|
| |
|
|
|
|
|
|
Ana Belen Montes : The
chronicle of an American Spy for the Cuban Government. Summary of the
case
By
Manuel Cereijo
On 21 September 2001, the FBI arrested Ana Belen Montes, a US citizen
born 28 February 1957, on a US military installation in Nurnberg,
Germany. She was charged with spying for Cuban intelligence for the past
five years.
ANA BELEN MONTES
Montes graduated with a major in Foreign Affairs from the University of
Virginia in 1979 and obtained a Masters Degree from the Johns Hopkins
University School of Advanced International Studies in 1988. She is
single and lived alone at 3039 Macomb Street, NW, apartment 20,
Washington, DC. Until her arrest, Montes was employed by the Defense
Intelligence Agency (DIA) as a senior intelligence analyst. She began
her employment with DIA in September 1985 and since 1992 has specialized
in Cuba matters. She worked at Bolling Air Force Base in Washington, DC.
Prior to joining DIA, Montes worked at the Department of Justice. In
1993, she traveled to Cuba to study the Cuban military on a CIA-paid
study for the Center for the Study of Intelligence.
Communication from the Cuban Intelligence Service (CuIS) to Montes
via Shortwave Radio
During a court-authorized surreptitious entry into Montes’s residence,
conducted by the FBI on 25 May 2001, FBI agents observed a Toshiba
laptop computer.1 During the search, the agents electronically copied
the laptop’s hard drive. During subsequent analysis of the copied hard
drive, the FBI recovered substantial text that had been deleted.
The recovered text from the laptop’s hard drive included significant
portions of a Spanish- language message, which when printed out with
standard font comes to approximately 11 pages of text. The recovered
portion of the message does not expressly indicate when it was composed.
However, it instructs the message recipient to travel to “the Friendship
Heights station” on “Saturday, November 23rd.”
Although no date was on the message, November 23 fell on a Saturday in
1996. The FBI determined that this message was composed sometime before
23 November 1996 and entered onto Montes’s laptop sometime after 5
October 1996, the date she purchased it. On the basis of its content,
the message is from a CuIS officer to Montes.2 Portions of the recovered
message included the following: “You should go to the WIPE program and
destroy that file according to the steps which we discussed during the
contact. This is a basic step to take every time you receive a radio
message or some disk.”
During this same search, the agents also observed a Sony shortwave radio
stored in a previously opened box on the floor of the bedroom. The
agents turned on the radio to confirm that it was operable. Also found
was an earpiece3 that could be utilized with this shortwave radio,
allowing the radio to be listened to more privately.
The recovered portion of the message begins with the following
passage:
Nevertheless, I learned that you entered the code communicating that you
were having problems with radio reception. The code alone covers a lot,
meaning that we do not know specifically what types of difficulty you
are having. Given that it’s only been a few days since we began the use
of new systems, let’s not rule out that the problem might be related to
them. In that case, I’m going to repeat the necessary steps to take in
order to retrieve a message.
The message then describes how the person reading the message should
“write the information you send to us and the numbers of the radio
messages which you receive.” The message later refers to going “to a new
line when you get to the group 10 of the numbers that you receive via
radio,” and still later gives as an “example” a series of groups of
numbers: “22333 44444 77645 77647 90909 13425 76490 78399 7865498534.”
After some further instruction, the message states: “Here the program
deciphers the message and it retrieves the text onto the screen, asking
you if the text is okay or not.” Near the conclusion of the message,
there is the statement, “In this shipment you will receive the following
disks: . . . 2) Disks ‘R1’ to decipher our mailings and radio.”
Further FBI analysis of Montes’s copied Toshiba hard drive identified
text consisting of a series of 150 five-number groups. The text begins,
“30107 24624” and continues until 150 such groups are listed. The FBI
determined that the precise same numbers—in the precise same order—were
broadcast on 6 February 1999 at AM frequency 7887 kHz, by a woman
speaking Spanish, who introduced the broadcast with the words
“Attencion! Attencion!” The frequency used in that February 1999
broadcast is within the frequency range of the shortwave radio observed
in Montes’s residence on 25 May 2001.
Communication between the CuIS and Montes via Computer Diskette4
Montes communicated with her CuIS handling officer by passing and
receiving computer diskettes containing encrypted messages. The message
described above that was contained on the hard drive of Montes’s laptop
computer contained the following passage:
Continue writing along the same lines you have so far, but cipher the
information every time you do, so that you do not leave prepared
information that is not ciphered in the house. This is the most
sensitive and compromising information that you hold. We realize that
this entails the difficulty of not being able to revise or consult what
was written previously before each shipment, but we think it is worth
taking this provisional measure. It is not a problem for us if some
intelligence element comes repeated or with another defect which
obviously cannot help, we understand this perfectly—Give “E” only the
ciphered disks. Do not give, for the time being, printed or photographed
material. Keep the materials which you can justify keeping until we
agree that you can deliver them.—Keep up the measure of formatting the
disks we send you with couriers or letters as soon as possible, leaving
conventional notes as reminders only of those things to reply to or
report.
The message goes on to refer to a “shipment” that contains “Disk ‘S1’—to
cipher the information you send,” and, as indicated in the previous
section, to “Disk ‘R1’ to decipher our mailings and radio.” Earlier in
the message, there is a reference to “information you receive either via
radio or disk.”
During the court-authorized search of the residence on 25 May 2001, two
boxes containing a total of 16 diskettes were observed. During a
subsequent search on 8 August 2001, a box containing 41 diskettes, later
determined to be blank, were observed. Finally, records obtained from a
Radio Shack store located near Montes’s residence indicated that Montes
purchased 160 floppy diskettes during the period 1 May 1993 to 2
November 1997.
Communication from Montes to the CuIS by Pager5
On the basis of the evidence, Montes communicated with her handling CuIS
officer using a pager. In the same message copied from Montes’s hard
drive, there is a passage that states:
Beepers that you have. The only beepers in use at present are the
following: 1) (917) [first seven-digit telephone number omitted from
this application], use it with identification code 635. 2) (917) [second
seven-digit telephone number omitted from this application]. Use it with
identification code 937. 3) (917) [third seven-digit telephone number
omitted from this application] Use it only with identification code 2900
. . . because this beeper is public, in other words it is known to
belong to the Cuban Mission at the UN and we assume there is some
control over it. You may use this beeper only in the event you cannot
communicate with those mentioned in 1) and 2), which are secure.
The reference to “control over it” in the above passage refers to the
CuIS officer’s suspicion that the FBI is aware that this beeper number
is associated with the Cuban Government and is monitoring it in some
fashion.
In addition, the message on the laptop’s hard drive includes a portion
stating that the message recipient “entered the code communicating that
you were having problems with radio reception.” This portion of the
message indicates that Montes at some point shortly prior to receiving
the message sent a page to her CuIS officer handler consisting of a
preassigned series of numbers to indicate she was having communication
problems.
Montes’s Transmission of Classified Information to the CuIS
The same message described above, as well as other messages recovered
from the laptop’s hard drive, contained the following information
indicating that Montes had been tasked to provide and did provide
classified information to the CuIS. In one portion of the message
discussed above, the CuIS officer states:
What ***6 said during the meeting . . . was very interesting. Surely you
remember well his plans and expectations when he was coming here. If I
remember right, on that occasion, we told you how tremendously useful
the information you gave us from the meetings with him resulted, and how
we were waiting here for him with open arms.
The very next section in the message states:
We think the opportunity you will have to participate in the ACOM
exercise in December is very good. Practically, everything that takes
place there will be of intelligence value. Let’s see if it deals with
contingency plans and specific targets in Cuba, which are to prioritized
interests for us.
The “ACOM exercise in December” is a reference to a war games exercise
in December 1996 conducted by the US Atlantic Command—a US Department of
Defense unified command, in Norfolk, Virginia. Details about the
exercise’s “contingency plans and specific targets” is classified Secret
and relates to the national defense of the United States. DIA advised
that Montes attended the above exercise in Norfolk as part of her
official DIA duties.
A separate message partially recovered from the hard drive of Montes’s
Toshiba laptop revealed details about a particular Special Access
Program (SAP) related to the national defense of the United States:
In addition, just today the agency made me enter into a program,
“special access top secret. [First name and last name omitted from this
application] and I are the only ones in my office who know about the
program.” [The details related about this SAP in this message are
classified “Top Secret” / SCI.]
DIA has confirmed that Montes and a colleague with the same name as that
related in the portion of the message described above were briefed into
this SAP on 15 May 1997.
In yet another message recovered from the laptop, there is a statement
revealing that “we have noticed” the location, number, and type of
certain Cuban military weapons in Cuba. This information is precisely
the type of information that was within Montes’s area of expertise and
was, in fact, an accurate statement of the US Intelligence Community’s
knowledge on this particular issue. The information is classified
Secret.
FBI Physical Surveillance of Montes and Telephone Records for May to
September
The FBI maintained periodic physical surveillance of Montes during the
period May to September 2001. On 20 May 2001, Montes left her residence
and drove to the Hecht’s on Wisconsin Avenue, in Chevy Chase, Maryland.
She entered the store at 1:07 p.m. and exited by the rear entrance at
1:27 p.m. She then sat down on a stonewall outside the rear entrance and
waited for approximately two minutes. At 1:30 p.m., the FBI observed her
walk to a pay phone approximately 20 feet from where she was sitting.
She placed a one-minute call to a pager number using a prepaid calling
card. At 1:45 p.m., she drove out of the Hecht’s lot and headed north on
Wisconsin Avenue toward Bethesda, Maryland. At 1:52 p.m., she parked her
car in a lot and went into Modell’s Sporting Goods store. She quickly
exited the store carrying a bag and crossed Wisconsin Avenue to an Exxon
station. She was observed looking over her right and left shoulders as
she crossed the Exxon lot. At 2:00 p.m., she placed a one-minute call
from a pay phone at the Exxon station to the same pager number using the
same prepaid calling card. By 2:08 p.m., Montes had walked back to her
vehicle and was driving back to her residence where she arrived at 2:30
p.m.
On 3 June 2001, Montes engaged in similar communications activity. She
left her residence at approximately 2:30 p.m. and drove to a bank
parking lot at the corner of Harrison Street, NW and Wisconsin Avenue,
NW. She exited her car at approximately 2:37 p.m. and entered a Borders
books store on Wisconsin Avenue. She left the store approximately 40
minutes later. She then crossed Wisconsin Avenue to the vicinity of
three public pay phones near the southern exit of the Friendship Heights
Metro Station. At 3:28 p.m., she placed a one-minute call using the same
prepaid calling card to the same pager number she had called on 20 May
2001. After a few minutes, she walked back to her car and drove to a
grocery store.
Pursuant to court authorization, on 16 August 2001, the FBI searched
Montes’s pocketbook. In a separate compartment of Montes’s wallet, the
FBI found the prepaid calling card used to place the calls on 20 May
2001 and 3 June 2001. In the same small compartment, the FBI located a
slip of paper on which was written the pager number she had called.
Written above this pager number was a set of digits, which comprised one
or more codes for Montes to use after calling the pager number; for
example, after contacting the pager, she keys in a code to be sent to
the pager which communicates a particular pre-established message.
On 26 August 2001, at approximately 10:00 a.m., the FBI observed Montes
making a brief pay telephone call to the same pager number from a gas
station/convenience store located at the intersection of Connecticut and
Nebraska Avenues, NW in Washington, DC.
On September 14, 2001, Montes left work and drove directly to her
residence. She then walked to Connecticut Avenue, NW, in Washington,
D.C., still wearing her business clothes, and made a stop at a dry
cleaning shop. She then entered the National Zoo through the Connecticut
Avenue entrance. She proceeded to the “Prairie Land” overlook where she
stayed for only 30 seconds. She then walked further into the zoo
compound and basically retraced her route out of the zoo. At
approximately 6:30 p.m., Montes removed a small piece of paper or card
from her wallet and walked to a public phone booth located just outside
the pedestrian entrance to the zoo. Montes then made what telephone
records confirmed to be two calls to the same pager number she had
called in May, June, and August, as described above. The records reflect
that the first call was unsuccessful—the call lasted zero seconds.
According to the records, she made a second call one minute later that
lasted 33 seconds. Shortly after making these calls, Montes looked at
her watch and then proceeded to walk back to her residence.
On 15 September 2001, telephone records pertaining to the prepaid
calling card number on the card observed in her pocketbook on 16 August
2001 showed that Montes made a call to the same pager number at 11:12
a.m. that lasted one minute.
The next day—16 September—Montes left her residence in the early
afternoon and took the Metro (Red Line) to the Van Ness-UDC station in
Washington, DC. She made a brief telephone call from a payphone in the
Metro station at approximately 1:50 p.m., again to the same pager
number.
Montes owned a cell phone, which was observed during a court-authorized
search of her tote bag on 16 August 2001. In addition, during
surveillance on 16 September 2001, Montes was observed speaking on a
cell phone. Furthermore, telephone records obtained in May 2001 confirm
that she has subscribed to cell telephone service continually from 26
October 1996 to 14 May 2001. Montes’s use of public pay phones
notwithstanding her access to a cell phone supports the conclusion that
the pay phone calls were in furtherance of Montes’s espionage.
On 19 March 2002, Montes pleaded guilty to espionage in U.S. District
Court in Washington, DC, and admitted that, for 16 years, she had passed
top secret information to Cuban intelligence. She used shortwave radios,
encrypted transmissions, and a pay telephone to contact Cuban
intelligence officials and provide them the names of four US
intelligence officers working in Cuba. She also informed Cuban
intelligence about a US “special access program” and revealed that the
US Government had uncovered the location of various Cuban military
installations.
Both her defense attorney and federal prosecutors said that Montes was
motivated by her moral outrage at US policy toward Cuba—an impoverished
island country—and not by money. She received only “nominal” expenses
for her activities.
Although Montes could receive the death penalty for her crime, the plea
agreement calls for a 25year prison term if she cooperates with the FBI
and other investigators by providing all the details she knows about
Cuban intelligence activities. Judge Ricardo M. Urbina set a sentencing
date of September 2002.
Endnotes
1 A receipt obtained from a CompUSA store located in Alexandria,
Virginia, indicated that, on 5 October 1996, one “Ana B. Montes”
purchased a refurbished Toshiba laptop computer, model 405CS, serial
number 10568512. The Toshiba laptop in her apartment had the same serial
number on it as the one she purchased.
2 The CuIS often communicates with clandestine CuIS agents operating
outside Cuba by broadcasting encrypted messages at certain high
frequencies. Under this method, the CuIS broadcasts a series of numbers
on a particular frequency. The clandestine agent, monitoring the message
on a shortwave radio, keys in the numbers onto a computer and then uses
a diskette containing a decryption program to convert the seemingly
random series of numbers into Spanish- language text. This was the
methodology employed by some of the defendants convicted last June in
the Southern District of Florida of espionage on behalf of Cuba and
acting as unregistered agents of Cuba, in the case of United States of
America v. Gerardo Hernandez, et al. (See Cuban Spies in Miami).
Although it is very difficult to decrypt a message without access to the
relevant decryption program, once decrypted on the agent’s computer the
decrypted message resides on the computer’s hard drive unless the agent
takes careful steps to cleanse the hard drive of the message. Simply
“deleting” the file is not sufficient.
3 Similar earpieces were found in the residences of the defendants in
the Hernandez case.
4 On the basis of knowledge of the methodology employed by the CuIS, a
clandestine CuIS agent often communicates with his or her handling CuIS
officer by typing a message onto a computer and then encrypting and
saving it to a diskette. The agent, thereafter, physically delivers the
diskette, either directly or indirectly, to the officer. In addition, as
an alternative to sending an encrypted shortwave radio broadcast, a CuIS
officer often will similarly place an encrypted message onto a diskette
and again simply physically deliver the diskette, clandestinely, to the
agent. Upon receipt of the encrypted message, either by the CuIS officer
or the agent, the recipient employs a decryption program contained on a
separate diskette to decrypt the message. The exchange of diskettes
containing encrypted messages, and the use of decryption programs
contained on separate diskettes, was one of the clandestine
communication techniques utilized by the defendants in the Hernandez
case. Although it is difficult to decrypt a message without the
decryption program, the very process of encrypting or decrypting a
message on a computer causes a decrypted copy of the message to be
placed on the computer’s hard drive. Unless affirmative steps are taken
to cleanse the hard drive—beyond simply “deleting” the message—the
message can be retrieved from the hard drive.
5 On the basis of knowledge of the methodology employed by the CuIS, a
clandestine CuIS agent often communicates with his or her handling CuIS
officer by making calls to a pager number from a pay telephone booth and
entering a preassigned code to convey a particular message. The
defendants in the Hernandez case also utilized this methodology.
6 The FBI replaced in this application with “***” a word that begins
with a capital letter, which was not translated, and is, in fact, the
true last name of a US intelligence officer who was present in an
undercover capacity, in Cuba, during a period that began prior to
October 1996. The above quoted portion of the message indicates that
Montes disclosed the US officer’s intelligence agency affiliation and
anticipated presence in Cuba to the CuIS, which information is
classified “Secret.” As a result, the Cuban Government was able to
direct its counterintelligence resources against the US officer (“we
were waiting here for him with open arms”).
Ana Belen Montes’ residence was a cooperative apartment located at
3039 Macomb St, N.W., apartment 20, Washington, D.C. Room C6-146A, 200
MacDill Boulevard, Washington, DC was the office/work space assigned to
Ana Belen Montes, at the Defense Intelligence Analysis Center, located
on Bolling Air Force Base.
She is a United States citizen, born on February 28, 1957, on a U.S.
military installation in Nurnberg, Germany. Montes graduated from the
University of Virginia, 1979 and obtained a masters degree from Johns
Hopkins University School of Advanced International Studies, 1988.
She was employed at the Defense Intelligence Agency (DIA) as a senior
intelligence analyst, since September 1985. Since 1992, she was
specialized in Cuba matters. Montes was the senior analyst responsible
for matters pertaining Cuba. Montes had direct and authorized access to
classified information relating to the national defense.
The Cuban Intelligence Service ( CuIS) communicates with clandestine
CuIS agents operating outside Cuba by broadcasting encrypted messages at
certain high frequencies. Under this method, the CuIS broadcasts on a
particular frequency a series of numbers. The clandestine agent,
monitoring the message on a short wave radio, keys in the numbers onto a
computer and then uses a diskette containing a decryption program to
convert the seemingly random series of numbers into Spanish-language
text. Typical messages consists of a series of 150 5-numbers groups,
like “30107 24624”.
This was the methodology employed by some of the spies convicted, in the
Southern District of Florida, of espionage on behalf of Cuba. Montes was
a clandestine CuIS agent who communicated with her handling CuIS officer
in the manner described above. Montes had a Toshiba laptop computer,
model 405CS to that effect.
Montes also had a Sony shortwave radio stored in a box in her apartment.
She had an earpiece that could be utilized with this shortwave radio,
allowing the radio to be listened to more privately. Similar earpieces
were found in the residences of the Cuban spies in Miami.
CuIS agents also communicate with her or his handling CuIS officer by
making calls to a pager number from a pay telephone booth and entering a
pre-assigned code to convey a particular message. This methodology was
utilized by Ana Belen Montes as well as by the spies convicted in South
Florida.
Espionage paraphernalia, including devices designed to conceal and
transmit national defense and classified intelligence information and
material, and implements used by espionage agents to communicate with
their handlers and with a foreign government, to wit: white tape,
mailing tape, colored chalk ( all used for signaling purposes), coded
pads, secret writing paper, microdots, any letters, notes or other
written communications ( including contact instructions) between Montes
and any agents of the CuIS or other intelligence service of Cuba; any
computers, computer disks, cameras, films, codes, telephone numbers,
maps, photographs and other materials relating to communication
procedures.
CUBA REPRESENTS A DANGEROUS AND SERIOUS THREAT TO THE SECURITY OF THE
UNITED STATES AND LATIN AMERICA.
APPENDIX
EXCERPTS FROM A TAPED BRIEFING WITH ANA BELEN MONTES. THE TWO
PARTICIPATING REPORTERS I HAVE NAMED XXX, YYY.
BRIEFING WITH DEPT. OF
INTELLIGENCE
DATE: JUNE 4, 1997
Maybe for the tape we could just review that I am Colonel JJJfrom the
Department of Intelligence’s (DI) public Affairs Office. We are here to
do a background interview generally speaking on the topic of Cuba. It’s
a background briefing and any attribution would be for a senior defense
official and maybe we should just go around the room and you could state
your name:
My name is: Ana Montes,
XXX, YYY
Colonel :Ok, so what’s your interest?
YYY: Well, a number of areas--but I was in Cuba this weekend and Bob and
I have been working on many issues, but specifically, on Cuba’s
capabilities on the area of biological warfare (“BW”) on whether they
have any capability in that arena or could rapidly develop such a
capability.
Specially in light of what they have been saying about us over the last
month which strikes us as very bizarre. They are offering us access to
their fields, access to crops____ and also offering access to
laboratories and I mean first of all it struck us completely out of left
field--when you saw it- I was in Burbank, and I said, wait until you see
this....and you know, why now? why this?--maybe that’s a good starting
point- I mean--- what has evolved as to why they are now accusing the US
of biological weapons?
COLONEL: This is not the first time. The history goes back to 1981. It
deals with Dengue Fever accusations-- unfounded. Frankly, we always
felt-- (again this is general sense of comparison) ---that their
presence in other parts of the world, supporting Angola... and
otherwise, really brought that and probably Conjunctivitis back to Cuba
and then conveniently claims were made that this was somehow a
biological warfare attack by the U.S. which was totally absurd. So this
is a continuing thing...
But they haven’t made anything recently?
Col No. There hasn’t been any news about anything since that time period
until very recently until the State Dept. aircraft incident. So
everything has been sort of quite in that sense. So the accusations are
there and we kind of shake our heads whenever they are made---because
some of them are so bizarre ---you find with the case with the
infestation that is happening in the general region and not just Cuba.
But the State Dept. answered their questions.
XXX: But is there any particular reason why now? Is there anything that
you guys can look at and say this is the reason or that is the reason?
It’s been basically 14 years. I remember when the retired General
Wilhelm ? went to that Senator Defense Information trip in 1994 -- and
they were screaming about the US and and they cut him off...and said
that the Miami Cubans... and suddenly the conversation ended--- and that
appeared to me that they were lowering the temperature of the subject.
And suddenly you know, this comes out of nowhere.
DI It’s really hard to know...I can tell you from our standpoint..we
don’t see any any reason again from the standpoint of their perception
of “BW” or whatever, why this should come up at this time. We monitor
them, look at their country, and off course, are deeply interested in
their capabilities, but there is nothing out of the ordinary which seems
to have been the provocatour (if indeed, there is a reason that is the
genesis of this or the nexxus of it) but it may not be -- it may just be
a coincidence and maybe grabbed on to Castro for no reasons. Whether
they are well thought of or not is also possibly an opportunity--
coincidental with an aircraft flying over and having a problem with a
crop and 1 + 1 =2. And why not go back and bring this up again. Again
nothing that we can say.
YYY: On the other side of the ledger, there have been over the last 20
years a proliferation of scientific institutes (Biotech Center,
Institute of Tropical Center, The Finley Institute, The Geographic
Institute + 10 others etc..) And I am told that even the institutions
have declared for BL/ 3 BL4 facility declarations which give them a
capability of .....
DI: Oh, you bet!. You don’t even necessarily need a BL 4 capability to
undertake that type of program......but it dosen’t hurt..and it
reflects..the fact is, just to get to the heart of it--what you said is
essentially totally correct about that their biotechnology industry in
many areas is equivalent (and certainly not across the whole spectrum--
but in many areas) equivalent to 1st world levels and they have some
projects that certainly reflect significant advanced potential and
certainly the Institute for Biotechnology in Havana is a good indicator
of their capabilty for research projects They claim for instance, they
are working on HIV, they produce vaccines, pharmaceuticals..
YYY: About 100 million dollars worth of exports?
DI: In fact, Castro favors, the biotech industry. He has personal
interest in it. So, from a standpoint unlike that of many other
countries we look at them from a 1st world capability- Cuba has all of
the necessary ingridients to accomplish a BW effort if they would choose
to do so. But, if that’s their intention---(which I can not discuss the
details relating to that), but if so, the infrastructure affords them
that potential.
YYY: Are there any indications of their intentions?
DI I can’t really go into that at all. Probably can’t give any more
details about that unfortunately.
YYY: When we talk to other people, in other places in the government,
they claim-- well, that the Cuban military does not do biological
training. You know, their gas masks are a disaster, they have not
replenished them which leads me to either one of two possiblities: a.)
There is no program. or b.) There is a program, but outside the
traditional military realm-- sort of a “dooms day”.
DI Certainly all that is possible. The one general statement that I
would make about biological intentions is that the very fact whether the
capability for physicial protection or medical protection exists or does
not exist, is not a primary requisite for an offense of capabilty, so,
it doesn’t necessarily (not just talking about Cuba but in the general
sense) that its not even-- depending on how one would choose to affect a
BW operation- you do not necessarily have to have your troops vaccinated
or protected because in many senses, BW would be looked-- and is looked
at- as less of a tactical capability and more of a strategic capability
to be delivered upon someone else’s territory rather than yours.
YYY: Has he--now he apparently said something recently that was somewhat
ambigous in this area-- (I have a head cold, I don’t know if I have some
personal BW--or clouding of the mind)...He recently made a statement
that the Miami Cubans had seized upon as an indicator that he’s got
something going----Is there anything that strikes a cord with you in the
last month or two?
DI Nothing that we’ve seen. We have seen the articles regarding the
accusations about “Germ weapons and missiles” and frankly we do not put
much credibility to that type of statement.
YYY: This was said by a formal Colonel?
DI Yes, and at this point it just doesn’t add up- and 2 and 2 doesn’t
make 4. And so we just don’t pay too much credibility to this.
YYY: Is there any public statement that he’s ever made that has caused
you any concern in this area?
DI Not really a public statement per se, no no. Our area of concern
relates to his general “unfriendliness towards the US and his interest
in biological (albeit)---and certainly civilan sector capabilities”
which would be our concerns and also his potentials. Whenever a leader
which such immense control takes a personal interest in an area that can
have that potential, then our antena is of course raised and we are
watching. Certainly, they are close to our borders and with the advanced
capabilities this is something that we watch, but then again, off
course, we watch many, many other countries that have this potential.
YYY: Now they are a signatory to the BW _______
When I look at the active reports, the full? reports there is no mention
of . What is that an indicator of?
DI: Well, at this point I really wouldn’t like to try to read into the
State Department does--and a ____ _ _? So I really do do want to comment
on to why is there or not there.
DI: There are a lot of signatories that are mentioned that you probably
see that are mentioned that
YYY: Yes, but there are some that are signatories that are mentioned as
having programs or in wonderfully lithical diplomatic language Egypt,
Taiwan,
Di: Yes, Syria, China.
YYY: But those are less of a pickle?
Di: Yes.
YYY: Right. I mean, Egypt and Taiwan I thought were particularly ____?
Di Yes, they really are. I really can’t answer that in either in an
affirmative or negative why they were or were not included in that
section.
YYY: I’ve got a couple of specific things that I’ve been thinking
about-- within the last 24 hours people have been telling me-- and
obviously, it is disturbing what I’ve been told because of the local of
the southern extreme of the United States and the access with which it
can reach us and --level of outrage, the point was there is a defector
who came here two or three years ago, he is a physician who worked at a
biotech center and claims that a toxin, (a para___ toxin) was being
developed with the aid of a Japanese company--- you’re nodding?
DI: I am familiar with the information, and really can’t comment on
that. We have looked at that closely and we have assessments but it gets
into areas that I really would not want to try to provide.
YYY: Let me see if I can--would it be worthwhile for us to talk to this
guy?
DI: My sense is that the way we always look at intelligence is that if
you look at a single source, as such, it could be very misleading--
that’s why I can’t go on anything because it brings up textual
information and if we say that we agree-- that he is valuable or not
valuable- it brings up other information that I can’t go into which
would corroborate or not corroborate with saying. So, you’re on your
own!
YYY: Laughs, Ok., Well, I’ve also heard that there is a Naval Hospital
in Havana-- have your interests?
DI: Yes,-continually, we see again coming mostly from the so-called,
“free Cubans”-- a lot of information that comes out- I can’t
characterize any one bit of that information as plus or minus, but I
will say that classically most of the information that comes from that
sector is more based on a tidbit of information that then becomes
strapulated beyond what would be reasonable. It is very hard to find
anything that you can actually corroborate. You have a data point and
when you try to follow some of these data points they become simply
something that just goes into thin air. There is nothing to base it on.
YYY: Is this because Cuba is such a difficult intelligence target or is
it because the information is almost always wrong?
DI: Oh no, no, I would not even characterize it either way, difficult or
not difficult or whatever. It’s just that the information that comes
from that sector doesn’t help us necessarily-- in terms of accessing if
Cuba has a capability or not. We’ve never seen were that’s been tied.
YYY: Do you look for imports or parts of equipment.
DI: We watch everything.
YYY: Great. You have 3 - Flash-4 facility being one--- fermentors?
DI: Yes.
YYY: Large scale fermentors?
DI: Absolutely .
YYY: Right. Small to large.
DI: Very minor dual use.
YYY: And then everything biological is dual use--as someone pointed out
to me, if you look at nuclear, chemical and biological-- I mean, nuclear
there is a small part which is dual use and a larger part which is
military use- chemicals get a little more confusing- biological is
hopeless.
DI: Pretty much although there exists (again not solely related or not
related to Cuba with the Australian group) and they have been fairly
successful (and we have supported the Australian group quite a bit, the
US has) in trying to define that material that could lend itself to BW
programing. Interestingly, again this is just background on BW and not
Cuba, but pretty much when you look at it if you look at the genesis of
the BW programming, it is strictly an offensive program what you are
going to find is that -you are going to find an R&D effort dealing with
agents and pretty much when you’re looking at agents it becomes very
difficult to ascertain whether the program is going to actually split
off in a “Y” towards defensive or commercial sector vs. Strictly
offensive. But there are notes that exist-and the fact is that in the
early phase it is virtually impossible to discriminate between the two.
However, with the Australia group, you set certain limits as to the size
of fermenters for instance that would be construed as being beyond that
necessary for a normal pharmaceutical or commercial sector.
YYY: In kilograms or--
Di: No, liters (volumes)
YYY: What’s that 150?
Di: It keeps going back and forth and right now, 150 is a good number.
Which a piot is about 50 to 70 where he sort of grilling it up sort of
speak, getting ready to pour it into something to make it larger. And
that’s starting off at 150, but when you are in large scale productions,
what’s practical is about 1500 liters or so.--and that’s for a full
capability.
? But you wouldn’t need large scale capability.
? You don’t need it.
YYY: Right. But they have them.
DI: Yes. And so as a consequence something they might have is smaller
size fermentor. Which we would call pilot which could in fact lend
itself to the production of enough biological agents (mainly talking
about infectious agents right now, not toxins which are bi-products of
other organisms) but with infectious agents. You can also---you can
believe or not, grow biological agents in flasks and just have many,
many, many flasks-- and that can give you the capability of producing
enough agents, it doesn’t take a lot of organisms to cause infections
YYY: There are certain parts of organisms too.
DI: That is correct. There are literally--from a military standpoint- a
very effective military effort-the way we look at biological is that
first of all generally, (and again not bioterrorism or low intensive
conflict) but more military-- you try to look at an agent that is not
--because you are looking at hitting the individual causing the effect
and moving on. You do not want an epidemic. From a military standpoint
that becomes a logistical nightmare. That’s why Anthrax, botulin toxin
also sit on the top of anyone’s list.
YYY: What about BEE and things like that.
Di: Yeah, BEE again, that’s a little more difficult virus to grow up and
it takes more sophistication. But BEE certainly is a prom candidate and
any of the ______group viruses and Middle Eastern Bee.
YYY: Any about Rheumatic fever?
Di: Rheumatic fever viruses are more difficult---the futility has yet to
be demonstrated. You are working with not necessarily highly contagious
viruses because--- if they were..
YYY: We would be dead!
Di: ....the good news is that they would kill their host very rapidly
and not spread on. And plus they are not spread throughout the aerosol
or respiratory---for example you have a renal virus right now, probably
an upper respiratory virus...
YYY: I sure do.
Di: And you are more contagious- depending if you are in the incubation
period, how long have you had it?
YYY: I’m at the end of it.
DI: You are not in the incubation stage right now--you have Blue Cross
and Blue Shield?
But actually what you produce in the early or incubation stages are
called filmates and they are particles of sputum. It is a highly
contagious virus but of the most biological are not readily contagious.
If you wanted to try to get Anthrax you have to literally get down and
touch the patient and get right in their face.
YYY: Well that’s where military _______
DI: Well, again, it depends on the goals-- and if you want to start
certainly an epidemic, there might be some agents that you can pick up.
For the most part when you get into agents that cause epidemics they are
very hard to grow, they are hard to manage and to keep confined. So
generally, they are not picked because they are just to hard to work
with.
YYY: When you look at the various facilities, I’m assuming that the
Biotech and Genetic Engineering is on the top of your list of things to
look at and to watch. Are there others?
DI: Well we watch---there are more than a dozen or so key facilities and
we watch them. Absolutely. We watch the whole Cuba capability very
closely.
YYY: Is your work at the biotech center based on its large capacity, its
large numbers of people, its large fermenters and it being a flash 4
facility--is it that primarily that gets you nervous or is it the fact
that they have genetic engineering capabilities?
Di: Well, really, the first level of concern is with the technical
infrastructure and that would lend itself. The genetic engineering
portion, for the most, if you look at biological warfare in general, it
is area, that again, that we are watching, following, but we’ve accessed
that any country developing a BW capability first With what is familiar
to them Is classical- so genetic engineering is certainly something we
have our eye on cause we are always ready for intervention. But for the
most, our major concerns______
YYY: Does the Institute of Tropical Medicine interest you?
Di: They all do.
YYY: Ed and I spent a wonderful day when we met with the special troops-
the Red Berets in Pinar Del Rio. Does that interest you in this area?
DI: Ah, not any more, I would say that I characterize it as....not any
more than the whole capability of looking at the country in total. I
can’t really go on focusing on any one specific element just to see if
we have interest or not--we look at the country in total and its
capabilities.
YYY So with the capabilities you are talking are the whole “Bio” ---.
DI: The whole bio capabilities, yes. What I was going to say in terms of
us looking at the capability is when that juncture occurs that I was
speaking about, that’s a very interesting point with BW because when a
country decides to go towards weaponization- you can see a scale of
capabilities it’s not indicative of legitimate commercial. Nothing Cuba
is doing at all--.A large scale of production and any relationships, any
concerns that they could just be just scaling off-- which would not be
consistent with the BWC.
YYY: Have you seen any of that?
DI: I can’t talk about that.
YYY: I am also told that during the first two years of the Clinton
administration, you guys prepared two reports on Cuba’s BW. Is that an
accurate statement?
DI: We prepared several reports, not on Cuba BW but on Cuba as part of
the world-- if you look at it. We were constantly preparing reports
accessing the general capabilities of again, many countries so to say
specifically, Cuba I can’t speak to that. When we look at lots of
countries and its fair to say that whether its positive or negative
again, I won’t characterize Cuba as having a BW program, but I’ll say
that we follow it and we do prepare reports and access what their
capabilities are.
YYY: Has there been any other analysis of the shoot down that would
indicate that on that particular day that the order came directly from
Fidel or Raul because continuously, they have given us the impression
that it was their defense officer who had standing instructions to order
the shoot down. But do you know anything more now about what happened?
Montes: That is our understanding as well. That this was a standing
order -this was a decision which had been made weeks before.
YYY: A standing order?
Montes: Right, a standing order.
YYY: And nobody called Fidel and said, “Ok their out there....
Montes: Not as far as I know.
YYY: Is the air Marshall still around?
Montes: The air Marshall?
YYY: The person who ordered the shoot down on that particular day.
Montes: We have had no indication of any changes in command whatsoever,
to the contrary.
YYY: What’s the contrary?
Montes: That the pilots themselves were highly praised and glorified
within the military for what they had done and that the entire chain
used congratulatory comments.
YYY: So there was only one--except---
Montes: Well, some instances of mistakes that might have been made. You
know, technically/ tactically. But not the final outcome. The final
outcome was much desired, much welcome by the higher military.
YYY: We were amazed when we were done there cause we flew in on morning
after the shoot down that they did not have, the political types did not
have, any sort of coordinated strategy or coordinated response. I mean
we had breakfast with Alarcon that Tuesday morning. That Tuesday
morning, and it was like--we kept waiting for them to say-- well off
course we were able to determine that the planes were headed from Playa
Baracoa and you know, Fidel was there or something. You know, some
justification and there just wasn’t anything of any--you know..
Montes: I’m just saying that the military knew about this and they knew
about it ahead of time-- and they knew this was coming down ahead of
time. This was a military operation that they planned and it wasn’t
quite examinated by the political elite.
YYY: So what was the tactical mistake?
Montes: Problems with equipment, mistakes primarily made by equipment,
they did not function as it was expected to function. Pieces of
equipment that did not function as it was expected to function.
YYY: So on the actual report it was technical (subheadings). And they
knew because of Roque?
Montes: That’s what we suspect- in part. In part.
YYY: We had a very funny experience with Roque. He took out his little
diary or phone book and he was showing us he that had the names of the
FBI agent, you know, and the cell phone number to show me that he had
made contacts with the FBI agent and then he was showing it to Ed and
then he dropped it and when he dropped it we noted that there was not
another entry in the entire book so this must have been a very important
source because it was the only source. Everything was very well printed
in that one page.
Montes: Did he tell you that he had been working for the Cuban
Government from the beginning--that when he defected he was already a
spy for the Cuban government? What did he say?
YYY: No, No. He said that he had changed his mind.
Montes: Changed his mind.
AFFIDAVIT IN SUPPORT OF CRIMINAL COMPLAINT,
ARREST WARRANT, AND SEARCH WARRANTS
I, Stephen A. McCoy, being duly sworn, hereby state the following under
penalty of perjury:
1. I am a Special Agent of the Federal Bureau of Investigation (FBI) and
have been so
employed for approximately 20 years. I am currently assigned to the
Washington Field Office to a
squad responsible for counter-intelligence relating to Cuba. I have
worked in the counterintelligence
field for approximately 15 years and have worked specifically on
counter-intelligence
matters involving Cuba for the last 12 years. As a result of my
experience in counter-intelligence
investigations and foreign counter-intelligence training, I am familiar
with the strategy, tactics,
methods, tradecraft and techniques of the Cuban foreign intelligence
service and its agents.
2. This affidavit is submitted in support of an application for a
complaint and arrest warrant
charging ANA BELEN MONTES with conspiracy to commit espionage, in
violation of 18 U.S.C.
§ 794(c), and for applications for four (4) search warrants to search
the following items and
locations:
(1) the residence of ANA BELEN MONTES, such premises known and described
as a cooperative apartment located at 3039 Macomb Street, N.W.,
apartment 20, Washington, D.C.
20008, and further described in Attachment A to this affidavit;
(2) a red 2000 Toyota Echo, bearing vehicle identification number
JTDT1231Y0007841 and District of Columbia license plate number 993 190,
which is registered
to ANA BELEN MONTES and anticipated to be within the District of
Columbia;
(3) room C6-146A, 200 MacDill Boulevard, Washington, D.C. 20340, which
is the
office/work space assigned to ANA BELEN MONTES at the Defense
Intelligence Analysis Center
located on Bolling Air Force Base;
-2-
(4) safe deposit box #526 leased by ANA BELEN MONTES at Riggs Bank, N.A.,
Friendship Branch, 4249 Wisconsin Avenue, N.W., Washington, D.C.
3. Information in this affidavit is based on my personal knowledge and
on information
provided to me by other counter-intelligence investigators and law
enforcement officers during the
course of this investigation. Searches and various forms of surveillance
have been conducted
pursuant to the Foreign Intelligence Surveillance Act of 1978, as
amended (FISA) and orders of the
Foreign Intelligence Surveillance Court (FISC).
I. Background
4. ANA BELEN MONTES is a United States citizen born on February 28,
1957, on a U.S.
military installation in Nurnberg, Germany. She graduated from the
University of Virginia in 1979
and obtained a masters degree from the Johns Hopkins University School
of Advanced International
Studies in 1988. She is single and lives alone at 3039 Macomb Street,
N.W., apartment 20,
Washington, D.C. 20008, which residence is further described in
Attachment A. She has registered
in her name a red 2000 Toyota Echo, bearing vehicle identification
number JTDT1231Y0007841
and District of Columbia license plate number 993 190, which is
regularly parked in the vicinity of
her residence, and which she regularly uses to commute to her place of
employment.
5. MONTES is currently employed by the Defense Intelligence Agency (DIA)
as a senior
intelligence analyst. Her current office is at 200 MacDill Boulevard,
located on Bolling Air Force
Base, Washington, D.C. 20340. Her assigned office space is C6-146A. She
has been employed by
DIA as an analyst since September 1985. Since 1992, she has specialized
in Cuba matters. She is
currently the senior analyst responsible for matters pertaining to Cuba.
During the course of her
-3-
employment, MONTES has had direct and authorized access to classified
information relating to the
national defense.
6. Records obtained from Riggs Bank reveal that MONTES has continually
leased safe
deposit box number 526 at Riggs Bank, N.A., Friendship Branch, 4249
Wisconsin Avenue, N.W.,
Washington, D.C. since September 2, 1993.
7. Classified information is defined by Executive Order No. 12,958, 60
Fed. Reg.19,825
(1995), as follows: information in any form that (1) is owned by,
produced by or for, or under the
control of the United States government; (2) falls within one or more of
the categories set forth in
section 1.5 of the order (including intelligence sources and methods,
cryptology, military plans, and
vulnerabilities or capabilities of systems, installations, projects, or
plans relating to the national
security), and (3) is classified by an original classification authority
who determines that its
unauthorized disclosure reasonably could be expected to result in damage
to the national security.
Under the executive order, the designation "Confidential" shall be
applied to information, the
unauthorized disclosure of which reasonably could be expected to cause
damage to the national
security. The designation "Secret" shall be applied to information, the
unauthorized disclosure of
which reasonably could be expected to cause serious damage to the
national security. The
designation "Top Secret" shall be applied to information, the
unauthorized disclosure of which
reasonably could be expected to cause exceptionally grave damage to the
national security.
8. In addition, Executive Order No. 12,958 provides that the secretaries
of State, Defense and
Energy are authorized to create "special access programs" upon certain
specific findings including
that the vulnerability of, or threat to, specific classified information
is exceptional. Under such a
-4-
program, the safeguarding and access requirements to information covered
by the program exceed
those normally required for information at the same classification
level.
9. Under 32 C.F.R. § 159a.9, Sensitive Compartmented Information (SCI)
refers to
information and material that requires special controls for restricted
handling.
10. During her employment at DIA, MONTES has continuously held a
security clearance and
has had regular, authorized access to classified information. I know
that a person who receives such
clearances is required to be briefed on the procedures for properly
handling classified information
and the penalties for failing to do so, and that such a person must sign
certifications of understanding
and agreement in connection with those briefings. I have reviewed a
“Classified Information
Nondisclosure Agreement” (Standard Form 189) that MONTES signed on
September 30, 1985. In
that document MONTES acknowledged that she was aware that unauthorized
disclosure of classified
information could cause irreparable injury to the United States or could
be used to advantage by a
foreign nation, that she would never divulge such information to an
unauthorized person, and that
she understood that she was obligated to comply with laws and
regulations that prohibit the
unauthorized disclosure of classified information, and that she further
understood such a disclosure
could constitute a violation of United States criminal law including 18
U.S.C. § 794. I have also
reviewed a “Security Briefing/Debriefing Acknowledgment” form signed by
MONTES on May 15,
1997, briefing her into a Special Access Program (SAP). On this date,
specifically in connection
with this SAP, MONTES signed a Sensitive Compartmented Information
Nondisclosure Agreement,
in which she acknowledged that the unauthorized disclosure of SCI may
violate federal criminal law,
including 18 U.S.C. § 794, and that such disclosure could cause
irreparable injury to the United
States or be used to the advantage of a foreign nation.
-5-
II. MONTES's Toshiba Laptop Computer and Shortwave Radio
A. Communication From the Cuban Intelligence Service (CuIS) to MONTES
via
Shortwave Radio
11. Based on my knowledge and familiarity with the methodology of the
Cuban intelligence
service, I am aware that the CuIS often communicates with clandestine
CuIS agents operating
outside Cuba by broadcasting encrypted messages at certain high
frequencies. Under this method,
the CuIS broadcasts on a particular frequency a series of numbers. The
clandestine agent,
monitoring the message on a shortwave radio, keys in the numbers onto a
computer and then uses
a diskette containing a decryption program to convert the seemingly
random series of numbers into
Spanish-language text. This was the methodology employed by some of the
defendants convicted
last June in the Southern District of Florida of espionage on behalf of
Cuba and acting as
unregistered agents of Cuba, in the case of United States of America v.
Gerardo Hernandez, et al.,
Cr. No. 98-721-CR-Lenard(s)(s). Although it is very difficult to decrypt
a message without access
to the relevant decryption program, once decrypted on the agent's
computer the decrypted message
resides on the computer's hard drive unless the agent takes careful
steps to cleanse the hard drive of
the message. Simply "deleting" the file is not sufficient.
12. Based on the evidence described below, I have concluded that MONTES
was a
clandestine CuIS agent who communicated with her handling CuIS officer
in the manner described
above.
13. A receipt obtained from a CompUSA store located in Alexandria,
Virginia indicated that
on October 5, 1996, one "Ana B. Montes" purchased a refurbished Toshiba
laptop computer, model
405CS, serial number 10568512.
-6-
14. During a court-authorized surreptitious entry into MONTES's
residence, conducted by
the FBI on May 25, 2001, FBI agents observed in her residence a Toshiba
laptop computer with the
serial number set out above. During the search, the agents
electronically copied the laptop’s hard
drive. During subsequent analysis of the copied hard drive, the FBI
recovered substantial text that
had been deleted from the laptop's hard drive.
15. The recovered text from the laptop's hard drive included significant
portions of a Spanishlanguage
message, which when printed out with standard font comes to
approximately 11 pages of
text. The recovered portion of the message does not expressly indicate
when it was composed.
However, it instructs the message recipient to travel to "the Friendship
Heights station" on "Saturday,
November 23rd." My review of a calendar indicates that November 23 fell
on a Saturday in 1996;
the next time thereafter November 23 falls on a Saturday is in 2002.
Accordingly, this message was
composed sometime before November 23, 1996, and entered onto MONTES's
laptop sometime after
October 5, 1996, the date she purchased it. Based on its content, I have
concluded that it is a
message from a CuIS officer to MONTES.
16. Portions of the recovered message included the following: “You
should go to the WIPE
program and destroy that file according to the steps which we discussed
during the contact. This is
a basic step to take every time you receive a radio message or some
disk.”
17. During this same search, the agents also observed a Sony shortwave
radio stored in a
previously opened box on the floor of the bedroom. The agents turned on
the radio to confirm that
it was operable. Also found was an earpiece that could be utilized with
this shortwave radio,
allowing the radio to be listened to more privately. Similar earpieces
were found in the residences
of the defendants in the Hernandez case, as described above in paragraph
11.
-7-
18. The recovered portion of the message begins with the following
passage:
Nevertheless, I learned that you entered the code communicating that
you were having problems with radio reception. The code alone
covers a lot, meaning that we do not know specifically what types of
difficulty you are having. Given that it's only been a few days since
we began the use of new systems, let's not rule out that the problem
might be related to them. In that case, I'm going to repeat the
necessary steps to take in order to retrieve a message.
The message then describes how the person reading the message should
"write the information you
send to us and the numbers of the radio messages which you receive." The
message later refers to
going "to a new line when you get to the group 10 of the numbers that
you receive via radio," and
still later gives as an "example" a series of groups of numbers: "22333
44444 77645 77647 90909
13425 76490 78399 7865498534." After some further instruction, the
message states: "Here the
program deciphers the message and it retrieves the text onto the screen,
asking you if the text is okay
or not." Near the conclusion of the message, there is the statement "In
this shipment you will receive
the following disks: . . . 2) Disk "R1" to decipher our mailings and
radio."
19. Further analysis of MONTES's copied Toshiba hard drive identified
text consisting of
a series of 150 5-number groups. The text begins, "30107 24624," and
continues until 150 such
groups are listed. The FBI has determined that the precise same numbers,
in the precise same order,
were broadcast on February 6, 1999, at AM frequency 7887 kHz, by a woman
speaking Spanish,
who introduced the broadcast with the words "Attencion! Attencion!" The
frequency used in that
February 1999 broadcast is within the frequency range of the shortwave
radio observed in
MONTES's residence on May 25, 2001.
B. Communication Between the CuIS and MONTES via Computer Diskette
-8-
20. Based on my knowledge of the methodology employed by the CuIS, I am
aware that a
clandestine CuIS agent often communicates with his or her handling CuIS
officer by typing a
message onto a computer, and then encrypting and saving it to a
diskette. The agent thereafter
physically delivers the diskette, either directly or indirectly, to the
officer. In addition, as an
alternative to sending an encrypted shortwave radio broadcast, a CuIS
officer often will similarly
place an encrypted message onto a diskette and again simply physically
deliver the diskette,
clandestinely, to the agent. Upon receipt of the encrypted message,
either by the CuIS officer or the
agent, the recipient employs a decryption program contained on a
separate diskette to decrypt the
message. The exchange of diskettes containing encrypted messages, and
the use of decryption
programs contained on separate diskettes, was one of the clandestine
communication techniques
utilized by the defendants in the Hernandez case described above in
paragraph 11. Although it is
difficult to decrypt a message without the decryption program, the very
process of encrypting or
decrypting a message on a computer causes a decrypted copy of the
message to be placed on the
computer's hard drive. Unless affirmative steps are taken to cleanse the
hard drive, beyond simply
"deleting" the message, the message can be retrieved from the hard
drive.
21. Based on the evidence described below, I have concluded that MONTES
was a CuIS
agent who communicated with her CuIS handling officer by passing and
receiving computer
diskettes containing encrypted messages.
22. The message described above that was contained on the hard drive of
MONTES's laptop
computer contained the following passage:
Continue writing along the same lines you have so far, but cipher the
information every time you do, so that you do not leave prepared
information that is not ciphered in the house. This is the most
-9-
sensitive and compromising information that you hold. We realize
that this entails the difficulty of not being able to revise or consult
what was written previously before each shipment, but we think it is
worth taking this provisional measure. It is not a problem for us if
some intelligence element comes repeated or with another defect
which obviously cannot help, we understand this perfectly.-- Give
“E” only the ciphered disks. Do not give, for the time being, printed
or photographed material. Keep the materials which you can justify
keeping until we agree that you can deliver them.-- Keep up the
measure of formatting the disks we send you with couriers or letters
as soon as possible, leaving conventional notes as reminders only of
those things to reply to or report.
The message goes on to refer to a "shipment" that contains "Disk 'S1' -
to cipher the information you
send," and, as indicated in the previous section, to "Disk 'R1' to
decipher our mailings and radio."
Earlier in the message, there is a reference to "information you receive
either via radio or disk."
23. During the court-authorized search of the residence on May 25, 2001,
two boxes
containing a total of 16 diskettes were observed. During a subsequent
such search on August 8,
2001, a box containing 41 diskettes, later determined to be blank, were
observed. Finally, records
obtained from a Radio Shack store located near MONTES's residence
indicate that MONTES
purchased 160 floppy diskettes during the period May 1, 1993, to
November 2, 1997.
III. Communication from MONTES to the CuIS by Pager
24. Based on my knowledge of the methodology employed by the CuIS, I am
aware that a
clandestine CuIS agent often communicates with his or her handling CuIS
officer by making calls
to a pager number from a pay telephone booth and entering a pre-assigned
code to convey a
particular message. This methodology was utilized by the defendants in
the Hernandez case
described above in paragraph 11.
-10-
25. Based on the evidence described below, I believe that MONTES has
been communicating
with her handling CuIS officer in this fashion.
26. In the same message copied from MONTES's hard drive that has been
described earlier
in this affidavit, there is a passage that states:
C) Beepers that you have. The only beepers in use at present are the
following: 1) (917) [first seven-digit telephone number omitted from
this application], use it with identification code 635. 2) (917) [second
seven-digit telephone number omitted from this application]. Use it
with identification code 937. 3) (917) [third seven-digit telephone
number omitted from this application] Use it only with identification
code 2900 . . . because this beeper is public, in other words it is
known to belong to the Cuban Mission at the UN and we assume
there is some control over it. You may use this beeper only in the
event you cannot communicate with those mentioned in 1) and 2),
which are secure.
Based on my experience and knowledge, I have concluded that the
reference to “control over it” in
the above passage refers to the CuIS officer’s suspicion that the FBI is
aware that this beeper number
is associated with the Cuban government and is monitoring it in some
fashion.
27. In addition, as described previously, the message on the laptop's
hard drive includes a
portion stating that the message recipient "entered the code
communicating that you were having
problems with radio reception." Based on the evidence described above, I
have concluded this
portion of the message indicates that MONTES at some point shortly prior
to receiving the message
sent a page to her CuIS officer handler consisting of a pre-assigned
series of numbers to indicate she
was having communication problems.
28. Based on evidence obtained during the FBI's physical surveillance of
MONTES
conducted between May and September 2001, I have concluded that MONTES
continues to send
coded pages to the CuIS. This evidence is described below in paragraphs
38 to 45.
-11-
III. MONTES's Transmission of Classified Information to the CuIS
29. The same message described above, as well as other messages
recovered from the laptop's
hard drive, contained the following information indicating that MONTES
had been tasked to provide
and did provide classified information to the CuIS.
30. In one portion of the message discussed above, the CuIS officer
states:
What *** said during the meeting . . . was very interesting. Surely
you remember well his plans and expectations when he was coming
here. If I remember right, on that occasion, we told you how
tremendously useful the information you gave us from the meetings
with him resulted, and how we were waiting here for him with open
arms.
31. I have replaced in this application with "***" a word that begins
with a capital letter,
which was not translated, and is in fact the true last name of a U.S.
intelligence officer who was
present in an undercover capacity, in Cuba, during a period that began
prior to October 1996. The
above quoted portion of the message indicates that MONTES disclosed the
U.S. officer's intelligence
agency affiliation and anticipated presence in Cuba to the CuIS, which
information is classified
"Secret." As a result, the Cuban government was able to direct its
counter-intelligence resources
against the U.S. officer ("we were waiting here for him with open
arms").
32. The very next section in the message states:
We think the opportunity you will have to participate in the ACOM
exercise in December is very good. Practically, everything that takes
place there will be of intelligence value. Let's see if it deals with
contingency plans and specific targets in Cuba, which are to
prioritized interests for us.
33. I have concluded that the "ACOM exercise in December" is a reference
to a December
1996 war games exercise conducted by the U.S. Atlantic Command, a U.S.
Department of Defense
-12-
unified command, in Norfolk, Virginia. Details about the exercise's
"contingency plans and specific
targets" is classified “Secret” and relates to the national defense of
the United States.
34. DIA has advised that MONTES attended the above exercise in Norfolk,
as part of her
official DIA duties.
35. In a separate message partially recovered from the hard drive of
MONTES’s Toshiba
laptop, the message reveals details about a particular Special Access
Program (SAP) related to the
national defense of the United States, and states: “In addition, just
today the agency made me enter
into a program, ‘special access top secret. [First name, last name
omitted from this application] and
I are the only ones in my office who know about the program.” The
details related about this SAP
in this message are classified “Top Secret" / SCI.
36. DIA has confirmed that MONTES and a colleague with the same name as
that related in
the portion of the message described above were briefed into this SAP,
together, on May 15, 1997.
Accordingly, I have concluded that the above message from MONTES to a
CuIS officer.
37. In yet another message recovered from the laptop, there is a
statement revealing that “we
have noticed” the location, number and type of certain Cuban military
weapons in Cuba. This
information is precisely the type of information that is within MONTES’s
area of expertise, and is,
in fact, an accurate statement of the U.S. intelligence community’s
knowledge on this particular
issue. The information is classified “Secret.” Accordingly, I have
concluded that this message also
is a message from MONTES to a CuIS officer.
FBI Physical Surveillance of MONTES and Telephone Records for May to
September 2001
38. FBI physical surveillance of MONTES has shown a recent pattern of
pay telephone calls
by her to a pager number, a communication method that, as described
above in paragraph 24, is
-13-
consistent with known CuIS communications plans and operations. In each
paragraph below that
refers to MONTES driving, she was utilizing the Toyota described above
in paragraph 2.
39. The FBI maintained periodic physical surveillance of MONTES during
the period May
to September 2001. On May 20, 2001, MONTES left her residence and drove
to the Hecht’s on
Wisconsin Avenue, in Chevy Chase, Maryland. She entered the store at
1:07 p.m. and exited by the
rear entrance at 1:27 p.m. She then sat down on a stone wall outside the
rear entrance and waited
for approximately two minutes. At 1:30 p.m., the FBI observed her walk
to a pay phone
approximately 20 feet from where she was sitting. She placed a one
minute call to a pager number
using a pre-paid calling card. At 1:45 p.m. she drove out of the Hecht’s
lot and headed north on
Wisconsin Avenue toward Bethesda, Maryland. At 1:52 p.m. she parked her
car in a lot and went
into Modell’s Sporting Goods store. She quickly exited the store
carrying a bag and crossed
Wisconsin Avenue to an Exxon station. She was observed looking over her
right and left shoulders
as she crossed the Exxon lot. At 2:00 p.m. she placed a one minute call
from a pay phone at the
Exxon station to the same pager number using the same pre-paid calling
card. By 2:08 p.m.,
MONTES had walked back to her vehicle and was driving back to her
residence where she arrived
at 2:30 p.m.
40. On June 3, 2001, MONTES engaged in similar communications activity.
She left her
residence at approximately 2:30 p.m. and drove to a bank parking lot at
the corner of Harrison Street,
N.W. and Wisconsin Avenue, N.W. She exited her car at approximately 2:37
pm and entered a
Borders Book Store on Wisconsin Avenue. She left the store approximately
40 minutes later. She
then crossed Wisconsin Avenue to the vicinity of three public pay phones
near the southern exit of
the Friendship Heights Metro Station. At 3:28 p.m. she placed a
one-minute call using the same pre-
14-
paid calling card to the same pager number she had called on May 20,
2001. After a few minutes,
she walked back to her car and drove to a grocery store.
41. Pursuant to court authorization, on August 16, 2001, the FBI
searched MONTES’s
pocketbook. In a separate compartment of MONTES’s wallet, the FBI found
the pre-paid calling
card used to place the calls on May 20, 2001 and June 3, 2001. In the
same small compartment, the
FBI located a slip of paper on which was written the pager number she
had called. Written above
this pager number was a set of digits that I believe comprise one or
more codes for MONTES to use
after calling the pager number, i.e., after contacting the pager, she
keys in a code to be sent to the
pager which communicates a particular pre-established message.
42. On August 26, 2001, at approximately 10:00 a.m., the FBI observed
MONTES making
a brief pay telephone call to the same pager number from a gas
station/convenience store located at
the intersection of Connecticut and Nebraska Avenues, N.W., in
Washington, D.C.
43. On September 14, 2001, MONTES left work and drove directly to her
residence. She
then walked to Connecticut Avenue, N.W., in Washington, D.C., still
wearing her business clothes,
and made a stop at a dry cleaning shop. She then entered the National
Zoo through the Connecticut
Avenue entrance. She proceeded to the “Prairie Land” overlook where she
stayed for only 30
seconds. She then walked further into the zoo compound and basically
re-traced her route out of the
zoo. At approximately 6:30 p.m. MONTES removed a small piece of paper or
card from her wallet
and walked to a public phone booth located just outside the pedestrian
entrance to the zoo.
MONTES then made what telephone records confirmed to be two calls to the
same pager number
she had called in May, June and August, as described above. The records
reflect that the first call
was unsuccessful, i.e., the call lasted zero seconds. According to the
records, she made a second call
-15-
one minute later that lasted 33 seconds. Shortly after making these
calls, MONTES looked at her
watch and then proceeded to walk back to her residence.
43. On September 15, 2001, telephone records pertaining to the pre-paid
calling card number
on the card observed in her pocketbook on August 16, 2001, show that
MONTES made a call to the
same pager number at 11:12 a.m. that lasted one minute.
44. On September 16, 2001, MONTES left her residence in the early
afternoon and took the
Metro (Red Line) to the Van Ness - UDC station in Washington, D.C. She
made a brief telephone
call from a payphone in the Metro station at approximately 1:50 p.m.,
again to the same pager
number.
45. MONTES is known to possess a cell phone. A cell phone was observed
during a courtauthorized
search of her tote bag on August 16, 2001. In addition, during
surveillance on September
16, 2001, MONTES was observed speaking on a cell phone. Furthermore,
telephone records
obtained in May 2001 confirm that she has subscribed to cell telephone
service continually from
October 26, 1996 to May 14, 2001. MONTES’s use of public pay phones
notwithstanding her access
to a cell phone supports my conclusion that the pay phone calls
described in this section were in
furtherance of MONTES’s espionage.
Probable Cause to Seize Documents, Materials and Computer Media
46. My experience has shown that individuals involved in espionage very
often maintain
copies of correspondence, draft documents and even classified government
documents which are
themselves of evidentiary value, along with evidence of criminal and
other associations. This
evidence includes directories, lists, news articles, photographs, travel
and similar material. The
items and materials utilized by persons engaged in espionage is further
described in Attachment B.
-16-
47. MONTES is known to have both a laptop and a desktop computer in her
residence. In
addition, she utilizes a desktop computer in her office in the DIAC.
These computers may be
attached to peripherals such as printers when the search warrants are
executed. Searching these
computer systems may require a range of data analysis techniques. In
some cases, it is possible for
the agents to conduct carefully targeted searches that can locate
evidence without requiring a timeconsuming
manual search through unrelated materials that may be commingled with
criminal
evidence. Similarly, agents may be able to locate the materials covered
in the warrant by looking
for particular directory or file names. In other cases, however, such
techniques may not yield the
evidence described in the warrant. Criminals can mislabel or hide files
and directories; encode
communications to avoid using key words; attempt to delete files to
evade detection; or take other
steps designed to frustrate law enforcement searches for information.
These steps all are anticipated
to be applicable in this case. These steps may require agents to conduct
more extensive searches,
which can more easily be accomplished with equipment that cannot be
brought to the search sites,
such as scanning areas of the disk not allocated to listed files, or
opening every file and scanning its
contents briefly to determine whether it falls within the scope of the
warrant. In light of these
difficulties, your affiant requests permission to use whatever data
analysis techniques appear
necessary to locate and retrieve the evidence in the computers,
diskettes, and peripherals that are
located within the places and items to be searched, and to remove these
items from the places to be
searched so that the items may be searched more thoroughly.
Conclusion
48. Based on the evidence described above, I believe probable cause
exists that from on or
about October 5, 1996, to the date of this affidavit, in the District of
Columbia and elsewhere, ANA
-17-
BELEN MONTES, conspired, confederated and agreed with persons known and
unknown to violate
18 U.S.C. § 794(a), that is, to communicate, deliver and transmit to the
government of Cuba and its
representatives, officers and agents, information relating to the
national defense of the United States,
with the intent and reason to believe that the information was to be
used to the injury of the United
States and to the advantage of Cuba, and that MONTES committed acts to
effect the object of this
conspiracy in the District of Columbia and elsewhere, all in violation
of 18 U.S.C. § 794(c).
49. I further believe that probable cause exists that the items and
locations described in
Attachment A contain evidence, fruits, and instrumentalities relating to
the above violation, which
evidence fruits and instrumentalities are further described in
Attachment B.
STEPHEN A. McCOY, Special Agent
Federal Bureau of Investigation
SWORN TO AND SUBSCRIBED BEFORE ME THIS DAY OF SEPTEMBER, 2001.
UNITED STATES MAGISTRATE JUDGE
-18-
ATTACHMENT A
The residence of ANA BELEN MONTES is located at 3039 Macomb Street,
N.W.,
apartment 20, Washington, D.C. 20008. 3039 Macomb Street, N.W., is
titled “The Cleveland
Apartments,” and is a three story, red brick building. Apartment 20 is
on the second floor and is
the first door on the left.
-19-
ATTACHMENT B
1. Espionage paraphernalia, including devices designed to conceal and
transmit national
defense and classified intelligence information and material, and
implements used by espionage
agents to communicate with their handlers and with a foreign government,
to wit: white tape, mailing
tape, colored chalk (all used for signaling purposes), coded pads,
secret writing paper, microdots,
any letters, notes or other written communications (including contact
instructions) between defendant
ANA BELEN MONTES and any agents of the CuIS or other intelligence
service of Cuba; any
computers, (including laptops), computer disks, cameras, film, codes,
telephone numbers, maps,
photographs and other materials relating to communication procedures,
correspondence;
2. Records, notes, calendars, journals, maps, instructions, and
classified documents and other
papers and documents relating to the transmittal of national defense and
classified intelligence
information (including the identities of foreign espionage agents and
intelligence officers and other
foreign assets or sources providing information to the United States
Intelligence Community, such
as the FBI and CIA; records of previous illicit espionage transactions,
national defense transactions,
national defense and classified intelligence information, including
copies of documents copied or
downloaded by ANA BELEN MONTES from the DIA);
3. Passports, visas, calendars, date books, address books, credit card,
hotel receipts and
airline records, reflecting travel in furtherance of espionage
activities;
4. Identity documents, including but not limited to passports, licenses,
visas (including those
in fictitious or alias identities), U.S. and foreign currency,
instructions, maps, photographs, U.S. and
foreign bank account access numbers and instructions and other papers
and materials relating to
emergency contact procedures and escape routes;
-20-
5. Safety deposit box records, including signature cards, bills, and
payment records, safety
deposit box keys, whether in the name of the defendant or a family
member; any records pertaining
to any commercial storage sites where the defendant may be storing other
classified intelligence and
counter-intelligence documents or other records of her espionage
activities;
6. Federal, state and local tax returns, work sheets, W-2 forms, 1099
forms, and any related
schedules;
7. Telephone bills and records, including calling cards and pager
records;
8. Photographs, including photographs of co-conspirators; correspondence
(including
envelopes) to and from ANA BELEN MONTES and handlers, contacts and
intelligence agents of
Cuba;
9. Computer hardware, software, and storage media, known to be used by
the defendant or
to which she had access, including, but not limited to: any personal
computer, laptop computer,
modem, and server, which have been and are being used to commit the
offenses of espionage and
conspiracy to commit espionage; records, information and files contained
within such computer
hardware containing evidence and fruits of defendant’s espionage
activity between October 5, 1996,
and the present, including classified documents, in whatever form and by
whatever means they have
been created or stored, including but not limited to any electrical,
electronic, or magnetic form of
storage device; floppy diskettes, hard disks, zip disks, CD-ROMs,
optical discs, backup tapes, printer
buffers, smart cards, memory calculators, pagers, personal digital
assistants such as Palm III devices,
removable hard drives, memory cards, zip drives, and any photographic
forms of such records
including microfilm, digital prints, slides, negatives, microfiche,
photocopies, and videotapes,
computer terminals and printers used by the defendant in said espionage
activity.
CUBA’S ADVERSARY FOREIGN INTELLIGENCE
When the Cold war ended, it was widely believed that a new era of
international cooperation had begun. However, simply put, the end of the
cold war has not led to a more peaceful world.
The United States is the target of those who challenge the status quo,
and one of those is Cuba. Furthermore, the PRC has joined efforts with
Cuba in a new axis. The deterioration in China’s relations with the
United States is also being accompanied by a warmer relationship with
Russia. There are three nations that use intensively their intelligence
services to harm the interests of the United States. These nations are:
China, Cuba, and North Korea. These nations continue to expend
significant resources to conduct intelligence operations against the
United States.
These efforts are centered on producing intelligence concerning the
United States military capabilities, other national security activities,
and military research and development activities. They have now expanded
their collection efforts to place additional emphasis on collecting
scientific, technical, economic, and proprietary information. These
collection efforts are designed to provide technologies required for the
acquisition and maintenance of advanced military systems, as well as to
promote the national welfare of these nations. Each one of these
countries has the ability to collect intelligence on targeted U.S.
activities using HUMINT, SIGINT, and the analysis of open source
material. Also, Cuba, China, and Russia have access to imagery products
that can be used to produce IMINT. The United States is now the target
of those who want to challenge the existing state of affairs. Security
threats, in this new era of asymmetric warfare, will inevitable emerge
more and more frequently.
The PRC has obtained the HPCs from the United States. The contribution
of HPCs to military modernization is also dependent on related
technologies such as Telecommunications, Microelectronics, and Computer
Networking, areas in which the PRC has been assisting Cuba intensively
since 1998. The principal intelligence collection arms of the Cuban
government are the Directorate General of Intelligence (DGI) of Ministry
of Interior, and the Military Counterintelligence Department of the
Ministry of the Armed Forces. The DGI is responsible for foreign
intelligence collection.
The DGI has six divisions divided into two categories of roughly equal
size: The Operational Divisions and the Support Divisions.
The operational divisions include the Political/Economic Intelligence
Divisions, the External Counterintelligence Division, and the Military
Intelligence Division.
The support divisions include the Technical Support Division, the
Information Division, and the Preparation Division. The Technical
Support Division is responsible for production of false documents,
communication systems supporting clandestine operations, and development
of clandestine message capabilities. The Information and Preparation
Divisions are responsible for intelligence analysis functions.
The Political Economic Intelligence Division consists of four sections:
Eastern Europe, North America, Western Europe, and
Africa-Asia-Latin-America. The External Counterintelligence Division is
responsible for penetrating foreign intelligence services and the
surveillance of exiles. The Military Intelligence Department was focused
on collecting information on the U.S. Armed Forces and coordinated
SIGINT operations with the Russians at Lourdes. Presently, it controls
the Bejucal base.
The Military Counterintelligence Department is responsible for
conducting counterintelligence, SIGINT, and electronic warfare
activities against the United States.
The full range of Cuba’s espionage activities are a very serious matter
of concern. Despite the economic failure of the Castro regime, Cuban
intelligence, in particular the DGI, remains a viable threat to the
United States. The Cuban mission to the United States is the third
largest UN delegation. The Cuban diplomats conduct and support harmful
activities in the United States. The United States’ intelligence
agencies should devote their resources to the most serious security
threats, principally international terrorism, and adverse political
trends.
The recent(1998-2005) captured of more than 15 Cuban spies, including
Ana Belen Montes, have shown the way that they communicate with the DGI
in Cuba. The basic method is called Cryptography, and Cuba’s uses the
method developed in the 1970s, referred to as symmetric encryption,
secret-key, or single key encryption. There are three important
encryption algorithms: DES, triple DES, and AES.
The encryption used by Cuba’s intelligence has five ingredients:
Plaintext: This is the original message or data that is fed into the
algorithm as input.
Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
Secret key: The secret key is also input to the algorithm. The exact
substitutions and transformations performed by the algorithm depend on
the key.
Ciphertext: This is the scrambled message produced as output. It depends
on the plaintext and the secret key. For a given message, two different
keys will produce two different ciphertexts.
Decryption algorithm: This is essentially the encryption algorithm run
in reverse. It takes the ciphertext and the same secret key and produces
the original plaintext.
They use two basic important requirements:
A strong encryption algorithm. They use one that, at the beginning, the
opponent who knows the algorithm and has access to one or more
ciphertexts, are unable to decipher the ciphertext or figure out the
key. It was difficult, at the earlier stages to decipher their messages.
Sender and receiver (Cuba and the agents here) must have obtained copies
of the secret key in a secure fashion and keep the key secure. Once the
US intelligence discover the key and knows the algorithm, all
communication using this key is readable.
The security of this encryption depends on the secrecy of the key, not
the secrecy of the algorithm. That is, they need to keep only the key
secret. With the use of this encryption, the principal security problem
is maintaining the secrecy of the key.
All their encryption algorithms are based on two general principles:
substitution, in which each element in the plaintext (bit, letter, group
of bits or letters) is mapped into another element, and transposition,
in which elements in the plaintext are rearranged. They use multiple
stages of substitutions and transpositions.
Both sender and receiver use the same key. The system is symmetric. A
block cipher processes the input one block of elements at a time,
producing an output block for each input block. A stream cipher
processes the input elements continuously, producing output one element
at a time, as it goes along.
The process of attempting to discover the plaintext or key is known as
cryptanalysis. A summary follows. The Table summarizes the various types
of cryptanalytic attacks or means to decipher Cuba’s communication with
its spies. The most difficult problem is presented when all that is
available is the ciphertext only.
It is known that Cuba has experimented already sending encrypted
messages through the air over 100 Kms., during days and nights. Cuba
expects to be able to send through its Bejucal base these ultra-secret
messages by the end of this year or early 2003. Of course, encryption of
transmitted data is just one part of keeping information secret. It is
easier for a would-be interceptor to compromise other aspects of the
overall process that are much more vulnerable than encryption, like
hacking the sender’s hard drive before the data is encrypted for
transmission.
The genius of quantum cryptography is that it solves the problem of key
distribution. This ability comes directly from the way quantum particles
such as photons behave in nature and the fact that the information these
particles carry can take on this behavior. Essentially two technologies
make quantum key distribution possible: the equipment for creating
photons and that for detecting them. The ideal source is a so-called
photon gun that fires a single photon on demand. This is an area where
Cuba research and development is highly concentrated and advanced.
| | |
INFOCUBA
