Home » important » U.S. spies seeking to retrieve cyber weapons of Russia
U.S. spies seeking to retrieve cyber weapons of Russia

U.S. spies seeking to retrieve cyber weapons of Russia

After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials.

The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.

Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.

The Central Intelligence Agency declined to comment on the negotiations with the Russian seller. The N.S.A., which produced the bulk of the hacking tools that the Americans sought to recover, said only that “all N.S.A. employees have a lifetime obligation to protect classified information.”

The negotiations in Europe last year were described by American and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian. The United States officials worked through an intermediary — an American businessman based in Germany — to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. American intelligence agencies spent months tracking the Russian’s flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said.

The N.S.A. even used its official Twitter account to send coded messages to the Russian nearly a dozen times.

The episode ended this year with American spies chasing the Russian out of Western Europe, warning him not to return if he valued his freedom, the American businessman said. The Trump material was left with the American, who has secured it in Europe.

The Russian claimed to have access to a staggering collection of secrets that included everything from the computer code for the cyberweapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump consorting with prostitutes in a Moscow hotel room in 2013, according to American and European officials and the Russian, who agreed to be interviewed in Germany on the condition of anonymity. There remains no evidence that such a video exists.

The Russian was known to American and European officials for his ties to Russian intelligence and cybercriminals — two groups suspected in the theft of the N.S.A. and C.I.A. hacking tools.

But his apparent eagerness to sell the Trump “kompromat” — a Russian term for information used to gain leverage over someone — to American spies raised suspicions among officials that he was part of an operation to feed the information to United States intelligence agencies and pit them against Mr. Trump. Early in the negotiations, for instance, he dropped his asking price from about $10 million to just over $1 million. Then, a few months later, he showed the American businessman a 15-second clip of a video showing a man in a room talking to two women.

No audio could be heard on the video, and there was no way to verify if the man was Mr. Trump, as the Russian claimed. But the choice of venue for showing the clip heightened American suspicions of a Russian operation: The viewing took place at the Russian Embassy in Berlin, the businessman said.

Mr. Shearer’s efforts grew out of work he first began during the 2016 campaign, when he compiled a pair of reports that, like the dossier, also included talk of a video and Russian payoffs to Trump associates. It is not clear what, if anything, Mr. Shearer has been able to purchase.

Before the Americans were negotiating with the Russian, they were dealing with a hacker in Vienna known only to American intelligence officials as Carlo. In early 2017, he offered to provide them with a full set of hacking tools that were in the hands of the Shadow Brokers and the names of other people in his network, American officials said. In exchange, he wanted immunity from prosecution in the United States.

But the immunity deal fell apart, so intelligence officials decided to do what spies do best: They offered to buy the data. That is when the Russian in Germany emerged, telling the Americans he would handle the sale.

Like Carlo, he had previously dealt with American intelligence operatives, American and European officials said. He served as a fixer, of sorts, brokering deals for Russia’s Federal Security Service, or F.S.B., which is the successor to the Soviet K.G.B. American intelligence officials said that he had a direct link to Nikolai Patrushev, a former F.S.B. director, and that they knew of previous work he had done helping move illicit shipments of semiprecious metals for a Russian oligarch.

By last April it appeared that a deal was imminent. Several C.I.A. officers even traveled from the agency’s headquarters to help the agency’s Berlin station handle the operation.

At a small bar in the former heart of West Berlin, the Russian handed the American intermediary a thumb drive with a small cache of data that was intended to provide a sample of what was to come, American officials said.

Within days, though, the deal turned sour. American intelligence agencies determined that the data was genuinely from the Shadow Brokers, but was material the group had already made public. As a result, the C.I.A. said it would not pay for it, American officials said.

The Russian was furious. But negotiations limped on until September, when the two sides agreed to try again.

Late that month, the American businessman delivered the $100,000 payment. Some officials said it was United States government money but routed through an indirect channel.

A few weeks later, the Russian began handing over data. But in multiple deliveries in October and December, almost all of what he delivered was related to the 2016 election and alleged ties between Mr. Trump’s associates and Russia, not the N.S.A. or C.I.A. hacking tools.

In December, the Russian said he told the American intermediary that he was providing the Trump material and holding out on the hacking tools at the orders of senior Russian intelligence officials.

Early this year, the Americans gave him one last chance. The Russian once again showed up with nothing more than excuses.

So the Americans offered him a choice: Start working for them and provide the names of everyone in his network — or go back to Russia and do not return.

The Russian did not give it much thought. He took a sip of the cranberry juice he was nursing, picked up his bag and said, “Thank you.” Then he walked out the door.