w. DOClD: 3803783 This publication is a product of the National Securitv Agell1lcy his tory pro~amoIt presents a historicID"perspecti'\"e tor 11ll1form21 tionaI and educational purpose§\ is ffie result of independent research, and does :not :neceSSalrllXy reflect a position of NSAj CSS or any other UoSo government entity. I u.s. Cover Photo: embassy in Moscow at the time ofthe GUNMAN ~ L project. ~~ Declassified and approved for release by NSA. CIA &. State Dept on b'I-'1 ~-~O'I 'I I)ursuant to E.O. '135~6 MDR 58453 DOClD: 3803783 lOPSECREI/7COIVlINIJlREL 10 USA, A:US, CK!{, GlUt, N2':L -,.. - '1'01' S~CU't'//COfiflIftft'//R:EL~O US1\:,*US, eM", GBR, 1l~L r DOClD 3803783 'f'ot'SECft£'f't/COr.IHff//REL'FO USA, AUS, eMt, CBR, P>t~L , ." .. ,- -"'~. , .' . ..- , IN" ""', :~ - - ..' ."-.... ~¥ "". ;;> c · -. · " }i j;' h t , (U) Table ofContents " ~t;, ~ .. Page .. ........ ... . ~ (U) Introduction. · · ······························· .1 , .;' ~ .. . (U) The Catalyst. · ···········································.2 c.. (U) The Race to Remove andReplace Embassy Equipment. ············4 '.",, . . .. . . .... (U) The Discovery . ··· ······· ················· ···· ·· ··· 8 .- (U) Reactions to the GUNMANFind. ······························.11 > "' (U) Implant Characteristics ·····································.12 , (U) DamageAssessment. ········································15 (U) A Cunning Enemy ···········································15 , (U) GUNMANImpact. ..............·.·.................·........17 ';. .. . .. (U) Conclusions . ··· ······································· 19 (U) Acknowledgements. ······································ ··.20 t ........ . (U)Notes. ··· ······································ ··.20 , ........ . . . . . . (U)Index. · ··· ··········· · ··········· ······· ····.23 , ~~ .,., . 'FOt'SECRE'Ft/COMHff//REL'FO USA, IMS, GYt, CBR, P>t~L Pageiii DOClD: 3803783 TOP S:ECltM11COMtN'f'f/KEL'FOUS:z't,I.tUS, G\fl GHR, N~L (U) Learningfrom the Enemy: The GUNMANProject (U) Introduction CD)"Anotherintelligenceexpertsaidnoone knows for sure how many or what secrets CU) On 25 March 1985, CBS television nightly were compromised. A third official called newsbrokethefollowing shockingstory: theentire affaira fiasco."l • CU) Dan Rather: "In another U.S.-Soviet CUI/r'OUO) Howaccurate was the CBS report? development, Pentagon correspondent The following paper will examine the nature of David Martin has been told how Soviet the Soviet electronic penetration and the damage secret police in Moscow have been getting assessment of Soviet access to typewriters at the the latest word on sensitive U.S. embassy U.S. embassy in Moscow. This history of Project documents even before U.S. offici~s read GUNMAN will also answer such questions as how them." were the typewriter bugs discovered and how did theywork. CU) David Martin: "Informed sources tell CBS News that for at least one year, and CU) Countrieshavespiedoneachotherbygath probably longer, the American embassy in ering information from embassies for centuries. Moscow was the victim of a sophisticated The United States and the Soviet Union were of electronic spy operation which gave Soviet course archenemies during the Cold War C1945 to leaders an inside look at what U.S. dip the fall ofthe Soviet Union in 1991), and there is lomats were doing and planning. Soviet a long history of attempts by the Soviets to gain agents secretly installed tiny sensing devic access to information from the U.S. embassy and es in about a dozen embassy typewriters. its diplomatic apparatus. Perhapsthe mostfamous Thedevices pickedupthecontents ofdocu incident of Soviet espionage was the Great Seal ments typed by embassy secretaries and implant. transmitted them by antennas hidden in the embassy walls. The antennas, in turn, CU) On 4 August 1945, Soviet school children relayed the signals to a listening post out presented a carving of the Great Seal of the U.S. sidetheembassy.... to Averell Harriman, the U.S. ambassador to the Soviet Union. The carving hung in Spaso house, CU) "Depending on the location of the the ambassador's residential office' in Moscow, bugged typewriters, the Soviets were able until 1952, when the U.S. State Department dis to receivecopies ofeverythingfrom routine coveredthattherewas amicrophone hiddeninside administrative memos to highly classified the carving that the Soviets turned on at will. This documents. bug was not a standard microphone and could not be detected unless it was in use. For six years the • CU) "One intelligenceofficersaidthepoten Sovietswereabletoeavesdropontheconversations tial compromise of sensitive information ofthe U.S. ambassador.2 The Soviet threat to U.S. should be viewed with 'considerable seri embassy security was both well-documented and ousness'. real. Page 1 DOClD: 3803783 IUPSEeMIjjCOWIIt<lljjtmLTOtJSA, ADS, CMt4'6Blt, N2":L iffl"The typewriter bugs marked a new level of sophistication because they were electromechanical. For the first time, the Soviets gathered information from a piece of equipment that held written plain text information. Priorto thediscoveryofthese bugs, the U.S. believed that the Russians hadonlyusedroom audiobugswithmicro phones orlisteningdevices toeavesdrop on Americanembassyactivities. As a totalitar ian society, the Soviet Union valued eaves dropping and thus developed ingenious methods to accomplishit. CUI/POUO) The 1980s were a peri od of strained relations between the U.S. and the Soviet Union. One manifestation ~O 1.4. (e) of those strains was Project GUNMAN, (U) Fig. 1.IBMSelectric typewriter ~p 1.4. (d) which involved the replacement of U.S. P.L. 86-36 embassyequipmentinMoscowandthedis- OGA covery and evaluation of typewriter bugs. GUNMAN was not the only threat to the U.S. etrated typewriters in the U.S. embassyin'+'1oscow embassy in Moscow. The U.S. began to build a was correct in that the attack took place. H(:>wever, new office for its Moscow embassy in 1979. The some ofthe details in the report were oversimpli building, however, was riddled with bugs, and the fied. According to CBS, "the bugs might stillb~ in U.S. eventually rejected it. That story, however, is place hadit not beenfor a warning from a fri~ri~y a subjectfor another paper. This paper isthe story governmentwhose own embassyhad beenthe tar ofthe GUNMAN attack and the role ofNSA in its getofasimilareavesdroppingoperation."3f \\ discovery. CUHFOUO) Organizations with intelligence responsibilities must be able to respond quickly andcreativelyto unforeseen threats. Howdid NSA respondtothis Sovietthreat? To answerthatques -t811 \ tion, this monograph will examine the role ofNSA leadership and its ability to move a bureaucracy into action. To curtail future threats, intelligence organizations must also maintain the ability to :==========~II learn from the activities of their enemies. What techniques did NSA use to learn from Soviet bug gingefforts? EOL4.(<;) P.L. 86-36 (U) The Catalyst ts1 The CBS 25 March 1985 report that announced to the world that the Soviets had pen- Page 2 TOfl S~Cft:E't't/COMIN'f'h'R£L'FO USA., f.lUS, CA;p.J' CRR, ~;n. • EO 1.4.leJ Eo). 4. (e) EOOLOC~: 38.ID3'i1c8:B: .... ..' EO 1.4. (e) P.L. 86-36 ~OPSE(3R:E'i'//COi\IHff'ffR£L~O US:A,AUS, C2fdifGBR, NZL/"'/ P.L. 86-36 dGA OGA ............................. ···············1 United States could exPect to be a high priority ""---__~------:----.....IIThedevelop target.6 TheI I~arning was the catalyst for ment of this bug required competent personnel, NSAaction. time, and money. The very manufacture of the ~~~~~~ P.L. 86-36 components required a massive and modern infra -tS7 Under the leadershipgfWalter Deeley, structure serviced by many people. This combina the deputy director for communication security, tion of resources led to the assumption that other andl kth~ chief of R9, a division in units were available.4 the Research and Development organization, NSA management developed a plan to remove, replace, and examine telecommunications and informa tion processing equipment at the U.S. embassy in Moscow. NSA was to handle all aspects of the plan on an absolutely need-to-know basis. NSA wantedto removetheequipmentsothatitcouldbe examined in the U.S. to allowfor a more thorough inspectionthancouldbeconductedontheembassy grounds. NSAalsowantedtokeeptheSovietUnion from learning about the effort and interferingwith U.S. objectives. The Soviets had a history of poi soning or using other means to injure technicians from othercountrieswhoinvestigatedbugsintheir · b' 7 EO 1.4. (e) respective em assles. EO 1.4. (d) P.L. 86-36 I ~GeneralFaurer did not want to bri~fhis P,:L"86- 36 plan to the State Department because relations ,~ Afterlearning about the bug, the DIRNSA between NSA and State were poor. NSA had been sentL·lfrQIll R9, the research and writingcriticalreportsaboutinadequatesecurityin I I development organization, and from StateDepartmentfacilities forseveralyears. Faurer the COMSEC organizationtoc:::::::Jto examme the also believed that CIA would mishandle the NSA 1 implant. It was unlJ,sualfor these organizations to 1 have a reasont6~ork together. This was the first 1plan be_cause - IIl,anye~amples of ofcollaboration that developed behveen the two entities to uncover and under standthe GUNMANthreat. ~NSAbriefedthesecretaryofdefense, Caspar P.L. 86-36 EO 1.4. (e) • Weinberger, onthe threat and its proposed plan of P.L. 86-36 I I• OGA -f5t found that this action. Weinberger said that this problem should implant represented a major Soviet technological be brought to the attention ofthe president imme improvement over their previous efforts. The bug diately.1 Iw:pom Deeley assigned couldbe rapidly and easily installedby nontechni to work with the White House; explained that the cal personnel; it resisted detection byconventional approval from President Reagan forthe~SAplan methods; and it was wireless and remotely con ofactioncamein record time. trolled. Search by disassembly and visual inspec P.L. 86-36 tion, when conducted by any but the best trained I briefed Ken DeGrqffenreid [the technicians, would normally be unproductive. All senior director of intelligence pro concludedthat ifthe Soviet KGB wouldgo to these grams on the National Security lengths against a Western ally, then certainly the Council]. Next we briefed Admiral 'fOP S~eU'f//eOl'fnN't'f/ft£L~OUSA, AUS, C2fdif 6BR, Ni3L Page 3 DOCID: 3803783 TOPSECRET//COMHffffREL~OUSA,AUS, eA:NGlUt, N2':L John Poindexter [the deputy nation (U) The Race to Remove andReplace al security adviser, who became the Embassy Equipment national security adviser in 1985J. Admiral Poindexter wrote the neces ~The first goal ofthe GUNMAN Project, to sary memorandum and within afew replace all ofthe electronic equipment in the U.S. days we had a signed document of embassy in Moscow with signaturized equipment, authorizationfrom thepresident. was a daunting challenge. Electronic equipment included teletype machines, printers, computers, CU) President Reagan approved the GUNMAN cryptographic devices, and copiers - in short, project in February1984. almost anything that plugged into a wall socket. NSAstaffhadtomovequicklytoreplaceequipment CU) Even after presidential approval, knowl to.... avoid tiPPin}ts hand to the Soviets. According t~ edge ofGUNMAN was still tightly held within the howasinvolvedwiththeprocure government.I IfuItherexplained: ment and shipment ofthe upgraded equipment to Moscow, Walter Deeleygavethe staffonehundred I Admiral Poindexter toldine to days to complete this phase ()fth.eproject.1 brief the secretary ofstate [George stated, SchultzJ and the director ofCentral P.L. 86-36 Intelligence [William CaseyJ, and no The first problem that wefaced was one else. I pleaded to briefLawrence the lack ofa centralizedinventory at Eagleburger [deputy undersecretary the embassy. The problem was fur for politicalaffairsJ, becauseIfeared ther complicated because individual thatI couldnotreach thesecretaryof departments had software tailored stateifwe neededhelp in gaining the to their specific needs. For instance, cooperationofthe State Department. we couldnotsimply replace allofthe I After much begging, Poindexter Wang computers.] ________---ll relented. This incident is an indica Keeping track of OGA tionoftheconcernforsecuritywithin all ofthe various software was hard the u.S. government.9 enough, butkeeping trackofallofthe variationswasa nightmare. With the ~Developing and gaining approval of a plan assistance of a few trusted commu to respond to a possible securitythreat in approxi nication center embassy employees, mately six months were significant accomplish we were able to obtain diagrams and ments for a large bureaucracy such as NSA. They blueprints of equipment. However, wereatestamenttotheleadershipofWalterDeeley, wefoundthatfrequently the original a manager who took risks and made decisions. diagram did not always match with RightfromthestartofGUNMAN, the research and the equipmentthathadbeenactually COMSECdirectoratesworkedtogether.Thistypeof delivered. collaborationwas very effective but avery unusual phenomenon in the 1980s. Overcoming bureau iS1 Security concerns were another challenge cratichurdles was also possiblebecause during the identifiedbyI Ip .L. 86-36 1980sthe Reagan administration had an overarch ingconcernwith the Sovietthreatto the U.S. We couldnotsimply showup to take an inventory because we could not riskalertingtheSoviets.Instead, tele communication personnelfrom NSA Page 4 TOP SECRET/fCOMHIT/fREL~O US2\:, *US, C:z\:N EiBR, N't'iL ,. DOClD: 3803783 E.O 1.4. (c) ~ot'SECR:E't'//COMI~ttREL~OUS:A,AUS, CANEiBR, "P.~L P;L. 86-36 \\L-w-e-r-e--~~--:-;'---;----=~ Thiswasanotherexampleofcollaborationbetween organizations within NSA. -t8t A separate area on the NSAW campus, known as the T. Motor Pool area, contained four trailers that were used to stage the equipment. T2 ~NSA used a variety of methods to quickly usedthefirsttrailertotesteach pieceofequipment purchase similar or upgraded equipment for the to ensure its properfunction. In the secondtrailer, embassy. Approximately 40 percent of the equip S651 inspectedeachitembyx-ray. Theyalso disas ment had to be purchased while 60 percent was sembledeveryitemto recordanomalies thatwould available from the Agency and other sources. NSA be stored in their standards library for future ref was unableto obtain 250 IBM Selectrictypewriters erence during examination when the e ui ment required by the embassy in part because of their camebackfrom thefield. power requirement. The Soviet Union used 220 volt60cycleelectricity. Typewriterswerenotavail in thethirdtrailerand usedthelasttrailerfor stor able from European sources, and the IBM factory age.EO 1.4. (c) P.L. 86-36 in Lexington, Kentucky, had depleted most of its stock. NSA was able to acquire only fifty typewrit ffi Every possible precaution was tak~n during ers, so they replaced typewriters that were used in the entire project to ensure that the repla~ement the most sensitive areas ofthe embassy. NSA was equipment remained secure. NSA staff gharded able to meet the requirements for all other equip against tampering by using several levels ofdetec ment.ll tion devices. Some methods were applied to\the Iequipmentitself, while others involvedthepack~g- ~ Because ofthe need for fast delivery to the ing of the eqUiPment.I:.1 embassy once the equipment arrived in Moscow, NSAhadtobecertainthateachpieceofequipment worked. There would be no time to repair anything. NSA alsowantedtomakesurethat the replacement equipment was not tampered with while en route. The COMSEC orga- nization took a number of steps not only to safeguard the equipment in transit, but also to determine whether it was tampered with when it wasbroughtbackforperiodic examinationafterbeingoper- ational in the field. For the next two months, personnel primarily from S65 and·T2 worked feverishly to prepare the equipment for shipment. ('fSz7'~I//;Rftt_F_i_q_, EO 1.4. (c) 2_,_'--- ,..........1 P.L. 86-36 EO 1.4. (c) OGA P.L. 86-36 TOt' SECRET//COi\IIUT//RELTO U&.r, AUS, Ct\N GBR, ~J~L Pages - f30 1.4. (c) DOClD: 3803783 ~.L. 86-36 TOPSECREF//COl\tINFffIWL'1'0 USA,AUS, CAN8BR, NlSL I ~ Personnel used various tamper-proof methods t<>\ . package the equipment. For example, equipmentl INext,thecrateswereplacedin '1-----------' was sealedin special plasticba s that could not be•• trailersfor easiertransportand additional security. replicatedintheSovietUnion Someboxes con- I To the ~ The equipment was shipped to Moscow in ~b-e-s-t -of-N-S-A-'s-kn-o-w-l-e-d-ge-,-t-h-e-S-o-Vl-e'-ts-di-d'-n---'ot inter-I IFrom NSA, the Armed Forces Courier fere with anyoftheequipmentthatwas shippedto Service shipped the equipment to DoverAir Force theembassyorreturnedto FortMeade.12 Base.Twoclearedcouriersaccompaniedtheequip ment, which was flown by military transport to -tSt The staff took extraordinary measures to Frankfurt, Germany. ensurethesecurityoftheequipmentduringitsship- ~Anotherexample ofatten tion to every detail of security was the rental of a special crane to load the plane. The regular crane was not operational when the equipment arrived. The flight was scheduled to leave in three hours. The equipment could not miss that flight because NSAper sonnel did not want to store it at Dover. Therefore, the plane was loaded using arentedcrane. ~The equipmentwas stored and guardedby U.S. personnel at a warehouse in Germany until it couldbe flown into Moscow. This / ~Fig. 3. CONEXboxesusedto ship equipmentto andfrom was necessary because there was u.s. / the embassy. The boxes wereover30feetlong, 8feet no place at the embassy to store / tall, and8feetwide. Boxesin theforegroundwere wrapped tentonsofequipment.Theembas / in burla.]Ja.~cl.IHsecuredwithIsteelstrips.1 EOi~H4H~m(~)HHHHHHH .. (back to cam~e~ra-::-)T".------- syattichadbeendamagedinafire in1978andwasnotstableenough P.L~8Ei-36 ~ehtto to hold such heavy equipment. the embassy. In preparationfor shipment, boxes ~feqllipment were placed in crates which ~The equipment was flown into Moscow in werewrapped.ihbllrlap. Burlapsignifiedthatthese stages on a Lufthansa aircraft, a common State items were to be treated, as U.S. diplomatic cargo Department procedure. The Soviets were not sur and would not be subjecttojnspection by Soviet prised by an influx of equipment entering the customs officials. As a furthe~secllrity measure, embassy because such activity was typical in the I the burlap was stapled onto each cr~te~1 spring. The only way to get equipment into the Page 6 TOP ~~C~T//COl\UNT//RELTO USA, MJS, €*f( 6Bft:, N2':L