You are on page 1of 29

w.

DOClD: 3803783

This publication is a product of the National Securitv Agell1lcy his-


tory pro~amo It presents a historicID"perspecti'\"e tor 11ll1form21-
tionaI and educational purpose\ is ffie result of independent
research, and does :not :neceSSalrllXy reflect a position of NSAj
CSS or any other U oSo government entity.

I Cover Photo: u.s. embassy in Moscow at the time of the GUNMAN ~


L project. ~~

Declassified and approved for release by NSA. CIA &. State Dept on
b'I-'1 ~-~O'I 'I I)ursuant to E.O. '135~6 MDR 58453
DOClD: 3803783
lOP SECREI/7COIVlINIJlREL 10 USA, A:US, CK!{, GlUt, N2':L

-,.. -

'1'01' S~CU't'//COfiflIftft'//R:EL~O US1\:, *US, eM", GBR, 1l~L


r
DOClD 3803783
'f'ot' SECft'f't/COr.IHff//REL 'FO USA, AUS, eMt, CBR, P>t~L

, ." .. ,- -"'~. , .' . ..- , IN" ""', :~

"
- - .. -
' ." .... ~ "". ;;> c
-.
}i
j;'
h

t
,
(U) Table ofContents "
~,

t;
~

Page ..
~

.;'
(U) Introduction. .. .... . ... .. . . .1 ~
,

(U) The Catalyst. . . .


.2 c
..
.,
(U) The Race to Remove and Replace Embassy Equipment. 4 '",
(U) The Discovery .
. . .. . . .... 8 .-

(U) Reactions to the GUNMAN Find.


.11 >

"'

(U) Implant Characteristics


.12 ,
(U) Damage Assessment.
15
(U) A Cunning Enemy
15 '.

(U) GUNMAN Impact. ...... .. ...... . ... .. .... .. ..... . ...... . .17
, ;

(U) Conclusions . ..
. .. 19
t


(U) Acknowledgements. .20

(U)Notes. . . . .. ...
. .20 ,

(U)Index. ........ . .
. . . . .23

~~
.,., .

'FOt' SECRE'Ft/COMHff//REL 'FO USA, IMS, GYt, CBR, P>t~L Page iii
DOClD: 3803783
TOP S:ECltM11COMtN'f'f/KEL 'FO US:z't, I.tUS, G\fl GHR, N~L

(U) Learningfrom the Enemy:


The GUNMAN Project

(U) Introduction CD) "Another intelligence expert said no one


knows for sure how many or what secrets
CU) On 25 March 1985, CBS television nightly were compromised. A third official called
news broke the following shocking story: the entire affair a fiasco."l

CU) Dan Rather: "In another U.S.-Soviet CUI/r'OUO) How accurate was the CBS report?
development, Pentagon correspondent The following paper will examine the nature of
David Martin has been told how Soviet the Soviet electronic penetration and the damage
secret police in Moscow have been getting assessment of Soviet access to typewriters at the
the latest word on sensitive U.S. embassy U.S. embassy in Moscow. This history of Project
documents even before U.S. offici~s read GUNMAN will also answer such questions as how
them." were the typewriter bugs discovered and how did
they work.
CU) David Martin: "Informed sources tell
CBS News that for at least one year, and CU) Countries have spied on each other by gath-
probably longer, the American embassy in ering information from embassies for centuries.
Moscow was the victim of a sophisticated The United States and the Soviet Union were of
electronic spy operation which gave Soviet course archenemies during the Cold War C1945 to
leaders an inside look at what U.S. dip- the fall of the Soviet Union in 1991), and there is
lomats were doing and planning. Soviet a long history of attempts by the Soviets to gain
agents secretly installed tiny sensing devic- access to information from the U.S. embassy and
es in about a dozen embassy typewriters. its diplomatic apparatus. Perhaps the most famous
The devices picked up the contents of docu- incident of Soviet espionage was the Great Seal
ments typed by embassy secretaries and implant.
transmitted them by antennas hidden in
the embassy walls. The antennas, in turn, CU) On 4 August 1945, Soviet school children
relayed the signals to a listening post out- presented a carving of the Great Seal of the U.S.
side the embassy.... to Averell Harriman, the U.S. ambassador to the
Soviet Union. The carving hung in Spaso house,
CU) "Depending on the location of the the ambassador's residential office' in Moscow,
bugged typewriters, the Soviets were able until 1952, when the U.S. State Department dis-
to receive copies of everything from routine covered that there was a microphone hidden inside
administrative memos to highly classified the carving that the Soviets turned on at will. This
documents. bug was not a standard microphone and could not
be detected unless it was in use. For six years the
CU) "One intelligence officer said the poten- Soviets were able to eavesdrop on the conversations
tial compromise of sensitive information of the U.S. ambassador. 2 The Soviet threat to U.S.
should be viewed with 'considerable seri- embassy security was both well-documented and
ousness'. real.

Page 1
DOClD: 3803783
I UP SEeM I j j COWIIt<llj jtmL TO tJSA, ADS, CMt4' 6Blt, N2":L

iffl" The typewriter bugs marked a new


level of sophistication because they were
electromechanical. For the first time, the
Soviets gathered information from a piece
of equipment that held written plain text
information. Prior to the discovery of these
bugs, the U.S. believed that the Russians
had only used room audio bugs with micro-
phones or listening devices to eavesdrop on
American embassy activities. As a totalitar-
ian society, the Soviet Union valued eaves-
dropping and thus developed ingenious
methods to accomplish it.

CUI/POUO) The 1980s were a peri-


od of strained relations between the U.S.
and the Soviet Union. One manifestation
~O 1. 4. (e)
of those strains was Project GUNMAN,
(U) Fig. 1. IBM Selectric typewriter ~p 1.4. (d)
which involved the replacement of U.S. P.L. 86-36
embassy equipment in Moscow and the dis- OGA
covery and evaluation of typewriter bugs.
GUNMAN was not the only threat to the U.S. etrated typewriters in the U.S. embassy in '+'1oscow
embassy in Moscow. The U.S. began to build a was correct in that the attack took place. H(:>wever,
new office for its Moscow embassy in 1979. The some of the details in the report were oversimpli-
building, however, was riddled with bugs, and the fied. According to CBS, "the bugs might still b~ in
U.S. eventually rejected it. That story, however, is place had it not been for a warning from a fri~ri~y
a subject for another paper. This paper is the story government whose own embassy had been the tar-
of the GUNMAN attack and the role of NSA in its get of a similar eavesdropping operation."3f \\
discovery.

CUHFOUO) Organizations with intelligence


responsibilities must be able to respond quickly
and creatively to unforeseen threats. How did NSA
-t811
respond to this Soviet threat? To answer that ques-
tion, this monograph will examine the role of NSA
leadership and its ability to move a bureaucracy
\
into action. To curtail future threats, intelligence
organizations must also maintain the ability to
learn from the activities of their enemies. What
techniques did NSA use to learn from Soviet bug-
:==========~II
ging efforts?
EOL4.(<;)
P.L. 86-36
(U) The Catalyst

ts1 The CBS 25 March 1985 report that


announced to the world that the Soviets had pen-

Page 2 TOfl S~Cft:E't't/COMIN'f'h'RL'FO USA., f.lUS, CA;p.J' CRR, ~;n.


EO 1. 4 .leJ Eo). 4. (e)

EOOLOC~ : 3 8.ID 3'i1c8:B:
.... ..' EO 1. 4. (e)
P.L.
dGA
86-36
~OPSE(3R:E'i'//COi\IHff'ffRL~O US:A, AUS, C2fdif GBR, NZL/"'/ P. L. 86- 3 6
.............................
OGA

1 United States could exPect to be a high priority


""---_ _~------:----.....IIThedevelop- target. 6 The I I~arning was the catalyst for
ment of this bug required competent personnel, NSAaction.
~~~~~~ P.L. 86-36
time, and money. The very manufacture of the
components required a massive and modern infra- -tS7 Under the leadershipgfWalter Deeley,
structure serviced by many people. This combina- the deputy director for communication security,
tion of resources led to the assumption that other andl kth~ chief of R9, a division in
units were available. 4 the Research and Development organization, NSA
management developed a plan to remove, replace,
and examine telecommunications and informa-
tion processing equipment at the U.S. embassy
in Moscow. NSA was to handle all aspects of the
plan on an absolutely need-to-know basis. NSA
wanted to remove the equipment so that it could be
examined in the U.S. to allow for a more thorough
inspection than could be conducted on the embassy
grounds. NSA also wanted to keep the Soviet Union
from learning about the effort and interfering with
U.S. objectives. The Soviets had a history of poi-
soning or using other means to injure technicians
from other countries who investigated bugs in their
b' 7 EO 1. 4. (e)
respective em assles. EO 1 . 4. (d)
P.L. 86-36
I ~General Faurer did not want to bri~fhis
P,:L"8 6 - 3 6 plan to the State Department because relations
,~ Afterlearning about the bug, the DIRNSA between NSA and State were poor. NSA had been
s e n t L l f r Q I l l R9, the research and writing critical reports about inadequate security in
development organization, and I from I State Department facilities for several years. Faurer
the COMSEC organizationtoc:::::::Jto examme the also believed that CIA would mishandle the NSA
implant. It was unlJ,sualfor these organizations to
have a reasont6~ork together. This was the first
plan because 1 1
of IIl,anye~amples of collaboration that developed
behveen the two entities to uncover and under-
1_-
stand the GUNMAN threat. P.L. 86-36 ~ NSA briefed the secretary of defense, Caspar
EO 1 .4. (e)
Weinberger, on the threat and its proposed plan of
P.L. 86-36
OGA -f5tI Ifound
that this action. Weinberger said that this problem should
implant represented a major Soviet technological be brought to the attention of the president imme-
improvement over their previous efforts. The bug diately.1 Iw:pom Deeley assigned
could be rapidly and easily installed by nontechni- to work with the White House; explained that the
cal personnel; it resisted detection by conventional approval from President Reagan forthe~SA plan
methods; and it was wireless and remotely con- of action came in record time.
trolled. Search by disassembly and visual inspec- P.L. 86-36

tion, when conducted by any but the best trained I briefed Ken DeGrqffenreid [the
technicians, would normally be unproductive. All senior director of intelligence pro-
concluded that if the Soviet KGB would go to these grams on the National Security
lengths against a Western ally, then certainly the Council]. Next we briefed Admiral

'fOP S~eU'f//eOl'fnN't'f/ftL~O USA, AUS, C2fdif 6BR, Ni3L Page 3


DOCID: 3803783
TOP SECRET//COMHffffREL ~O USA, AUS, eA:N GlUt, N2':L

John Poindexter [the deputy nation- (U) The Race to Remove and Replace
al security adviser, who became the Embassy Equipment
national security adviser in 1985J.
Admiral Poindexter wrote the neces- ~ The first goal of the GUNMAN Project, to
sary memorandum and within afew replace all of the electronic equipment in the U.S.
days we had a signed document of embassy in Moscow with signaturized equipment,
authorization from the president. was a daunting challenge. Electronic equipment
included teletype machines, printers, computers,
CU) President Reagan approved the GUNMAN cryptographic devices, and copiers - in short,
project in February 1984. almost anything that plugged into a wall socket.
NSA staff had to move quickly to replace equipment
CU) Even after presidential approval, knowl- to.... avoid tiPPin}ts hand to the Soviets. According
edge of GUNMAN was still tightly held within the t~ ho was involved with the procure-
government. I IfuIther explained: ment and shipment of the upgraded equipment to
Moscow, Walter Deeley gave the staff one hundred
Admiral Poindexter toldine to days to complete this phase ()fth.eproject.1 I
brief the secretary of state [George stated,
SchultzJ and the director of Central P.L. 86-36
Intelligence [William CaseyJ, and no The first problem that we faced was
one else. I pleaded to briefLawrence the lack of a centralized inventory at
Eagleburger [deputy undersecretary the embassy. The problem was fur-
for political affairsJ, because Ifeared ther complicated because individual
that I could not reach the secretary of departments had software tailored
state if we needed help in gaining the to their specific needs. For instance,
cooperation of the State Department. we could not simply replace all ofthe
After much begging, Poindexter Wang computers.] I
relented. This incident is an indica- ________---ll Keeping track of OGA
tion ofthe concernfor security within all of the various software was hard
the u.S. government. 9 enough, but keeping track ofall ofthe
variations was a nightmare. With the
~ Developing and gaining approval of a plan assistance of a few trusted commu-
to respond to a possible security threat in approxi- nication center embassy employees,
mately six months were significant accomplish- we were able to obtain diagrams and
ments for a large bureaucracy such as NSA. They blueprints of equipment. However,
were a testament to the leadership ofWalter Deeley, wefound thatfrequently the original
a manager who took risks and made decisions. diagram did not always match with
Right from the start of GUNMAN, the research and the equipment that had been actually
COMSEC directorates worked together. This type of delivered.
collaboration was very effective but a very unusual
phenomenon in the 1980s. Overcoming bureau- iS1 Security concerns were another challenge
cratic hurdles was also possible because during the identified by I Ip . L. 86- 3 6
1980s the Reagan administration had an overarch-
ing concern with the Soviet threat to the U.S. We could not simply show up to take
an inventory because we could not
risk alerting the Soviets. Instead, tele-
communication personnel from NSA

Page 4 TOP SECRET/fCOMHIT/fREL ~O US2\:, *US, C:z\:N EiBR, N't'iL


,.
DOClD: 3803783
E.O 1. 4. (c) ~ot' SECR:E't'//COMI~ttREL~O US:A, AUS, CAN EiBR, "P.~L
P;L. 86-36

\\L-w-e-r-e--~~--:-;'---;----=~ This was another example of collaboration between


organizations within NSA.

-t8t A separate area on the NSAW campus,


known as the T. Motor Pool area, contained four
trailers that were used to stage the equipment. T2
~ NSA used a variety of methods to quickly used the first trailer to test each piece of equipment
purchase similar or upgraded equipment for the to ensure its proper function. In the second trailer,
embassy. Approximately 40 percent of the equip- S651 inspected each item by x-ray. They also disas-
ment had to be purchased while 60 percent was sembled every item to record anomalies that would
available from the Agency and other sources. NSA be stored in their standards library for future ref-
was unable to obtain 250 IBM Selectric typewriters erence during examination when the e ui ment
required by the embassy in part because of their came back from the field.
power requirement. The Soviet Union used 220-
volt 60 cycle electricity. Typewriters were not avail- in the third trailer and used the last trailer for stor-
able from European sources, and the IBM factory a g e . E O 1. 4. (c)
P.L. 86-36
in Lexington, Kentucky, had depleted most of its
stock. NSA was able to acquire only fifty typewrit- ffi Every possible precaution was tak~n during
ers, so they replaced typewriters that were used in the entire project to ensure that the repla~ement
the most sensitive areas of the embassy. NSA was equipment remained secure. NSA staff gharded
able to meet the requirements for all other equip- against tampering by using several levels of detec-
ment. l l tion devices. Some methods were applied to\the
equipment itself, while others involved the pack~g-
~ Because of the need for fast delivery to the
embassy once the equipment arrived in Moscow,
I
ing of the e q U i P m e n t . I : . 1

NSA had to be certain that each piece of equipment


worked. There would be no
time to repair anything. NSA
also wanted to make sure that
the replacement equipment
was not tampered with while
en route. The COMSEC orga-
nization took a number of
steps not only to safeguard
the equipment in transit, but
also to determine whether it
was tampered with when it
was brought back for periodic
examination after being oper-
ational in the field. For the
next two months, personnel
primarily from S65 and T2
worked feverishly to prepare
the equipment for shipment.
EO 1.4. (c) ('fSz7'~I//;Rftt_F_i_q_,2 _,_'--- ,..........1

P.L. 86-36 EO 1.4. (c)


OGA P.L. 86-36

TOt' SECRET//COi\IIUT//REL TO U&.r, AUS, Ct\N GBR, ~J~L Pages


DOClD: 3803783
f30 1. 4. (c)
~.L. 86-36
-
TOP SECREF//COl\tINFffIWL '1'0 USA, AUS, CAN 8BR, NlSL

I Personnel used various tamper-proof methods t<>\ .


~
package the equipment. For example, equipmentl ' 1 - - - - - - - - - - - 'INext, the crates were placed in
was sealed in special plastic ba s that could not be trailers for easier transport and additional security.
replicated in the Soviet Union

Some boxes con- I


To the ~ The equipment was shipped to Moscow in
~b-e-s-t-of-N-S-A-'s-kn-o-w-l-e-d-ge-,-t-h-e-S-o-Vl-'e-ts-di-'d-n---'ot inter-I I From NSA, the Armed Forces Courier
fere with any of the equipment that was shipped to Service shipped the equipment to Dover Air Force
the embassy or returned to Fort Meade. 12 Base. Two cleared couriers accompanied the equip-
ment, which was flown by military transport to
-tSt The staff took extraordinary measures to Frankfurt, Germany.
ensure the security ofthe equipment during its ship-
~Another example of atten-
tion to every detail of security
was the rental of a special crane
to load the plane. The regular
crane was not operational when
the equipment arrived. The flight
was scheduled to leave in three
hours. The equipment could not
miss that flight because NSA per-
sonnel did not want to store it at
Dover. Therefore, the plane was
loaded using a rented crane.

~The
equipment was stored
and guarded by U.S. personnel at
a warehouse in Germany until it
could be flown into Moscow. This
/ ~ Fig. 3. CONEX boxes used to ship equipment to andfrom was necessary because there was
/ the u.s. embassy. The boxes were over 30feet long, 8feet no place at the embassy to store
/ tall, and 8feet wide. Boxes in theforeground were wrapped
ten tons of equipment. The embas-
/ in burla.]Ja.~cl.Hsecuredwith steel strips.1
EOi~H4H~m(~)HHHHHHH .. I I
(back to cam~e~ra-::-)T".------- sy attic had been damaged in a fire
P.L~8Ei-36
in 1978 and was not stable enough
to hold such heavy equipment.
~ehtto the embassy. In preparation for shipment,
boxes ~feqllipment were placed in crates which ~ The equipment was flown into Moscow in
were wrapped.ihbllrlap. Burlap signified that these stages on a Lufthansa aircraft, a common State
items were to be treated, as U.S. diplomatic cargo Department procedure. The Soviets were not sur-
and would not be subjecttojnspection by Soviet prised by an influx of equipment entering the
customs officials. As a furthe~secllrity measure, embassy because such activity was typical in the
the burlap was stapled onto each cr~te~1 spring. I
The only way to get equipment into the

Page 6 TOP ~~C~T//COl\UNT//RELTO USA, MJS, *f( 6Bft:, N2':L


DOCID: 3803783
TOP ~~C~T//CO~Uwr//RIi;I.TO USA, ."....uS, CAN 6814:, N1JL
P.L. 86-36

~ The true nature of the GUNMAN proj-


ect was successfully masked from most embassy
employees. Ambassador Arthur Hartman learned
about the project via a handwritten note that NSA
personnel personally delivered when they arrived
at the embassy. Ambassador Hartman announced
that there was to be an upgrade ofembassy commu-
nications, which accounted for all of the replaced
equipment. 141 Ireported that embassy
personnel were happy because they received new
equipment and upgrades without having to use
any of their own funding. 15

(UI/FOUO) The embassy environment made


the swap of equipment even more difficult. Bob
Surprise, a State Department employee who was
the deputy chief of the communications center at
the Moscow embassy, described the facility as old,
decrepit, and outdated. As an employee in the U.S.
Foreign Service, he had worked in many facilities
in similar shape throughout the world. Surprise
reported that it was difficult to move equipment
around because the halls were only thirty-six inch-
es wide and the elevator could hold only four pas-
sengers, never mind equipment. The only way to
get some equipment moved was to manually haul
-fBj-Fig. 4. U.S. embassy in Moscow. Equipment it up and down the stairs. Surprise further stated,
was lifted in and out of this building, possibly
from the roof, since the Soviets had shut down
the elevator. I did not mind the rugged working
conditions or long hours because
embassy was by using a hoist from the outside. This I was accustomed to it from other
hoist was frozen all winter and inoperable, making embassy work. Every embassy is at
larger deliveries necessary in the spring. However, the mercy ofthe host country because
the Soviets did turn off the electricity to the embas- it must depend on the hostfor water,
sy elevator for preventive maintenance after the electricity and heat just as any other
first day of the influx of equipment. Most of the building in a country is dependent on
approximately ten tons of equipment that went that country for utilities. It was more
into the embassy and the eleven tons that came out dYTicult in Moscow because we had an
had to be carried manml~Jyl I adversarial relationship. Sometimes
(Note: Some sources !fiaintain that less equipment the Soviets played games by shutting
went into the emb.assy as replacements because the offutilities. 16
equipments \:yer~ upgraded models. Other sources
maintaiIltnat eleven tons came out of the embassy (Ui/FOUO) Thomas Bell, the head of the State
bec~us~ there were bags of sensitive trash that NSA Department communication center at the Moscow
.wanted to examine back at Fort Meade.) embassy, further described the atmosphere at
P.L. 86-36

TOP SECRET/jCOMINF,'jREL 'FO U&A, ADS, (M:N 8BR, NZL Page 7


DOCID: 3803783
'1'61' SI!:CltE't'ttC6MIN't't/K::EL 'FO DS*:, ADS, C2\N 6BR, ~L

the embassy as very intense. Nobody trusted the up and down the stairs. The teletype
Soviets. machines were really, really heavy.
They were also very wide and could
Workers took theirjobs seriously. We barelyfit through the stairways.
were always under the watcliful eye of
the Soviets, even in our personal life. I We started changing equipment in
lived in an apartment outside the the State Department communication
u.S. compound. I would come home centerr
to find my freezer unplugged, shirts
missing from my closet, or a dirty
glass in the sink that had contained
liquor. I am sure that the apartment
was bugged. Americans had no priva-
cy.17
P.L. 86-36

ff&) The replacement of all of the embassy elec-


.....worked our way Ithrough
--:---:-------'
We systematically
the rest of
tronic equipment had to occur with minimal impact the building. I was at the embassy for
on the missionl Ian NSA employee who ten days. It was a real adventure. is
was sent to the U.S. embassy in Moscow to carry
out the replacement of the equipment, described -f81 The exchange of equipment between NSA
the activities as follows: and the U.S. embassy in Moscow was another
example of overcoming bureaucratic delays. NSA
I arrived late on a Saturday and began personnel demonstrated a tremendous capacity for
work early on Sunday morning. I had hard work. They also exhibited deep dedication to
two kinds of tasks, protect the equip- the mission.
ment that was held overnight in the P.L. 86-36
attic and help with the unloading (U) The Discovery
and loading of equipment. I brought
alarms and sensors that I set up in ~ Since S65, COMSEC Standards and
the attic. I ran the wires down to the Advanced Technology Division, was an office that
marine guards on the sixthjZoor. No handled a wide variety of special projects, it was
one interfered with our equipment appropriate to give this division the lead in looking
while we were there. for bugs in U.S. equipment. I the head I
P.L. 86-36 of this division, reported that he pulled together a
The logistics of the operation were team of the best minds to work on this challenging
handled superbly. A shipping clerk task. This assignment was an unusual one for NSA
was part of the team. He opened the OGA
diplomatic pouch, uncrated the equip-
m~nt and opened the box. We carried was careful to assign the "right
the equipment down to its position. L.n-u-m"""T""e-r-o"rif,...p-e-op....l;-e~to the task. I did not want people
Whilel I
and others on the stumbling over each other and getting in each -
team set up the new piece of equip- other's way. We needed space for people to do their
ment, others brought the old one back work. Too many people would have created confu-
to the attic where it was repackaged in sion. I did not want them inadvertently missing
the box that contained the new equip- anything."19
ment. We spent lots of time running P.L. 86-36

PageS '1'61' SI!:C~t/C6MIN't'ttltl:L'1'6 tJS:A, :AtJS, C:AN GlUt, N2':L


DOCID: 3803783
TOP ~:f:e~Tf/COMIN'f'ffR:EL'FO USA, /iUS, G'\N U8&, P>t~L
P.L. 86-36

(U//OUO) I 1/
a physicist who
worked in S6S, described the atmosphere as the
search for bugs proceeded at NSA

The adrenalin was really flowing.


About twenty-five ofus were involved
in the search. We all recognized the
importance of our work. NSA's repu-
tation was on the line, and it was up
to us to find something. We felt sure
that the Soviets were taking advan-
tageofus.

We worked six days a week and


did not even complain about rough
working conditions. When we started
working in the trailers, there were no
steps up to the entrance. The entrance
was aboutfourfeet offthe ground. We
found some cinder blocks and empty
spools that had contained mesh wire
to help us enter the trailer. Eventually
we got steps, phones, and air condi-
tioning, and life improved. 21

-ESt Walter Deeley had a long varied career at the


fSt Fig. 5. Primary x-ray machine used in Agency. He had a reputation for being strong willed,
detecting equipment bugs. This was a portable abrasive, but committed to the mission. Directors
machine about 8 inches deep, 6 inches wide,
of the Agency turned to him when they needed
and 12-15 inches long. The x-ray machine was
pointed at the object on top ofthe sheet of someone to accomplish a difficult job. As the head
x-ray film. of the COMSEC organization, Deeley wanted the
question of whether the Soviets were bugging U.S.
~ As the equipment from the embassy was equipment answered quickly. He demonstrated his
returned to NSA, the COMSEC organization began impatience by swapping managers for the project
a lengthy inspection process of each item. The in midstream. 22 He also offered a $S,ooo bonus to
equipment had to be inspected methodically to the person who found a bug. 23 $'. L . 8 6 - 3 6
prevent the destruction of important evidence. The
accountable COMSEC equipment was examined (U//FOUO) II an engineering
in the labs inside the OPS-3 or S building, the technician in S6S who was working on this project,
COMSEC facility on Fort Meade, while the nonac- enjoyed the challenge of searching for a bug in U.S.
countable COMSEC equipment was stored and equipment. According tol Ithe 1980s were a
examined in the trailers'. Each item was inspected time when people felt patriotism and pride in their
visually and then x-rayed. The x-rays were com- country.
pared with known standards for each item. 20
We knew who the enemy was and
wanted to limit his effect. Ifrequently .", .

TOP S}';.CIHlT//COMHIT//REL 'FO USA:, AUS, CAN 68ft:, N2':L Page 9


DOCID: 3803783
'fOfl SECR'fiiCOMINTi/REL TO US*, /iUS, G\:N GBR, n:p: L. 86- 3 6

worked at night and on the weekends ect. I could hardly wait for morning
by myself in the trailer examining when my colleagues would return. 26
equipment. After we had looked at
all of the crypto gear, we eventually ~L...- lcontinued the story.
.....

made our way to examining the type-


writers. I took a typewriter apart The next morning, Mike,l'--- _
to look at all of the possible places another engineer, and I argued about
where a bug could be inserted. I cre- whether we had an anomaly or a
ated an image of these areas which bugged typewriter. Some typewrit-
enabled me to take fewer but clearer ers had memory now which could
x-rays ofthe important sections. 24 accountfor additional circuits. What
led us to conclude that this typewrit-

EO 1.4. (c) (U//HJU()) Fig. 6. Engineers I . ,1(le./lJ(lltcl


I
uuuuuu

P.L. 86-36 ~isassemblingtypewriter 'P. L. 86-36

er was probably bugged was the loca-


CUI/FOYO) On a Monday evening, 23 July, tion of so many circuits in a\metal
I Inoticed an extra coil on the power bar that went along the length of
switch of an IBM Selectric typewriter. He decided the machine. When our
to x-ray the whole machine from top to bottom. The ..... .... arrived, we informed him
x-rays of the keyboard proved to be very interest-
ing. 2~ ~tated:
and he called in II
and other experts from R9. Deeley
iTiformed the DIRNSA. Now the pace
When I saw those x-rays, my response ofour work really increased. We had
was 'holy.r**'. They really were bug- to thoroughly examine all embassy
ging our equipment. I was very excit- typewriters in the USSR because most
ed, but no one was around to tell the likely there were more bugs. We had
news. My wife was an NSA employee, to educate other U.S. embassy person-
but I could not even tell her because of nel from East Bloc countries on how
the level of classification of the proj- to search for bugs. We also began
P.L. 86-36

Page 10 'fOfl SEC~'f//COMIN'T//ltl:LTO tJ~, lttJ5, 0'rN GER:, NZL


DOClD: 3803783
TOP SECREFffCOMlNT//REL ~O Us-A, kUS, C2\N 68ft:, r,2!:L

the diffieult task ofreverse engineer- handpicked the people to brief President Reagan at
ing the bug to see how it worked. I the White House. R9 grabbed publicity, too."3 0 As
had been discouraging the wide use Count Galeazzo Ciano summed up human nature
of x-rays because we had diffieul- in his diary in World War II, "As always, victory
ty obtaining Polaroid film. Polaroid finds a hundred fathers but defeat is an orphan."
P.L. 86-36
only made about 3,000 sheets offilm
a year. We had used 10,000 sheets -t&) The discovery that the Soviets had bugged
and were having trouble obtaining a typewriter in the U.S. embassy in Moscow did
film. Thank goodness Mike ignored not diminish the level of secrecy surrbunding the
my advice and x-rayed the entire GUNMAN projecd la tech-
machine. There was no way to see nical writer in S64, the Tempest.office, which
that bug without x-rays. 27 was located next to S65, saw large amounts of
equipment going up and down the halL She even
CU//FOU011 lclaimed to have no special helped with the procurement of film and packag-
talent. . ing materials. She learned about the true nature of
the GUNMAN project only after the implant was
I found that bug by luck. After look- , discovered. Even then her sup~fvisor swore her to
..i ng at so many x-rays day after day keep the information secret.
for so many hours, I could easily
have missed it. I'm glad that I saw CU//vOllO) One morniIjg, with no time for
it. I certainly was delighted with the preparation, I r
was told to brief the
$5,000 cash award. 28 deputy director, Robert Rich, on the GUNMAN
l?;L. 86-36
implant. She did the best she could with the brief-
................~ Ibelieved that the GUNMAN expe-
ing, but determined that she would learn as much
rience had an important positive effect on the as possible about the subject. Since the engineers
COMSEC organization. were ve bus with their investi ations
"---_----'soon became the NSA GUNMAN briefer.
Another lesson that GUNMAN taught
us was to expand our thinking. Many ~ While the search for additional bugs con-
ofus in the COMSEC area expected the tinued, the secrecy of GUNMAN remained par-
\\ bug to be in crypto or other COMSEC amount.1 l1?riefed Agency seniors
\~quipment. It ended up being in a about GUNMAN. People wetepriefed one at a time
~pewriter that produced plain text. in an anechoic chamber, which was a soundproof
W~ had to pay more attention to anti-echo room used to conduct techhkal tests. She
plmn text communication devices if reported that the reaction to the news ra:nged from
we were to keep u.s. communica- astonishment to anger. ... ~. L. 86- 3 6
tionsseeure. 29
CUI/Poua) Over time, the need to warn o~ers
(U) ReacticillS to the GUNMAN Find of the Soviet threat grew,and NSA began to brief
other members of the intelligence communIty.
CU/lFaUO)1 I
characterized the Balancing the need for secrecy versus the need to
reaction to the GUNMAN find within the organi- warn a ainst a threat was a difficult task.
zations that had worked on the project as chaotic. ' - - - _....
briefed the GUNMAN project for seven
"Everyone jumped on the bandwagon and wanted years. One of the highlights for her was briefing the
to take credit for the find. Everyone wanted to be on President's Foreign Intelligence Advisory Board.
stage. S65 was pushed into the background. Deeley Normally this task would fall to Agency seniors,

TOP SI!iC~//COMnrr//RliLTO USA, fAUS, Ct~ GBR, n~L Page 11


DOClD: 3803783
't'OP SECM't'f1CO~IIN't'ttML'1'0 US2\:, AUS, CAN 6ftlt, N2';L
'j?L. 86-36

but none were available so she was able to go to neering was very successful. Analysts uncovered
the White House to make the resentation.3 1 numerous characteristics of the implant.
w 0 so wor ed in S64, reported that
he an took a GUNMAN briefing (D) A brief explanation of the general charac-
'. on the road to warn our allies of the Soviet threat. teristics of IBM Selectric typewriters will aid in the
I ~ole was to answer technical questions understanding of how the implant worked. Most
from the audience.3 2 typewriters had metal arms that swung up against
a ribbon to type a letter. IBM Selectrics, however,
(U//POUO) In 1985, when the story of the were unique because they used a round ball with
Soviet bug of U.S. typewriters in the Moscow numbers and letters around the outside surface.
embassy broke on the CBS nightly news, William When a typist struck a key, the ball moved into
Casey, the director of the Central Intelligence position over an inked plastic ribbon and descend-
Agency, was furious. He demanded a list of every- ed to imprint the character onto the paper.
one that NSA had briefed on the GUNMAN project.
I Iwas glad that she was able to supply ~ The lot of equipment from the U.S. embassy
that list. Casey eventually dropped the investigation in Moscow that was shipped back to NSA contained
of the leak because the task of discovery w~s impos- forty-four typewriters, six of which were bugged.
sible. Too many people knew about GUNMAN.33 The first step in evaluating the implant was to com-
I .//
I / pare a bugged with a nonbugged typewriter. As S65
r ,/
(U) Implant Characteristics and R9 personnel disassembled the typewriters
I'P.L.
, '--,
86-36
side by side, they took video and still photography
\':' ..... ~ A discussion arose within the COMSEC of each part to ensure a thorough evaluation. Some
\ ' " organization about whether the GUNMAN bug of the unique characteristics of bugged typewrit-
\" "should be reverse engineered by a contractor or ers were that these typewriters had an additional
\\ bythe organization itself. Engineers such as spring lug and screw; had a modified switch; and
. .mslste t at t ey had the capability to do had modified bails (the official term for bail is
this workl Igained reverse engineering expe- interpose latch) or arms that controlled the pitch
rience at a previous job with Naval Intelligence. 34 and rotation of the ball.
Management sided with the engineers, and reverse
engineering of the GUNMAN bug became an in- ~ Reverse engineering was another example
house project. This was an important decision of how entities within NSA worked in collaboration
because it e:p.abled NSA to learn a great deal about even though they were in different organizations.
the ingenuity of the Soviets and to gain a better Personnel from S65 and R9 divided the reverse
understanding of the threat. This decision also engineering tasks. R9 personnel focused on the
showed that management and subordinates had a operational aspects of the bug. S65 personnel
good working relationship and that subordinates removed the printed wire assemblies and deter-
had initiative. It was an atmosphere that furthered mined the emanation capabilities. Together, S65
the Agency's ability to fully carry out its mission. and R9 personnel drew logic diagrams describing
the circuits. S65 persoimel also trained people from
-t81 NSA analysts left no stone unturned in other agencies to perform visual and x-ray inspec-
reverse engineering the implant. The COMSEC and tions of equipment in the field so that they could
Research organizations 'devoted considerable time look for bugs. This training paid off because seven
and effort into studying all aspects of the bug. NSA additional typewriters in the Moscow embassy and
was determined' to learn from the enemy. As the three typewriters in the Leningrad consulate con-
following discussion demonstrates, reverse engi- tained implants. A total of sixteen bugs were found
in twelve IBM Selectric II typewriters and four IBM

Page 12 '1'01' SECU't'/tCOMIN"f'tiML '1'0 USA, AUS, CAN 8BR, NZL


DOClD: 3803783
'FOP SECRE'FI/COl'lfHffffREL '1'0 US2\:, AUS, CAN 6Bft:, N}l';L

~Fig7
Exploded views
ofbugged power
switch

Selectric III typewriters. Common features were informatiQn as it was being typed. 35 Later battery-
found in all sixteen typewriters: six ferromagnetic powered implants had a test point underneath an
magnetizable bails were replaced with six nonfer- end screw. By removing the screw and inserting a
romagnetic nonmagnetizable bails with a very probe, an individual could easily read battery volt-
strong magnet in the tip; all the typewriters con- age to see if the batteries were still active.
tained a modified comb support bar which housed
the bug; all used burst transmissions at the 30, 60, ~The ingenuity of the Soviets was remarkable
or 90 MHZ range via radio frequency. because they did not merely move from batteries
as a source of power to alternating current. There
-f81 The Soviets continually upgraded and were early versions and later versions of bugs that
improved their implants. There were five varieties used both sources of power. NSA found that the
or generations of bugs. Three types of units oper- first three implants were battery powered. The
ated using DC power and contained either eight, first of these was shipped to Moscow in October
nine, or ten batteries. The other two types oper- 1976, and the other two were shipped in April of
ated from AC power and had beacons to indicate 1977. The first bug that used alternating current
whether the typewriter was turned on or off. Some as its source of power was shipped to Moscow in
of the units also had a modified on and off switch November 1977.The remaining nine machines that
with a transformer, while others had a special were found in Moscow used alternating current
coaxial screw with a spring and lug. The modified as their source of power and were more advanced
switch sent power to the implant. Since the battery- than the first AC-powered bug. Five of the advanced
powered machines had their own internal source of model AC bugged typewriters were delivered to
power, the modified switch was not necessary. The Moscow in February 1982. The remainder were
special coaxial screw with a spring and lug con- delivered in January of 1984.36 The later battery-
nected the implant to the typewriter linkage, and powered bugged typewriters found in the consulate
this linkage was used as an antenna to transmit the

I UP SECRET!! CONIINT11lmL '1'0 US2\:, AUS, CAN 8BR, N~L Page 13


DocrD: 3803783
TOP SI!:CtmT//COMINT7'/'ti:L T6 USi\, AU'S, CAN 6BR, NZL

in Leningrad were shipped in April of 1977 and the paper, and thus determine which
March of 1982. 37 character had been tappedAt./ P . L. 86- 3 6

~ All of the implants were quite sophis-


ticated. Each implant had a magnetometer that
-tsJ1 1an~~~i:"7lJ the COMSEC
organization, who was involved hi reverse engineer-
converted the mechanical energy of key strokes ing the GUNMAN bug, explainyd that the press had
into local magnetic disturbances. The electronics a good idea, but it was inaccutate: "IBM Selectric
package in the implant responded to these distur- typewriters used a spinning ball to get the right
bances, categorized the underlying data, and trans- character on the paper. The bug was not based on
mitted the results to a nearby listening post. Data sound or timing. "1 lfurther~laborated: "The
were transmitted via radio frequency. The implant Soviets were very good with m~tal. Housing the
was enabled by remote control. 38 Another advan- bug in a metal bar was ingenious. The bar was dif-
tage of these bugs was easy installation. Engineers ficult to open and it really concealed the bug from
estimated that a skilled technician could install inspection."42 1 ran engineer from
an implant in a typewriter in a half hour. 39 The R9 who also worked on this project, agreed:
integrated circuits were very sophisticated for that
time period. The circuits contained one bit core To the naked eye, the bar looked like
memory, an advancement that NSA engineers had a single unit. You could not see that
never seen. 40 it could be opened. The use of low
power and short transmission bursts
(U) When the press learned that the Soviets also made it d@cult to detect this
were bugging typewriters in the U.S. embassy in bug. The bug contained integrated
1985, reporters tried to describe the characteristics circuits that were very advanced for
of these bugs. One of the more technical explana- that time period. The implant was
tions appeared in the June 1985 edition of Discover really very sophisticated. 43
magazine. How accurate was that description?
The discovery of this bug by NSA technicians
(U) In an article entitled "Tapping the Keys," a was a significant technical achievement.
bugging expert offered the following explanation of
the Soviet bug: (U//FOUO~ The press did not understand the
level of sophistication of the GUNMAN bug. For
The Soviets must have taken advan- instance, an article from Time magazine speculated
tage of the way the Selectric types. "the Soviets somehow encoded the machine's typ-
A metal ball covered with charac- ing function, giving each character a distinguishing
ters spins so that the appropriate electronic or magnetic signature."44
character strikes the paper and then
spins back to its starting point. The ..(T~//se In reality, the movement of the bails
time it takes to accomplish the rota- determined which character had been typed
tion to each letter is different. A low- because each character had a unique binary move-
tech listening device planted in the ment corresponding to the bails. The magnetic
room could transmit the sounds of a energy picked up by the sensors in the bar was
typing Selectric to a computer. The converted into a digital electrical signal. The signals
computer could then easily measure were compressed into a four-bit frequency select
the time intervals between each key word. The bug was able to store up to eight four-bit
stroke and the character being put on characters. When the buffer was full, a transmitter

Page 14 'fOp SERirrf/O~IIN'Fi/RL'1'0 USh, AUS, CltN GBR, N1iL


DOCID: 3803783
TOP SEeRTffcOMI~//REL'fO US*:, AUS, C1\ff fiSK:, N2':L OGA

in the bar sent the information out to Soviet sen-


sors.

(T//I) There was some ambiguity in deter-


mining which characters had been typed. NSA
analysts using the laws of probability were able to
figure out how the Soviets probably recovered text.
Other factors which made it difficult to recover
text included the following: The implant could not
detect characters that were typed without the ball
moving. If the typist pressed space, tab shift, or
backspace, these characters were invisible to the
implant. Since the ball did not move or tilt when
the typist pressed hyphen because it was located at
the ball's home position, the bug could not read this
character either. 4 5

(U) Damage Assessment

(~ Despite the ambiguities in knowing what


characters were typed, the typewriter attack against
the U.S. was a lucrative source of information for
the Soviets. It was difficult to quantify the damage
to the U.S. from this exploitation because it went on
for such a long time. The FBI examined typewriter
inventory records to determine when the sixteen
bugged machines arrived at the Moscow embassy
and the Leningrad consulate, where the typewrit-
ers were located in each facility, and to whom they (U) A Cunning Enemy
were assigned. The FBI was unable to uncover the
answers to these questions for several reasons. The ~ Why did the U.S. fail to detect bugs in its
State Department had a policy at both the embassy typewriters for so long? One ofthe main reasons the
and consulate of routinely destroying records every bugs remained undetected for approximately eight
two years. State Department personnel normally years was that the U.S. used outdated and inappro-
rotate to new assignments every two years so priate techniques and equipment when conducting
responsibility for procurement of typewriters and inspections and made mistakes in analysis. Another
inventory controls and maintenance changed fre- important reason was that the Soviets proved to be
quently. There was no continuity of procedures for a cunning enemy. Much of the equipment used by
inventory contro1. 46 U.S. Technical Security Countermeasure (TSCM)
teams dated back to the 1950S. The GUNMAN
device used burst transmissions that were so short
the signal disappeared from the spectrum before it
could be recognized by the older spectrum analyz-
ers used by the TSCM teams. Burst transmissions
also occurred intermittently due to the speed of the
typist. Since the devices were remotely controlled,
OGA

TOP SEeRET//eO:i\H~ffRL'fO US",,-, ADS, CAN GBR, Ni'iL Page 15


DOCID: 3803783
IOF SECImT11CtlMIt'V'f'11ItEL '1'0 US2\:, AUS, CAN 6BR, ~L

the Soviets could turn them off when inspection fied information. Manual typewriters that were to
teams were in the area. Newer spectrum analyzers be used for the processing of classified information
had memory and could integrate energy detected were to be shipped from Moscow to other Soviet
over a period of time. Newer analyzers may have embassies only in diplomatic pouches. When these
detected the GUNMAN device, but there would typewriters were not in use at the various embas-
OGA
have to be an element of luck. When using the sies, they were to be stored in sealed containers. 49
spectrum analyzer, the typewriter would have to
be turned on, the bug would have to be on, and
the analyzer would have to be tuned to the right
frequency range.

~ The design of the GUNMAN bar indicated


that the Soviets had knowledge of techniques used
by American TSCM teams when inspecting facili-
ties. For instance, the Soviets must have known Despite these indications of Soviet exploitation of
that the U.S. used nonlinear detectors "t>ecause typewriters, the U.S. Department of State took no
the GUNMAN device was designed to filter out action to protect its typewriters. 50
frequency harmonics, which is an integral part of
what a nonlinear detector is searching for. The (~ Some consolation from the U. S perspective
Soviets also used snuggling techniques to hide the was that there was no indication that a U.S. person
transmission of the bug in the noise of the trans- was involved in the GUNMAN attack. The implant
mission of television stations. They deliberately devices were most likely installed by the Soviet
set the devices in the same frequency band as their Intelligence Service when the typewriters were
television stations so that U.S. analyzers would under the control of Soviet customs officials before
miss the transmissions. they reached their destination at the embassy or
consulate.510 1
~2
(~Once the GUNMAN bug was discovered,
it became clear that some U.S. analysts had mis-
interpreted clues over the years. In 1978 inspec-
I These
facts do not diminish the ingenuity and. deter-
tors found an antenna in the chimney in the U.S. mination of the Soviets. As DIRNSA LTG Faurer
d EO 1. 4. (c)
embassy in Moscow. The intelligence community expIame : P . L . 8 6- 3 6
was never able to figure out the purpose of that
antenna. Typewriters were examined in 1978, but I think people tend to fall into the
the technician did not find any bugs. The techni- trap of being disdainful too often of
cian assumed that if a modification had been made their adversaries. Recently, we tend-
to a typewriter it would be in the power structure. ed to think that in technical matters
Therefore, he took x-rays of only the start capacitor we were ahead of the Soviet Union
and switch and the motor. In 1978 the source of - for example in computers, aircraft
power for the implants was batteries so no changes engines, cars. In recent years, we
were made to the power structure of the typewriter. have encountered surprise after sur-
Technicians missed the bugs. prise and are more respectful. Most
folks would now concede that they
~l r have enormously narrowed the gap
I I the SOViets exercised great caution With and have caught us in a number of
their own electric typewriters. They prohibited places. 53
their staff from using electric typewriters for classi-
OGA

Page 16 TtlI' SECImT11CtlMIN't'11ImL't'tl usn, kUS, i\N 8BR, Ni'iL


DOCID: 3803783
'fOY SECRffCOMIN'fffRL '1'0 USA, A-US, G\N GGR, mL
P.L. 86-36

(U)GUNMAN Impact due to a lack of cooperation between the various


segments of the intelligence community. The con-
~ The GUNMAN project had a major impact gressional committees on intelligence oversight
on the intelligence community as a whole. It brought threatened to reorganize the technical security
about a greater understanding of the thinking and countermeasures organizations within the various
operations in a.totalitarian society. The community agencies to bring about coordination and reduce
became more aware of the hostile electronic threat duplication of effort. The Senior Interagency Group
against the U.S. NI rxplained, "If any for Intelligence was formed to avoid congressional
other agency such as CIA or the State Department action. This body attempted to get the agencies to
had discovered the bug, this change would not have work together, but they found it difficult to share
occurred because they would not have publicized information with each other. Both the CIA and the
the incident." NSA, however, briefed all levels of FBI reorganized and upgraded their technical secu-
government to warn them of the danger. NSA was rity organizations. 57
not out to assess blame; it took the problem-solving
approach. 54 fBj-GUNMAN had a long-term positive effect
on the State Department's policies and procedures
~ The State Department had a lax attitude for shipping plain text processing equipment. In
toward embassy security in part because they 1988 the State Department built the facility to
viewed the relationship with other countries in inspect and package all plain text processing equip-
a different light. Diplomatic staff were guests in ment that is shipped overseas. This facility is still
other countries, according to the State Department. in operation today. The Department also main-
State had a mindset of developing relationships tains a list of preferred items that will enhance
and learning the culture; security was not their top security.5 8 In comparison to the rest of the intel-
emphasis.55 ligence community, many people believe that the
State Department has the best security measures
CU) When the GUNMAN story broke in the today for protecting unclassified equipment that is
press, the State Department was forced to take shipped abroad. P. L. 86- 3 6
security more seriously. The Bureau of Diplomatic
Security of the U.S. State Department and its t&) GUNMAN also hacisorile positive effects on
Diplomatic Security Service CDSS) were estab- NSA. As! Ian
engineer in the research
lished officially on 4 November 1985. This bureau's and development organization during the time of
purview covered all aspects of the security needs GUNMAN, explained:
for the department, for its facilities at home and
abroad, and for its employees and their fami- Before 1984 the community did not
lies. The importance of the new organization was believe NSA and its abilities. As a
indicated by making its head an assistant secretary result ofthe 1984 work on GUNMAN,
of state. 56 the stature ofNSA in terms ofdealing
with the embassy security communi-
t8t Numerous panels were formed to investi- ty changed radically. We became the
gate not only how and why the Soviets were able voice to listen to, and I'm very proud
to bug embassy typewriters, but also all areas of ofthat. 59
embassy security. These anels made numerous
recommendations.

Only
"-----.....,,""':"'l"'"-----'l"""":'.,.....---.,.....""""l"'----' -"i.

some of the recommendations were implemented


OGA

'f'Ot' SECltE'f'jjCOMIN'f'jjltEL '1'0 US7\:, AUS, CAIq- 66ft:, r~L Page 17


OGA
DOCID: 3803783
'fOF SECR:E'f//COMIN'f'jjItEL '1'6 tfSA, A:tf~, elm' GlUt, N2'.:L

II embassy,] I
1
L...- ----J----------.... NSA had its own program to protect keying mate-
rial and equipment, but it was small in comparison
P.L. 86-36
f8t Plans that had been stalled were imple- to t h e CIA program. OCiA
mented because of GUNMAN. For instance, the
National Security Council promulgated National E&) Because of the GUNMAN revelations
Security Decision Directive (NSDD) 145. This direc- and other compromises, such as the Walker spy
tive, signed on 17 September 1984, made DIRNSA ring, NSA expanded its anti-tamper program.
the national manager for telecommunications and Customers were more receptive to using these
automation information systemss~curity.61 solutions because they recognized the security
P. L,S6-36
threat. Technicians at NSA, such as
(~) After the GUNMAN revelations, sever"il invented new
"-----:----~-.;----.:---:------.;-~
changes came about within the COMSEC orga- anti-tamper technologies such as holograph and
nization at NSA. While the GUNMAN discov- prism labels that could not be easily duplicated
ery was not the only cause for these changes, by an adversary who tried to remove them from a
it certainly influenced their implementation. In package. 64 On 1 May 1989, in recognition of both
1985 the name of the COMSEC organization was the growth and importance of these technologies,
changed to the Information Security (INFOSEC) the INFOSEC organization consolidated all of its
organization. 62 Information security denoted an anti-tamper programs into a new separate division,
expansion of responsibilities for the organization. Y26, the Protective Technologies Implementation
The organization had more to protect than just the Division. 65 In recognition of the need to train cus-
transmission of information. This name change tomers in the proper use of tamper technologies,
also reflected the greater awareness of the need to a separate awareness and education branch was
protect plain text information and the intention of established within the division. Prior to the forma-
the DDI to place greater emphasis on the protec- tion of this branch, technologies were provided to
tion of plain text. NSA management reorganized the customer without any emphasis on their proper
the INFOSEC organization to better handle its use~ Iwho worked as a chemist
information security responsibilities. For instance, in vanous technology tamper programs, reported
the organization became more involved in tech- on a visit that she made to seea.customer on the
nical security countermeasures. The Technical USS Witman in the spring of 1984:
P.L. 86-36
Security Engineering Center, X3, created on 14
May 1986, became responsible for advanced tech- I asked the COMSEC custodian where
nology development, fabrication security - the he stored the keying material. He
security of equipment as it is being built - techni- showed me the plastic bags that had
cal security, and facility evaluation. Plans called for contained a tamper-proof canister.
X3 and R9, which was responsible for the exploita- He praised the use ofthe plastic bags
tion of the adversary's communications, to jointly and said they were great for storing
conduct facility evaluations. NSA hoped to improve fish bait. To my horror, the fellow
technical security through this more coordinated was removing all of the key from
approach. 63 the canister which was intended for
key storage. Instead of removing
00 In the late
197()S,1 I only the key neededfor that day, he
came to NSA fromClA to start an anti-tamper was taking it out all at once, which
technology program. In the spring of 1984, when totally eliminated the tamper protec-
NSAseI1f replacement equipment to the Moscow
P.L. 86-36
OGA

Page 18 'fOF SECIffi'f//COMIN'fffREL 'fO US1\:, *US, OAN GBR, Ni!iL


OOClO: 3803783
TOP SI'JCR:ETjfCOl\HN'Fh'RL 'FO USA, ~ CAN 68ft:, flW)L

tion. Without training, what could I lin exploiting crypto communications.


we expect? 66 More Agency personnel gained expertise in reverse
engineering, and there was a greater appreciation
Because of these developments, NSA became a of the benefits of these techniques. NSA placed
leader in technical security. greater emphasis on the development of anti-tam-
per solutions to protect equipment, and customers
(U) Conclusions were more interested in using these technologies.
NSA learned valuable lessons from the enemy.
+8) From approximately 1976 to 1984, the
Soviet Union used electromechanical implants to ftB As a result of GUNMAN, NSA gained a
gather information from typewriters located in the stronger reputation as an expert in technical secu-
U.S. embassy in Moscow and the U.S. consulate in rity within the U.S. government. Consequently,
Leningrad. Project GUNMAN was NSA's plan to NSA was called upon to evaluate facilities and to
remove communications and information process- provide advice to other segments of the govern-
ing equipment from the U.S. embassy in Moscow ment.
and bring it back to Fort Meade. Phase two of the
project was to thoroughly examine each piece of E&) The GUNMAN incident had the greatest
equipment in search of a bug. GUNMAN was well impact on the Department of State. Because of
planned and well executed. Within five months GUNMAN and other security problems, the State
ten tons of equipment was procured and delivered Department developed better security policies and
to the embassy without interruption to embassy procedures, especially in the areas of inspection
operations. Eleven tons of equipment was brought and shipment of equipment. These practices are
back to Fort Meade, and the first bug was discov- still in effect today.
ered on 24 July 1984. NSA managers were able
to move a large bureaucracy into action to meet a ~ GUNMAN did not have as much of an
major threat to u.s. security. The actual discovery impact on the rest of the intelligence community.
of the bug demonstrated the talent of NSA techni- Individual agencies upgraded their own technical
pn.~~D~'l~Tcularl~ I security efforts, but the intelligence community
did not work cooperatively or share information.
CU) Eight months after the GUNMAN discov- There was a great flurry of investigations in which
ery, the story broke in the press. By highlighting the U.S. attempted to learn from the Soviets. The
the damage, press coverage helped to focus the question was not did we learn from the enemy, but
attention of the U.S. government on improving the how long will the U.S. government and the intel-
security of its information. The press did not fully ligence community remember the lessons that they
understand the level of sophistication of GUNMAN learned from the GUNMAN project?
technology. They also did not appreciate the effort
and talent used to discover the bug. CU) Although the GUNMAN discovery occurred
over twenty years ago and the Soviet Union was dis-
~ The GUNMAN experience had many posi- solved in 1991, the GUNMAN story is still relevant
tive effects on the Agency. NSA elements shared for the intelligence community. GUNMAN illus-
information and worked more cooperatively. The trated what can happen when we underestimate
COMSEC organization gained a deeper appre- the capabilities of an adversary. It also highlighted
ciation of the ingenuity of the Soviets and thus a the need for vigilance in maintaining security.
greater understanding of the threat to U.S. commu-
nications. GUNMAN demonstrated that the Soviets
wer~D!nterested\ \

OGA
TOP SECR:ETjfCOl\'IIm//R:EL TO Ut~M:, hUS, CAN GBR, N2JL Page 19
EC[):O[:.]f): 3803783
f.L. 86-36
OGA '1'01' SEetffi't'l/eO~IIN't'//tffiL'1'0 USA, AUS, CAN 8BR, N~L
!.f.L. 86-36

(U) Acknowledgements 11. (U//OOUO)I Ni~ject GUNMAN:


After the Smoke Cleared." November 19~6, 10-11. (NSA
CD) I wish to acknowledge the men and women Archives, accession number 46286) . \,
of NSA who graciously and enthusiastically 12. (U/;,FOUO) S65 COMSEC ,P\~ndards and
described their experience with Project GUNMAN. Advanced Technology Division, Evalu~ti?n of Project
I also appreciated their patience and willingness GUNMAN, 28 January 1985. (NSA Arclll~~' accession
to explain technical details of the project. This number 49509)
publication would not have been possible without 13 (Ut1FOU01 t'PrbjectGUNMAN:
their assistance. After the Smoke Cleared." November 1986\,14. (NSA
Archives, accession number 46286) . \ \\\
CD) I also wish to acknowledge the technical 14. (U/;,FOUO) The COMSEC OrganiZationl NSA, A
director of the CCH and the editorial staff for their Special Report to the U.S. Congress: Project GIJNMAN.
guidance and assistance. They greatly enhanced March, 1985, "Background." (NSA archives, ~ccession
the clarity and readability of the manuscript. number 48399)
15 (u/lpeUO) Oral Histo r:--..::..:;.._..:.:.a..,...................- ....
(U)Notes Interviewers: Tom Johnson an -....._-_ ....
1. (U) Transcript, CBS Nightly News. M,arch 25, Cryptologic History) \ \
1985 16. (U//FOUO) Oral History 2007-20, R()b~rt
2. (U) George F. Kennan, Memoirs: 1950 to 1963. Surprise; Interviewers: Linda Murdock and Sh~rQn
(New York N. Y.: Pantheon Books, 1972), 152-157. Maneki. (Center for Cryptologic History)
3. (U) Transcript, CBS Nightly News. March 25, 17. (U/fFOUO) Oral Histo 200-2
1985. nterviewers: Linda Murdock and Sharon Maneki.
4 -ffflr (Center for Cryptologic History)
ral Histo 2006- 8
L..-_--J
Interviewers: Linda Murdock and
1 1- Maneki. (Center for Cryptologic History)
1.-..~5.l('(u~/+/F~OgUgfO~~Co>rraialiiHIiiSstt<orrryVI.19[}<9~8~177.,ILTG
Lincoln D. 19. (UI/FOUO) Oral Histo 200 -06
Faurer; Interviewer: Tom Johnson. (Oral history inter- ....._ _...1 Interviewers: Linda Murdock and Sharon
views are kept at the Center for Cryptologic History.) Maneki. (Center for Cryptologic History)
6. (UI/FOUO) the COMSEC Organization, NSA, A 20. (UI/FOUO) S65 COMSEC Standards and
Special Report to the U.S. Congress: Project GUNMAN. Advanced Technology Division, Evaluation of Project
March, 1985 "Background." (NSA Archives, accession GUNMAN. 28 January 1985. (NSAArchives, accession
number 48399) number 49509)
7. (UI/FOUO~ t'Project GUNMAN: 21. (U ) Oral History 2006-17
After the Smoke Cleared." NoveI9ber 1986, 7-8. (NSA Interviewers: Linda Murdock and Shar.pn
Archives, accession number 462?6) L...:-M~an-e':'"'ki:-.~(Center for Cryptologic History) ii

8. (UI/FOUO) Oral History 1998-17, LTG Lincoln 22. (U/tOUO) I I


telephone~nversa-
D. Faurer; Interviewer: Toryi Johnson. (Center for tion with Sharon Maneki, 18 December 2006:
Cryptologic History) / 23. (UI/FOUO) Oral-History 1998-14,1.........- - - -
9. (UI/FOUO) Oral/History 1996-3, Interviewers: Tom Johnson andl .. ...rCenter
Interviewer;' Tom Johnson. (Centerfor for Cryptologic History) ! ii /
~Cryp~-t-o:-lo-gI:-c-H...Iistory) ii /./ 24. (UI/FOUO) Oral History 'Z,007-07,
(UIIFOUO) OralHisto~ 1998-141
10. / I Interviewers: Linda Murdock and
Interviewers: Tom Johrt~on a~{ tcenter for ~S~h-ar-o-n-M-a-ne~ki~-.(~Center for CryptoJ6gicHist6ry)
/::, .
Cryptologic History) i i / : / P.L. 86-36

P.L. 86-36

Page 20 TOY SECRfffffCOMINT//REL TO USA, AUS, CAN 8BR, 1'i~L


DocrD: 3803783
P.L. 86-36
L. 86-36
TOP SECRET/lCOMHffffREL TO USfl, AUS, C:t\:N GBR:, N~L

25. (U//fOUO) Oral Histo 2006-1 42. (UI/FODO) Oral History 2006-47,
Interviewers: Linda Murdock and Interviewers: Linda Murdock and Sharon
a.,.~..,......~ '------'
'. '. (Center for Cryptologic History) Maneki. (Center for Cryptologic History)
26.. . (Ui/FOUO) Oral Histo 200-0 43. (Ul/FOVO) Oral History 2008-79,
Interviewers: Linda Murdock 00 ey an S aron Mane
. ~:-----.,---=~
Sharon Mapeki. (Center for Cryptologic History) en er for Cryptologic History)
,..-----,
27. ( J Oral Histo 2006-1 44. (U) Time, 8 April 1985, "A Deadly Serious
""'--_ _....... Interviewers: Linda Murdock and Sharon Game."
Maneki. (CenterJor Cryptologic History) 45. (U//FOUO~ "GUNMAN Text Recovery from
28. (Ur:/FOO:(7) Oral Histo 200-0 IBM Selectric III Typewriters." C Expository Report
interviewers: Linda Murdock and NO.18-91, 19 July 1991. (NSA Archives, accession num-
... '":::":""""--:-:~-;-:--}
Sharon Maneki. (Center for Cryptologic History) ber 49509)
~----.
29. ( Oral Histo 2006-1 46. (U) "Parting Shot: Espionage Russia." (Federal
Interviewers:\Linda Murdock and Sharon Bureau of Investigation) March 15, 1985, 2. (NSA
L......,-~~~
Maneki. (Center for Cryptol()gic History) Archives, accession number 49509)
30. (U//FOUOj Oral Histo 200 -06 47. (U) Report on the GUNMAN Project by a
.1.---- Interviewers: Linda Murdock and Sharon
Maneki. (Center for Cryptologic History)
Damage Assessment Team of the Department of State.
July 11, 1985.
31. (U Oral Histo\ 2006- 48. ~Jr-----------
....... ...J Interviewers: Lin~a Murdock and
Sharon Maneki. (Center for Cryptologlc History)
32. (UjfFOUOj Oral History 1998-15~ I 49 (U//FOU01 rProject GUNMAN ~
Interviewer: Dr. Thomas R. Johnson. (Center for After the Smoke Cleared." November 1986, 19-21. (NSA
Cryptologic History) Archives, accession number 46286)\.
33. (Uf/FOUO) Oral Histo 2006-0, 50. (UI/FOUO)I ~~:T4e Legacy of
nterviewers: Linda Murdock GUNMAN." (briefing to the NSA workforce},fNovember
L..",.....---:-::---;-:....
S aron Maneki. (Center for Cryptologic History) 2000. (NSA archives, accession number 49509)
. U Oral Histo 2006- r - - - - - . , 51. (U) "Parting Shot: Espionage Russia." "(F~eral
Interviewers: Linda Murdock and Sharon Bureau of Investigation) March 15, 1985, 10. (N,SA
'-M:-:-a-n-eki;-:"'".'~(C":!!:'enter for Cryptologic History) Archives, accession number 4 9 5 0 9 ) / .... iP L . 86-36
35. (U) S65 COMSEC Standards and Advanced 52. (U//FOUO~ 1"Pf6Je~tGUNMAN:
Technology Division, Evaluation of Project GUNMAN. After the Smoke Cleared." Novem~er 1986, 40. (NSA
28 January 1985. (NSA Archives, accession number Archives, accession number 46286)
49509) 53 (U) Ronald Kessler, Moscow Station: How the
36. (U) ''Twelfth Interim Analysis Report on the KGB Penetrated the American Embassy. (New York,
GUNMAN Find." 18 October 1984. NY: Macmillan Publishing Co., 1989), 97.
37. (U) "Thirteenth Interim Analysis Report on the 54. (Ui/FOUO) Oral History 1998-~5~r---------'1
GUNMAN Find." 25 October 1984. Interviewer: Dr. Thomas R. J()hrison. (Center for
38. (U) "Sixth Interim Analysis Report on the Cryptologic History) ,
GUNMAN Find." 6 September 1984. 5 . ( OralHi~to 20
39. (U) "First Interim Analysis Report on the Interviewers; Linda Murdock and Sharon
GUNMAN Find," no date. M-an
L.- - eki
--.-(Cented6;'Cryptologic History)
40. (U//FOUO) Oral Histo 200 -0 r-----, 56. (U)J:{~raig Barker, The Protection ofDiplomatic
L..- ..."Interviewers: David Cooley and Sharon Pers?T.tnel, Chapter 1. (Burlington, Vermont: Ashgate
Maneki. (Center for Cryptologic History) Publishing Co., 2006) EO 1.4. (c)
41. (U) Discover, June 1985. "Tapping the Keys." !// P. L. 86- 3 6
P.L. 86-36 OGA

TOP SECRFffCOMINF//~LTO USA, l'.zUS, Gy;r GlUt, ~~1. Page 21


DOCID: 3803783
'f'OP SECltE'f'11COMfN'f'I/KEL '1'0 US*:, AUS, C2\N 6BR, NZL

57 (UI/ FOUO l I "Project GUNMAN:


After the Smoke Cleared." November 1986,23-25. (NSA
Archives, accession number 46286)
58. (U) Oral History 2007-18,
r---"';""'---...,
Interviewers: Linda
~M:-:-u-rd~o-c~k-an-d7""::S~h-a-ro-n""""':'M"':'a-n-e"';'ki-:-.~(Centerfor Cryptologic
History)
. U Oral Histo 200-
Interviewers: Linda Murdock and
~M~an-e"""".(Center for Cryptologic History)
60. (U//FOuol IC0I'I'~spondence
bye-mail with author.
61. (U//OUOf-------,~"l?roject?UNMMl':
After the Smoke Cleared." November 1986, 37; (NSA
Archives, accession number 46286)
62. (U//FOUO) Organization Audit Trail Database :';.
P.L. 86-36
(OATS).

Afte~3~~/~:~:O~leared.9S NovemJ;ro;:;~~~~~
Archives, accession number 46286)
64. (U//FOUO) Oral History 2006-17,
(e-mail attachment to transcript.) Interviewers:
L..,,-~--'
Linda Murdock and Sharon Maneki. (Center for
Cryptologic History)
65. (U//FOUO) Organization Audit Trail Database
(OATS)
66. (U//FOUO) Oral Histo 200-2
Interviewers: Linda Murdock and Sharon
ane . Center for Cryptologic History)

Page 22 TOP SECRETf/COl\HNTf/REL TO USA, AUS, CMl GBR; NZ3L


DOClD: 3803783
J:QP ~JAC~J://CQ~41Nf//~LTQ USh, t'..US, CAN GBa, P't~L

(U) Index
r.L. 86-36

\A delivering to embassy 6
inspection process 8-9
\. acquiring replacement equipment 5 preparing for shipment 5-6
\I 18 replacement process 7-8
f. anti-tamper technology program 18
F
~.. ..
I approval of prolect GUNMAN plan 4
~~ \10_~~ Faurer, General Lincoln 2-3, 16
Federal Bureau ofInvestigation (FBI) IS, 17
Foreign Intelligence Advisory Board IIEO 1. 4. (c)
B
17
I tEO 1.4. (d)
P.L. 86-36
G P.L. 86-36 OGA

CJwens. i 1 P,1O
0 Great Seallmplant example
12, 14, 18
, u. nt H
Bureau of Diplomatic Security 17
Harriman, Averell 1

r
Hartman, Ambassador Arthur 7

~4,7 I
Casey, William 4,12 <OGA IBM Selectric typewriters
cash bonus, offered for bug discovery 9, II .. acquiring replacements 5
CBS news report 1-2,12 ../ characteristics of 12, 14
Central Intelligence Agency (CIA)I / / / r implant discovery 10
Cold War 1 / 1 , . 0 ~--- implant operation 14
COMSEC organization 1 8 / impact of GUNMAN 17-19
COMSEC Standards angAdvanced Technology Division 8 implant
I IS characteristics 12, 14
con ressional investigations 17 EO 1. 4. (c) discovery of 8-11
15 P. L. 86- 3 6 reasons undetected 15-16
Information Security (INFOSEC) 18
D inspecting equipment 9
5 inventory of embassy equipment, laci<,oL'Eo 1. 4. (c)

;-. :~ :.l;}~ :; .:t~ : .:~ : . e~:; t~: . : .: ~ ;, : .;,il. ~:. ;: ~.: ; N:. le.:; :. ~:. (": D .;s~:';S~ " : 17:. . ~GB ~:~ 6~~~
1

.....,t ... 3, 15'\6 .....J///// .:

discovery of implant 8-11 ~ 12-3 P. L. 86-36


OGA
E
Ir-M-----118/,/
Eagleburger, Lawrence 4
/1
employees, U.S. embassy 7
III 1
.....--;"""'""_-----,1 3 P.L. 86-36
media coverage 1-2, 12, 14
equipment
acquiring replacements 5 "'" -

P.L. 86-36

I UP SELKE I 77COMIN'T//ImL 'f'0 US1\:, 1\US, CAN GBa, N~L Page 23


DOCID: 3803783
TOP SECRT/lCOi\IINF/lREL TO US*, AUS, &iN GBR, UZL
\p .L.
.... 86-36

N TSCM. See U. S. Technical Security Countermeasure

National Secl,lrity Council 3, 18 u


National Security Decision Directive (NSDD) 145 18
...
Union of Soviet Socialist Republics (USSR)
o eavesdropping techniques 2
espionage examples 1
OPS 3 building 9 KGB 3,15-16
p NSA concerns about alerting 5
Soviet Intelligence Service 16
...
packaging, tamper-proof 5-6 U.S. embassy in Moscow 6-8
I p2 U.S. Technical Security Countermeasure (TSCM) 15
plam text 11 ...
. plan to remove equipment 3 w
.. Poindexter, Admiral John 4 ....... Weinberger, Caspar 3
Polaroid film shortage 11 I 13-4
power switch 13
preparing equipment for shipment 5-6 X
1 1 18 X3 18
Protective Technologies Implementation Division 18
x-ray technology, use of 5,9-10, 12
R
y
R9 3,10-12,18
radio frequency 13 Y26 18
reactions to implant discovery II
Reagan, President Ronald 3-4, 11
replacing equipment 4, 7-8
. reverse engineering 12

[ ~-;~, 17
S
S64 11-12
S65 5,8-9,11-12
S651 5
S building 9
Schultz, Georg~ 4
security during equipment shipment 6
Senior Intera ency Group for Intelligence 17
16

,
<.

T
T2 5
TlOOZ teleprinters, implants placed in 2-3
tamper detection devices 5
Technical Security Engineering Center 18
T Motor Pool 5

l
Page 24 ~OF' SE~~//OMIN"f'i/ltl:L~O USA, AUS, CAr, 6ftlt, NEt

You might also like