Operation Firstfruits
The Atlantic|June 2020
Where is the line between journalism and espionage? And what happens when your own government thinks you've crossed it?
By Barton Gellman

“WHAT TIME EXACTLY DOES YOUR CLOCK SAY?” asked the voice on the telephone, the first words Edward Snowden ever spoke to me aloud. (Our previous communications had all been via secure text chats over encrypted anonymous links on secret servers.) I glanced at my wrist—3:22 p.m. “Good. Meet me exactly at four. I’ll be wearing a backpack.” Of course he would; Snowden would never leave his laptop unattended.

The rendezvous point Snowden selected that day, December 5, 2013, was a gaudy casino hotel called the Korston Club, on Kosygina Street in Moscow. Enormous flashing whorls of color adorned the exterior in homage to Las Vegas. In the lobby, a full-size grand player piano tinkled with energetic pop. The promenade featured a “Girls Bar” with purple-neon decor, stainless-steel chairs and mirrors competing for attention with imitation wood paneling, knockoffPersian rugs, and pulsing strobe lights on plastic foliage. Also, feathers. The place looked like a trailer full of old Madonna stage sets that had been ravaged by a tornado.

As I battled sensory overload, a young man appeared near the player piano, his appearance subtly altered. A minder might be anywhere in this circus of a lobby, but I saw no government escort. We shook hands, and Snowden walked me wordlessly to a back elevator and up to his hotel room. For two days, throughout 14 hours of interviews, he did not once part the curtains or step outside. He remained a target of surpassing interest to the intelligence services of more than one nation.

He resisted questioning about his private life, but he allowed that he missed small things from home. Milkshakes, for one. Why not make your own? Snowden refused to confirm or deny possession of a blender. Like all appliances, blenders have an electrical signature when switched on. He believed that the U.S. government was trying to discover where he lived. He did not wish to offer clues, electromagnetic or otherwise. U.S. intelligence agencies had closely studied electrical emissions when scouting Osama bin Laden’s hideout in Pakistan. “Raising the shields and lowering the target surface” was one of Snowden’s security mantras.

On bathroom breaks, he took his laptop with him. “There’s a level of paranoia where you go, ‘You know what? This could be too much,’ ” he said when I smiled at this. “But it costs nothing. It’s—you get used to it. You adjust your behavior. And if you’re reducing risk, why not?”

Over six hours that day and eight hours the next, Snowden loosened up a bit, telling me for the first time why he had reached out to me the previous spring. “It was important that this not be a radical project,” he said, an allusion to the politics of Glenn Greenwald and Laura Poitras, the other two journalists with whom he’d shared digital archives purloined from the National Security Agency a few months earlier. “I thought you’d be more serious but less reliable. I put you through a hell of a lot more vetting than everybody else. God, you did screw me, so I didn’t vet you enough.” He was referring to my profile of him in The Washington Post that June, in which I had inadvertently exposed an online handle that he had still been using. (After that he had disappeared on me for a while.)

When we broke for the night, I walked into a hotel stairwell and down two floors, where I found an armchair in a deserted hallway. I might or might not have been under surveillance then, but I had to assume I would be once back in my room, so this was my best chance to work unobserved.

I moved the audio files from the memory card of my voice recorder to an encrypted archive on my laptop, along with the notes I had typed. I locked the archive in such a way that I could not reopen it without a private electronic key that I’d left hidden back in New York. I uploaded the encrypted archive to an anonymous server, then another, then a third. Downloading it from the servers would require another private key, also stored in New York. I wiped the encrypted files from my laptop and cut the voice recorder’s unencrypted memory card into pieces. Russian authorities would find nothing on my machines. When I reached the U.S. border, where anyone can be searched for any reason and the warrant requirement of the Fourth Amendment does not apply, I would possess no evidence of this interview. Even under legal compulsion, I would be unable to retrieve the recordings and notes in transit. I hoped to God I could retrieve them when I got home.

WERE MY SECURITY MEASURES EXCESSIVE? I knew the spy agencies of multiple governments—most notably the United States’—were eager to glean anything they could from Edward Snowden. After all, he had stolen massive amounts of classified material from NSA servers and shared it with Poitras, Greenwald, and me, and we had collectively published only a fraction of it. The U.S. government wanted Snowden extradited for prosecution. But I’m not a thief or a spy myself. I’m a journalist. Was I just being paranoid?

Six months earlier, in June 2013, when the Snowden story was less than two weeks old, I went on Face the Nation to talk about it. Afterward, I wiped off the television makeup, unclipped my lapel microphone, and emerged into a pleasant pre-summer Sunday outside the CBS News studio in the Georgetown neighborhood of Washington, D.C. In the back of a cab I pulled out my iPad. The display powered on, then dissolved into static and guttered out. Huh? A few seconds passed and the screen lit up again. White text began to scroll across an all-black background. The text moved too fast for me to take it all in, but I caught a few fragments.

# root:xnu …

# dumping kernel …

# patching file system …

Wait, what? It looked like a Unix terminal window. The word root and the hashtag symbol meant that somehow the device had been placed in super-user mode. Someone had taken control of my iPad, blasting through Apple’s security restrictions and acquiring the power to rewrite anything that the operating system could touch. I dropped the tablet on the seat next to me as if it were contagious. I had an impulse to toss it out the window. I must have been mumbling exclamations out loud, because the driver asked me what was wrong. I ignored him and mashed the power button. Watching my iPad turn against me was remarkably unsettling. This sleek little slab of glass and aluminum featured a microphone, cameras on the front and back, and a whole array of internal sensors. An exemplary spy device.

I took a quick mental inventory: No, I had not used the iPad to log in to my online accounts. No, I didn’t keep sensitive notes on there. None of that protected me as much as I wished to believe. For one thing, this was not a novice hacking attempt. Breaking into an iPad remotely, without a wired connection, requires scarce and perishable tools. Apple closes holes in its software as fast as it finds them. New vulnerabilities are in high demand by sophisticated criminals and intelligence agencies. Shadowy private brokers pay millions in bounties for software exploits of the kind I had just seen in action. Someone had devoted resources to the project of breaking into my machine. I did not understand how my adversary had even found the iPad. If intruders had located this device, I had to assume that they could find my phone, too, as well as any computer I used to access the internet. I was not meant to see the iPad do what it had just done; I had just lucked into seeing it. If I hadn’t, I would have thought it was working normally. It would not have been working for me.

This was the first significant intrusion into my digital life— that I knew of. It was far from the last. In the first days of 2014, an NSA whistleblower, Tom Drake, told me he had received an invitation from one of my email addresses, asking him to join me for a chat in Google Hangouts. It looked exactly like an authentic notice from Google, but Drake had the presence of mind to check whether the invitation had really come from me. It had not. An impostor posing as me wanted to talk with Drake.

Shortly after that, Google started refusing my login credentials on two accounts. An error message popped up in my mail client: “Too many simultaneous connections.” I looked under the hood and found that most of the connections came from IP addresses I did not recognize. On the Gmail page, a pink alert bar appeared at the top, reading, “Warning:

We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”

Which state sponsor? Per company policy, Google will not say, fearing that information could enable evasion of its security protocols. I did some further reporting and later learned from confidential sources that the would-be intruder in my accounts was Turkey’s national intelligence service, the Millî Istihbarat TeÅŸkilatı. Even though I never send anything confidential over email, this was terrible news. A dozen foreign countries had to have greater motive and wherewithal to go after the NSA documents Snowden had shared with me—Russia, China, Israel, North Korea, and Iran, for starters. If Turkey was trying to hack me too, the threat landscape was more crowded than I’d feared. Some of the hackers were probably better than Turkey’s—maybe too good to be snared by Google’s defenses. Not encouraging.

The MacBook Air I used for everyday computing seemed another likely target. I sent a forensic image of its working memory to a leading expert on the security of the Macintosh operating system. He found unexpected daemons running on my machine, serving functions he could not ascertain. (A daemon is a background computing process, and most of them are benign, but the satanic flavor of the term seemed fitting here.) Some software exploits burrow in and make themselves very hard to remove, even if you wipe and reinstall the operating system, so I decided to abandon the laptop.

For my next laptop, I placed an anonymous order through the university where I held a fellowship. I used two cutouts for the purchase, with my name mentioned nowhere on the paperwork, and I took care not to discuss the transaction by email. I thought this would reduce the risk of tampering in transit— something the NSA, the FBI, and foreign intelligence services are all known to have done. (No need to hack into a machine if it comes pre-infected.) But my new laptop, a MacBook Pro, also began to experience cascading hardware failures, beginning with a keyboard that lagged behind my typing, even with a virgin operating system. The problems were highly unusual.

I brought the machine for repair to Tekserve, a New York City institution that at the time was the largest independent Apple service provider in the United States. I had been doing business there since at least the early 1990s, a couple of years after Tekserve set up shop in a Flatiron warehouse space. I liked the quirky vibe of the place, which had a porch swing indoors and an ancient Coke machine that once charged a nickel a bottle. But Tekserve’s most important feature was that its service manager allowed me to stand with a senior technician on the repair floor as he worked on my machine. I preferred not to let it out of my sight.

Continue reading your story on the app

Continue reading your story in the magazine