the internet?
Journalists were still crucial, but the emerging social media platforms enabled surfacing, amplification, and even testing of active measures without the participation of reporters. Online sharing services, especially those with built-in anonymity, were tailor-made for at-scale deception. Dirty tricksters could now reach their target audiences directly.
Cryptome, a radical transparency site and in effect the world’s first leak portal, was created in 1996 by the married couple John Young and Deborah Natsios to call attention to dual-use technology. Young had been active on the cypherpunk list, a loose group of technology utopians with an anti-government, anarchist bent. From West Texas, son of an oil worker, he became an architect in Manhattan and lived on the Upper West Side. Yet for decades, Young operated Cryptome on the tiny budget of less than $2,000 per year.
His vision was rather romantic: “Cryptome, aspiring to be a free public library, accepts that libraries are chock full of contaminated material, hoaxes, forgeries, propaganda,” Young told one interviewer in 2013. He attempted to build a submission system that used encryption, and he wanted to allow contributors to be able to remain anonymous, ideally not even revealing their identity to Young or Cryptome itself. “We’ll publish anything,” Young explained, in what amounted to a philosophy of digital hoarding. “We don’t check it out. We don’t try to verify it. We don’t tell people, ‘Believe this because we say it’s OK.’ We try not to give any authority to what we do. We just serve up the raw data.”
Indeed, Cryptome had the look of a postmodern antiques shop crammed with valuable-looking items that quickly lost their appeal at closer inspection. Young’s collection of oddities included, for instance, the engineering plans of the George Washington Bridge in New York, pictures of George W. Bush’s ranch in Texas, details of British undercover activity in Northern Ireland, and high-resolution images of the Fukushima Dai-ichi nuclear plant in Japan. In 2000, Young published a CIA briefing that a former Japanese official had leaked to him.
“We were told very early on that the site could be used to spread disinformation,” Young recounted in 2004. “I can’t rule out that we are being subjected to a sophisticated disinformation campaign by government agencies.”
He applied the same sunlight-is-the-best-disinfectant logic to potential abuses: “If it smells, then someone will point it out,” he said. “We publish people who object to what’s appearing, and then let people decide.” It is unlikely that Cryptome was exploited at scale by foreign governments, but not for the reasons Young cited. The KGB, Stasi, and StB would have loved Cryptome. But in an ironic historical twist, the world’s first leak site was at its high point when major active measures were at their lowest since the end of the Cold War.
Yet Cryptome pioneered and precipitated a larger cultural shift that would help reawaken active measures with a vengeance. Young met Julian Assange on the cypherpunk list, and Assange described Cryptome as the “spiritual godfather” of WikiLeaks. In 2006, Assange asked Young to become the public face of WikiLeaks in the United States, and suggested that Young could register WikiLeaks.org in his name.
The cooperation failed; two eccentric personalities clashed, and the radical-libertarian partnership came to an end. Yet WikiLeaks would soon eclipse Cryptome. In 2010, Chelsea Manning, then a twenty-two-year-old Army private known as Bradley, leaked more than a quarter million State Department and Department of Defense documents to WikiLeaks. The leaked diplomatic cables spanned about a decade, and turned Assange and his website into household names. By 2013, Cryptome had collected and published just 70,000 files, many random and hand-curated. WikiLeaks was pushing out secret information on an industrial scale.
Then, in June 2013, Edward Snowden opened the floodgates. The precise number of files Snowden exfiltrated from the NSA remains unclear, as does the number of files that were passed on to various media outlets and how access to the documents spread from these initial brokers as more and more media organizations reported on the files. One nearly insurmountable problem was that many of the secret files were difficult to read and interpret, and yet the material was irresistible. As a result, several influential media organizations ran incomplete and error-ridden stories, often exaggerating the collection and interception capabilities of the American and British intelligence agencies affected by Snowden’s security breach. Snowden fled the United States to Hong Kong, China, and eventually Moscow. Soon speculation mounted that Snowden might have acted as an agent of a hostile power. But in all likelihood, the self-described whistle-blower was acting as a libertarian idealist and genuine transparency activist, not as an agent of a foreign intelligence agency, when he executed the biggest public intelligence leak to date.
Nevertheless, viewed from Russia, the Snowden leaks looked like a spectacularly successful American active measure targeted against America itself. A lowly NSA contractor, under the spell of transparency activism, had done more political and possibly more operational damage to the American intelligence community than most Service A operations during the Cold War. It was impossible to be aware of the history of active measures, while watching the Snowden affair unfold in real time, and not see an opportunity of strategic significance.
Manning and Snowden, meanwhile, had shifted expectations and the terms of the public conversation. Massive government leaks of secret files, it appeared, were not a once-in-a-generation event, as comparisons with the Pentagon Papers implied, but something that could occur every few years. This shift was facilitated by the ease with which hundreds of thousands, even millions, of files could be copied and carried digitally on thumbnail-sized chips. Journalists and opinion leaders were now more willing than ever to embrace anonymous leaks without spending too much time on checking their provenance or veracity. By mid-2014, major magazines and newspapers, including The New Yorker and The Guardian, were competing with activist websites and encouraging anonymous submissions by mail or dedicated end-to-end encrypted submission portals with fortified anonymity.
Yet the leaks could also be a problem for journalists, especially Snowden’s material. It was often exceedingly difficult to assess leaked documents on their own merits, and checking secret facts was sometimes impossible. Even the most dogged and well-connected investigative journalist would have a hard time telling whether a specific leak was the outcome of an active measure or of genuine whistle-blowing. Then there was the question of forgeries.
By 2013, only a few Cold War historians and veteran intelligence reporters remembered that Eastern bloc intelligence services had once perfected the art of semi-covert active measures enhanced by skillful falsifications, and that Congress had once held hearings on “the forgery offensive.” At the time of the Snowden leaks, Bruce Schneier was a widely respected cryptographer, an authority on information security, and a keen technical observer of NSA operations. In August 2014, Schneier used his popular online journal to take a close look at various recent NSA leaks and where they may have originated, concluding that the U.S. intelligence community now had “a third leaker.” (The FBI pursued a similar hypothesis.) The stream of stories on U.S. intelligence capabilities and operations, Schneier pointed out, didn’t stem from the Snowden cache alone. The types and avenues of leaked documents pointed to two more sources. Schneier discussed various possibilities, but even he did not articulate that an adversarial intelligence agency might have planted particularly damaging leaks. Instead, Schneier spoke for a fast-growing subculture when he closed by recommending some readings to show that leaks were “in general, a good thing.”
Schneier wasn’t wrong: from the point of view of adversarial intelligence agencies, leaks are even a very good thing. The most aggressive active measures operators were already taking advantage of the new culture of leaking when Schneier wrote these lines. The two-year period after the Snowden disclosures, in fact, was a short, modern golden age of disinformation. That period was characterized by the confluence of several developments that were, ultimately, all temporary afterglow effects of 1990s internet utopianism: the prevailing view, articulated so well by Schneier, that unauthorized releases were a tool to strengthen democracy, not weaken it; the global rise of anonymous internet activism; the widespread notion that it was very hard, if not impossible, to trace hackers on the internet; the absence of publicly available digital forensics and a general understanding of how digital forensic artifacts should be interpreted; and the naïve expectation that sharing news on social media platforms would lead not to abuse but to better-informed users. All of these five features of internet culture in the early 2010s were fleeting, and would change or disappear within half a decade. But in 2013, they formed the perfect techno-cultural cover for active measures, one so good that identifying the first digital leak operations remains a formidable challenge even with the benefit of hindsight.
On October 23, 2013, Der Spiegel broke a story that came to define the Snowden affair: that the NSA was spying on Angela Merkel’s phone. Der Spiegel slipped the story into the frenzied coverage of the Snowden files, yet the magazine never explicitly stated that the information actually came from Snowden.
The story, as first reported by Der Spiegel, was odd: the gist was that Merkel had confronted President Obama with allegations that he had spied on her, not that the NSA had been spying on her phone. The difference was subtle but crucial. “Chancellor Cell Phone a U.S. Target?” Der Spiegel’s headline asked. Even the lede was cautious: Merkel had “possibly” been targeted by U.S. intelligence. The magazine did not make a claim; it asked a question and reported a claim made by others. Germany’s federal government, the magazine explained, was taking the spying allegations seriously enough to confront the president of the United States with the contention that the NSA had been spying on one of America’s closest allies.
Der Spiegel was very careful with this particular story, not least because its journalists knew the danger of active measures; the magazine had fallen for Eastern disinformation in the past. Investigative journalists at Der Spiegel particularly remembered the humiliating forgery of the CDU strategy paper in Kreuth: “Stasi Also Once Tricked Spiegel,” the magazine had announced in 1991. Marcel Rosenbach, one of the journalists who broke the Merkel story, knew the infamous Philip Agee from Hamburg, and once visited Agee’s home, where he admired the allegedly bugged typewriter on which the CIA defector had typed Inside the Company. Holger Stark, who led the investigation, had, like Rosenbach, done groundbreaking historical reporting on Stasi operations.
The initial tip for the story came before a major general election in late September 2013 that Merkel was expected to win. The sourcing has remained mysterious. Der Spiegel has refused to clarify the provenance of the initial tasking order, and curiously claimed they had multiple sources. Glenn Greenwald, one of the few journalists with extensive access to the Snowden archive, later told me that “the source document for the Merkel story certainly did not come from the Snowden files.” Greenwald added that his team carefully searched the archive for the NSA tasking order in question. Stark and Rosenbach, however, knew immediately that the story, whatever the source, had extraordinary potential. But there was not enough time for the investigative reporters to thoroughly fact-check the story before the vote. Eventually, a week before they broke the news, two Spiegel reporters met with the spokesperson of the chancellor in Berlin, Steffen Seibert. The journalists handed Seibert an A4-sized card that listed the NSA’s surveillance order for Merkel, complete with one of her mobile phone numbers, and told Seibert that the NSA order was not an original printout from an NSA database but a copy typed up by one of Der Spiegel’s investigative reporters, who was convinced it represented the actual database entry. Seibel informed Merkel and the chancellery decided it would confront the White House.
Christoph Heusgen, Germany’s national security advisor, then spoke with Susan Rice, his U.S. counterpart. Rice at first blocked the request from Berlin. Merkel then took the question up with Obama. The White House press secretary eventually mentioned the sensitive phone call, explaining that “the president assured the chancellor that the United States is not monitoring, and will not monitor the communications of the chancellor.” Der Spiegel, reportedly along with the German government, then pointed out that the White House denial only mentioned present and future monitoring, not past. German diplomats and reporters subsequently construed this absence as confirmation that the United States had been spying on Merkel. German-American relations immediately took a very serious hit. “Spying between friends, that’s just not done,” said Merkel, usually a sober, pro-American voice. The foreign office in Berlin summoned the U.S. ambassador, in a major gesture of frustration. Sixty-two percent of Germans approved of the chancellor’s harsh call to Obama, with a quarter of the population saying her reaction was not harsh enough. The NSA, in a rare step, immediately denied that its director “ever”discussed “alleged operations involving Chancellor Merkel” with Obama.
“News reports claiming otherwise are not true,” an NSA spokesperson wrote to journalists. Germany’s attorney general proceeded to investigate the case for about a year, and eventually concluded that there was no evidence that Merkel’s calls had been intercepted. “The document that was publicly perceived as evidence for the actual surveillance of the [Merkel’s] mobile phone was not an authentic tasking order by the NSA,” the attorney general said at a press conference, adding that the tasking order later published in the German press “did not originate from an NSA database.” Still, Der Spiegel stuck to its story, and convincingly so.
Some observers in Western intelligence agencies saw more sinister machinations at play. Der Spiegel’s sources remained nebulous, thus raising the question of whether the magazine had been played. A close U.S. intelligence ally may have intercepted Merkel’s phone, one theory went, and thus made it difficult for the NSA to deny the allegations outright. The timing, framing, and other details of the affair led some senior intelligence officials to one explanation—indeed, to what they believed was the only explanation: that the Merkel story was a professionally executed and highly effective active measure designed to drive a wedge between the United States and one of its closest NATO allies. The story indeed appeared to fit an old pattern. The evidence for this theory, however, remained wafer-thin.