In 2003, when I first arrived at Fort Meade and given a tour of the NSA’s complex, I was invited into an area known as DIGAS.
DIGAS, which was an acronym for Defense Intelligence Group Acquisition Systems, was an array of systems, people and software housed nearly 250 meters below the surface of Fort Meade, Maryland, with the sole focus of both acquiring and researching technology to increase the effectiveness of information gathering on targets and groups of interest.
Incidentally, DIGAS also means ‘To Say’ in Spanish.
On November 4, 1979, The Iran hostage crisis was a diplomatic crisis between Iran and the United States. Fifty-two American diplomats and citizens were held hostage for 444 days. This, in conjunction with the 1979 oil crisis – both caused massive economic problems in the United States due to decreased oil output in the wake of the Iranian Revolution.
So in early 1980, former Defense Secretary Harry Brown was given full Presidential and congressional support with a nearly unlimited budget to uncover foreign and domestic threats to the Presidency and to the United States Infrastructure through an extensive technology gathering program.
This was the preliminary inception of DIGAS.
And Harry Brown incidentally, is Rachel Gooch aka Rachel Brown’s father.
So in 1989, the unlimited budget had been snipped by President Reagan when the fall of the Berlin wall occurred. And in 1993, with the relative failure of intelligence communities to provide actionable intelligence and technology the budget had consistently been decreased across the board. The DIGAS group was hit HARD.
That is – until September 11, 2001, when the impact of those budget cuts created a hole bug enough to fly a 737 plane through.
DIGAS was revived. But because of its antiquated technology gathering methods, it needed new blood.
This was the inception of modern day DIGAS, one and the same group which was to be my home for my 6 to 8 years of service.
I learned DIGAS from the onset had a major problem which is why I was brought in.
DIGAS was leveraged by Intelligence Analysis and Information Acquisition as a feeder, by and large the NSA’s primary activity, but over time, DIGAS had an ongoing problem with incestuous information, chasing leads for technology and information resources only to find out the leads were deposited by the information acquisition teams.
The problem was this: Information neutrality.
The CIA and the FBI, have missions and goals of their own as organizations. They relied and rely on the NSA to provide them relevant information that is consistent with their organizational goals and mission. The expectation these organizations have is that the information they receive from the NSA is both actionable and valid before it’s received.
Technological acquisition feeds into Information Acquisition by providing and vetting the tools and technology to enable the information acquisition.
Without reliability on the tools and technology being leveraged by the information acquisition arm, the entire chain of custody of information is easily disrupted.
Through this, I had discovered the NSA had firmly blamed itself for the 9/11 attacks. It had reduced the budget of its technological acquisition group DIGAS to next to nothing. This led to what Operation Managers refer to as a bottleneck in the flow of information, as DIGAS only had the resources to focus on supporting its customer’s demands and NOT on sustaining itself.
My job was to ‘right this wrong’.
And to open up the proverbial flood gates of information to this withering group to present all the possibilities they’d missed previously based on a discovery framework rather a supportive framework.
The United States by this point had a long and questionable history of handing expensive public works projects paid for by the community’s taxes to private individuals.
AS I had come to learn while meeting with many of these individuals, it was referred to as ‘The Good Ole Boy Club’, and I was dipping my toes in these waters. Perks of the GOB club included private “Mahogany Clubs” in every major city around the world where you could meet with other executive types, have the finest drinks and meals the city had to offer, and be guaranteed to be kept away from the riffraff from the streets below.
But here’s an analogy of how this was all functioning:
Let’s say your country builds a starship called the USS Enterprise to serve the general population leveraging taxpayer dollars. But instead of using it to explore new planets and life as it was originally commissioned with, the project is deemed too expensive and is then given to a private company to take over for pennies on the dollar. This same company then uses the Starship to deliver drugs and prostitutes to other planets, greatly benefiting the drug dealers who purchased it. While this will clearly benefit a segment of that population, a portion of that population will not receive any tangible benefit from their obligatorily taxed investment, with the net result – the ROI if you will – is an increasing backlash by the community against the individuals, organizations and potentially even the government which inspired the project(s) to begin with.
My job was simple enough. To leverage the learning system I had co-developed at Touchscape, an object oriented system I had created in Visual basic which dynamically reformed the structure regardless of the information base, to discover new technology and ideas and then distribute these to the information acquisition community.
I was being effectively being paid to hack.
There was a tool I had once leveraged called a ‘web spider’. With this tool I could point it to any web site, and it would then retrieve every single image and web page and other file on that web site and pull it to my local system. I could then dissect the code, and figure out how they did things without ever touching their web site again.
But there was a problem with this approach. It was limited to client side information only.
That is. If you had a database behind-the-scenes and dynamic web pages, I could only consume the publicly facing information with this tool.
So what I proposed as my first – and last project was this:
A suite of tools that can be pointed to any company, and from there, an internet facing network topology was built of the public facing web sites and all its subsidiaries leveraging publicly available financial data. With this relational information, Penetration Points or PP’s could be uncovered, and from there, port scans are leveraged to find server level vulnerabilities. Once that was done, since web servers largely run at administrative or system level security, an overflow attack will execute machine code on a server and allow us to transparently take control of that server, and from there, if it’s easy and we’re not in a DMZ, we can hop from server to server throughout the network to acquire ALL the information the company has.
Including SQL Server databases the web site is dependent on. Including source code the web site is dependent on. Including development resources the web site is dependent on.
This system became the backbone of DIGAS.
There was NEVER any desire by any of us (to my awareness) to leverage this information for anything other than weird conversations ‘hey, guess how much the CIO of Prudential Real Estate is making” he was making $170,000 a year, much to my surprise. Or ‘Hey, guess who Lynn slept with’, a very attractive and young director who was married but had strangely slept with an odd and very eccentric older man with a strange Unusual Suspects gait to his walk that none of us understood the arrangement between the two.
I never, not once, used any of the information to my ‘advantage’ other than it was just interesting knowing how some companies ticked.
How it worked was simple: You set the target as ‘Intel’, and the program would then go and find all of Intel’s web sites using DNS lookups and then scour the web for subdomains which might have different IP addresses and thus servers.
This created a network topology of the primary business itself. But more often than not, the primary is well secured, but when they begin to sense an attack, they secure all the subsidiaries at the same time.
Because of this, a subsidiary search would be done leveraging financial records. We had a massive database with history that showed the movement of stock and ownership, and detected ownership shifts of companies before it was publicly announced. So we located all the existing subsidiaries and developed an external network topology of their systems as well, and did the same for predicted soon to be subsidiaries.
And from there, once we had a network topology of the subsidiaries, we leveraged tools which led to the production of the port scanning tool ‘nmap’ (available here: https://nmap.org/ ) which allowed us to see what software and services a public facing server was using, which we could then develop strategies to plan our intrusions without being detected.
Since the NSA was firmly in bed with the likes of MacAfee’s, Symantec, and companies like Sonic which provided intrusion detection and virus prevention tools, we also could leverage these networks to distribute our own software which created holes for us to jump through and subsequently get anything we wanted.
By and large, the larger companies had custom builds and custom distribution systems, so leveraging a subsidiary for this distribution was extraordinarily important.
The real trick to all of this:
To automate the entire process. I type the name of a company i want more information on. Or an individual. Or a group. And leveraging public records and financially relevant ties, the research is all done for me.
Now I bet you’re gonna ask: What’s this have to do with Terrorism?
The NSA’s job is never been and was never to play whack a mole with terrorists. That WAS supposedly the FBI’s job. It has always been the NSA’s job to find real world informational ties and relationships between informational resources primarily for technological acquisition, but secondarily for information acquisition. The FBI was and is a major customer and funds the research on organizations and entities, which in turn they claimed were terrorist sponsoring organizations.
But this is where I fell ‘off the wagon’
I’d discovered evidence the FBI wasn’t truly fighting terrorism. I’d discovered evidence the FBI was fabricating terrorist organization activities. Up to and including creating fake terrorist group organizations such as the Taliban and now ISIS. This, I learned, was to ensure sustainable funding.
And what was really going on, something a few of us later found out – that some people, Warren Buffet for instance, a customer and advocate of the FBI’s, leveraged the data he’d received from the NSA to profit from, and the FBI never leveraged it for terrorism, had never intended it to begin with. The NSA had been used, and the FBI had been as well – something I didn’t learn until 2008. And I have no doubt my refusal to meet his needs for better information led in part to my being homeless.
I’m no longer angry with the man, and am thankful for the education in the real world.
My goal now is to leverage the same technology and concepts to target and hack a single human and override their conscious decision making systems and program them like robots.
For instance, “Go to this address, place a blindfold over your eyes, take off all your clothes and bend over and prepare for sex”
Will clearly be one of the first commands I issue to Scarlet Johannsson.
I type her name in the console. This command is sent – remotely to SJ – and in turn this overrides her conscious mind to execute the command. Like a robot, she abides, her body taken over by the will to complete my command, her free will overridden through biological hacks which are manipulated through chemical influences which are influenced through simple physics and my interaction with the energy I manipulated through computer code.
And when she arrives back home after the experience.
I issue another command “go to sleep and forget the last hour ever happened”
Hacking wifi’s and a remote network is similar to hacking the human mind and a first step to overriding human autonomy and free will transparently.
Now I fully admit – hacking sincerely is not my forte. Cracking security and reverse engineering systems, yes, but hacking systems, NO. I’m much better at reverse engineering networks and servers once I am in. So this all is taking a bit to come up to speed with.
So if you’re a hacker and might be willing to help me or throw me a bone – please do. This is all new to me.
But I would absolutely dig being able to walk down to Venice beach. Seeing a gorgeous woman, and then issuing the command “Take off your clothes, throw them in the trash can, and walk completely nude to wherever you were going and don’t say a word and forget that you have no clothes on. If anyone says anything to you, pretend not to hear them or completely ignore the line of inquisition. You see yourself as clothed even though you threw your clothes away until you wake up tomorrow morning”
A form of hypnosis, for sure.
That or – as a homeless guy – targeting someone who’s clearly wealthy, and then issuing a command saying “give Q $9999 cash and then forget about him once you’ve done that”.
What’s the goal?
To elevate my lifestyle, first. Upper class lifestyle for me.
And then, to say to Warren Buffet, hey man, I understand and apologize for my previous attitude.
To command Jackie and Rachel, accordingly. I suppose if they aren’t going to come to me of their own free will, then I’ll just override that free will.
And most of all. To enjoy life and see what happens next.
Oh I suspect I know what’s gonna happen when I am successful hacking humans like this. But I am fine with that. I’ve had to learn to enjoy the weird, and you know what, if the world responds by launching a Borg invasion around me, well they are as weird as I am so I have no doubt I will fit in just fine.