Promisgate: World's longest spy scandal still glossed over
By David Dastych
Tuesday, January 31, 2006
The so called PROMIS affair would never have happened if the software invented by an American computer specialist, Mr. William A. Hamilton, had been a technical failure. But this case management and data mining software, developed in the early 1980s by a small Washington D.C. company, Inslaw Inc., had proven itself to be a perfect intelligence tool. Originally made for the Department of Justice to help the country's prosecutor offices in their case management, it drew the attention of corrupt officials and of Israeli Intelligence. Stolen by ruse from its owner, Inslaw Inc., the software was hacked and provided with a "trap door", a sort of a Trojan Horse hacker's trick, that enabled the retrieval of information from the foreign intelligence services and banks it had been sold to on behalf of Israeli and U.S. intelligence. Without the knowledge of the software's owner, and in violation of copyright laws, the PROMIS software was sold to over 40 countries and used in an unprecedented "sting operation", which yielded huge financial and intelligence benefits to the United States and Israel.
In February 1985, Inslaw Inc. filed for Chapter 11 bankruptcy protection because the Justice Department had withheld payments totaling almost $1.8 million U.S. due Inslaw Inc. under a PROMIS Implementation Contract for U.S. Attorneys Offices. The PROMIS affair, broken by investigative journalists, two federal courts, and a congressional investigation and published in thousands of media stories and in several books, has never been resolved.
But "blowback" from the U.S. Government's theft of PROMIS in 1982 soon turned into a series of painful losses for U.S. national security, into criminal financial benefits for corrupt officials, and into intelligence "scoops" for the secret services of adversaries. "It's far worse than Watergate"--commented former U.S. Attorney General and Inslaw counsel Elliot Richardson.
From KGB to PLA-2
The history of this world-famous computer software goes back a quarter of a century, and its applications by intelligence, organized crime and terrorist organizations began almost from the start. The software helped the United States win the Cold War against the Soviet Union, but it also served the Russian mafia, Saddam Hussein's regime, Osama bin Laden's al Qaeda, and an unspecified number of foreign spies and criminals. As far back as 1985, when the late British media tycoon and top [Israeli] Mossad spy, Robert Maxwell, revealed the software's "trap door" secret to Chinese Military Intelligence (PLA-2), while selling them a copy of PROMIS for $ 9 million, the powerful software was turned against the United States. The Soviet KGB purchased PROMIS from Robert Maxwell, but they also [later] received a copy (together with the Trojan Horse secret) from Robert Hanssen, a spy planted in a most sensitive office of the FBI. The Soviets and their East European allies, including Poland, used PROMIS to spy on the U.S. State Department and 170 American Embassies and Consulates all over the world. This practice may have continued as late as 1997, and the post-communist intelligence agencies of Russia and other countries, including Polish Military Intelligence (WSI), may have been able to retrieve information from U.S. Government agencies, because as many as 64 of them [are believed to have] used modified versions of PROMIS. Using the same PROMIS software, purchased from Russia, Saddam Hussein and members of his regime could shift huge sums of money undetected through the banking system. Some of these funds are still supporting the anti-Coalition insurrection in Iraq and terrorists. In the mid-1990s, Chinese Military Intelligence (PLA-2) organized their own hackers department, which [exploited] PROMIS [database systems] [in the] Los Alamos and Sandia national laboratories to steal U.S. nuclear secrets.
No over-all damage assessment has been prepared yet. But the losses to the U.S. economy may be in billions of dollars, and damage to the national security of the United States and its allies may be incalculable.
An American intelligence officer, whose name cannot be disclosed, made the following comment on the consequences of the illegal operations performed with the use of PROMIS:
) "Yes, we gave PROMIS to the Russians and Chinese to back door their intel. Worked like a charm. The only problem was blowback'. As we gave it to our enemies in order to back door them through the trap door Trojan horse asset in PROMIS, we left sixty-four federal agencies wide open in the U.S. Government who also used PROMIS. The powers-that-be felt that the information obtained far outweighed the damage done to the security of the 64 federal agencies. Just think, federal agents exposed, witness relocation programs compromised, etc. Just a matter of time."
PROMIS sold to bin Laden
There were also two reported connections between the U.S. intelligence failure relating to the terrorist attacks on 9-11 and unauthorized derivatives of the PROMIS software.
First, unnamed government sources familiar with the debriefing of Hanssen in 2001 reportedly told the Washington Times, Fox News, and the washingtonpost.com that year that someone in Russia had sold copies of PROMIS-derivative software source codes, which Hanssen had stolen from the FBI and U.S. intelligence agencies for the Russians, to Osama bin Laden for $2 million and that al Qaeda had used the stolen U.S. intelligence software to access the U.S. intelligence database systems in order to evade detection and monitoring before 9-11 and to move funds undetected through the banking system.
Osama bin Laden received PROMIS software, bought for him by wealthy Saudis through their connections with the Russian mafia. An American intelligence expert told Wprost: "Salah Idris, along with members of the Saudi Royal family, arranged for the sale of PROMIS to Bin Laden. Yes, it came from the Russians, but not in as big a part as the spook community would have you believe. Nor was it entirely the work of Robert Hanssen. He was merely available to point the finger at." Thanks to PROMIS, computer wizards working for al Qaeda could move funds and avoid tracking by U.S. and other intelligence, at least until the assaults on the United States, on September 11, 2001.
Secondly, the 9-11 Commission in the United States reported, in its April 14, 2004 report on the U.S. intelligence failure, that the FBI had failed to connect the dots between leads in its computerized case management system from two different field offices during the summer of 2001 about Arab men taking flight training courses, blaming the FBI's failure on the fact that its case management software "employs 1980's technology that is by all accounts user-unfriendly."\
What was the main reason for the FBI's failure? The inventor of PROMIS and President of its producer, Inslaw Inc. company in Washington D.C., Mr. William L. Hamilton, told Wprost that:
"The 9-11 Commission called attention to the fact that the FBI did not install the current version of its case management software, called the ACS (Automated Case Support) system, until October 1995 and [to the fact that ACS was obsolete from the time the FBI developed it in the mid-1990s because it was based on 1980s technology'. Although the 9-11 Commission offered no explanation for why the FBI used obsolete technology to develop its ACS case management software in 1995, the apparent explanation is that the FBI simply re-named its 1980s technology case management software, which was called FOIMS and was based on PROMIS, and translated it in October 1995 into a different computer programming language in order to obstruct a court hearing that the U.S. Senate had ordered earlier that year. The Senate had ordered the court in May 1995 to determine whether the United States owes Inslaw compensation for the government's use of PROMIS, and the court ,in turn, ordered outside software experts to compare the FBI's software with PROMIS, but the FBI modified its software and told the court that it no longer retained the unmodified first 11 years (1985 through 1995) of its own case management software].
" A June 2001 front-page story in the Washington Times quoted unnamed federal law enforcement sources familiar with the Hanssen case as stating that al Qaeda had been able to use a copy of the FBI's FOIMS software, [purchased on the Russian black market], for espionage against the United States as late as 2001, six years after FOIMS had supposedly been replaced by ACS. This may be an additional indication of what the FBI actually did in 1995. Instead of using its ACS software project in 1995 to take advantage of early 1990s improvements in computer technology in order to make FOIMS easier for FBI agents to use, the primary purpose of the FBI's ACS project in 1995 was obstruction of justice."
To put this into simpler words, the FBI (and possibly a number of other agencies of the U.S. Government) still use unauthorized derivatives of the PROMIS software. This means that foreign intelligence agencies, which have bought or otherwise acquired PROMIS, can easily "break in" into such FBI and U.S. intelligence data bases, posing a serious threat to the national security of the United States.
A Spy in the White House?
In September 2005, the FBI arrested one of its own intelligence analysts for computer-based espionage. The arrest of Leandro Aragoncillo, an FBI intelligence analyst, has rekindled concerns about computer security at the F.B.I. that were first raised in the wake of the February 2001 arrest of FBI Agent Robert Hanssen for computer-based spying for the Soviet Union and the Russians. An October 7, 2005 an article in the New York Times, for example, entitled "New Spy Case Revives Concerns Over Security at F.B.I." reported that the arrest of Aragoncillo was probably the result of happenstance, rather than the result of the pro-active auditing by the FBI, which the FBI was supposed to have begun because of the Hanssen case, into the actual uses of its case management system.
The FBI complaint against Aragoncillo stated that he emailed to associates in the Phillipines more than 100 sensitive intelligence documents that he had downloaded from the FBI's computer-based ACS case management system. There have, moreover, been U.S. press reports, including a report by ABC, that Aragoncillo spied for the Phillipines by downloading classified information from the computer systems of other agencies. Prior to joining the FBI, Aragoncillo was a U.S. Marine assigned to the Office of the Vice President, and reportedly used computers in that office to download classified documents from computer systems at the Pentagon and at the CIA.
The case of Aragoncillo can be compared to the earlier case of Robert Hanssen. The FBI complaint filed against Hanssen in February 2001 stated that Hanssen had made "extensive use" of the FBI's computer-based case management system to steal U.S. intelligence secrets for the Russians, and that he had also given the Russians a copy of a technical manual on the COINS II (Community On-Line Information System, 2d version), a software system used by various U.S. intelligence agencies to track the intelligence information they produce. A report by the washingtonpost.com in 2001 stated that Hanssen had also stolen U.S. intelligence secrets from the computer systems of other agencies such as the CIA, NSA, the Pentagon, and the White House.
In both cases, the spies planted in the FBI had evidently been able to gather information by using the PROMIS-derivative software system underpinning all of these U.S. intelligence community database systems.
Reporting on the recent Phillipino spy case, John Diamond of USA Today wrote: "After the Hanssen case, the FBI began a $170 million upgrade of its computer network. Severe technical problems led that upgrade to be scrapped, and only now is the FBI seeking bids for a new system, called Sentinel." The FBI has serious problems.
Teaching a Lesson to China
U.S. Attorney General Alberto R. Gonzales accompanied President Bush on his November 2005 trip to China, primarily to talk turkey to the Chinese authorities about their need to better enforce the copyrights protecting U.S. intellectual property. A recent study estimated that 90% of all software sold in China has been stolen from its copyright owners. On November 10, 2005, just days before the President's visit to China, Gonzales unveiled proposed legislation called the Intellectual Property Protection Act of 2005. The proposed legislation seeks to promote full restitution to companies victimized by copyright infringement.
The new legislative proposal and lobbying of the Chinese Government expose the Bush Administration and its Justice Department to charges of hypocrisy. The United States is attempting to convince China to do a better job of enforcing software copyright rights, and, where necessary, to see to it that "victim companies" receive full restitution. But the U.S. Government has set a poor example by refusing for two decades to make any restitution to Inslaw. Moreover, the Justice Department, which is the U.S. Government's main agency for enforcing copyright rights, has instead obstructed attempts to get to the bottom of the Inslaw affair, according to the fully-litigated findings of two federal courts and the investigative findings of two congressional committees.
"Inslaw deserves to be compensated. More importantly, the American people deserve to know the truth: Did government greed and bureaucratic hubris lead to a wholesale sellout of our national security? The Bush White House's credibility is on the line," wrote nationally syndicated columnist, Michelle Malkin, in The Washington Times. There is no better way to state it.
Contribution: Bill Hamilton (Washington D.C.)
David Dastych, 66, is a veteran journalist, writing for Polish and foreign media. He was also a businessman and consultant to foreign business, one time an associate director of Japan External Trade Organization (JETRO) in Poland. Now he owns and operates an international media agency in Warsaw. Ý He can be reached at: firstname.lastname@example.org
Other articles by David Dastych