Ana Belen Montes: The chronicle of an American Spy for the Cuban Government

by Manuel Cereijo

On 21 September 2001, the FBI arrested Ana Belen Montes, a US citizen born 28 February 1957, on a US military installation in Nurnberg, Germany. She was charged with spying for Cuban intelligence for the past five years.

ANA BELEN MONTES

Montes graduated with a major in Foreign Affairs from the University of Virginia in 1979 and obtained a Masters Degree from the Johns Hopkins University School of Advanced International Studies in 1988. She is single and lived alone at 3039 Macomb Street, NW, apartment 20, Washington, DC. Until her arrest, Montes was employed by the Defense Intelligence Agency (DIA) as a senior intelligence analyst. She began her employment with DIA in September 1985 and since 1992 has specialized in Cuba matters. She worked at Bolling Air Force Base in Washington, DC. Prior to joining DIA, Montes worked at the Department of Justice. In 1993, she traveled to Cuba to study the Cuban military on a CIA-paid study for the Center for the Study of Intelligence.

Communication from the Cuban Intelligence Service (CuIS) to Montes via Shortwave Radio

During a court-authorized surreptitious entry into Montes’s residence, conducted by the FBI on 25 May 2001, FBI agents observed a Toshiba laptop computer.1 During the search, the agents electronically copied the laptop’s hard drive. During subsequent analysis of the copied hard drive, the FBI recovered substantial text that had been deleted.

The recovered text from the laptop’s hard drive included significant portions of a Spanish- language message, which when printed out with standard font comes to approximately 11 pages of text. The recovered portion of the message does not expressly indicate when it was composed. However, it instructs the message recipient to travel to "the Friendship Heights station" on "Saturday, November 23rd."

Although no date was on the message, November 23 fell on a Saturday in 1996. The FBI determined that this message was composed sometime before 23 November 1996 and entered onto Montes’s laptop sometime after 5 October 1996, the date she purchased it. On the basis of its content, the message is from a CuIS officer to Montes.2 Portions of the recovered message included the following: "You should go to the WIPE program and destroy that file according to the steps which we discussed during the contact. This is a basic step to take every time you receive a radio message or some disk."

During this same search, the agents also observed a Sony shortwave radio stored in a previously opened box on the floor of the bedroom. The agents turned on the radio to confirm that it was operable. Also found was an earpiece3 that could be utilized with this shortwave radio, allowing the radio to be listened to more privately.

The recovered portion of the message begins with the following passage:

Nevertheless, I learned that you entered the code communicating that you were having problems with radio reception. The code alone covers a lot, meaning that we do not know specifically what types of difficulty you are having. Given that it’s only been a few days since we began the use of new systems, let’s not rule out that the problem might be related to them. In that case, I’m going to repeat the necessary steps to take in order to retrieve a message.

The message then describes how the person reading the message should "write the information you send to us and the numbers of the radio messages which you receive." The message later refers to going "to a new line when you get to the group 10 of the numbers that you receive via radio," and still later gives as an "example" a series of groups of numbers: "22333 44444 77645 77647 90909 13425 76490 78399 7865498534." After some further instruction, the message states: "Here the program deciphers the message and it retrieves the text onto the screen, asking you if the text is okay or not." Near the conclusion of the message, there is the statement, "In this shipment you will receive the following disks: . . . 2) Disks ‘R1’ to decipher our mailings and radio."

Further FBI analysis of Montes’s copied Toshiba hard drive identified text consisting of a series of 150 five-number groups. The text begins, "30107 24624" and continues until 150 such groups are listed. The FBI determined that the precise same numbers"in the precise same order"were broadcast on 6 February 1999 at AM frequency 7887 kHz, by a woman speaking Spanish, who introduced the broadcast with the words "Attencion! Attencion!" The frequency used in that February 1999 broadcast is within the frequency range of the shortwave radio observed in Montes’s residence on 25 May 2001.

Communication between the CuIS and Montes via Computer Diskette4

Montes communicated with her CuIS handling officer by passing and receiving computer diskettes containing encrypted messages. The message described above that was contained on the hard drive of Montes’s laptop computer contained the following passage:

Continue writing along the same lines you have so far, but cipher the information every time you do, so that you do not leave prepared information that is not ciphered in the house. This is the most sensitive and compromising information that you hold. We realize that this entails the difficulty of not being able to revise or consult what was written previously before each shipment, but we think it is worth taking this provisional measure. It is not a problem for us if some intelligence element comes repeated or with another defect which obviously cannot help, we understand this perfectly"Give "E" only the ciphered disks. Do not give, for the time being, printed or photographed material. Keep the materials which you can justify keeping until we agree that you can deliver them."Keep up the measure of formatting the disks we send you with couriers or letters as soon as possible, leaving conventional notes as reminders only of those things to reply to or report.

The message goes on to refer to a "shipment" that contains "Disk ‘S1’" to cipher the information you send," and, as indicated in the previous section, to "Disk ‘R1’ to decipher our mailings and radio." Earlier in the message, there is a reference to "information you receive either via radio or disk."

During the court-authorized search of the residence on 25 May 2001, two boxes containing a total of 16 diskettes were observed. During a subsequent search on 8 August 2001, a box containing 41 diskettes, later determined to be blank, were observed. Finally, records obtained from a Radio Shack store located near Montes’s residence indicated that Montes purchased 160 floppy diskettes during the period 1 May 1993 to 2 November 1997.

Communication from Montes to the CuIS by Pager5

On the basis of the evidence, Montes communicated with her handling CuIS officer using a pager. In the same message copied from Montes’s hard drive, there is a passage that states:

Beepers that you have. The only beepers in use at present are the following: 1) (917) [first seven-digit telephone number omitted from this application], use it with identification code 635. 2) (917) [second seven-digit telephone number omitted from this application]. Use it with identification code 937. 3) (917) [third seven-digit telephone number omitted from this application] Use it only with identification code 2900 . . . because this beeper is public, in other words it is known to belong to the Cuban Mission at the UN and we assume there is some control over it. You may use this beeper only in the event you cannot communicate with those mentioned in 1) and 2), which are secure.

The reference to "control over it" in the above passage refers to the CuIS officer’s suspicion that the FBI is aware that this beeper number is associated with the Cuban Government and is monitoring it in some fashion.

In addition, the message on the laptop’s hard drive includes a portion stating that the message recipient "entered the code communicating that you were having problems with radio reception." This portion of the message indicates that Montes at some point shortly prior to receiving the message sent a page to her CuIS officer handler consisting of a preassigned series of numbers to indicate she was having communication problems.

Montes’s Transmission of Classified Information to the CuIS

The same message described above, as well as other messages recovered from the laptop’s hard drive, contained the following information indicating that Montes had been tasked to provide and did provide classified information to the CuIS. In one portion of the message discussed above, the CuIS officer states:

What ***6 said during the meeting . . . was very interesting. Surely you remember well his plans and expectations when he was coming here. If I remember right, on that occasion, we told you how tremendously useful the information you gave us from the meetings with him resulted, and how we were waiting here for him with open arms.

The very next section in the message states:

We think the opportunity you will have to participate in the ACOM exercise in December is very good. Practically, everything that takes place there will be of intelligence value. Let’s see if it deals with contingency plans and specific targets in Cuba, which are to prioritized interests for us.

The "ACOM exercise in December" is a reference to a war games exercise in December 1996 conducted by the US Atlantic Command"a US Department of Defense unified command, in Norfolk, Virginia. Details about the exercise’s "contingency plans and specific targets" is classified Secret and relates to the national defense of the United States. DIA advised that Montes attended the above exercise in Norfolk as part of her official DIA duties.

A separate message partially recovered from the hard drive of Montes’s Toshiba laptop revealed details about a particular Special Access Program (SAP) related to the national defense of the United States:

In addition, just today the agency made me enter into a program, "special access top secret. [First name and last name omitted from this application] and I are the only ones in my office who know about the program." [The details related about this SAP in this message are classified "Top Secret" / SCI.]

DIA has confirmed that Montes and a colleague with the same name as that related in the portion of the message described above were briefed into this SAP on 15 May 1997.

In yet another message recovered from the laptop, there is a statement revealing that "we have noticed" the location, number, and type of certain Cuban military weapons in Cuba. This information is precisely the type of information that was within Montes’s area of expertise and was, in fact, an accurate statement of the US Intelligence Community’s knowledge on this particular issue. The information is classified Secret.

FBI Physical Surveillance of Montes and Telephone Records for May to September

The FBI maintained periodic physical surveillance of Montes during the period May to September 2001. On 20 May 2001, Montes left her residence and drove to the Hecht’s on Wisconsin Avenue, in Chevy Chase, Maryland. She entered the store at 1:07 p.m. and exited by the rear entrance at 1:27 p.m. She then sat down on a stonewall outside the rear entrance and waited for approximately two minutes. At 1:30 p.m., the FBI observed her walk to a pay phone approximately 20 feet from where she was sitting. She placed a one-minute call to a pager number using a prepaid calling card. At 1:45 p.m., she drove out of the Hecht’s lot and headed north on Wisconsin Avenue toward Bethesda, Maryland. At 1:52 p.m., she parked her car in a lot and went into Modell’s Sporting Goods store. She quickly exited the store carrying a bag and crossed Wisconsin Avenue to an Exxon station. She was observed looking over her right and left shoulders as she crossed the Exxon lot. At 2:00 p.m., she placed a one-minute call from a pay phone at the Exxon station to the same pager number using the same prepaid calling card. By 2:08 p.m., Montes had walked back to her vehicle and was driving back to her residence where she arrived at 2:30 p.m.

On 3 June 2001, Montes engaged in similar communications activity. She left her residence at approximately 2:30 p.m. and drove to a bank parking lot at the corner of Harrison Street, NW and Wisconsin Avenue, NW. She exited her car at approximately 2:37 p.m. and entered a Borders books store on Wisconsin Avenue. She left the store approximately 40 minutes later. She then crossed Wisconsin Avenue to the vicinity of three public pay phones near the southern exit of the Friendship Heights Metro Station. At 3:28 p.m., she placed a one-minute call using the same prepaid calling card to the same pager number she had called on 20 May 2001. After a few minutes, she walked back to her car and drove to a grocery store.

Pursuant to court authorization, on 16 August 2001, the FBI searched Montes’s pocketbook. In a separate compartment of Montes’s wallet, the FBI found the prepaid calling card used to place the calls on 20 May 2001 and 3 June 2001. In the same small compartment, the FBI located a slip of paper on which was written the pager number she had called. Written above this pager number was a set of digits, which comprised one or more codes for Montes to use after calling the pager number; for example, after contacting the pager, she keys in a code to be sent to the pager which communicates a particular pre-established message.

On 26 August 2001, at approximately 10:00 a.m., the FBI observed Montes making a brief pay telephone call to the same pager number from a gas station/convenience store located at the intersection of Connecticut and Nebraska Avenues, NW in Washington, DC.

On September 14, 2001, Montes left work and drove directly to her residence. She then walked to Connecticut Avenue, NW, in Washington, D.C., still wearing her business clothes, and made a stop at a dry cleaning shop. She then entered the National Zoo through the Connecticut Avenue entrance. She proceeded to the "Prairie Land" overlook where she stayed for only 30 seconds. She then walked further into the zoo compound and basically retraced her route out of the zoo. At approximately 6:30 p.m., Montes removed a small piece of paper or card from her wallet and walked to a public phone booth located just outside the pedestrian entrance to the zoo. Montes then made what telephone records confirmed to be two calls to the same pager number she had called in May, June, and August, as described above. The records reflect that the first call was unsuccessful"the call lasted zero seconds. According to the records, she made a second call one minute later that lasted 33 seconds. Shortly after making these calls, Montes looked at her watch and then proceeded to walk back to her residence.

On 15 September 2001, telephone records pertaining to the prepaid calling card number on the card observed in her pocketbook on 16 August 2001 showed that Montes made a call to the same pager number at 11:12 a.m. that lasted one minute.

The next day "16 September" Montes left her residence in the early afternoon and took the Metro (Red Line) to the Van Ness-UDC station in Washington, DC. She made a brief telephone call from a payphone in the Metro station at approximately 1:50 p.m., again to the same pager number.

Montes owned a cell phone, which was observed during a court-authorized search of her tote bag on 16 August 2001. In addition, during surveillance on 16 September 2001, Montes was observed speaking on a cell phone. Furthermore, telephone records obtained in May 2001 confirm that she has subscribed to cell telephone service continually from 26 October 1996 to 14 May 2001. Montes’s use of public pay phones notwithstanding her access to a cell phone supports the conclusion that the pay phone calls were in furtherance of Montes’s espionage.

On 19 March 2002, Montes pleaded guilty to espionage in U.S. District Court in Washington, DC, and admitted that, for 16 years, she had passed top secret information to Cuban intelligence. She used shortwave radios, encrypted transmissions, and a pay telephone to contact Cuban intelligence officials and provide them the names of four US intelligence officers working in Cuba. She also informed Cuban intelligence about a US "special access program" and revealed that the US Government had uncovered the location of various Cuban military installations.

Both her defense attorney and federal prosecutors said that Montes was motivated by her moral outrage at US policy toward Cuba"an impoverished island country"and not by money. She received only "nominal" expenses for her activities.

Although Montes could receive the death penalty for her crime, the plea agreement calls for a 25-year prison term if she cooperates with the FBI and other investigators by providing all the details she knows about Cuban intelligence activities. Judge Ricardo M. Urbina set a sentencing date of September 2002.
 
 

Endnotes
 

1. A receipt obtained from a CompUSA store located in Alexandria, Virginia, indicated that, on 5 October 1996, one "Ana B. Montes" purchased a refurbished Toshiba laptop computer, model 405CS, serial number 10568512. The Toshiba laptop in her apartment had the same serial number on it as the one she purchased.

2. The CuIS often communicates with clandestine CuIS agents operating outside Cuba by broadcasting encrypted messages at certain high frequencies. Under this method, the CuIS broadcasts a series of numbers on a particular frequency. The clandestine agent, monitoring the message on a shortwave radio, keys in the numbers onto a computer and then uses a diskette containing a decryption program to convert the seemingly random series of numbers into Spanish- language text. This was the methodology employed by some of the defendants convicted last June in the Southern District of Florida of espionage on behalf of Cuba and acting as unregistered agents of Cuba, in the case of United States of America v. Gerardo Hernandez, et al. (See Cuban Spies in Miami). Although it is very difficult to decrypt a message without access to the relevant decryption program, once decrypted on the agent’s computer the decrypted message resides on the computer’s hard drive unless the agent takes careful steps to cleanse the hard drive of the message. Simply "deleting" the file is not sufficient.

3. Similar earpieces were found in the residences of the defendants in the Hernandez case.

4. On the basis of knowledge of the methodology employed by the CuIS, a clandestine CuIS agent often communicates with his or her handling CuIS officer by typing a message onto a computer and then encrypting and saving it to a diskette. The agent, thereafter, physically delivers the diskette, either directly or indirectly, to the officer. In addition, as an alternative to sending an encrypted shortwave radio broadcast, a CuIS officer often will similarly place an encrypted message onto a diskette and again simply physically deliver the diskette, clandestinely, to the agent. Upon receipt of the encrypted message, either by the CuIS officer or the agent, the recipient employs a decryption program contained on a separate diskette to decrypt the message. The exchange of diskettes containing encrypted messages, and the use of decryption programs contained on separate diskettes, was one of the clandestine communication techniques utilized by the defendants in the Hernandez case. Although it is difficult to decrypt a message without the decryption program, the very process of encrypting or decrypting a message on a computer causes a decrypted copy of the message to be placed on the computer’s hard drive. Unless affirmative steps are taken to cleanse the hard drive"beyond simply "deleting" the message"the message can be retrieved from the hard drive.

5. On the basis of knowledge of the methodology employed by the CuIS, a clandestine CuIS agent often communicates with his or her handling CuIS officer by making calls to a pager number from a pay telephone booth and entering a preassigned code to convey a particular message. The defendants in the Hernandez case also utilized this methodology.

6. The FBI replaced in this application with "***" a word that begins with a capital letter, which was not translated, and is, in fact, the true last name of a US intelligence officer who was present in an undercover capacity, in Cuba, during a period that began prior to October 1996. The above quoted portion of the message indicates that Montes disclosed the US officer’s intelligence agency affiliation and anticipated presence in Cuba to the CuIS, which information is classified "Secret." As a result, the Cuban Government was able to direct its counterintelligence resources against the US officer ("we were waiting here for him with open arms").