By most accounts, Russian intelligence and collection activities are currently more aggressive than during the Cold War.
Combined with their use of cyber methodologies, Russia appears to have increased their activities at gathering and disseminating information and influence.
Overflights, mapping fiber-optic networks, “strange activities.” Moscow’s West Coast spies were busy.
DEC. 14, 2017
The first thing you need to understand about the building that, until very recently, housed the Russian Consulate in San Francisco — a city where topography is destiny, where wealth and power concentrate, quite literally, at the top — is its sense of elevation. Brick-fronted, sentinel-like, and six stories high, it sits on a hill in Pacific Heights, within one of the city’s toniest zip codes. This is a neighborhood that radiates a type of wealth, power, and prestige that long predates the current wave of nouveau riche tech millionaires, or the wave before that, or the one before that. It is old and solid and comfortable with its privilege; its denizens know they have a right to rule. Indeed, from Pacific Heights, one can simultaneously gaze out on the city, the bay, the Golden Gate Bridge — and, beyond, the vast, frigid Pacific.
The second thing you need to understand about the closure of Russia’s San Francisco consulate is that, after the Trump administration summarily announced on Aug. 31 that it would shutter the building 48 hours later, the news coverage that followed almost uniformly focused on two things: the dumbfounding heat (this city, cool and grey, is in California but not of it) and the black smoke wheezing from the consulate’s chimney, as employees rushed to burn up, one assumes, anything confidential or inculpatory.
People were right to look upward, toward the building’s roof, but their focus was misplaced: It was, in reality, the motley array of antennas and satellites and electronic transmittal devices dotting the rooftop — objects viewed with deep suspicion and consternation by U.S. intelligence community officials for decades — that tells the story of the Russian Consulate in San Francisco, not the ash drifting listlessly over the neighboring mansions.
I rushed to the consulate the day the closure announcement was made and watched the building sit impassively in the heat, while the media crews cooled off in the shade. A suspiciously large number of delivery vans were circling, and there was an unusual concentration of loiterers (in their cars, on computers; in biking gear, across the street) on an otherwise very quiet block. Pedestrians walked by, snapping photos on their iPhones.
San Francisco, it was clear, was now embroiled in the increasingly feverish diplomatic confrontation between the two nuclear superpowers. In July, Russian President Vladimir Putin had announced, in an interview on state-run television, that he was decreasing by 755 the total number of personnel working at U.S. diplomatic facilities in his country. Closing the San Francisco consulate (and two smaller diplomatic annexes) was the Trump administration’s retaliation for this move. Putin, for his part, claimed that he was merely responding to the Barack Obama administration’s December 2016 shuttering of two Russian recreational compounds on the East Coast; the expulsion of 35 Russian diplomats, identified as spies, from the country (this list included four employees of the San Francisco consulate, including the building’s “chef”); and a new round of congressional sanctions. The Obama administration, of course, made these moves in retaliation for the unprecedented Russian meddling in the 2016 U.S. presidential election.
But why the focus on San Francisco? Why not close one of Russia’s other three consulates, in New York, Seattle, or Houston? And why now?
THE ANSWER, I DISCOVERED, APPEARS TO REVOLVE AROUND AN INTENSIVE, SUSTAINED, AND MYSTIFYING PATTERN OF ESPIONAGE EMANATING FROM THE SAN FRANCISCO CONSULATE.
The answer, I discovered, appears to revolve around an intensive, sustained, and mystifying pattern of espionage emanating from the San Francisco consulate. According to multiple former intelligence officials, while these “strange activities” were not limited to San Francisco or its environs, they originated far more frequently from the San Francisco consulate than any other Russian diplomatic facility in the United States, including the Russian Embassy in Washington, D.C. As one former intelligence source put it, suspected Russian spies were “doing peculiar things in places they shouldn’t be.” Russian officials in Washington failed to respond to multiple attempts via email and phone for comment.
In the course of reporting this story, I spoke to over half a dozen former high-level U.S. intelligence officials about the closure of the consulate. Some of these individuals, almost all of whom worked on counterintelligence in San Francisco, spoke on the record generally about Russian espionage in Northern California; extensive conversations with other former intelligence officials occurred on background, in order to discuss sensitive matters related to recent Russian activities in the Bay Area and beyond. These sources confirmed that the San Francisco consulate served a unique role in Russian intelligence-gathering operations in the United States, as an important, and perhaps unrivaled, hub for its technical collection efforts here. But, as I discovered, it was what these efforts entailed that is key to understanding why San Francisco — the oldest and most established Russian Consulate in the United States — was singled out for closure.
For many decades, U.S. officials have been keenly aware that, because of the consulate’s proximity to Silicon Valley, educational institutions such as Stanford and Berkeley, and the large number of nearby defense contractors and researchers — including two Energy Department-affiliated nuclear weapons laboratories — Russia has used San Francisco as a focal point for espionage activity. The modalities of Russian espionage in the Bay Area have historically been well known to U.S. counterintelligence personnel, who understand (at least generally) what the Russians will target and how they will try to achieve their objectives.
One former senior counterintelligence executive, for example, recalled the “disproportionate number” of science- and technology-focused Russian intelligence officers based in San Francisco, some of whom were experts in encryption and were tasked with identifying new developments in such technologies in Silicon Valley. A second former intelligence official noted the long-standing interest of Russian intelligence operatives in San Francisco in building relationships with local tech experts and venture capital firms. What has evolved, noted multiple former officials, is the intensity of Russian efforts. According to Kathleen Puckett, who spent two decades working on counterintelligence in the Bay Area, “there was more aggressiveness by the Russians in the 2000s than back in the 1980s.”
SUSPECTED RUSSIAN INTELLIGENCE OFFICERS, OFTEN FULLY AWARE THEY WERE BEING SURVEILLED BY THE FBI, BEGAN SHOWCASING INEXPLICABLE AND BIZARRE BEHAVIORS IN REMOTE, FORLORN, OR JUST SEEMINGLY RANDOM PLACES.
Starting roughly 10 years ago — and perhaps going even longer back, according to multiple former U.S. intelligence officials — something changed. Suspected Russian intelligence officers, often fully aware they were being surveilled by the FBI, began showcasing inexplicable and bizarre behaviors in remote, forlorn, or just seemingly random places.
It is highly likely, sources told me, that the consulate’s closure was linked to U.S. intelligence officials definitively proving long-held suspicions about the objectives of these Russian activities — or that officials could simply no longer countenance these extraordinarily aggressive intelligence-collection efforts and seized on the opportunity to disrupt them after Putin’s latest diplomatic salvo.
What seems clear is that when it came to Russian spying, San Francisco was at the very forefront of innovation.
Imagine driving up and over Mount Tamalpais, the iconic 2,500-foot peak located just north of San Francisco, then switch-backing precipitously through a redwood-studded ravine until, over the horizon, you spot a giant, shimmering, curvilinear beachfront. This is Stinson Beach, a 45-minute drive from the city. Now imagine that, standing out at the water’s edge, is a man in a suit — a man known to U.S. intelligence as a Russian intelligence officer. He has a small device in his hand. He stares out at the ocean for a few minutes, turns around, walks to his car, and leaves.
This account, confirmed to me by multiple former U.S. counterintelligence officials, is one example of a spate of such odd behaviors. Suspected Russian intelligence operatives — under diplomatic cover as well as travelers visiting the country — were also found idling in wheat fields and in the mountains of the Pacific Northwest, among other places. Russia has a “long and successful record of using legal travelers” for intelligence-gathering purposes, Steven Hall, the CIA’s former chief of Russia operations, told me. “This ranges, for example, from someone who gets a visa to do a scholarly presentation to someone who says they want to visit Napa Valley on their vacation,” he said.
THE DRIVER STOOD NEXT TO HIS CAR, NOT PURCHASING ANY FUEL. THE PASSENGER APPROACHED A TREE, CIRCLING IT A FEW TIMES.
Some suspected Russian intelligence officers were found engaging in weird, repetitive behaviors in gas stations in dusky, arid burgs off Interstate 5, California’s main north-south artery. In one remarkably strange case, said one former intelligence official, two suspected Russian spies were surveilled pulling into a gas station. The driver stood next to his car, not purchasing any fuel. The passenger approached a tree, circling it a few times. Then they both got back into the car and drove away. Suspected Russian intelligence operatives would perform the same strange rituals multiple times at the same gas stations.
Multiple theories about these activities emerged. One was that the Russians were trying to confuse and overwhelm their FBI surveillance teams, in order to gauge just how extensive their coverage really was — in other words, to test the capacity of their counterspies. Another theory revolved around a long-standing communications technique among Russian spies, known as “burst transmissions,” wherein intelligence operatives transmit data to one another via short-wave radio communications. But for these, said another former intelligence official, you need a line of sight, and such transmissions are only effective at relatively short distances.
Many of these behaviors, however, didn’t seem to fit a mold. For one, the FBI couldn’t establish that these suspected Russian intelligence operatives — some of whom were spotted with little devices in their hands, others without — were engaging in any communications. But according to multiple sources, one recurrent and worrying feature of these activities was that they often happened to correspond to places where underground nodes connected the country’s fiber-optic cable network. (In a June article, Politico’s Ali Watkins reported a few instances of these strange behaviors, tracing them back to the summer of 2016, as well as their potential connection to the fiber-optic network.)
Over time, multiple former intelligence officials told me, the FBI concluded that Russia was engaged in a massive, long-running, and continuous data-collection operation: a mission to comprehensively locate all of America’s underground communications nodes, and to map out and catalogue the points in the fiber-optic network where data were being transferred. They were “obviously trying to determine how sophisticated our intelligence network is,” said one former official, and these activities “helped them put the dots together.”
Sometimes, multiple former U.S. intelligence officials told me, Russian operatives appeared to be actively attempting to penetrate communications infrastructure — especially where undersea cables came ashore on both the Atlantic and Pacific coasts. They were “pretty sure” said a former intelligence official that, on at least one occasion on land, a Russian operative successfully broke into a data closet (a telecommunications and hardware storage center) as part of an attempt to penetrate one of these systems.
But what was “really unnerving,” said the former senior counterintelligence executive, was the Russians’ focus on communication nodes near military bases. According to multiple sources, U.S. officials eventually concluded that Moscow’s ultimate goal was to have the capacity to sever communications, paralyzing the U.S. military’s command and control systems, in case of a confrontation between the two powers. “If they can shut down our grid, and we go blind,” noted a former intelligence official, “they are closer to leveling the playing field,” because the United States is widely considered to possess superior command and control capabilities. When I described this purported effort to map out the fiber-optic network to Hall, the former senior CIA official, he seemed unfazed. “In the context of the Russians trying to conduct hybrid warfare in the United States, using cyber-types of tools,” he said, “none of what you described would surprise me.”
Multiple former intelligence officials also told me that U.S. officials were concerned that Russian intelligence operatives would provide these coordinates to deep-cover “illegals” — that is, Russian spies in the country under non-diplomatic cover (think of the Anna Chapman network) — or travelers, who might then carry out a sabotage campaign. There were also concerns that Russia could share these coordinates with other hostile foreign-intelligence services, such as a potential illegal Iranian network operating within the country.
As these strange activities persisted over the last decade, former intelligence officials told me, the FBI began to collate and compare surveillance reports from across the country, overlaying them with Russian flight paths occurring as part of the overt Treaty on Open Skies collection program.
The treaty, which entered into force in 2002, allows both the United States and Russia (and 32 other signatories) to conduct a limited number of unarmed surveillance and reconnaissance flights over each other’s territory per year. (According to the State Department, as of 2016 the United States had flown a total of 196 such flights over Russia, while Russia had flown 71 flights over the United States.) The methods of collection — video, photographic, infrared, and radar — are highly regulated and circumscribed, and the country whose territory is being flown over must approve the requested flight path. Flights are monitored in person by representatives of the host government. Afterward, upon request, the collected data must be shared with all treaty signatories. Open Skies was conceived, essentially, as an arms-control agreement: an attempt to decrease, through greater transparency, the uncertainties surrounding each great power’s array of military forces, which could lead to an erroneous nuclear exchange.
But U.S. intelligence officials began to notice a disturbing pattern vis-à-vis these “strange activities” and Open Skies: Suspected Russian operatives were appearing in places that had recently been, or were later, part of Russian flyovers. If these operatives were on the ground prior to the flight, U.S. officials suspected that they were likely helping shape coordinates for subsequent Open Skies missions, multiple former intelligence officials told me. If they appeared afterward, U.S. officials believed that the Russians had identified a potential object of interest (such as a fiber-optic node) and wanted in-person confirmation on what previously been identified during a flyover. There is simply “no substitute for someone literally going to locations and recording GPS coordinates,” said the former senior counterintelligence executive. “From 30,000 feet, you’re not necessarily going to have accuracy if you’re pinpointing a portal.”
NOT ONLY WERE SUSPECTED SPIES VISITING THE SAME PLACES THAT RUSSIAN SURVEILLANCE PLANES WERE FLYING OVER AS PART OF THEIR OPEN SKIES MISSIONS, BUT THEY WERE ALSO APPEARING DIRECTLY BENEATH THESE PLANES, IN REAL TIME, WHILE THESE FLIGHTS WERE ONGOING.
Eventually, U.S intelligence officials hit on another series of correlations: Not only were suspected spies visiting the same places that Russian surveillance planes were flying over as part of their Open Skies missions, but they were also appearing directly beneath these planes, in real time, while these flights were ongoing. “The idea was that some kind of communication could have been taking place between the plane and guy on the ground,” one former intelligence official told me. “The hard part was to confirm exactly what they were doing.” (Foreign Policycould not verify whether U.S. officials were able to definitively establish if, or how, such communications indeed occurred.)
One theory, relayed to me by multiple sources, was that the Russians might have been using the flights as a communication platform — airplanes can act as a kind of cell tower, the former officials noted, receiving and transmitting data. If Moscow was concerned that U.S. counterintelligence was able to intercept encrypted data from secure communications facilities based in their diplomatic compounds, the Russians might have been seeking to bypass this possibility by secretly routing data through the passing airplanes. “If a U.S. monitor is watching three functions aboard an Open Skies flight,” worried one former intelligence official, “maybe the fourth function is covert — out of sight and out of mind of observers — and while the monitor is looking at these other functions, the transmission and receipt of data is occurring under their nose.”
If true, these actions by Russia would appear to violate the spirit of the Treaty on Open Skies, if not the letter itself. The treaty has strict restrictions on the types of collection that is permitted, and any covert ground-to-air communication or data transfer occurring between an aircraft and a suspected intelligence officer located below would seem to clearly contravene the agreement. This entire data-collection operation for the western United States, said one former senior counterintelligence executive, was being managed out of the San Francisco consulate.
Russia has aggressively exploited its diplomatic presence in San Francisco for decades, and the United States has historically responded in kind. In 1983, for instance, the State Department issued new guidelines forbidding Soviet diplomats and journalists from visiting Silicon Valley. In the Ronald Reagan era, the consulate figured prominently in a number of sordid cases featuring American turncoats — including those of Allen John Davies, a former Air Force sergeant who offered the Soviets information on a secret U.S. reconnaissance program, and Richard Miller, the first FBI agent ever to be convicted of espionage, who was sleeping with — and passing information to — a Soviet agent being run out of San Francisco. In 1986, 13 San Francisco-based Soviet diplomats, accused of spying, were expelled by the Reagan administration; soon after, the Soviets publicly accused the FBI of operating a sophisticated bugging system in San Francisco via a tunnel it had secretly bored under the consulate. (“Obviously” the building was bugged around this time, said Rick Smith, who worked on Russian counterintelligence for the FBI in San Francisco from 1972 to 1992.)
In the 1970s and 1980s, the Soviets’ interest in San Francisco “was primarily about economic, and not really political, intelligence,” said Oleg Kalugin, a former KGB major general who served as the deputy (and later acting) chief of the KGB station at the Soviet Embassy in Washington from 1975 to 1980. “The main priority of Russian intelligence at that point was industrial development, technological development, to get equal to the United States,” said Kalugin.
Quietly but unquestionably, San Francisco had become a locus of Russian spying. “In recent years,” states a 1984 UPI article, “there have been frequent reports that 50 or more spies report to the San Francisco consulate general.” In fact, wrote the San Jose Mercuryin 1985, “FBI officials believe Soviet spying on the West Coast is controlled” from this location. “Agents say the Soviets eavesdrop on the Silicon Valley from the roof of the consulate using sophisticated electronics made in the United States.”
THE GIVEAWAY, EVEN THEN, WAS THE ROOF: COVERED WITH SATELLITE DISHES, ANTENNAE, AND MAKESHIFT SHACKS, THESE DEVICES POINTED TO A ROBUST RUSSIAN SIGNALS-INTELLIGENCE PRESENCE.
The giveaway, even then, was the roof: covered with satellite dishes, antennae, and makeshift shacks, these devices pointed to a robust Russian signals-intelligence presence. (The shacks, which persisted until recently, one former intelligence official told me, were erected to conceal the shape of the transmission devices from U.S. intelligence agencies, which would occasionally conduct reconnaissance overhead.)
During that time, “there was nothing but antennas and signals” on the top of the building, recalled former FBI agent LaRae Quy, who spent nearly two decades working counterintelligence in San Francisco. “It was embarrassing that we would allow that to happen. But I guess that’s what the Russians did for us as well.” Quy, who retired in 2006, also told me that at least 50 percent of all San Francisco consulate personnel in the 1980s were full- or part-time spies.
This focus on signals and technical intelligence persisted until much more recently, multiple former U.S. intelligence officials told me. “It was almost like everyone they had there was a technical guy, as opposed to a human-intelligence guy,” one former official recalled. “The way they protected those people — they were rarely out in the community. It was work, home, work, home. When they’d go out and about, to play hockey or to drink, they’d be in a group. It was hard to penetrate.” The same official also noted that San Francisco was integral to the discovery by U.S. intelligence of a new class of Russian “technical-type” intelligence officer, working for the rough Russian equivalent of the National Security Agency, before this organization was eventually folded by Putin back into the FSB. This group, which was not based at the consulate itself, was identified via its members’ travel patterns — they would visit the Bay Area frequently — and the types of individuals, all in high-tech development, with whom they sought contact. According to this former U.S. official, these Russian intelligence officers were particularly interested in discussing cryptology and the Next Generation Internet program.
But it was the consulate’s location — perched high atop that hill in Pacific Heights, with a direct line of sight out to the ocean — that likely determined the concentration of signals activity. Certain types of highly encrypted communications cannot be transmitted over long distances, and multiple sources told me that U.S. officials believed that Russian intelligence potentially took advantage of the consulate’s location to communicate with submarines, trawlers, or listening posts located in international waters off the Northern California coast. (Russian intelligence officers may also have been remotely transmitting data to spy stations offshore, multiple former intelligence officials told me, explaining the odd behaviors on Stinson Beach.) It is also “very possible,” said one former intelligence official, that the Russians were using the San Francisco consulate to monitor the movements, and perhaps communications, of the dozen or so U.S. nuclear-armed submarines that routinely patrol the Pacific from their base in Washington state.
All in all, said this same official, it was “very likely” that the consulate functioned for Russia as a classified communications hub for the entire western United States — and, perhaps, the entire western part of the hemisphere.
The closure of the San Francisco consulate cannot, of course, be decoupled from the political circumstances surrounding it. Because of the unique, and uniquely unsettling, history and attitude of U.S. President Donald Trump toward Russia — the one country treated with forbearance by a president who blithely aggrieves adversaries and allies alike — the administration’s actions in San Francisco were viewed with perplexity and suspicion by a number of the former intelligence officials with whom I spoke.
First, some note, there is the issue of retaliatory balance: In these kinds of diplomatic conflicts, there is an expectation of parity in terms of the damage you inflict on your antagonist. Putin’s move — to order a 755-person staff decrease among U.S. diplomatic mission employees in Russia — appeared far more aggressive than it actually was. The U.S. government employs hundreds of Russians (knowing full well that some may be spies) to help staff its diplomatic facilities in that country, and almost all the affected individuals under these cuts were Russian nationals, not U.S. diplomats or intelligence officials in Russia under diplomatic cover. The sting of this decision was further lessened by the fact that, as one source told me, U.S. intelligence officials have been pushing the State Department for years to decrease local staff in its diplomatic facilities in Russia because of ubiquitous concerns about espionage. Putin’s decision, then, was not without risks for Russian intelligence-gathering operations themselves. “The downside for the Russians is that [by ordering the staffing decrease] you’re the cutting number of potential informants,” noted Hall, the CIA’s former chief of Russia operations.
The outright shuttering of the San Francisco consulate by the Trump administration, then, seems to be a more severe countermeasure than the Russian actions that immediately precipitated it. The closure announcement, Hall said, was “great news, and long overdue.” Stephanie Douglas, who served as the FBI special agent in charge of the San Francisco Division from 2009 to 2012, characterized the administration’s decision as “incredibly aggressive and pretty stunning, honestly.” It was “a blow to the Russians to have this consulate close, in particular,” the former senior counterintelligence executive said. Another former intelligence official called it “unprecedented.” Compounding the mystery further has been Russia’s relatively muted response; a sign, this last former official speculated, that Putin may still be holding out hope for some kind of grand bargain with the Trump administration. “If they don’t react to closing of the San Francisco consulate,” wondered the former official, “what’s the payback they’re waiting for?”
The incongruities here are unsettling. On the one hand, Trump’s decision to shut down the San Francisco consulate was far more consequential and assertive than most realized at the time; on the other hand, there is no evidence — nor any good reason to believe, given his past proclivities — that Trump himself understood the gravity of his own move. “Based on my other interactions with West Wing officials, and the depth of their understanding on the issues in general, I would be very surprised personally if President Trump had any … comprehension of that at all,” said Jeffrey Edmonds, who served as the National Security Council’s director for Russia until April 2017.
Edmonds suggested the locus of the closure decision was likely the National Security Council’s Principals Committee — particularly Secretary of State Rex Tillerson and Secretary of Defense James Mattis — and that the move was thereafter delivered to Trump as a fait accompli. “I’ve heard that, generally, when Tillerson and Mattis come to an agreement and present something to the president, he’s usually pretty on board with that,” Edmonds said.
ONE FORMER INTELLIGENCE OFFICIAL OFFERED THAT THE CONSULATE’S CLOSURE MAY BE A SIGNAL FROM TRUMP TO ROBERT MUELLER, A WAY FOR THE PRESIDENT TO SHOW THE SPECIAL COUNSEL THAT HIS ADMINISTRATION IS NOT IN THRALL TO RUSSIAN INTERESTS, FINANCIALLY OR PERSONALLY.
This National Security Council-centered account was the most benign theory I heard. One former intelligence official offered that the consulate’s closure may be a signal from Trump to Robert Mueller, a way for the president to show the special counsel appointed to investigate election-year collusion with Moscow that his administration is not in thrall to Russian interests, financially or personally. A second former official speculated that the closure will be temporary and that after, say, a future terrorist attack in the United States, Moscow might ostentatiously offer to provide intelligence on the perpetrators, and the Trump administration — grateful for Russia’s cooperation and assistance — might then return the building to its erstwhile tenants.
These former U.S. officials were as united in their opinion about Russia’s long-term objectives as they were divided about Trump’s short-term intentions. Every former intelligence officer I spoke with for this story was confident that Russia will continue aggressive human-intelligence-gathering operations in the Bay Area, likely through individuals under non-official cover — say, via engineers or data scientists. “Silicon Valley loves Russian programmers,” remarked one former intelligence official.
The dynamics and methods they employ will necessarily change, these officials said, but San Francisco and Silicon Valley are simply too target-rich, too valuable, and too soft for them to cease activities here. The spy war will endure; the Russians will, over time, rebuild their networks, adjusting their activities to account for their lack of local diplomatic cover. Ultimately, the circumstances surrounding the closure of the San Francisco consulate are just one piece in a much larger, and far more shadowy, antagonism between the two nuclear superpowers. “The great game is upon us again,” one former intelligence official said to me. “San Francisco has always been a focal point for Russian interests. The work won’t stop.”