NSA’s reliance on civilian contractors and ex‑hackers may have opened a back‑door for foreign intelligence recruitment

164 espionage work for another 8 years. (Whitworth, who was arrested by the FBI in 1985, was convicted of espionage and sentenced to 365 years in prison.) The Internet provided an almost ideal environment for false flags since its users commonly adopt aliases, screen names, and other avatars. The threat officer explained how easy it would be for the KGB to adapt such a false flag when dealing with a dissident system administrator working for US intelligence. As the threat officer pointed out in his report, the KGB had used false flags in the late 1980s to surreptitiously recruit members of the “German Hanover Hackers,” a community of anarchistic hackers who breached computer networks for fun and profit. Up until then, these hacktavists stole corporate and private passwords, credit card information, and other privileged documents as a form of freelance espionage. Because of their fervent anti- authority ideology, the KGB disguised its recruiters as fellow hacktavists. The KGB succeeded in getting the Hanover hackers to steal log-in account identifications, source codes and other information from U.S. government computer networks. The precise vulnerability that this threat officer pointed out in 1996 was system administrators. This weak link became increasingly relevant as the NSA moved further into the digital age. By the beginning of the 21* century, its growing networks of computers were largely run by civilian technicians, including system administrators, infrastructure analysts, and information technologists, who were need to keep the system running. Despite the warning by the threat officer, the NSA became more reliant on these outsiders as it reorganized to meet its new mandates for surveillance of the Internet in the war on terrorism. Since the NSA had to compete with technology companies, such as Google, Apple and Facebook, for the services of experienced IT workers, it used private contractors to find them. They, in turn, recruited civilian technicians from many unconventional areas, including the hacking culture. Ex-hackers, who lacked (or shunned) employment opportunities in the corporate sector, were suitable candidates for the system administrator jobs that these films had contracted to supply the NSA. In the rush to expand, little heed was paid to the 1996 warning that this hacking culture might provide a portal to anti-government hacktavist groups. The NSA became so enamored with this new technology that it neglected the security implications of employing outsiders, “All of us just fell in love with the ease and convenience and scale [of electronic storage]”, Michael Hayden, who headed the NSA at the time, said to the Wall Street Journal in 2015. “So we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here [in a computer network], where it’s by definition more vulnerable.” | Making matters even worse, as has been previously discussed, the NSA stripped away much of the so-called stove-piping that insulated highly- sensitive data from the NSA’s other computer networks. Here they were merely following the recommendations of the 9/11 Commission to make their data more accessible to other agencies concerned with potential terrorist attacks. As a result, the inner sanctum of the NSA became more opened to its new army of civilian technicians. The universe of independent contractors was governed by very different forces than that of intelligence services. By 2013, much of the job of managing the NSA’s classified computers had been handed over to five private companies: Booz Allen Hamilton, which handled the most highly secret work; and Dell SecureWorks, Microsoft, Raytheon, and IBM. In many respects, these five HOUSE_OVERSIGHT_020316