647 James Bamford on NSA bugging, and outsourcing to Israeli companies

James Bamford on NSA bugging, and outsourcing to Israeli companies

Newsletter published on 27 January 2014

The Shadow Factory : the ultra-secret NSA from 9/11 to the eavesdropping
on America

James Bamford

Anchor Books, New York, 2008

This material, as a Word file with bold emphasis added, is at
http://mailstar.net/Bamford-Shadow-Factory.doc

A pdf of the whole book is at http://www.bookarmor.com/_files/TSF.pdf

{p. 234} WIRETAPPERS

Just across busy Interstate 395 from the Pentagon, Crystal City is a
beehive of overweight contractors, military personnel in ill-fitting
civilian clothes, and spooks behind Ray-Ban aviation-style sunglasses.
In restaurants, walking down sidewalks, or filling up at gas stations,
nearly everyone has a stack of playing-card-size badges hanging on black
straps around their necks. Prestige is measured not in the make of their
jeans, or the cut of their suits, but by the color and number of their
badges, worn like battle ribbons from some secret war.

Once a desolate land of junkyards, drive-in movie theaters, used-car
lots, and towing companies, crisscrossed by rusted railroad tracks, this
area was transformed by the developer Robert H. Smith in the 1960s.
Hoping to give his new community a fresh image, he hung an elaborate
crystal chandelier in the lobby of the first building and named it
Crystal House. Thereafter, every other building took on the Crystal
theme—Crystal Gateway, Crystal Towers—until the entire area became
Crystal City. Like the nature of the work that goes on there, much of
the city is hidden from view.

On one level, Crystal City is a modern vertical village of sixty
thousand daytime workers cocooned in odd-shaped dominos of glass, brick,
and cement. Bland office towers connect to bland hotels that connect to
bland no-name government high-rises. But below the buildings, streets,
and sidewalks is a hidden, underground city of chophouses and
flower-decorated boutiques, sushi dens and shoe repair shops. It is a
place where

{p. 235} people just back from the Green Zone bump into one another and
others on their way to Afghanistan pick up electric transformers and
have their body armor tailored.

Crystal City was thus an ideal venue for the Wiretappers' Ball. Known
formally as the Intelligence Support System World Conference, it is a
once-a-year secretive conclave of engineers and scientists in search of
the ultimate bug. It is the place to come to discuss the latest
developments in mass surveillance, how to listen in on entire continents
at the least cost, and the best ways to tap into—or shut down—the newest
Internet phone system. Picking up shiny brochures at booths and
listening to the lectures are an assortment of doctoral-level computer
scientists; electrical engineers with decades in the telecom business;
government agents from superpowers and mini-states, democracies and
dictatorships; and wealthy venture capitalists and start-up owners
trying to impress them. The one group conspicuously absent is anyone
even remotely connected to the media—a policy enforced by linebackers
with earplugs and bulges under their blue blazers.

In 2006, the three-day Wiretappers' Ball was held in Crystal City's
Hilton in late May. A sense of the atmosphere can be gleaned from the
highly confidential program of lectures. On Monday, May 22, at 4:00, one
could attend a talk on "Combining Data and Voice over Broadband into a
Unified Interception Solution" given by an employee of Verint Systems.
On Tuesday at 1:30, another Verint employee addressed "Broadening the
Scope of Interception: Data Retention." A half hour later an employee of
Agilent Technologies spoke about "Comprehensive Data Extraction for
Flexible and Accurate Intelligence." Then at 2:45, still another Verint
worker discussed "Comprehensive Solutions for Packet Data Collection:
DEEPVIEW." "Verint's DEEPVIEW," said the description of the talk, "is a
packet data collection system with the comprehensive functionality to
penetrate deep into communications and turn raw, intercepted data into
actionable intelligence and compelling evidence."

And on Wednesday, at 10:15, an employee of NICE Systems addressed the
topic of "Unifying Telephony, VoIP and IP Interception for a Complete
Overview of Your Target's Interactions." For those still awake, another
Verint worker then took on the topic of "Challenges of Implementing
Passive Interception for IMS [Instant Message Systems]." Next, the
company NSC discussed locating keywords in masses of informa-

{p. 236} tion in a lecture titled "NSC Spotter." "NSC's Key-Word
Spotting (KWS) engine," said a company employee, "is designed for
locating predefined words in audio conversations in real-time and
off-line calls. The engine is used for speech analytics and call
surveillance."

This hidden-from-view bugging industry got its start as a result of the
passage of CALEA in 1994. The law mandated the telecom companies to
configure their networks to supply the government with intercepts
authorized by a court-issued warrant. But following the attacks on 9/11
and President Bush's secret order to begin massive warrantless
eavesdropping, the industry began a period of explosive growth. Not only
were sales booming, so was the competition to build bigger and better
"mass surveillance systems" that incorporated both nationwide
interception capabilities and advanced data-mining techniques. Once
built, the systems were sold to whoever would buy them, including some
of the most repressive and authoritarian governments on the planet.

Closer to home, America's two major telecom companies, AT&T and Verizon,
have outsourced the bugging of their entire networks—carrying billions
of American communications every day—to two mysterious companies with
very troubling foreign connections. In AT&T's secret room in San
Francisco, a mirror image of all data entering the building is filtered
through surveillance equipment supplied and maintained by Narus.
Verizon, which controls most of the rest of the country's domestic and
international communications networks, chose a different company.

According to knowledgeable sources, that company is Verint. According to
these sources, in 2006 Verizon constructed its "secret room" on the
second floor of a nondescript two-story building at 14503 Luthe Road in
Houston, Texas. Once Verizon receives watch-listed names from the NSA,
it then reroutes their Internet communications into that room, which is
packed with secret Verint machines and software. After passing through
the Verint hardware, the messages are then transmitted in real time to a
central government surveillance hub in Sterling, Virginia.

Run by the FBI, the hub is a newly built annex for the bureau's
Engineering Research Facility (ERF), located on the grounds of the FBI
Academy in Quantico, Virginia. Among the technologies developed by ERF
is Carnivore, later given the more benign-sounding name DCS-1000, which
is a sophisticated Internet "packet sniffer." While Verint and Narus
sift through traffic at key Internet gateways around the country, Carni-

{p. 237} vore, or one of its successors, is used when the target has
been narrowed down to a smaller, individual ISP. Thus, if Verint detects
that a target is a subscriber to a small California-based Internet
provider, the FBI can install its DCS-1000 at the company's office to
record his activity. The device can also transmit the data back to the
FBI in real time. An encrypted T1 cable connects the ERF Annex in
Sterling directly to the NSA at Fort Meade.

Follow-on projects to the DCS-1000 include the DCS-5000, which is
designed for FISA surveillance; the DCS-3000 for pen register (a device
used to record all numbers dialed from a tapped phone) and
trap-and-trace taps; and the DCS-6000, nicknamed Digital Storm, which
intercepts the contents of phone calls and text messages. Once the
information is sent back to the ERF, it is indexed and prioritized by
the bureau's Electronic Surveillance (ELSUR) Data Management System.
Other eavesdropping tools in the FBI's toolbox include a collection of
intrusive spyware such as CIPAV, which stands for Computer and Internet
Protocol Address Verifier. The program can be remotely implanted into a
target computer to secretly send back to intelligence agents key details
about the machine, including its IP address, operating system type,
Internet browser, and a list of active programs. The CIPAV then
transforms itself into a cyber pen register, logging the address
information of every computer with which it comes into contact and then
transmitting the details back to the ERF Annex in Sterling.

Another remotely installed and operated program, Magic Lantern, has the
capability of recording and transmitting back in real time the target's
every keystroke. Both spyware programs have likely been used on foreign
targets, but only CIPAV appears to have been used domestically thus far.
It was implanted in a target's MySpace account, and when he opened it,
it launched in his system.

While Verizon's data network is centrally tapped at Luthe Road in
Houston, it appears that the voice network is monitored from the
company's sprawling facility on Hidden Ridge Avenue in Irving, Texas,
near Dallas. It is there that the company's Global Security Operations
Center keeps tabs on the entire Verizon system, looking for fraud.
According to a sworn affidavit by Babak Pasdar, a computer security
expert who has worked as a contractor for a number of major telecoms, he
discovered a mysterious DS-3 line at the heart of one company's system—a
link

{p. 238} labeled "Quantico Circuit." His description of the company and
the link seems to match that of Verizon as outlined in a lawsuit against
the company. "The circuit was tied to the organization's core network,"
Pasdar said. "It had access to the billing system, text messaging, fraud
detection, website, and pretty much all the systems in the data center
without apparent restrictions." He added, "Everyone was uncomfortable
talking about it."

While such tools as DCS-1000 and CIPAV are used on a small number of
select targets, Verint and Narus are superintrusive—conducting mass
surveillance on both international and domestic communications 24/7.
What is especially troubling, but little known, is that both companies
have extensive ties to a foreign country, Israel, as well as links to
that country's intelligence service—a service with a long history of
aggressive spying against the U.S. Equally troubling, the founder and
former chairman of one of the companies is now a fugitive, wanted by the
FBI on nearly three dozen charges of fraud, theft, lying, bribery, money
laundering, and other crimes. Although there has long been Congressional
oversight of the telecom industry, there is virtually no oversight of
the companies hired to do the bugging.

Verint was founded by a former Israeli intelligence officer, Jacob
Alexander, who often goes by the nickname "Kobi." His father, Zvi
Alexander, was a wealthy Israeli oil baron and an international
wheeler-dealer who ended up running the country's state-owned oil
company. To win drilling franchises, he would make political payments to
African cabinet ministers, often in partnership with the U.S. tax cheat
Marc Rich, who became a fugitive and was given sanctuary in Israel. In
his autobiography, the senior Alexander ridiculed America for
criminalizing the bribery of foreign officials. The U.S., he wrote, is
"very sanctimonious" and "refuses to accept the facts of life in the
developing world."

Like his father, Kobi was also interested in making millions. After
earning a degree in economics from the Hebrew University of Jerusalem in
1977 and spending several years in Israeli intelligence, he moved to New
York, where he worked as an investment banker at Shearson Loeb Rhoades
(now Smith Barney) while attending New York University at night for his
MBA in finance.

Soon after completing his degree in 1980, Alexander returned to Israel
and formed a voiceand fax-messaging company with two other Israelis,

{p. 239} Boaz Misholi and his brother-in-law, Yechiam Yimini. Called
Efrat, the start-up was financed in part with subsidies from the Israeli
government. Four years later, the three returned to New York and opened
a company called Comverse, which was also incorporated in Israel. Its
name a blend of "communications" and "versatility," Comverse became
heavily involved in wireless technology, voice-mail software, and other
areas of the telecom sector.

While deal making was taking place in the U.S., the secretive research
and development was done in Comverse Technology's Israeli headquarters.
Surrounded by sushi bars, gourmet coffee places, and a kosher
McDonald's, the research center and other facilities are located in a
cluster of seven buildings on Habarzel Street in Tel Aviv's high-tech
Ramat Hahayal industrial park. In Israel, Alexander had become widely
celebrated for his telecom fortune. "Kobi was an Israeli hero, one of
our real hightech pioneers," said Ron Tira, a Tel Aviv–based mutual fund
manager with investments in Comverse.

One of the new products being developed in Tel Aviv was a digital
surveillance device called AudioDisk that could monitor and record
hundreds of telephone and fax machine lines simultaneously. The machine
made the old reel-to-reel tape recorders obsolete: the data could be
stored in "jukeboxes" and be available to the user instantly. The use of
digital technology also meant that a key word or phrase could be located
immediately, rather than by rewinding the tape to the right spot. The
system was a major hit with intelligence agencies and police units in
the U.S. and around the world, and ended up bringing in half of the
company's revenues in 1993. Eventually, the business was spun off into a
separate subsidiary called Comverse Infosys.

The security surge that followed the attacks on 9/11 sent the value of
the company skyrocketing. Five months after the attacks, Alexander
renamed the subsidiary Verint Systems, Inc. (short for Verified
Intelligence), took over as chairman, and made plans to take it public.
Named president and CEO was Dan Bodner, a former Israeli army engineer
with degrees from the Technion and Tel Aviv University, and nearly
fifteen years of experience at Comverse.

Soon, Verint was selling its "actionable intelligence solutions" to
"more than 5,000 organizations in over 100 countries" around the world,
according to the company, including the most repressive. For Kobi Al-

{p. 240} exander the war on terror was a boom time. He purchased a
number of expensive condominiums in a luxury high-rise on New York's
West 57th Street, bought a 25 percent stake in Tel Aviv's basketball
team, entertained clients at Knicks games at Madison Square Garden, and
bragged he could borrow oodles of money with a few business ideas
scribbled on a napkin. No matter how much he had, Alexander's deep
pockets could always hold more—and he decided the U.S. was the place to
get it.

As his Israeli engineers in Tel Aviv built bigger and better bugs,
Alexander wanted to attract the rapidly expanding U.S. intelligence
community. He thus placed the former NSA director Lieutenant General Ken
Minihan on the company's "security committee" and soon the NSA and other
parts of the spy world were signing on. Then came the contract to
install its machines at the heart of the Verizon network, the nation's
second-largest telecom company. The Verint system chosen was STARGATE.

"With STAR-GATE," says the company's sales literature, "service
providers can access communications on virtually any type of network,
retain communication data for as long as required, and query and deliver
content and data ... Designed to manage vast numbers of targets,
concurrent sessions, call data records, and communications, STAR-GATE
transparently accesses targeted communications without alerting
subscribers or disrupting service. Verint partners with leading switch
and network equipment vendors across the globe to deliver passive,
active, and hybrid solutions for a wide range of communication services
and communication technologies ... STAR-GATE can easily be customized to
operate with any switch or storage platform type, model, or software
version and can be easily integrated into any environment. Its modular
architecture facilitates simple upgrade or adaptation to meet the
demands of new communication protocols and technologies."

During a conference call with investors, company president and CEO Dan
Bodner gave some examples of how customers used the company's mass
interception equipment. One sounded like the NSA: "A multimilliondollar
expansion order for our Communications Interception Solution for an
international government agency customer. This government customer is
deploying our solution to enhance national security by improving its
ability to intercept information, collect it from wireless, wireline,
and cable networks." Another sounded like Verizon. "Examples of recent or-

{p. 241} ders for Verint's STAR-GATE solution for service providers
include ... a multimillion-dollar expansion order for a U.S. wireless
service provider." Another could be Mexico or another of Verint's one
hundred country customers. "An order for our Communications Interception
Solution for a new government agency customer in a new country for
Verint. This new customer is deploying our solution country-wide to
enhance the national security by intercepting and analyzing mass amounts
of voice and data collected from wireless networks."

Thus, by 2004, a large percentage of America's—and the world's— voice
and data communications were passing through wiretaps built, installed,
and maintained by a small, secretive Israeli company run by former
Israeli military and intelligence officers. Even more unnerving is the
fact that Verint can automatically access the mega-terabytes of stored
and real-time data secretly and remotely from anywhere, including
Israel. This was revealed in a closed-door hearing in Australia, another
one of Verint's customers. The hearing was held because Verint's system
had been called "a lemon" by the Australian government and they were
about to get rid of it. In a last-minute attempt to salvage the
contract, company executives flew to Australia to plead their case.

One of the problems that most concerned a government watchdog group, the
Corruption and Crime Commission (CCC) Subcommittee, was the fact that
while they themselves had difficulty getting access to the intercepted
data, Verint was accessing the data remotely from thousands of miles
away. "The CCC," said subcommittee member Graham Giffard, "has some
issues," including "the fact that your company is foreign owned ... and
that you can access data from overseas but the CCC seems restricted in
its ability to access data within that system." Zvi Fischler, the
company's Tel Aviv–based vice president for marketing and sales,
admitted the company conducts such activities. "We sometimes operate by
remote access," he said. "We connect to the system from remote in order
to download some software." The explanation didn't seem to satisfy the
Australian officials, however, and Fischler agreed to stop. "If the CCC
finds it inappropriate to allow such access, we will of course not do it
this way," he said.

At the time, Verint in Australia was tapping only phone calls, but
Fischler offered to expand the monitoring system to include the
Internet. "Specifically addressing additional capacity," he said, "one
issue could be

{p. 242} increasing the capacity in terms of number of interceptions.
That is easily done. It could be done in a matter of a few weeks.
Another upgrade that has already been offered is to increase the
capacity to intercept different types of traffic that [are] not
intercepted now. I mentioned broadband Internet access from the Internet
service providers. We have indeed offered this kind of capacity increase."

While Verint can provide mass interception of data and phone calls, one
of its Israeli spinoffs, PerSay, can go one step further and offer
"advanced voice mining." The company, based in Tel Aviv, employs a
system "that efficiently searches for a target's voice within a large
volume of intercepted calls, regardless of the conversation content or
method of communication." Thus, with remote access to the internal and
international voice and data communications of over one hundred
countries around the world, including the United States, Verint's
headquarters in Tel Aviv has a capability rivaled only by NSA's, if not
greater, especially when coupled with PerSay's voice-mining capability.

PerSay is an example of how close and interconnected these companies are
with Israel's intelligence community—a factor of great concern
considering how much of their bugging equipment is now secretly
hardwired into the American telecommunications system. Among those on
PerSay's board of directors is Arik Nir, a former senior official in
Shin Bet, Israel's internal security service. Nir is also the managing
director of PerSay's financial backer, Athlone Global Security, which
counts former Mossad chief Ephraim Halevy on its advisory board. Athlone
was one of the companies in the NSA's "incubator," the Chesapeake
Innovation Center in Annapolis, Maryland.

Although there is no evidence of cooperation, the greatest potential
beneficiaries of this marriage between the Israeli eavesdroppers and
America's increasingly centralized telecom grid are Israel's
intelligence agencies. "There is a huge, aggressive, ongoing set of
Israeli [intelligence] activities directed against the United States," a
former intelligence official told Los Angeles Times reporters Bob Drogin
and Greg Miller in 2004. "Anybody who worked in counterintelligence in a
professional capacity will tell you the Israelis are among the most
aggressive and active countries targeting the United States." The former
official discounted repeated Israeli denials that the country exceeded
acceptable limits to obtain information. "They undertake a wide range of
technical operations

{p. 243} and human operations," he said. "The denials are laughable." In
2005, Lawrence A. Franklin, a senior Pentagon official, pled guilty to
spying for Israel, and in 2008 two top officials of Israel's U.S. lobby,
AIPAC, are scheduled for trial on similar charges.

The agency responsible for worldwide eavesdropping in Israel is the
hypersecret Unit 8200, that country's NSA. "Unit 8200 is the technology
intel unit of the Israeli Defense Forces Intelligence Corps," said Unit
veteran Gil Kerbs. "In Israel," he said, "one's academic past is somehow
less important than the military past. One of the questions asked in
every job interview is: Where did you serve in the army? ... When it
comes to high-tech jobs, nothing can help you more than the sentence,
'I'm an 8200 alumnus.' "

According to a former chief of Unit 8200, both the veterans of the group
and much of the high-tech intelligence equipment they developed are now
employed in high-tech firms around the world. "Cautious estimates
indicate that in the past few years," he told a reporter for the Israeli
newspaper Ha'aretz in 2000, "Unit 8200 veterans have set up some 30 to
40 high-tech companies, including 5 to 10 that were floated on Wall
Street." Referred to only as "Brigadier General B," he added, "This
correlation between serving in the intelligence Unit 8200 and starting
successful high-tech companies is not coincidental. Many of the
technologies in use around the world and developed in Israel were
originally military technologies and were developed and improved by Unit
veterans." Having both trained alumni of the organization and
sophisticated eavesdropping equipment developed by Unit 8200 in foreign
countries would be an enormous intelligence windfall, should Israel be
able to harness it.

Retired Brigadier General Hanan Gefen, a former commander of Unit 8200,
noted his former organization's influence on Comverse, which owns
Verint, as well as other Israeli companies that dominate the U.S.
eavesdropping and surveillance market. "Take NICE, Comverse and Check
Point for example, three of the largest high-tech companies, which were
all directly influenced by 8200 technology," said Gefen. "Check Point
was founded by Unit alumni. Comverse's main product, the Logger, is
based on the Unit's technology."

Check Point, a large Israeli-based company that sells firewalls and
other Internet security software from an office in Redwood City,
California, was founded by Unit 8200 veteran Gil Shwed. Today the four years

{p. 244} he spent in the Unit go virtually unmentioned in his official
biography. In 2006, the company attempted to acquire the firm
Sourcefire, whose intrusion-prevention technology is used to protect the
computer assets of both the Pentagon and NSA. Because of the potential
for espionage, the deal set off alarm bells at the NSA and FBI and it
was eventually killed by the Committee on Foreign Investments in the
U.S., an oversight board. Alan T. Sherman, a specialist in information
assurance at the University of Maryland, Baltimore County, noted the
potential for "information warfare" was likely. "It's easy to hide
malicious [software] code. Sometimes it just takes a few lines of
malicious code to subvert a system." Nevertheless, despite the fact that
many of the NSA's and the Pentagon's sensitive communications—like those
of the rest of the country—travel across the tapping equipment of Verint
and Narus, their links to Israel seem to have slipped below the radar.

The large Israeli firm NICE, like Verint and Narus, is also a major
eavesdropper in the U.S., and like the other two, it keeps its
government and commercial client list very secret. A key member of the
Wiretappers' Ball, it was formed in 1986 by seven veterans of Unit 8200,
according to the company's founder, Benny Levin. "We were seven people
from the Unit," he said, "we all worked on a project for more than four
years, we knew each other very well. We had very good complementary
skills." Like a page out of Orwell, all their high-tech bugging systems
are called "Nice." Nice Perform, for example, "provides voice content
analysis with features such as: word spotting, emotion detection, talk
pattern analysis, and state-of-the-art visualization techniques." Nice
Universe "captures voice, email, chat, screen activity, and essential
call details." Nice Log offers "audio compression technology that
performs continuous recordings of up to thousands of analog and digital
telephone lines and radio channels." And Nice VoIP "can use both packet
sniffing and active recording methods for recording VoIP sessions (both
by telephone and Internet)."

In 2006, Yiar Cohen, a brigadier general who served as head of Unit 8200
from 2000 to 2005, became chairman of the board of the Israeli company
ECtel. Two years earlier, Verint had purchased that company's
"government surveillance business" for $35 million. According to SEC
documents filed by ECtel, "Our surveillance solutions enabled
governmental agencies to perform real-time, comprehensive surveillance
on telecommunications networks. We sold this business to Verint Systems in

{p. 245} March 2004." Verint said of the purchase, "The acquisition will
provide Verint with additional communications interception capabilities
for the mass collection and analysis of voice and data communications
... These technologies will be integrated into Verint's portfolio of
communications interception solutions and offered to Verint's global
customer base." That base, said Verint, included "new customers in new
countries for Verint in the Asia Pacific and Latin America regions." Dan
Bodner, president and CEO of Verint, noted the long and close
relationship with ECtel. "We have been working with ECtel as a partner
for a number of years and our knowledge of their products and
familiarity with their employees will better enable us to integrate
ECtel's communications interception business with Verint's operations."

ECtel's Cohen, who was head of Unit 8200 at the time of the 9/11
attacks, is also vice president of another Israeli telecom company,
Elron. He noted the importance of placing veteran electronic spies from
Unit 8200 in Israeli high-tech firms. "I think there's an axiomatic
assumption that Unit alumni are people who bring with them very high
personal and intellectual ability," he said. "They have a common
background, and they know that 8200 has the privilege of sorting,
choosing, and selecting the best group so that you don't have to invest
so much in the selection yourself. I myself, after I came to Elron,
brought five additional alumni with me." The ultimate winner in such an
arrangement, according to Cohen, was Israel's economy. "Although 8200
doesn't directly enjoy the fruits, the state of Israel does, and in my
opinion that's a complementary part of the Unit's task."

Unit 8200's revolving door with industry appears similar to that of the
NSA. As both electronic intelligence organizations grow ever more
dependent on the corporate world to conduct their eavesdropping, the
line between government and industrial espionage blurs. This presents
great opportunity for co-mingling personnel.

Similar to Verint, Narus was formed in November 1997 by five Israelis,
with much of its money coming from Walden Israel, an Israeli venture
capital company. At the time, most of the founders were working for the
Israeli company VDOnet, which specialized in live video broadcasts on
the Internet. Based in the Israeli city of Herzliya, the company also
had offices in the Silicon Valley town of Palo Alto, California, not far
from where Narus planted its flag in Mountain View. Among the five was Stan-

{p. 246} islav Khirman, a husky, bearded Russian who earned degrees in
math at Ukrainian universities from 1980 to 1988. The next four years of
his résumé are blank, but in 1992 he began working for Elta Systems,
Inc. A division of Israel Aerospace Industries, Ltd., Elta specializes
in developing advanced eavesdropping systems for Israeli defense and
intelligence organizations. At Narus, Khirman became the chief
technology officer.

Among the group of Israelis, Ori Cohen, a balding, dark-haired engineer
with a PhD in physics from Imperial College in London, became president
and chairman. He had spent a few years as CEO of IntelliCom Ltd., a
company of which there is no record, and then became vice president of
business and technology development at VDOnet with Khirman. That is all
the information he has ever released about himself and, like Khirman, he
makes no mention of his Israeli military service, if any. It seems the
man whose system invades the privacy of hundreds of millions of
Americans tries very hard to keep his own. Chief executive officer of
Narus is Greg Oslan, who previously worked for a company owned by Haim
Harel, an Israeli who spent much of his career specializing in
electronic intelligence systems at the large Israeli defense firm Tadiran.

Thus, virtually the entire American telecommunications system is bugged
by two Israeli-formed companies with possible ties to Israel's
eavesdropping agency—with no oversight by Congress.

Also troubling are Verint's extremely close ties to the FBI's central
wiretapping office, known as the CALEA Implementation Section (CIS). The
CIS had long fought for greater access to the telecommunications
switches—the same switches that Verint was tapping. The action by CIS
was strongly resisted by the telecom industry and privacy groups who
argued that the bureau was attempting to greatly exceed its legal
mandate. "The FBI is committing the kind of dirty tricks more
characteristic of scofflaws than cops," said a commentary in the
industry publication Wireless Week. Taking aim at an FBI-crafted
amendment to the wiretapping law, the article warned, "The proposed
amendment would have created frightening police powers to track wireless
users and prevented judicial or regulatory review of FBI compliance
methods for telecommunications carriers." Al Gidari, a lawyer
representing the wireless industry, said the FBI's list of requirements
amounted to "the Cadillac of wiretaps." He added, "Everything they could
ever think of to gold plate and put on the Cadillac was in that document."

{p. 247} The head of the FBI's liaison office with the telecom industry
during much of the period leading up to implementation was David
Worthley. What concerns many in the industry is that shortly after
Worthley was removed from his liaison job in June 1997, he turned up as
president of the Verint unit that sold its eavesdropping equipment and
services to the FBI, NSA, and other agencies. The company set up its
offices in Chantilly, Virginia—directly next door to the CIS and
Worthley's old office. Thus, the company that secretly taps much of the
country's telecommunications is now very closely tied to the agency
constantly seeking greater access to the switches. This concern over the
cozy relationship between the bureau and Verint greatly increased
following disclosure of the Bush administration's warrantless
eavesdropping operations. At the same time that the tappers and the
agents have grown uncomfortably close, the previous checks and balances,
such as the need for a FISA warrant, have been eliminated.

But as earphone-clad FBI agents were listening for terrorists and
criminals through Verint's taps, top executives from the company and its
parent, Comverse, were themselves engaging in an orgy of theft, bribery,
money laundering, and other crimes.

For Kobi Alexander, chairman of Verint and CEO of Comverse, summers
meant vacation and vacation often meant visiting relatives in Israel.
Thus on June 28, 2006, as fierce rainstorms swept up and down the
mid-Atlantic region, he, his wife, and their young daughter headed for
Kennedy International Airport and a flight on El Al Airlines to sunny
Tel Aviv. But unlike other trips back to his homeland, this time he sent
ahead some extra cash: $57 million. Also unlike other vacations, this
time it was going to be a one-way trip.

For Alexander, the storm clouds had been hovering overhead for months.
On the other side of Manhattan, the Justice Department was in the final
stages of preparing a thirty-two-count indictment charging him with
masterminding a scheme to backdate millions of Comverse stock options.
It was a crime, prosecutors say, that allowed Alexander to realize $138
million in profits—profits stolen from the pockets of the company's
shareholders. The indictment also named as co-conspirators Comverse
chief financial officer David Kreinberg, forty-one, and general counsel
William Sorin, fifty-six. In addition, the trio of executives was
accused of creating a secret slush fund to distribute options to favored
employees,

{p. 248} options that could be exercised overnight for millions in
profits. For Alexander, the charges had the potential of putting him
away in prison for as long as twenty-five years, and leveling fines and
penalties of more than $150 million.

To many who knew him, Alexander was the poster child for arrogance and
greed. "The one thing about Kobi is that he did have a sense of
entitlement," said Stephen R. Kowarsky, a former colleague. "Most people
are a little bit shy or self-effacing about asking for something, but
not Kobi. It was easy for him to say, 'I want that. I deserve that.' "

In 2001, Alexander was the fourth most overpaid CEO in the U.S. telecom
industry, making six times his deserved salary, in the view of the
Bloomberg News columnist Graef Crystal. That year his compensation
totaled $102.5 million, including $93.1 million in exercised stock
options. The year before, he cashed in an additional $80 million worth
of options. Plus, until such actions were outlawed by the Sarbanes-Oxley
Act of 2002, he had packed the board with his father, Zvi Alexander, and
his sister, Shaula Alexander Yemini—who conveniently sat on the board's
remuneration and stock option committee. Yet despite their enormous
wealth, around their luxury West 57th Street high-rise, where they owned
several condominiums and counted Goldie Hawn, Paul Allen, and Al Pacino
as neighbors, Kobi and his wife, Hana, were known as notoriously bad
tippers. "They'd give us like $10 or $20 or $30 as a tip for the
holidays," scowled one worker at the building.

Alexander's sense of entitlement extended to escaping punishment.
Knowing he was likely to be indicted, he resigned his positions at
Verint and Comverse on May 1, 2006. Then, according to the Justice
Department, Alexander offered a Comverse colleague $2 million to take
the blame and serve the prison time on his behalf. When that wasn't
enough, he upped the offer to $5 million, and then simply "told the
individual he can name his own price." But no offer was high enough, so
Alexander went to Plan B, fleeing to Israel with his family and
transferring $57 million from his bank in New York to an account in Israel.

Alexander believed Israel had become a safe haven for wealthy crooks
with ethnic or religious ties to the country, including Marc Rich, the
business associate of his father. Also taking refuge from the law in
Israel was Leonid Nevzlin, the former deputy CEO of OAO Yukos Oil
Company, who was facing tax evasion and murder conspiracy charges in Rus-

{p. 249} sia. Another was Pincus Green, like Rich a commodities trader
charged with tax evasion in the U.S. Still another was Eddie Antar, the
founder of the "Crazy Eddie" chain of electronics stores, who was
charged with fraud and racketeering by the SEC. He was located in Israel
following an intensive two-year international manhunt, but he asserted
his Israeli citizenship and was allowed to stay. "He was Jewish, and the
Israelis didn't want to extradite someone who was Jewish," said Jayne
Blumberg, a former federal prosecutor in Newark who investigated and
prosecuted the case. Antar, however, eventually decided against fighting
extradition procedures and was returned to the U.S.

While Israel would be safe for a time, there were no guarantees it would
remain that way; the country did have an extradition treaty with the
U.S., and in both countries Alexander was a very high-profile figure.
Thus, soon after his arrival he began intensively researching nations
without an extradition agreement with the American government and, after
a process of elimination, settled on the southwest African country of
Namibia. Remote, sparsely populated, made up mostly of the bleak
Kalahari Desert, it was also seemingly immune from the long arm of the
FBI. On July 18, ten days before he was scheduled to return to New York
from his vacation, he flew to the Namibian capital of Windhoek. A
century earlier, the city was the seat of power in the German colony of
South West Africa, and the country's influence was still very apparent
in the architecture as well as the food. In addition to local dishes,
most menus listed venison and sauerkraut as well as locally brewed beer.

It was the middle of the African winter and the days were mild when
Alexander stepped off the plane at Windhoek Hosea Kutako International
Airport. After making some initial contacts, he flew back to Israel and
continued pushing his attorneys to negotiate a deal with federal
prosecutors to avoid criminal charges. But in a July 21 conversation,
the prosecutors would only agree to meet Alexander at JFK Airport and
not arrest him at that time. Alexander agreed and provided evidence that
he was ticketed on an El Al flight arriving in New York on July 28. But
on July 27, he and his family instead flew from Tel Aviv to Frankfurt,
Germany, where they transferred to Lufthansa for a nonstop flight to
Windhoek.

After showing their Israeli passports, the Alexanders took a taxi to the
posh Hotel Thule in Eros, a nearby suburb. Located high on a hill above
Windhoek, the hotel offered vistas of the city below and the low-slung

{p. 250} mountains in the distance. Flanked by stately palm trees, with
guinea fowl and rock rabbits crawling about, it must have seemed a world
away from their 57th Street apartment. The hotel literature boasted that
Thule was "a mythical place ... at the frontier of reality—the edge of
the world." Alexander no doubt hoped so, but he must also have liked the
part of the brochure that said the hotel was "an exclusive getaway."

Under the sheltering canopy of blue sky in Namibia, the staff of the
Hotel Thule had no idea there was an international manhunt for their new
guest. Nor did they think it suspicious that he shunned credit cards and
paid cash in advance for two adjoining ground-floor rooms at $143 each a
night. "We knew them as the Family Jacobs, that's how the booking agency
gave it to us," said manager Wolfgang Balzer. "Alexander always looked
very busy, and he insisted that the news channel on the satellite
decoder always work. He was very anxious about that ... I thought being
from Israel, he was worried about Lebanon and all that."

Alexander bought a $107,000 Land Cruiser and began looking for a place
to live. At the end of August he settled on Windhoek Country Club
Estate, a gated community of fifty-seven block-style town houses that
back up to the Windhoek Golf Course on the outskirts of the city. The
family moved into number 19, a modern, five-thousand-square-foot,
two-story house he purchased for $543,000. In the shadow of the Auas
Mountains, the tan-colored house had a satellite dish perched on the
roof and a basketball hoop hanging from the garage. Next door to the
complex was the Desert Jewel Casino, which featured American roulette,
stud poker, blackjack, and 290 slot machines. But perhaps the most
important feature of the house was its proximity to Eros Airport, a
private airstrip only about two hundred meters away, in the event he
needed another quick escape.

Alexander knew it was only a matter of time before he was discovered and
the United States began putting pressure on the Namibian government to
toss him out. He therefore began investing large sums of money with
powerful officials connected to the government, and making high-profile
contributions to local civic projects. For Kobi Alexander, everyone had
a price, a lesson he learned from his father's years of backroom payoffs
to petty African officials for oil rights. After transferring about $16
million to a bank account in Namibia, he launched into a frenzy of
investments and goodwill gestures, from developing $1.5 million in
low-cost housing to $20,000 in yearly high school scholarships.

{p. 251} Alexander's principal business partners included Brigadier
Mathias Sciweda of the Namibia Defence Force, who headed up the army's
commercial arm and was known to be close to Namibia's powerful former
president, Sam Nujoma. The two bought a number of properties, including
one encompassing thirteen acres at Walvis Bay. In 2005, Sciweda's name
had come up in a Namibian financial scandal involving an investment by
Namibia's Social Security Commission of $4.3 million in a failed
asset-management firm. Sciweda was named by the head of the firm to be
among the shareholders. But he later testified that he never received
any money from the firm.

On the other side of the world, when Alexander failed to show up at JFK
Airport on July 28, the Justice Department immediately filed a criminal
complaint charging him, Kreinberg, and Sorin with dozens of counts of
fraud and other crimes. But instead of making the document public, they
placed it under seal; thinking no charges had yet been filed, he might
return voluntarily. Alexander, however, had no intention of ever
returning to America and on July 31 attempted to transfer another $12
million out of his U.S. bank. By then, however, his remaining $50
million had been frozen by the prosecutors.

By August 9, the Justice Department concluded that Alexander was on the
run and unsealed the indictment. At a press conference in Washington
that day, Deputy Attorney General Paul J. McNulty made the dramatic
announcement. "Three former executives of Comverse Technology," he said,
"were charged today for their roles in orchestrating a long-running
scheme to manipulate the grant of millions of Comverse stock options to
themselves and to employees. Former chief executive officer Jacob 'Kobi'
Alexander, former chief financial officer David Kreinberg, and former
general counsel William F. Sorin allegedly orchestrated the scheme by
fraudulently backdating the options and operating a secret stock options
slush fund. An arrest warrant has been issued for Alexander." Acting
assistant FBI director James "Chip" Burrus then added, "The alleged
scheme of these defendants in backdating options victimized both
Comverse shareholders and the American people."

The FBI slapped Alexander's face on its Most Wanted list and Interpol
sent out a global "Red Notice" asking all cooperating countries to
arrest him if he showed up at their border. Both Kreinberg and Sorin
were arraigned in Brooklyn federal court within hours of the press
conference

{p. 252} and later pled guilty and faced prison sentences and millions
of dollars in fines and penalties. Comverse and Verint were dumped from
the Nasdaq Stock Market.

For a while, Alexander seemed safe. But as the millions began flowing
into his Windhoek bank account, the transfers raised the suspicions of
the country's bank regulatory agency and they notified Interpol. A few
days later, on August 18, Interpol asked Namibian authorities to
investigate whether Alexander was in the country. Within hours they
reported back that he was and, at the request of the American
government, Namibia's extradition laws were ordered changed to include
the United States. The addition was approved by Namibia's president,
Hifikepunye Pohamba, on August 31, but because it would take about a
month for the modification to go into effect, it was decided not to
alert Alexander. Two days earlier he had been granted a two-year work
permit.

On September 27, the new extradition law went into effect and the news
was reported in the local paper. Before Alexander could escape again,
police arrested him at his home as he was having lunch with his wife and
daughter. "He got very nervous when we handcuffed him," Namibia's chief
inspector, William Lloyd, recalled. "He could see there was something
serious coming at him." Placed in a patrol car, he was taken to Windhoek
Central Prison, a desolate, overcrowded fortress encircled by razor wire
and high-voltage electrified fences. There he was tossed into H-Section,
where the average cell was packed with as many as thirty inmates. It was
a long, hard fall for the man who had bugged America— and the world.

It was also a troubling insight into just how vulnerable America's voice
and data communications systems have become. Unknown to the public, an
entire national telecom network was channeled through a powerful
foreign-made bug controlled by a corrupt foreign-based company with
close links to a foreign electronic spy agency. As of 2008, the bug was
still there and the only thing that had changed was a reshuffling of the
company's top management.

Kobi Alexander's stay in prison was short; after six days he was
released on $1.4 million in bail—the largest in the history of the
country—and he has remained free ever since. As he keeps pumping tens of
millions of dollars into Namibia's weak economy his extradition keeps
getting pushed back further and further. "It looks like he's trying to
influ-

{p. 253} ence the politics of Namibia to keep him there," said Patrick
Dahlstrom, an attorney representing the financially harmed shareholders.
Nonsense, replied Alexander's attorney, Richard Metcalfe, who saw no
correlation between his client's newfound sense of generosity and his
desire to stay in Namibia and out of an American prison. "I think it's
typical of Kobi Alexander," he said. "I think it's part of that great
Jewish ethos of generosity, of displaying generosity toward other people
when you're doing well and when things go well with you. And I think
that's part of the man and part of his psyche to be generous to people."

{p. 341} Abyss

Like a pint-size brain surrounded by a heavily protected, half-million-
square-foot body, a diminutive Dell computer in the basement of the
National Counterterrorism Center is at the core of the Bush
administration's war on terror. Contained on its tape drive is "the
watch list"—the group of people, both American and foreign, thought to
pose a threat to the nation. At one time the list could be contained on
a small 3x5 card with a great deal of space left over. Today it has
grown to more than half a million names, and it is expanding by the
thousands every month. Known as the Terrorist Identities Datamart
Environment, or TIDE, it is the last stop for the thousands of names
vacuumed up in the NSA's warrantless eavesdropping program as well as
its other eavesdropping operations.

{p. 344} More than three decades ago, when the NSA posed a fraction of
the privacy threat it poses today with the Internet, digital
communications, and mass storage, Senator Frank Church, the first
chairman of the Senate Intelligence Committee, investigated the NSA and
issued a stark warning:

{quote} That capability at any time could be turned around on the
American people and no American would have any privacy left, such [is]
the capability to monitor everything: telephone conversations, tele-

{p. 345} grams, it doesn't matter. There would be no place to hide. If
this government ever became a tyranny, if a dictator ever took charge in
this country, the technological capacity that the intelligence community
has given the government could enable it to impose total tyranny, and
there would be no way to fight back, because the most careful effort to
combine together in resistance to the government, no matter how
privately it was done, is within the reach of the government to know.
Such is the capability of this technology.
{endquote}

There is now the capacity to make tyranny total in America. Only law
ensures that we never fall into that abyss—the abyss from which there is
no return.