National Security

What Was Edward Snowden Doing in India?

And why was he taking "ethical hacking" classes there?

Nearly three years before he revealed himself as the source of leaked documents about NSA surveillance, Edward Snowden traveled to New Delhi, India. There, he spent six days taking courses in computer hacking and programming at a local professional school, according to school officials and people familiar with Snowden's trip. Working with a private instructor, Snowden, who was then a contractor for the spy agency, took a course in "ethical hacking," where he learned advanced techniques for breaking into computer systems and exploiting flaws in software. The class's ostensible purpose is to train students to protect computers and their contents from thieves and spies. But in order to do that, they learn how to break into computers and steal information. Snowden also inquired about methods to reverse-engineer the world's most popular kits for committing widespread online crime.

Snowden didn't disclose his India trip to investigators when renewing his top-secret security clearance the following year. It was that clearance, NSA officials say, that gave Snowden access to the 1.7 million classified files he later stole from the agency's computer networks and databases. U.S. intelligence officials have faulted the company that conducted Snowden's background check for not more thoroughly questioning him about overseas travel and what foreign nationals he may have met with, which is standard procedure for detecting whether someone is spying for a foreign power. They have characterized the background check as flawed and incomplete.

But Foreign Policy has learned that Snowden's trip to India should not have been a mystery to the U.S. government or intelligence agencies. Snowden was in the country in his capacity as an NSA contractor "to assist as a technical expert" at the U.S. embassy in New Delhi, according to an individual with knowledge of the situation who asked not to be identified. Snowden also told his computer instructor that he worked for the NSA and that he was in the city "on business," said Rohit Aggarwal, the CEO and founder of the school, Koenig Solutions. Government employees and contractors are not required to disclose foreign trips of an official nature, and may even be instructed not to, in order to avoid compromising intelligence operations and programs, according to two former U.S. intelligence officials.

Snowden's time in India has been covered in the Indian press but has received little attention in the United States. The travels offer a rare glimpse into his activities in the years before he became arguably the most famous leaker of classified secrets in American history.

Precisely what work Snowden did at the embassy in New Delhi is unclear. At the time, he worked as a technology specialist for Dell Inc. at an NSA facility in Japan. U.S. intelligence personnel are often stationed in American embassies, so it's conceivable that Snowden could have been working on surveillance equipment in New Delhi. Among the documents that Snowden disclosed were those describing a program called Stateroom, which gathers electronic communications using equipment based in U.S. embassies around the world. Other documents Snowden released showed that the NSA may have spied on the Indian embassy in Washington and on the country's mission to the United Nations.

Calls and emails to the U.S. embassy in New Delhi were not returned. Spokespersons for the NSA, the CIA, and the Office of the Director of National Intelligence all declined to comment for this article.

According to officials at the Koenig school, Snowden flew to India from Japan, arriving on Sept. 2, 2010, and staying for one night at New Delhi's Hyatt Regency hotel. A Koenig representative picked him up at the hotel on Sept. 3 and then drove Snowden to a lodging facility provided by the school. He stayed there until Sept. 9 while he took classes, and then returned for one more night at the Hyatt before leaving India on Sept. 11, the school said. (Indian news publications, citing official travel and immigration documents, also show that Snowden was in the country during this period.)

Snowden's instructor said he made no secret about his work for the NSA. While he didn't describe the specific purpose of his visit, he did say he wanted to squeeze in some computer coursework while he was in town. The U.S. embassy is only six miles from the Koenig school. Snowden paid the $2,000 tuition and lodging fee himself, using a personal credit card, Aggarwal said.

Snowden's instructor described him as quiet and diligent. He didn't take many breaks. And he already had a high-level of knowledge about computer science, hacking, and programming.

Had background investigators inquired about Snowden's travels, they likely would have asked if he'd had any contact with foreign nationals while he was abroad. All security clearance holders are required to disclose significant contact with foreigners. But any instructors and students Snowden met probably wouldn't have risen to that level, a former intelligence official said. A Koenig spokesman said the school could only vouch for Snowden's whereabouts while he was taking courses during the day. "Other than our people and students we would have no idea whom he met," said the spokesman, Somit Biswas.

In addition to the ethical hacking course, Snowden took a class in the Java computer programming language. Snowden said the course "would help him in 'organizing a team who does' work on Java" at Dell, a Koenig spokesperson said, citing a questionnaire that Snowden was required to fill out before he came to the school.

"His stated goal for coming to train at Koenig ... was 'getting knowledge and evaluating Koenig's training program for my company. Certification might be nice, but it is not necessary,'" Biswas said. "He had also stated that his employers had approved Koenig as a training provider and that he would also be writing a review of the training experience which would help his company to evaluate Koenig as a future training partner and might be mutually beneficial to both."

David Frink, a spokesperson for Dell, declined to comment. "We have not discussed Mr. Snowden's role with Dell and don't plan to," he said. The Wall Street Journal reported last year that Snowden's "work supervisor" informed investigators performing his background check that he had gone to India, but that they failed to clarify the purpose of the trip, resulting in a report that "did not present a comprehensive picture of Mr. Snowden," according to an intelligence documents.

Biswas said Snowden also inquired about courses in the analysis and reverse engineering of malicious computer code, such as the the ZeuS, Fragus, and SpyEye crimeware kits. That was a curious request, and potentially at odds with his interest in ethical hacking. Understanding malware is important for defending against it. But these are not ordinary malware. ZeuS is the world's premier toolbox for custom-building online crime campaigns. It has been used to infect millions of computers around the world. All three programs have been used by criminals to commandeer individuals' computers and to steal financial information. SpyEye allows criminals to create fake bank web pages, in order to trick people into entering their login and password, which the criminal then steals and uses to enter, and empty, their accounts. Last year, Microsoft filed a civil complaint alleging that clusters of computers infected with ZeuS have been used to steal more than $100 million.

It's not clear why Snowden wanted to know about reverse engineering financial crime malware, but his resume indicates he may have been working on cyber security-related projects while a contractor with Dell. Koenig told Snowden that it didn't offer courses along the lines he was interested in, but that it was considering adding them to its curriculum.

Snowden abruptly ended his coursework before completing a final portion of his training, Aggarwal said, in computer hacking forensics and an administrator course in the Linux operating system. "He was supposed to come back one morning, but he didn't. He sent an email saying, please cancel the rest of my courses. I have a medical condition and need to go back to Japan for medical advice," according to Aggarwal. Snowden spent the night of September 10 at the Hyatt Regency, and then left India the next day, he said.

Snowden completed the ethical hacking course and the course in Java programming, Aggarwal said. A source who is familiar with Snowden's professional resume, which was current as of 2013, said it lists his certification in ethical hacking as well as computer network defense. The only reference to even remotely anything like Java, this person said, appears in relation to Snowden's work for a website company called Clockwork Chihuahua. There, Snowden said he edited JavaScript (which is loosely related to, but is not the same as Java). Snowden also claimed to have Japanese language skills and to be "comfortable working in austere environments," according to his resume.

U.S. officials have said that Snowden began downloading secret NSA files while he was working for Dell, in April 2012. He went to work for another NSA contractor, Booz Allen Hamilton, the following year. Snowden told the South China Morning Post that he took the job in order to access classified NSA documents.

"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," Snowden said. "That is why I accepted that position about three months ago." Snowden worked for the company only a few months, at a facility in Hawaii. There, he took more documents before ultimately fleeing to Hong Kong. He is currently living in Russia, where the government has granted him temporary asylum.

A computer security training professional in the United States said it's not unusual for Americans to take courses abroad, particularly in India, where the tuition is a fraction of what it can cost in the United States. But the expert criticized the teaching of so-called "ethical hacking."

"They can call it 'ethical,' it's still hacking. You're teaching someone how to break into a system," the expert said.

Aggarwal, the Koening CEO, said it's not unusual to find U.S. intelligence employees taking courses at his school, and that between 50 and 100 American military service personnel take courses there each year, as well as at a location in Dubai. A Defense Department spokesman could not confirm that military personnel have taken courses at the school, or that it's been approved by the Pentagon as a training facility. But personnel responsible for protecting the department's computer systems are required to obtain commercial certificaitons, including in ethical hacking.

Photo illustration by FP

MANAN VATSYAYANA/AFP/Getty Images

Barton Gellman/Getty Images

Report

Putin's Oil Slick

A possible energy deal between Russia and Iran could torpedo U.S. nuclear talks with Iran

Russia has apparently barged into America's nuclear negotiations with Iran, and is threatening to undermine the U.S.-led sanctions effort by working on a new oil deal with Tehran.

While any such deal could offer some short-term financial succor to Iran, and score a geopolitical victory for Russia, it would create a whole host of headaches elsewhere.

A potential energy pact between Moscow and Tehran promises to complicate the Obama administration's efforts to forestall fresh Iran sanctions coming out of Congress. If the deal comes to pass, and is allowed to stand, it could also undermine the existing sanctions regime on Iran. But the oil deal also raises questions about Russia's long-term strategy in the region.

According to a Reuters report, Russia and Iran are close to finalizing an oil-barter deal which would see Moscow trade unspecified goods to Tehran in exchange for about 500,000 barrels of oil a day -- roughly half of Iran's battered current export level. At current prices, that much oil would be worth about $1.5 billion a month.

Russia doesn't need the oil - it has plenty of its own. So the idea is that it would be shipped off from Iran. Russian and Iranian officials told Reuters that they expect to finalize the deal soon, regardless of what happens in the Geneva negotiations over Iran's nuclear program.

Russia has a few obvious incentives to make such a deal: It puts Moscow square in the center of international efforts to defang Iran's nuclear program, and sends a clear signal to the U.S. that it will push back against Western efforts to increase economic pressure on the regime, all while poking the Obama administration in the eye.

"It's a double win: He weakens and embarrasses Obama, and puts himself in the thick of things" regarding Iran's nuclear future, said Amy Myers Jaffe, executive director of Energy and Sustainability at the University of California, Davis.

But the prospective oil deal is also a bit of a puzzler. Adding a big chunk of new Iranian supply to the global oil market would likely push crude oil prices down -- or at the very least take the froth off of historically-pricey crude. That is exactly what Russia, whose budgetary health depends on oil revenues derived from prices that are as high as possible, has long sought to avoid.

And especially for Iran, the deal carries plenty of risks. Tehran agreed to talk about suspending aspects of its nuclear program in large part because it hoped to win some relief from the crippling economic pressure caused by the U.S. and European sanctions on oil exports. On Friday, Iranian and Western negotiators resolved most of the outstanding issues needed to move ahead with the interim nuclear deal.

But inking an ambitious deal with Russia to export 50% more than it now does will only give ammunition to lawmakers in the U.S. who are champing at the bit to tighten the screws on Iran. Iran, for its part, has warned that any fresh round of sanctions will be a deal-breaker for nuclear talks. And the Senate now has a nearly filibuster-proof bill that would ratchet up sanctions.

"This deal is a jaw-dropper, and will make it a lot tougher for the Obama administration to veto that bill now," said Mark Dubowitz, executive director of the Foundation for the Defense of Democracies, a big advocate of tougher sanctions on Iran.

"The market apparently no longer has to fear the economic minefield put around Iran. This puts lie to the claim that you can turn sanctions on and off like a spigot," he added.

A senate aide said that the prospective Russian-Iranian oil deal underscores how the sanctions regime on Iran is actually unraveling, thus reducing U.S. leverage.

"The longer the Senate waits to take action, the less likely it will be our diplomats can reach a deal that actually achieves our objectives," he said.

Iran's oil-dependent economy has been hammered by two years of Western sanctions on its energy exports. Even much of the oil that it does sell is through a barter arrangement, or in the expectation of future payments. Iran's cash crunch is acute. "Iran has to find a way to accommodate more exports: this is the reason behind this," an Iranian official told Reuters.

The future of Iranian oil production is also at stake. Sanctions have threatened the shut-in of a lot of Iranian oil fields, because the country simply cannot export or store everything it normally produces. Some countries can shut down production and start it up a few years later with few ill effects, but fields that rely on gas injection to maintain pressure could go into terminal decline if shut down, said Jaffe. That gives Iran a reason beyond short-term barter gains to start shipping more oil.

But it also raises questions about Russia's strategy in the Middle East and Mediterranean. Russian companies, including Gazprom, have been trying to elbow into the nascent Eastern Mediterranean natural-gas boom; Gazprom in particular is trying to finalize a deal to export Israeli gas, and Vladimir Putin has cozied up to Israeli Prime Minister Benyamin Netanyahu. Bolstering Iran won't help Russia's new-look policy in that part of the world.

It also could have the effect of jeopardizing future Russian-Saudi relations, since any Russian moves to bolster global oil supplies could collide with Saudi budget imperatives. International support for Shiite Iran is anathema to the Saudis - Riyadh has gone ballistic at the U.S., its long-time security blanket, over the Geneva talks.

The Russian Embassy in Washington, D.C., and the Iranian mission to the United Nations did not respond to requests for comments on the purported deal. Iranian oil officials said over the weekend only that there was no final agreement for an oil-barter deal, according to Iranian news wires.

UPDATE: A White House spokesperson said over the weekend that the reports of the deal still aren't confirmed. "If true, however, such a deal would raise serious concerns as it would be inconsistent with the terms of the P5 + 1 Joint Plan of Action and could potentially trigger U.S. sanctions," the spokesperson said.

Despite the risks of blowback from Washington, some Russia watchers see the prospective deal as being consistent with Putin's desire to take pressure off Iran that his predecessor had supported. And Russia has long maintained that U.S. and European sanctions on Iran's oil exports are unilateral, punitive measures-unlike the softer penalties hammered out by the United Nations security council.

"Negotiating a deal that would relieve some of the pressure on Iran without violating UN sanctions would be in line with this policy," said Simon Saradzhyan, a research fellow at Harvard Kennedy School's Belfer Center.

 

John Hudson contributed to this report.

This story was updated Jan. 12, 2014.

 

EPA