Spying on the U.S. Submarine That Spies For the NSA and CIA
Everyone saw the USS Annapolis come home last year. It returned, poignantly, on Sept. 11, and there was a seriousness amid the usual dockside fanfare—sailors meeting newborn children for the first time, a school band playing "Anchors Aweigh." But there was no mention of the boat's secret missions.
From March to September 2014, the U.S. submarine's 152-man crew cruised the deeps of the Mediterranean, Red Sea and Arabian Gulf, earning a earning a coveted Battle "E" for their efficiency in doing all the fleet had asked of them. Which involved ... what, exactly? They covered 34,000 nautical miles, participated in one multinational exercise, and made port calls in Portugal, Spain, Bahrain, and Gibraltar, according to official Navy reports.
There was something else, according to the sub's captain, Commander Chester T. Parks. "During this time," he told reporters, "Annapolis completed four missions vital to national security."
Technically, his boat is a fast-attack submarine, responsible for tracking and killing enemy subs and surface ships when shit goes down. But the Annapolis was equipped for a very special top secret task, one that didn't involve its Mark 48 ADCAP torpedoes—or any shooting weapons at all. It was a mission that wasn't yet accomplished as the boat ported and the crew embraced their families on the dock at Submarine Base New London, Conn.
First, Parks and his team would have to brief some high-level NSA and CIA officials.
This jewel of the silent service, it turns out, is a very good listener.
Deep in the trove of National Security Agency documents leaked by Edward Snowden is a classified Powerpoint training presentation for workers at the Naval Information Operations Command Maryland—the Navy component of the NSA. The presentation explains the ins and outs of computer network exploitation (CNE) "to change or collect information residing on or transiting computer networks." To spy, that is, on any computer network anywhere—and not just to listen, but to manipulate and even shut it down.
The heavily redacted presentation includes an example of a "tailored access operations" target for these military hackers: an unidentified nation's president, Parliament, and military leaders:
CNE operators can do much more than that. It's part of a larger effort by the U.S. to "use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money," Der Spiegel wrote earlier this year.
The mainstream media has written extensively about Chinese and Russian government exploits in cyber-warfare, as well as the activities of renegade "hacktivists." But it is still the United States that rules supreme in the new battlespace, and the NSA is but one small slice of its digital offensive. It's actually the domain of the newly created U.S. Cyber Command. And while NSA conducts"global access operations" to penetrate non-military targets, the CIA also fields its own covert cyber operations for the most sensitive of national targets.
So how does this spying actually happen? How does the U.S. really get into position to exploit a sensitive computer network? The keyboards, codes and operations behind the U.S. cyber offensive dwarf the efforts of any other country, but it is America's vast physical spying infrastructure that gives it a key advantage.
In the Snowden briefing, one diagram shows how the network works, from antenna to collection platform to satellite transmission to analysis and final exploitation. Targeted signals are captured by antennas, run through an NSA software program known as "BLINDDATE," and sent off to the analysts.
At the center of that flowchart from the Snowden trove is a single ship—the conduit for all this clandestine activity, and the home base for those antennas and the computer that runs BLINDDATE. That ship is the USS Annapolis.
Despite its Hollywood reputation as a fleet of steely killers crammed with cantankerous men, the United States' submarine force has always prided itself on quiet professionalism. Very quiet. The boats' low acoustic signatures enable them not only to close with and kill enemy vessels, but to maneuver undetected into littoral areas, close to shore—sometimes to deliver special forces, sometimes to eavesdrop on so-called "signals of interest."
"To control the electromagnetic spectrum, you have to be able to put whatever your device is that controls that spectrum in the place where you need it," Vice Adm. Mike Connor, commander of the U.S.'s Atlantic sub force, explained last month. "We have a remarkable ability to take the sensors that we have... and put them in the place they are most relevant, because we can get closer."
Plenty of stories have detailed the signals-collections exploits of aerial drones or special operators who actually go into a Pakistan or Mexico to be the human antenna, but the Navy's plum role in carrying out computer network exploitation is virtually unknown. In a typical week, according to NIOC-Maryland's 2013 briefing, the U.S. ran about 2,600 network exploitations. The Navy ran nearly 700, or 26 percent, of those ops—almost as many as the other military services combined.
The nuclear-powered Annapolis, in fact, is the crown jewel of this effort, a spying specialist assigned to Submarine Development Squadron 12, a test group of specially configured subs that experiment with new fleet capabilities—particularly in intelligence and special operations.
Annapolis and its sisters are the infiltrators of the new new of cyber warfare, getting close to whatever enemy—inside their defensive zones—to jam and emit and spoof and hack. They do this through mast-mounted antennas and collection systems atop the conning tower, some of them one-of-a-kind devices made for hard to reach or specific targets, all of them black boxes of future war.
Closer and passive, that is—for once the submarine reveals itself by emitting a signal, an enemy can find it. So a key to what the Navy sometimes calls electromagnetic maneuver warfare is in sniffing out the unsecured networks or receiving tip-offs of juicy targets from others. Gawker has learned that USS Annapolis was the first submarine to receive the mysterious RADIANT GEMSTONE system almost a decade ago. "RADIANT" is a Navy-unique codename applied to these specialized black boxes of "tactical-national integration": satellites and stealth drones and other secret operators all sharing sensitive data with each other. Other RADIANT programs—RADIANT ACHILLES, RADIANT ALLOY, and RADIANT LAVA—forge links with ocean surveillance and photo-reconnaissance satellites. John Pike's Global Security lists more than two dozen old RADIANT programs.
The above "top secret" special-access program onboard the Annapolis allows it to coordinate data from the submarine and high-above surveillance satellites so that it can penetrate into everything from radio to cellphone to internet traffic, receiving cues or sending tip-offs.
Before Annapolis left on its 2014 voyage, the boat was fitted with a wholly new screen layout and user interface to accommodate its digital native crew. In addition to its RADIANT suite of connectors and sensors, Annapolis's BLINDDATE system is thought to be able to penetrate local area networks, such as those created by home wireless routers. But its full capabilities—particularly when targeting nations like Iran—aren't publicly known.
Annapolis's parent unit, Submarine Development Squadron 12, brokers all of this special equipment for the Navy's submarines, setting up relations with the CIA and NSA, as well as the National Reconnaissance Office, which operates the spy satellites and stealthy communications links. And there are a set of silent partners in industry and academia who also ply their trade in this secret submarine world.
One such player is the Applied Research Laboratory of Pennsylvania State University. As a Pentagon-designated university-affiliated research center, Penn State's ARL "maintains a special long-term strategic relationship with DoD," the lab brags in an online presentation. That relationship accounts for nearly half the university's research budget—and it includes work on Annapolis's RADIANT GEMSTONE, the only public mention of this highly secretive program:
How excited is the Navy about this new mission? Imagine being the only kid on the block with a shiny new red wagon. The service's admiral in charge of cryptology says the Navy is anxiously crafting "an ordered, sustainable maritime means of realizing military power in cyberspace."
Still: What does that mean? When you can spy on anyone, anywhere, anytime—not just heads of state, but anyone on a cell or a WiFi connection—what do you actually do? More to the point: Who was the Annapolis spying on last year?
We know roughly where it traveled through the "European and Central Command areas of responsibility"—near Iran, Israel, perhaps even Yemen. We know that its crew briefed those NSA and CIA officials. We know that Parks, his mission accomplished, recently stepped aside and handed command of Annapolis to a "tactical analysis" expert from Submarine Development Squadron 12. And we know that its sailors were happy to see home:
The rest—like RADIANT GEMSTONE and BLINDDATE themselves, their antennas hidden in the black conning tower in the background of that happy homecoming—is a mystery.
[Photos: U.S. Navy]
Contact the authors at adam@gawker.com or william.arkin@gawker.com.
Public PGP key
PGP fingerprint: FD97 D50A DE57 3943 4534 1A49 FA8B 74B4 A7A0 07BE