United States District Court
Eastern District of Virginia
UNITED STATES OF AMERICA
Brian P. Regan
I, the undersigned complainant being duly sworn state the following is true and correct to the best of my knowledge and belief. From in or about fall 2000 through August 23, 2001, in Chantilly, Virginia, and elsewhere, in the Eastern District of Virginia defendant(s) did,
unlawfully and knowingly conspire to commit espionage, that is, with intent and reason to believe that they were to be used to the injury of the United States and to the advantage of a foreign nation, communicate, deliver, and transmit to a foreign government and to a representative and agent thereof, directly and indirectly, documents and information relating to the national defense,in violation of Title 18 United States Code, Section(s) 794(c).
I further state that I am a(n) Special Agent and that this complaint is based on the following facts:
See Attached AffidavitContinued on the attached sheet and made a part hereof: Yes
Signature of Complainant:
Steven A. Carrat Alexandria, Virginia
Federal Bureau of investigation
AUSA Robert A. Spencer
Sworn to before me and subscribed in my presence,
Name & Title of Judicial Officer_________________
Signature of Judicial Officer_______________
AFFIDAVIT IN SUPPORT OF CRIMINAL COMPLAINT AND SEARCH WARRANT
I, Steven A. Carr, being duly sworn, hereby state:
1. I am a Special Agent of the Federal Bureau of Investigation (FBI) and have been so employed for six years. I am currently assigned to the Washington Field Office to a squad responsible for foreign counterintelligence matters; I have worked in this field for six years. As a result of my involvement in counterintelligence investigations, and foreign counterintelligence training I have received, I am familiar with the tactics, methods, and techniques of foreign intelligence services and their agents.
2. As more fully described below, I respectfully submit that Brian P. Regan violated 18 U.S.C. § 794(c) in that he conspired to commit espionage by transmitting classified U.S. national defense information to a person he believed was an agent of a foreign government. Regan, with reason to believe that they were to be used to the injury of the United States and the advantage of a foreign nation, knowingly and unlawfully conspired to communicate, transmit, and deliver to a foreign government documents and information relating to the national defense of the United States, and did commit an overt act in furtherance thereof in the Eastern District of Virginia.
3. Information in this affidavit is based on my personal knowledge and on information provided to me by other counterintelligence investigators and law enforcement officers during this investigation. This affidavit relies on information provided by agencies of the United States Intelligence Community, which have cooperated with this investigation. This affidavit is not intended to be an exhaustive summary of the investigation against Regan, but is for the purpose of setting out probable cause in support of:
a. A complaint charging Brian P. Regan with a violation of Title 18, United States Code, Section 794(c)(conspiracy to commit espionage); and4. Pursuant to the Foreign Intelligence Surveillance Act of 1978, as amended, Acting Attorney General Theodore B. Olson has approved use in this application, for law enforcement purposes, of information obtained and derived from searches and surveillance conducted under the authority of the act.
b. A search warrant for a bag checked by Brian P. Regan onto a Lufthansa flight at Washington Dulles International Airport on August 23, 2001, which bag is more fully described in Attachment C to this affidavit.
5. Brian P. Regan is 38 years old, and he lives at [address deleted] Bowie, Maxyland. Regan is married and has two daughters and two sons. He served in the U.S. Air Force from August 1980 until retiring in August 2000. His training in the Air Force included cryptanalysis. His responsibilities included the administration of an Intelink website. Intelink is a classified U.S. government computer system accessible only by certain members of the U.S. Intelligence Community. Regan's last assignment with the Air Force was at the headquarters of the National Reconnaissance Office ("NRO"a) located in Chantilly, in the Eastern District of Virginia. During Regan's Air Force assignment at NRO, he had authorized access to classified U.S. national defense information up to the TOP SECRET level, and also had authorized access to sensitive compartmented information ("SCI"). Regan's access to Sensitive Compartmented Information was terminated when he retired from the Air Force on August 30, 2000.
6. The NRO is the national program to meet the U.S. government's intelligence needs through spaceborne reconnaissance. The NRO is an agency of the U.S. Department of Defense and receives its budget through that portion of the National Foreign Intelligence Program known as the National Reconnaissance Program, which is approved by both the Secretary of Defense and the Director of Central Intelligence.
7. Since October 2000, Regan has been employed by TRW in Fairfax, Virginia. On July 25, 2001, Regan's access to SCI was reinstated for his work for NRO as a TRW contractor. On July 30, 2001, Regan, as a TRW contractor, has been assigned to an NRO facility in Chantilly, Virginia.
8. Pursuant to Executive Order 12958 and its predecessor Executive Orders, information must be classified as TOP SECRET and properly safeguarded if the release of that information could reasonably be expected to cause "exceptionally grave damage to the national security." Pursuant to Executive Order 12958, and its predecessor, Executive Order 12356, information, the unauthorized disclosure of which reasonably could be expected tocause "serious damage to the national security," must be classified as "Secret." Pursuant to these same executive orders, "Confidential" information is information the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
9. In the Fall of 2000, reliable source information indicated that a number of U.S. government documents were provided to the government of Country A. The large majority of these documents are classified and relate to the U.S. national defense, and are not authorized for release to Country A. The remaining documents are portions of classified documents, which portions are unclassified, but which documents in their entirety are also not authorized for release to Country A. Most of the classified documents provided to country A consisted of electronic images, classified "Secret," taken from overhead platforms. Another document consisted of classified portions of a Centra1 Intelligence Agency intelligence report, classified "Secret," issued on a specific date. The particular copy of this report provided to Country A had been printed out eight days after the date the report was issued. Another of the documents consisted of two classified pages from a CIA newsletter, which newsletter overall is classified "Secret." Another of the documents was a document, classified "Secret," relating to a foreign country's satellite capability. Another of these documents was the unclassified cover page of a defense intelligence reference document classified "Top Secret." Another such document was one page from a document containing "Top Secret" information. Another such document was the unclassified table of contents for a particular intelligence manual classified "Top Secret." The documents also include two photographs, one classified "Secret" and the other classified "Confidential."
10. Also in the Fall of 2000, reliable source information revealed that an agent had provided the government of Country A separate information intended to accompany the documents described in paragraph 9, above. This accompanying information consisted of an introductory message, in English, and separate encrypted messages. The initial, unencrypted message appears to be an introductory letter containing instructions to prevent detection of the messages by the U.S. government.
11. The encrypted messages, which were decrypted by the U.S. government, set forth contact instructions, establish bona fides, and offered to provide additional classified information. In particular, the encrypted message gives instructions to respond to a specified email address on a free email provider. This email address was ostensibly established by one "Steven Jacobs," of a specific address in Alexandria, Virginia. Records of the provider indicate that this email address was established on August 3, 2000, and was accessed nine times between August 2000 and January 2001. Eight of the nine times this email address was accessed were from public libraries located in Anne Arundel and Prince George's Counties, Maryland. Regan's residence is located one half mile from a Prince George's County library with public internet access. One of the Anne Arundel County libraries used to access this account is in Crofton, approximately five miles from Regan's residence. Physical surveillance of Regan during May through August 2001 indicated that Regan regularly utilized the public internet access located in the Crofton library. The ninth library is the Tysons-Pimmit Library, in Falls Church, Virginia, which is located along the route Regan used to commute between his residence and his office.
12. The office formerly occupied by Brian P. Regan at the NRO, Chantilly, Virginia, was searched in April 2001. A copy of the intelligence manual referred to in paragraph 9, above, bearing Regan's name, was found on a shelf behind his former desk.
13. The computer formerly assigned to Brian P. Regan at the NRO, Chantilly, Virginia, was searched in April 2001. FBI special agents analyzed the hard drive of this computer and found that someone using Regan's password had surfed a large number of Intelink Uniform Resource Link ("URL") addresses pertaining to countries A, B and C. One of these URL addresses is for one of the overhead images discussed in paragraph 9, above. Also on the hard drive of Regan's computer were four URLs that correspond to the URL addresses for other documents described in paragraph 9, above. Other such URL addresses contain direct links to some of the other documents discussed in paragraph 9, above. In addition, NRO server records indicate that Regan's computer was used to gain access to three other documents described in paragraph 9, above.
14. Intelink audit records indicate that the URL for the CIA intelligence report described in paragraph 9, was accessed from the computer in Regan's former office at 8:52 p.m. on the date the particular copy of the report described in paragraph 9 had been printed out. NRO records indicate that Regan's electronic entry badge was used to enter his office suite at 1:55 p.m. on that date. Separate NRO security records indicate that Regan's passcode was used to set the alarm on the suite at 1:15 a.m. the following morning. Later that same day, Regan flew on a "space available" U.S. Air Force flight from Norfolk, Virginia, to Iceland, and thereafter traveled to additional locations in other countries in Europe.
15. The document noted in paragraph 9, above, which related to a foreign country's satellite capability, was composed expressly for and distributed at a course given at Colorado Springs, Colorado, that Regan attended July 28 through August 8, 1997. The course was given for members of the U.S. Intelligence Community with appropriate clearances. Regan was one of two NRO members who attended the course. Regan was the designated recipient for NRO for all classified materials distributed at the course.
16. Agents also have established that there are common spelling errors in the messages described in paragraphs 10, 11 and 12 above, and in documents typed on Regan's former NRO computer.
17. The FBI has had Regan under surveillance since June 2001. On several occasions while under surveillance, FBI personnel have observed Regan conducting what appear to be surveillance detection runs, that is, conducting multiple U-turns, pulling over to the side of the road, and appearing to be checking to see whether he is under surveillance.
18. On June 21, 2001, Regan sent an email from an account registered in his own name to an email account in the name of his wife. The email attached one page of alphanumeric encryption key that appears to be similar to the encryption technique described in paragraphs 10, 11 and 12, above.
19. On June 26, 2001, Regan traveled from Washington Dulles International Airport to Munich, Germany, on Lufthansa. Earlier, in June 2001, FBI surveillance observed Regan log onto the internet at a public library. When Regan departed, he failed to sign off the internet, so FBI personnel were able to observe which internet sites Regan had visited. One of the sites that Regan had visited provided the address for a diplomatic office of Country C in Switzerland. Regan also looked up a hotel in Zurich. Before Regan's flight departed on June 26, 2001, the FBI searched his checked suitcase, pursuant to a court order. Regan's suitcase contained glue and packing tape. Regan returned to Washington Dulles International Airport on July 3, 2001.
20. On August 23, 2001, the FBI conducted surveillance of Regan's office at NRO in Chantilly, Virginia, by closed circuit television, pursuant to a court order. Regan was observed looking at a "Secret" document on his computer terminal while taking notes in a small notebook which he took from, and returned to, his front pants pocket. A court-authorized search of Regan's computer confirmed that he had been logged onto Intelink accessing classified material.
21. Regan had reservations to Zurich, Switzerland, through Frankfurt, Germany, on Lufthanea, departing from Washington Dulles International Airport on August 23, 2001. Regan confirmed these reservations on August 11, 2001. Regan had reservations to return August 30, 2001. On August 23, 2001, Regan told a co-worker that he was driving to Orlando, Florida, to take his family to Disney World, leaving on August 27 and returning August 30, 2001. In addition, Regan wrote "Orlando, Florida" on a dry-erase board in his office suite, to indicate to his colleagues where he would be for this time period. Regan did not report to his employer, as required in light of his security clearances, that he would be traveling outside the country.
22. On August 23, 2001, at approximately 9:00 a.m., while Regan was occupied in a meeting at NRO, the FBI conducted a court-authorized search of Regan's Dodge Caravan. In that search, the FBI found a carry-on bag which contained four pages of what appears to be handwritten encrypted messages, one page of what appears to be a typewritten encrypted message, and what appears to be one page of a decryption key. The carry-on bag also contained handwritten addresses and phone numbers for diplomatic offices of Country D in Bern, Switzerland, and Vienna, Austria, and for a diplomatic office of Country C in Vienna. Also on the same day, the FBI searched, pursuant to a court order, the brown suitcase that is described in Attachment B. In that suitcase was a bottle of Elmer's glue and a roll of tape.
23. On August 23, 2001, Regan drove to Dulles Airport, arriving at approximately 1:00 p.m. Regan checked a brown suitcase at the Lufthansa counter. This suitcase was secured by the FBI and is in the custody of the FBI at Tyson's Corner, Virginia. Regan was bumped to a later flight. Regan then departed Dulles Airport and returned to his office at NRO. Regan drove back to Dulles Airport at approximately 5:3O p.m. and was stopped by the FBI in the airport terminal. Regan had with him, in his same carry-on bag, the same documents that were found in the search of his van earlier in the day. Also in Regan's carry-on bag when he was stopped by the FBI was an NRO document, marked "For Official Use Only," that listed classes available to members of the U.S. Intelligence Community. This document indicates the security clearance required to attend each class. This document consists of two pages, front and back, and FBI personnel had earlier observed Regan (via court-authorized closed circuit television) create this document by cutting and taping together documents, and then photocopying the taped-up document. When he was stopped, Regan was also carrying: approximately five blank, business-sized envelopes; three rubber gloves; and four finger sleeves.
24. Also in Regan's carry-on bag when he was stopped by the FBI at Dulles Airport on August 23, 2001, was a hand-held global positioning system ("GPS"). Based on my training and experience in intelligence matters, I know that a GPS unit can be used to locate a specific site for drop or signal sites.
25. On Regan's person when he was stopped by the FBI at Dulles Airport on August 23, 2001, was a spiral notebook, which appears to be the notebook in which Regan was taking notes while looking at classified information on his computar terminal earlier in the day on August 23, 2001. In addition, hidden in Regan's shoe, Regan had a piece of paper on which was written names and addresses in a country in Europe.
26. Regan was confronted by FBI special agents at the airport at approximately 5:35 p.m. In response to a question from this affiant, Regan denied knowledge of cryptology, coding and decoding. However, when shown photographs of the alphanumeric tables, which appear to be related to cryptology, which tables had been in his carry-on bag, he stated "This is my stuff." Regan was arrested shortly thereafter.
27. Financial checks indicated that in February 2001, Regan had consumer debts amounting to $53,000.
28. Based on the foregoing, I respectfully submit that there is probable cause to believe that Brian P. Regan knowingly and unlawfully conspired to commit espionage, that is, with intent and reason to believe that it would be used to the injury of the United States and to the advantage of a foreign nation, communicate, deliver, and transmit to a foreign government and to a representative and agent thereof, directly and indirectly, documents and information relating to the national defense, in violation of 18 U.S.C. § 794(c). I also respectfully submit that probable cause exists that fruits, evidence, and instrumentalities of a crime, namely, conspiracy to commit espionage, may be found in the suitcase that Regan checked at Dulles Airport on August 23, 2001, which suitcase is more fully described in Attachment B. Accordingly, I request a warrant to search the suitcase described in Attachment B for the items listed in Attachment A.
Steven A. CarrSworn to and subscribed before me this ____ of August 2001,
Federal Bureau of investigation
UNITED STATES MAGISTRATE JUDGE
ITEMS TO BE SEIZED
1. Espionage paraphernalia, including devices designed to conceal and transmit national defense and classified intelligence information and material, and implements used by espionage agents to communicate with their handlers and with a foreign government, including, coded pads, signaling devices or implements, microdots, secret writing papers, any notes, letters, or written correspondence between Brian P. Regan and any agents of a foreign country, any computers (including laptops), computer disks, cameras, film, codes, telephone numbers, maps, photographs, and other materials relating to communication procedures or correspondence.
2. Records, notes, calendars, hournals, maps, instructions, and classified documents and other papers relating to the transmittal of national defense and classified intelligence information.
3. United States and foreign currency, financial instruments, precious metals, jewelry, and other items of value, which are the proceeds of or assets derived from illegal espionage activities; any financial records of foreign or domestic bank accounts, including cancelled checks, statements, deposit slips, withdrawal slips, wire transfer requests and confirmations, account numbers, addresses, credit cards and credit card statements, financial and investment account records, reflecting proceeds or wealth from espionage activities, including financial records or documents in aliases.
4. Passports, visas, calendars, date books, address books, credit card and hotel receipts, airline records, reflecting travel in furtherance of espionage activities.
5. Identity documents (including those in aliases), including passports, licenses, visas, U.S. and foreign currency, instructions, maps, photographs, bank account numbers, and other materials related to emergency contact procedures and escape routes.
6. Materials used to alter documents, including glue and tape.
7. Safety deposit box records, including signature cards, bills, and payment records; any documents relating to storage sites where the defendant may be storing classified information or other items relating to espionage activities.
8. Federal, state, and local tax returns, work sheets, W-2 forms, 1099 forms, and related schedules.
9. Telephone bills and records, including calling cards and pager records.
10. Photographs, including photographs of co-conspirators.
1l. Computer hardware, software, and storage media, including any computer, laptop computer, modem, server, records, information and files contained within such computer hardware, software, or storage media.
12. Classified or official documents or information.
DESCRIPTION OF SUITCASE TO BE SEARCHED
The suitcase is a two-tone brown, cloth and leather-like, suitcase, approximately 24 by 18 inches, with two straps, with buckles, encircling the suitcase. The suitcase opens with zippers, and bears the words "Ricardo Beverly Hills." The suitcase has a Delta tag on it that reads: "K. Q. Feeley, [address deleted] Skaneatles, NY [deleted]" The suitcase has a Lufthansa tag on it that reads: "Brian Regan, [address deleted], Bowie, MD [deleted]"
The suitcase is in the custody of the FBI in Tysons Corner, Virginia.