When Saddam Hussein raised the possibility of attacking U.S. planes in Turkey last week, his threats illustrated what many in diplomatic circles regard as an international disgrace— the emasculation of the UN by the U.S.
When UNSCOM, the UN’s arms-inspection group for Iraq, was created in 1991, it drew on personnel who, despite their respective nationalities, would serve the UN. Whatever success UNSCOM achieved, however, was in spite of its multinational makeup. While a devoted group of UN staffers managed to set up an independent unit aimed at finding Saddam’s weapons and ways of concealing them, other countries seeking to do business with sanctions-impaired Iraq— notably France and Russia— used inspectors as spies for their own ends.
But what ultimately killed UNSCOM were revelations that the U.S. government had manipulated it by assuming control of its intelligence apparatus last spring (or perhaps even earlier by using the group to slip spies into Iraq) not so much to aid UNSCOM’s mission, but to get information for use in future aerial bombardments. When stories to this effect broke last month, however, there was almost no consistency in descriptions of the agencies involved or techniques used. The New York Times, for example, said only one CIA spy had been sent into Baghdad last March to set up an automated eavesdropping device. Time had multiple Defense Intelligence Agency (DIA) operatives planting bugs around Baghdad throughout 1998. The Wall Street Journal referred to the use of one “device” from the National Security Agency (NSA) last year and “a series of espionage operations used by the U.S. [since] 1996 to monitor the communications” of Saddam and his elite.
When probing the world of espionage, rarely does a clear picture emerge. But according to a handful of published sources, as well as assessments by independent experts and interviews with current and former intelligence officers, the U.S. government’s prime mover in Iraqi electronic surveillance was most likely a super-secret organization run jointly by the the CIA and the NSA— the spy agency charged with gathering signals intelligence (known as SIGINT)— called the Special Collection Service. Further, there is evidence to suggest that the Baghdad operation was an example of the deployment of a highly classified, multinational SIGINT agreement— one that may have used Australians to help the U.S. listen in— months after the CIA failed to realize the U.S. objective of overthrowing Saddam Hussein through covert action.
According to former UNSCOM chief inspector Scott Ritter, when the U.S. took over the group’s intelligence last year, a caveat was added regarding staffing: only international personnel with U.S. clearances could participate. “This requirement,” says Ritter, “really shows the kind of perversion of mission that went on. The U.S. was in control, but the way it operated from day one was, U.S. runs it, but it had to be a foreigner [with a clearance] operating the equipment.”
Under the still-classified 1948 UKUSA signals intelligence treaty, eavesdropping agencies of the U.S., United Kingdom, Canada, Australia, and New Zealand share the same clearances. According to Federation of American Scientists intelligence analyst John Pike, this gives the U.S. proxies for electronic espionage: “In the context of UKUSA, think of NSA as one office with five branches,” he says. As UNSCOM demonstrates, though, sometimes the partnership gets prickly; the British, according to Ritter, withdrew their personnel following the U.S.’s refusal to explain “how the data was going to be used.” (According to a longtime British intelligence officer, there was another reason: lingering bad feelings over the NSA’s cracking a secret UN code used by British and French peacekeepers during a Bosnian UN mission.) At this point, says Ritter, he was instructed to ask the Australian government for a “collection” specialist. “We deployed him to Baghdad in July of 1998,” recalls Ritter. “In early August, when I went to Baghdad, he pulled me aside and told me he had concerns about what was transpiring.
He said there was a very high volume of data, and that he was getting no feedback about whether it was good, bad, or useful. He said that it was his experience that this was a massive intelligence collection operation— one that was not in accordance with what UNSCOM was supposed to be doing.”
In other words, the Australian— most likely an officer from the Defence Signals Directorate, Australia’s NSA subsidiary, who was supposed to have been working for the UN— may have been effectively spying for the U.S. Stephanie Jones, DSD’s liaison to NSA, did not take kindly to a Voice inquiry about this subject; indeed, despite being reached at a phone number with an NSA headquarters prefix, she would not even confirm her position with DSD. However, a former high-ranking U.S. intelligence official said that such a scenario was probable. “The relationship between the UKUSA partners has always been of enormous value to U.S. intelligence, even when their governments have been on the opposite sides of policy issues,” the official said. “I would not be surprised at all if the Aussies happened to be the ones who actually did this [at U.S. behest].”
With an intelligence community of over a dozen components, billion-dollar budgets, and cutting-edge technology, the U.S. can cast a wide net, be it with human sources or signals interception. Iraq, however, has presented a special challenge since Saddam’s Ba’ath party took power in 1968. “In Iraq,” says Israeli intelligence expert Amatzai Baram, “you are dealing with what is arguably the best insulated security and counterintelligence operation in the world. The ability of Western or even unfriendly Arab states to penetrate the system is very, very limited.”
According to the former Cairo station chief of the Australian Secret Intelligence Service (ASIS), the West got this message loud and clear after Iraqi counterintelligence pulled British MI6 case officers off a Baghdad street in the mid ’80s and took them to a warehouse on the outskirts of town. “They had arrayed before them the various agents they had been running,” the exASIS officer told the Australian Broadcasting Corporation in 1994. “There were wires hanging from the rafters in the warehouse. All the men were strung up by wires around their testicles and they were killed in front of the faces of their foreign operators, and they were told, you had better get out and never come back.”
When UNSCOM was inaugurated in 1991, it quickly became apparent that the organization’s intelligence capability would depend largely on contributions from various UN member countries. According to several intelligence community sources, while the CIA did provide UNSCOM with information, and, later, serious hardware like a U-2 spy plane, the focus of the U.S. intelligence community at the time was on working with anti-Saddam groups in and around Iraq to foment a coup.
What resulted, as investigative authors Andrew and Patrick Cockburn demonstrate in their just published book Out of the Ashes: The Resurrection of Saddam Hussein, were two of the most colossally bungled CIA covert operations since the Bay of Pigs. While details of one of the failed operations were widely reported, the Cockburns fleshed out details of an arguably worse coup attempt gone awry in June 1996. Iraqi counterintelligence had not only managed to finger most of the suspects in advance, but months before had even captured an encrypted mobile satellite communications device that the CIA gave the plotters. Adding insult to injury, the Cockburns report, Iraqi counterintelligence used the CIA’s own device to notify them of their failure: “We have arrested all your people,” the CIA team in Amman, Jordan, reportedly was told via their uplink. “You might as well pack up and go home.”
Some UNSCOM staffers— first under Russian Nikita Smidovich, later under American Scott Ritter— managed to create what amounted to a formidable micro-espionage unit devoted to fulfilling UNSCOM’s mission. Between information passed on from various countries and use of unspecified but probably limited surveillance equipment, the inspectors were gathering a great deal. But in March 1998, according to Ritter, the U.S. told UNSCOM chair Richard Butler of Australia that it wanted to “coordinate” UNSCOM’s intelligence gathering.
Ritter insists that no U.S. spies under UNSCOM cover could have been operating in Baghdad without his knowledge prior to his resignation in August 1998. However, as veteran spies point out, if they were, Ritter probably wouldn’t have known. A number of sources interviewed by the Voice believe it possible that Special Collection Service personnel may have been operating undercover in Baghdad.
According to a former high-ranking intelligence official, SCS was formed in the late 1970s after competition between the NSA’s embassy-based eavesdroppers and the CIA’s globe-trotting bugging specialists from its Division D had become counterproductive. While sources differ on how SCS works— some claim its agents never leave their secret embassy warrens where they perform close-quarters electronic eavesdropping, while others say agents operate embassy-based equipment in addition to performing riskier “black-bag” jobs, or break-ins, for purposes of bugging— “there’s a lot of pride taken in what SCS has accomplished,” the former official says.
Intriguingly, the only on-the-record account of the Special Collection Service has been provided not by an American but by a Canadian. Mike Frost, formerly of the Communications Security Establishment— Canada’s NSA equivalent— served as deputy director of CSE’s SCS counterpart and was trained by the SCS. In a 1994 memoir, Frost describes the complexities of mounting “special collection” operations— finding ways to transport sophisticated eavesdropping equipment in diplomatic pouches without arousing suspicion, surreptitiously assembling a device without arousing suspicion in his embassy, technically troubleshooting under less than ideal conditions— and also devotes considerable space to describing visits to SCS’s old College Park headquarters.
“It is not the usual sanitorium-clean atmosphere you would expect to find in a top-secret installation,” writes Frost. “Wires everywhere, jerry-rigged gizmos everywhere, computers all over the place, some people buzzing around in three-piece suits, and others in jeans and t-shirts. [It was] the ultimate testing and engineering centre for any espionage equipment.” Perhaps one of its most extraordinary areas was its “live room,” a 30-foot-square area where NSA and CIA devices were put through dry runs, and where engineers simulated the electronic environment of cities where eavesdroppers are deployed. Several years ago, according to sources, SCS relocated to a new, 300-acre, three-building complex disguised as a corporate campus and shielded by a dense forest outside Beltsville, Maryland. Curious visitors to the site will find themselves stopped at a gate by a Department of Defense police officer who, if one lingers, will threaten arrest.
There are good reasons, explains an old NSA hand, for havingelectronic ears on terra firma in addition to satellites. “If you’re listening to something from thousands of miles up, the footprint to sort through is so huge, and finding what you are looking for is not a simple chore. If you know more or less specifically what you want, it’s easier to get it in close proximity. And if it happens to be a low-powered signal, it may not travel far enough.”
According to two sources familiar with intelligence activity in Iraq, the U.S. may have been aided by information delivered either to UNSCOM or SCS from Ericsson, the Swedish telecommunications firm. It’s not an unreasonable assumption; though Ericsson brushes off questions about it, in 1996 a Middle Eastern businessman filed suit against the company, claiming, among other things, that it had stiffed him on his commission for brokering a deal between the Iraqis and Ericsson for sensitive defense communications equipment, which, reportedly, included encrypted cell phones.
Speaking on condition of anonymity, a veteran intelligence official confirmed that the NSA has “arrangements” with other communications firms that allow NSA to access supposedly secure communications, but cooperation from Ericsson would be “a breakthrough— despite our best efforts, they always kept their distance. But it’s not beyond the realm of possibility.” (This is not without precedent; though hardly covered in the American press, it has been reported that Switzerland’s Crypto AG— long the supplier of cipher equipment to many of the world’s neutral and “rogue” states— enjoyed such an “arrangement” with the NSA for decades. Crypto AG denies this.)
There is, however, another possible scenario regarding participation by Ericsson in an intelligence venture. According to FAS analyst Pike, it’s much more likely that anyone doing intelligence work in Iraq would want a schematic of Baghdad’s telephone system— which Ericsson installed in the late ’60s and has subsequently updated. “I would find it to be far more plausible that the U.S. intelligence community would be interested in acquiring, and Ericsson would be interested in supplying, the wiring diagram for Baghdad’s telephone exchange than encryption algorithms for cell phones,” he says.
Also, he explains, finding ways to tap into a whole phone system or pull short-range signals out of the air without being obvious is clearly SCS’s portfolio. “This type of risky close surveillance is what SCS was formed to do,” he says. “When you think of NSA, you think satellites. When you think CIA, you think James Bond and microfilm. But you don’t really think of an agency whose sole purpose is to get up real close and use the best technology there is to listen and transmit. That’s SCS.”
Regarding any possible collaboration in Iraq with SCS or UNSCOM, Kathy Egan, Ericsson spokesperson, said she had no information on such an operation, but if there was one, “It would be classified and we would not be able to talk about it.” It’s also possible, according to Mike Frost, that cleverly disguised bugs might have been planted in Baghdad— SCS, he recalls, managed to listen in on secured facilities by bugging pigeons. But, says a retired CIA veteran, with UNSCOM effectively dead, bugging is now out of the question. “I hope the take from this op,” he says, “was worth losing the only access the outside world’s disarmament experts had to Iraq.”
The Radome Archipelago
During the Cold War there were hundreds of secret remote listening posts spread around the globe. From large stations in the moors of Scotland and mountains of Turkey that were complete with golf balllike structures called “radomes” to singly operated stations in the barren wilderness of Saint Lawrence Island between Alaska and Siberia that had only a few antennae, these stations constituted the ground-based portion of the United States Signals Intelligence (SIGINT) System or “USSS.”
Operated by the supersecret National Security Agency (NSA), these stations were designed to intercept Morse Code, telephone, telex, radar, telemetry, and other signals emanating from behind the Iron Curtain. At one time, the NSA contemplated a worldwide, continuously operated array of 4120 intercept stations. While the agency never achieved that goal, it could still boast of several hundred intercept stations. These included its ground-based “outstations,” which were supplemented by other intercept units located on ships, submarines, aircraft (from U-2s to helicopters), unmanned drones, mobile vans, aerostats (balloons and dirigibles), and even large and cumbersome backpacks.
With the collapse of the Communist “bloc” and the advent of microwaves, fiber optics, and cellular phones, NSA’s need for numerous ground-based intercept stations waned. It began to rely on a constellation of sophisticated SIGINT satellites with code names like Vortex, Magnum, Jumpseat, and Trumpet to sweep up the world’s satellite, microwave, cellular, and high-frequency communications and signals. Numerous outstations met with one of three fates: they were shut down completely, remoted to larger facilities called Regional SIGINT Operations Centers or “RSOCs,” or were turned over to host nation SIGINT agencies to be operated jointly with NSA.
However, NSA’s jump to relying primarily on satellites proved premature. In 1993, Somali clan leader Mohammed Farah Aideed taught the agency an important lesson. Aideed’s reliance on older and lower-powered walkie-talkies and radio transmitters made his communications virtually silent to the orbiting SIGINT “birds” of the NSA. Therefore, NSA technicians came to realize there was still a need to get in close in some situations to pick up signals of interest. In NSA’s jargon this is called improving “hearability.”
As NSA outstations were closed or remoted, new and relatively smaller intercept facilities— such as the “gateway” facility in Bahrain, reportedly used for retransmit signals intercepted in Baghdad last year to the U.S.— sprang up around the world. In addition to providing NSA operators with fresh and exotic duty stations, the new stations reflected an enhanced mission for NSA economic intelligence gathering. Scrapping its old Cold War A and B Group SIGINT organization, NSA expanded the functions of its W Group to include SIGINT operations against a multitude of targets. Another unit, M Group, would handle intercepts from new technologies like the Internet.
Many people who follow the exploits of SIGINT and NSA are eager to peruse lists of secret listening posts operated by the agency and its partners around the world. While a master list probably exists somewhere in the impenetrable lair that is the NSA’s Fort Meade, Maryland, headquarters, it is assuredly stamped with one of the highest security classifications in the U.S. intelligence community. — W.M. & J.V.
The United States SIGINT System (USSS)
The following list is the best unclassified shot at describing the locations of the ground-based “ears” of the Puzzle Palace. It is culled from press accounts, informed experts, and books written about the NSA and its intelligence partners. It does not include the numerous listening units on naval vessels and aircraft nor those operating from U.S. and foreign embassies, consulates, and other diplomatic missions.
NSA Headquarters, Fort Meade, Maryland Buckley Air National Guard Ground Base, Colorado Fort Gordon, Georgia (RSOC) Imperial Beach, California Kunia, Hawaii (RSOC) Northwest, Virginia Sabana Seca, Puerto Rico San Antonio, Texas (RSOC) Shemya, Alaska -3 Sugar Grove, West Virginia Winter Harbor, Maine Yakima, Washington
Durrës -6 Shkodër -6 Tirana -6
Two Boats -1
Bamaga -6 -7 Cabarlah -7 Canberra (Defense Signals Directorate Headquarters) -5 Harman -7 Kojarena, Geraldton -1 Nurunggar -1 Pearce -1 Pine Gap, Alice Springs -1 Riverina -7 Shoal Bay, Darwin -1 Watsonia -1
Konigswarte -7 Neulengbach -7
Al-Muharraq Airport -3
Bosnia and Herzegovina
Mapharangwane Air Base
British Indian Ocean Territory
Diego Garcia -1
Bandar Seri Begawan -7
Leitrim -1 Masset -6 -7
Ottawa [Communications Security Establishment (CSE) Headquarters] -5
Korla -1 -6 Qitai -1 -6
Brac Island, Croatia -6 Zagreb-Lucko Airport -7
Ayios Nikolaos -1
Aflandshage -7 Almindingen, Bornholm -7 Dueodde, Bornholm -7 Gedser -7 Hjørring -7 Løgumkløster -7
Dahlak Island -1 (NSA/Israel “8200” site)
Addis Ababa -1
Kourou -7 (German Federal Intelligence Service station)
Achern -7 Ahrweiler -7 Bad Aibling -2 Bad Münstereifel -7 Braunschweig -7 Darmstadt -7 Frankfurt -7 Hof -7 Husum -7 Mainz -7 Monschau -7 Pullach (German Federal Intelligence Service Headquarters) -5 Rheinhausen -7 Stockdorf -7 Strassburg -7 Vogelweh, Germany
British Consulate, Victoria (“The Alamo”) -7
Herzliyya (Unit 8200 Headquarters) -5 Mitzpah Ramon -7 Mount Hermon, Golan Heights -7 Mount Meiron, Golan Heights -7
San Vito -6 Sorico
Futenma, Okinawa Hanza, Okinawa Higashi Chitose -7 Higashi Nemuro -7 Kofunato -7 Miho -7 Misawa Nemuro -7 Ohi -7 Rebunto -7 Shiraho -7 Tachiarai -7 Wakkanai
Kanghwa-do Island -7 Osan -1 Pyong-dong Island -7 P’yongt’aek -1 Taegu -1 -2 -6 Tongduchon -1 Uijongbu -1 Yongsan -1
Amsterdam (Technical Intelligence Analysis Center (TIVC) Headquarters)-5 Emnes -7 Terschelling -7
Tangimoana -7 Waihopai -1 Wellington (Government Communications Security Bureau Headquarters -5
Borhaug -7 Fauske/Vetan -7 Jessheim -7 Kirkenes -1 Randaberg -7 Skage/Namdalen -7 Vadsø -7 Vardø -7 Viksjofellet -7
Abut -1 Goat Island, Musandam Peninsula -3 Khasab, Musandam Peninsula -3 Masirah Island -3
Galeta Island -3
Papua New Guinea
Port Moresby -7
Terceira Island, Azores
São Tomé and Príncipe
Araz -7 Khafji -7
Pico de las Nieves, Grand Canary Island -7 Manzanares -7 Playa de Pals -3 Rota
Karlskrona -7 Lovön (Swedish FRA Headquarters) -7 Muskö -7
Merishausen -7 Rüthi -7
Quemoy -7 Matsu -7 Shu Lin Kuo -5 (German Federal Intelligence Service/NSA/Taiwan J-3 SIGINT service site)
Adana Agri -7 Antalya -7 Diyarbakir Edirne -7 Istanbul -7 Izmir -7 Kars Sinop -7
Aranyaprathet -7 Khon Kaen -1 -3 Surin -7 Trat -7
Kabale Galangala Island, Ssese Islands (Lake Victoria)
United Arab Emirates
Az-Zarqa¯ -3 Dalma¯ -3 Ras al-Khaimah -3 Sir Abu Nuayr Island -3
Belfast (Victoria Square) -7 Brora, Scotland -7 Cheltenham (Government Communications Headquarters) -5 Chicksands -7 Culm Head -7 Digby -7 Hawklaw, Scotland -7 Irton Moor -7 Menwith Hill, Harrogate -1 (RSOC) Molesworth -1 Morwenstow -1 Westminster, London -7 (Palmer Street) Yemen Socotra Island (planned)
-1 Joint facility operated with a SIGINT partner.
-2 Joint facility partially operated with a SIGINT partner.
-3 Contractor-operated facility.
-4 Remoted facility.
-5 NSA liaison is present.
-6 Joint NSA-CIA site.
-7 Foreign-operated “accommodation site” that provides occasional SIGINT product to the USSS.