US spies, seeking to retrieve cyberweapons, paid US$100,000 to Russian peddling dirt on Trump

The theft of the secret hacking tools had been devastating to the NSA, and the agency was struggling to get a full inventory of what was missing.
PHOTO: REUTERS

BERLIN (NYTIMES) - After months of secret negotiations, a shadowy Russian bilked American spies out of US$100,000 (S$133,000) last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on US President Donald Trump, according to US and European intelligence officials.

The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a US$1 million payout, according to US officials, the Russian and communications reviewed by The New York Times.

The theft of the secret hacking tools had been devastating to the NSA, and the agency was struggling to get a full inventory of what was missing.

Several US intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Trump and others, including bank records, emails and purported Russian intelligence data.

The US intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the US government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.

The Central Intelligence Agency declined to comment on the negotiations with the Russian seller.

The NSA, which produced the bulk of the hacking tools that the Americans sought to recover, said only that "all NSA employees have a lifetime obligation to protect classified information".

The negotiations in Europe last year were described by US and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian.

The US officials worked through an intermediary - an American businessman based in Germany - to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. US intelligence agencies spent months tracking the Russian's flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said.

The NSA even used its official Twitter account to send coded messages to the Russian nearly a dozen times. The episode ended with US spies chasing the Russian out of Western Europe, warning him not to return if he valued his freedom, the American businessman said. The Trump material was left with the American, who has secured it in Europe.

The Russian claimed to have access to a staggering collection of secrets that included everything from the computer code for the cyberweapons stolen from the NSA and CIA to what he said was a video of Trump consorting with prostitutes in a Moscow hotel room in 2013, according to U.S. and European officials and the Russian, who agreed to be interviewed in Germany on the condition of anonymity. There remains no evidence that such a video exists.

The Russian was known to US and European officials for his ties to Russian intelligence and cybercriminals - two groups suspected in the theft of the NSA and CIA hacking tools.

But his apparent eagerness to sell the Trump "kompromat" - a Russian term for information used to gain leverage over someone - to US spies raised suspicions among officials that he was part of an operation to feed the information into U.S. intelligence agencies and pit them against Trump. Early in the negotiations, for instance, he dropped his asking price from about $10 million to just over $1 million. Then, a few months later, he showed the American businessman a 15-second clip of a video showing a man in a room talking to two women.

No audio could be heard on the video, and there was no way to verify if the man was Trump, as the Russian claimed. But the choice of venue for showing the clip heightened U.S. suspicions of a Russian operation: The viewing took place at the Russian Embassy in Berlin, the businessman said.

There were other questions about the Russian's reliability. He had a history of money laundering and a thin legitimate cover business - a nearly bankrupt company that sold portable grills for streetside sausage salesmen, according to British incorporation papers.

"The distinction between an organized criminal and a Russian intelligence officer and a Russian who knows some Russian intel guys - it all blurs together," said Steven L. Hall, former chief of Russia operations at the CIA. "This is the difficulty of trying to understand how Russia and Russians operate from the Western viewpoint." U.S. intelligence officials were also wary of the purported kompromat the Russian wanted to sell. They saw the information, especially the video, as the stuff of tabloid gossip pages, not intelligence collection, U.S. officials said.

But the Americans desperately wanted the hacking tools. The cyberweapons had been built to break into the computer networks of Russia, China and other rival powers. Instead, they ended up in the hands of a mysterious group calling itself the Shadow Brokers, which has since provided hackers with tools that infected millions of computers around the world, crippling hospitals, factories and businesses.

No officials wanted to refuse information they thought might help determine what had happened.

"That's one of the bedeviling things about counterintelligence and the wilderness that it is - nobody wants to be caught in a position of saying we wrote that off and then five years later saying, 'Holy cow, it was actually a real guy,'" Hall said.

US intelligence agencies believe that Russia's spy services see the deep political divisions in the United States as a fresh opportunity to inflame partisan tensions. Russian hackers are targeting American voting databases ahead of the midterm election this year, they said, and using bot armies to promote partisan causes on social media. The Russians are also particularly eager to cast doubt on the federal and congressional investigations into the Russian meddling, US intelligence officials said.

Part of that effort, the officials said, appears to be trying to spread information that hews closely to unsubstantiated reports about Trump's dealings in Russia - including the purported video, whose existence Trump has repeatedly dismissed.

Rumors that Russian intelligence possesses the video surfaced more than a year ago in an explosive and unverified dossier compiled by a former British spy, and paid for by Democrats. Since then, at least four Russians with espionage and underworld connections have appeared in Central and Eastern Europe, offering to sell kompromat that would corroborate the dossier to US political operatives, private investigators and spies, US and European intelligence officials said.

US officials suspect that at least some of the sellers are working for Russia's spy services.

The Times obtained four of the documents that the Russian in Germany tried to pass to US intelligence (The Times did not pay for the material). All are purported to be Russian intelligence reports, and each focuses on associates of Trump. Carter Page, the former campaign adviser who has been the focus of FBI investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.

Yet all four appear to be drawn almost entirely from news reports, not secret intelligence. They all also contain stylistic and grammatical usages not typically seen in Russian intelligence reports, said Yuri Shvets, a former KGB officer who spent years as a spy in Washington before defecting to the United States just before the end of the Cold War.

Join ST's Telegram channel and get the latest breaking news delivered to you.