A top-secret National Security Agency document, dated 2011, describes how, by “sheer luck,” an analyst was able to access the communications of top officials of Venezuela’s state-owned oil company, Petróleos de Venezuela.
Beyond the issue of spying on a business, the document highlights a significant flaw in mass surveillance programs: how indiscriminate collection can blind rather than illuminate. It also illustrates the technical and bureaucratic ease with which NSA analysts are able to access the digital communications of certain foreign targets.
The document, provided by NSA whistleblower Edward Snowden, is a March 23, 2011, article in the NSA’s internal newsletter, SIDtoday. It is written by a signals development analyst who recounts how, in addition to luck, he engaged in a “ton of hard work” to discover that the NSA had obtained access to vast amounts of Petróleos de Venezuela’s internal communications, apparently without anyone at the NSA having previously noticed this surveillance “goldmine.”
That the NSA, unbeknownst to itself, was collecting sensitive communications of top Venezuelan oil officials demonstrates one of the hazards of mass surveillance: The agency collects so much communications data from around the world that it often fails to realize what it has. That is why many surveillance experts contend that mass surveillance makes it harder to detect terrorist plots as compared to an approach of targeted surveillance: An agency that collects billions of communications events daily will fail to understand the significance of what it possesses.
This newest revelation of NSA spying, reported as part of The Intercept’s partnership with teleSUR, comes just weeks after the Wall Street Journal reported that the U.S. government has launched “a series of wide-ranging investigations” into alleged corruption at Petróleos de Venezuela, or PDVSA. That the NSA had obtained access to the electronic communications networks of key PDVSA officials raises the question of whether the agency’s spying has secretly aided the criminal investigations into corruption as well as other government actions targeting the company.
Access to these official PDVSA communications came at a critical moment in U.S.-Venezuela relations, which have been fraught since Hugo Chávez was first elected president in 1998 and particularly since a failed 2002 coup attempt by U.S.-funded groups. Two months after the discovery of this spying access, the U.S. State Department announced the imposition of economic sanctions against PDVSA, accusing the company of trading with Iran in violation of unilateral U.S. restrictions.
At the time, Venezuela was also confronting multibillion-dollar arbitration cases in international tribunals filed by U.S. oil giants Exxon Mobil and ConocoPhillips. The companies claim the Chávez government illegally expropriated large-scale drilling operations in the Orinoco oil belt and handed them over to PDVSA subsidiaries without just compensation.
A heavy crude treatment plant operated by Venezuela’s state-owned oil company, PDVSA, in the oil-rich Orinoco belt, April 16, 2015. Photo: Carlos Garcia/Reuters /Landov
Spying on PDVSA: Discovering “a goldmine” by “sheer luck”
The NSA analyst who stumbled into this access began his investigation inauspiciously. As he recounts, he opened PDVSA’s website in a browser and wrote down the names of the company’s leaders. He then simply plugged those names into a handful of internal NSA tools and databases such as CADENCE, UTT and PINWALE.
He quickly compiled an enormous cache of valuable leads: over 10,000 employee information forms containing email addresses, phone numbers, and other identifying details — information that could be used to retrieve communications stored in the agency’s huge databases and for future targeting. The analyst also obtained 900 username and password combinations, which he handed off to the NSA’s top hacking team, Tailored Access Operations, to penetrate the company’s network and infect its leadership’s computers with malware.
“By sheer luck, (and a ton of hard work) I discovered an important new access to an existing target and am working with TAO to leverage a new mission capability,” he wrote.
“They’re capturing so much information from their cable taps that even the NSA analysts don’t know what they’ve got.”
Prior to this breakthrough, the NSA’s spying efforts against Venezuelan energy operations were producing very little fruit, but not for lack of interest. Petroleum represents “more than half of all government revenues,” wrote the analyst, and thus, “to understand PDVSA is to understand the economic heart of Venezuela.” But a 2010 review showed that collection had gone “stagnant.”
One “telltale sign” that the NSA was failing on this target set, he said, was that “most reporting was coming from warranted collection.” That likely meant that the only surveillance the NSA was able to exploit was coming from communications transiting U.S. soil, which would require a secret warrant from the Foreign Intelligence Surveillance Court.
To ratchet up warrantless surveillance, the analyst decided to rebuild the collection strategy from scratch, running what he called a “target reboot” in search of “information at the highest possible levels” of PDVSA: “namely, the president and members of the Board of Directors.”
The analyst initially searched for those names in PINWALE, the NSA’s database of digital communications that have been automatically culled from the massive flows of intercepted data using a dictionary of search terms, or “targeting selectors,” including email addresses, IP addresses and user IDs.
This produced few emails from PDVSA’s leaders, but the 10,000 employee contact profiles, included those of PDVSA’s then-president, Rafael Dario Ramírez, and former company vice president Luis Felipe Vierma Pérez.
“Now, even my old eyes could see that these things were a goldmine of valid selectors,” the analyst wrote, full of previously unmonitored “work, home, and cell phones, email addresses, LOTS!” In other words, the analyst had uncovered another set of leads to run against larger NSA data sets.
A screenshot from a top-secret NSA document showing the internal contact profile of Rafael Dario Ramírez, then-president of PDVSA.
Later, the analyst gleefully realized that these profiles were not available on the public web. They were all being served to private IP addresses. “WTHeck??? Yep, seems I had been looking at internal PDVSA comms all this time!!!”
Accessing a foreign private network is often technically challenging but bureaucratically simple by NSA standards, requiring low levels of internal review and legal authority. For a target such as an oil company, internal communications are the most valuable intelligence resource possible.
“It’s interesting that the analyst ‘discovered’” access to internal PDVSA communications, Matthew Green, a professor at the Johns Hopkins Information Security Institute, wrote in an email to The Intercept after reviewing the document. The word “discovered” suggests that the NSA either “didn’t realize” it was collecting on this important source or there was an internal communications failure. The NSA possesses the equivalent of “a very ugly version of Google with half the world’s information in it” and a plethora of automated tools to exploit it, said Green, but “an analyst has to occasionally step in and manually dig through the data” to find the treasures hiding in plain sight.
“They’re capturing so much information from their cable taps that even the NSA analysts don’t know what they’ve got,” he added.
“PDVSA funds and runs the revolution”
Petroleum has long defined U.S. government and corporate interest in Venezuela, which possesses the largest proven reserves in the world. In a 1974 State Department cable, then-U.S. Ambassador Robert McClintock wrote: “As a principal supplier of oil and iron ore to the U.S., as a major trading partner and host to a large U.S. private investment, Venezuela is fa[r] too important to allow us to drift into an adversary relationship.”
Two years later, Venezuela would nationalize its oil reserves, but U.S. interests continued to be served for decades by a series of U.S.-friendly, U.S.-supported right-wing governments. That all changed when Hugo Chávez swept into the presidency in 1998 on a populist mandate and began to change the decadeslong status quo.
“Along comes Chávez and closes the loopholes in the 1976 nationalization law and alters the nature of the relations between the state and the foreign companies,” Miguel Tinker Salas, historian of Venezuela’s oil industry at Pomona College, told The Intercept.
Washington viewed the Chávez government as an economic and political threat that derived its power from petrodollars. According to a 2009 State Department cable released by WikiLeaks, “PDVSA funds and runs the revolution.”
A sign at a gas processing plant east of Caracas, Venezuela, shows former President Hugo Chávez. Photo: Diego Giudice/Bloomberg News/Getty Images
Previous Snowden revelations show that PDVSA is not the only major petroleum company to be targeted for economic espionage. Brazil’s government-controlled oil company, Petrobras, as well as its ministerial overseer, the Ministry of Mines and Energy, were targeted by the NSA and Canada’s CSEC, respectively, according to documents published by TV Globo in 2013. Russia’s Gazprom was also listed as a “target.” Intelligence reporting on oil in Venezuela is referenced in a 2013 presentation detailing the NSA’s PRISM program.
Prior to the Petrobras revelation, an NSA spokesperson told the Washington Post, “The [defense] department does ***not*** engage in economic espionage in any domain, including cyber” (emphasis in the original).
After the Globo story, Director of National Intelligence James Clapper significantly narrowed that broad claim. In a statement, he acknowledged that the United States does conduct economic espionage: “It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.”
But Clapper denied such intelligence is used to directly benefit U.S. corporations. “What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line,” Clapper said.
Subsequent to the PDVSA “target reboot,” the U.S. executive branch has undertaken multiple actions — including sanctions against the state-run company in 2011, a money-laundering finding and an executive order, both in March 2015, and multiple reported corruption investigations — putting additional economic and reputational pressure on a company already squeezed by low global oil prices and protracted court battles with U.S. oil majors.
According to Tinker Salas, the Pomona professor, “It is difficult to imagine that the [U.S.] sanctions and the ongoing dispute with Exxon are not connected.”
In the lead-up to next month’s legislative elections, U.S. actions against the Venezuelan government have amounted to a “full-court press,” Mark Weisbrot, co-director of the Center for Economic and Policy Research, told The Intercept.
“In recent months, Washington has been campaigning to de-legitimize the Venezuelan election, with leaks and even indictments from the Justice Department and DEA.”
On November 10, weeks before Venezuela’s national elections, DEA officials arrested two relatives of President Nicolas Maduro, who were indicted for allegedly conspiring to traffic cocaine to the United States.
Anonymous government officials told the New York Times last year that defendants in U.S. courts “have no right to know” if warrantless NSA surveillance collected abroad was used to build the case against them.
President Maduro said last month that he will file a lawsuit in the U.S. to challenge the executive order against his country.
The U.S. Justice Department did not respond to requests for comment from The Intercept.
PDVSA and Venezuelan government officials declined to comment for this story, as did the NSA.