Remarkably Timed Spamouflage, Scary Iran Plot Edition

Screen shot 2013-10-14 at 8.36.40 PMWaPo has its latest Snowden scoop out, describing how the NSA collects hundreds of thousands of email contact lists daily.

The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top secret documents provided by former NSA contractor Edward Snowden.

I’ll come back to this part of the story later.

But further down in the story, it describes how a hack-spam attack on a member of Iran’s Quds Force overwhelmed NSA, forcing it to conduct emergency detasking of that person and several others between September 20 and October 20, 2011.

Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

This means that this target and “several people” within this Quds Force target’s contact books (and possibly the primary target’s email) were detasked in precisely the same time period as our informant, Narc, was entrapping Manssor Arbabsiar, of Scary Iran Plot fame.

Remember, if you read the plain language of some of the transcripts and other materials, it appears possible the money for this op involved another government.

There’s a similarly odd passage in the quotations purportedly showing that Shahlai was being funded for this by Iran.

[Arbabsiar] this is politics, ok … it’s not like, eh, personal … This is politics, so these people they pay this government … [Shahlai’s] got the, got the government behind him … he’s not paying from his pocket. [ellipses original]

Now this passage, unlike the last two (which are translations from Farsi), might best be explained by Arbabsiar’s less than perfect English. With that caveat, though, the bolded passage appears to suggest not that Iran was paying QF, but that QF was paying some other government (or someone else was paying Iran).

There are later details that also don’t make sense if this was an Iranian op.

In other words, during precisely the period when the most bizarre, improbable plot to hit Hollywood in years happens, some of the potential targets have their surveilled communications spamouflaged by an outside entity. (h/t to Frank N Furters for first calling this spamouflage.)

But I think our Intelligence Community is too dull to find that worthy of more consideration.

16 replies
  1. guest says:


    Is it possible your mother had an illicit affair with Frank Sinatra the year you were born? It’s impressive enough that you can analyse so many confusing facts, but pulling those facts together from so many years and sources continues to astound me.

  2. der says:

    – “…by the Australian intelligence service on the NSA’s behalf.”

    The “changes” DiFi pushes for may likely involve General Keith’s offspring ending up in a trusted friend or friends boarding school. Or the DEA’s mainframes. Yet to see or hear change I can believe in.

  3. C says:

    So just to check the logic here. The NSA operates on the widely repeated principle of “owning the haystack” so that they can find the needles at will. But when just one target has his account hacked (or covers his activities with viagra ads) the whole thing blows up and they miss everything?

  4. Snoopdido says:

    I noticed that Barton Gellman doesn’t come right out and say it, but he implies that the NSA deliberately chose to do this email contact list collection overseas in order to avoid US law and US courts:

    “The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss the classified program. “None of those are on U.S. territory.”

    Because of the method employed, the agency is not legally required or technically able to restrict its intake to contact lists belonging to specified foreign intelligence targets, he said.

    When information passes through “the overseas collection apparatus,” the official added, “the assumption is you’re not a U.S. person.”

    When the hell is somebody in power going to wake up and put these criminals behind bars where they belong?

  5. Arbusto says:


    When the hell is somebody in power going to wake up and put these criminals behind bars where they belong?

    Those in power today see it as their advantage to support the surveillance state, and few oppose it. Since NSA funds or subcontracts to CGHQ and ASIS, they may be able to expand their surveillance of US citizens so NSA can state any suvelling of our citizens was a mistake, even as they keep externally obtained info. Whether usable US centric intel passes to the NAS, who would tell. Same if it’s used in prosecution of criminal defendants.

  6. lefty665 says:

    My email provider, Northern Virginia based Network Solutions, maintains its email servers in Canada, conveniently across the border. I expect Net Sol is not alone.

    We have not heard much about them, but the Canadians are one set of the Five Eyes along with the Brits, Aussies and New Zealanders.

    Funny that “overseas collection apparatus” doesn’t have to involve actual “water”.

    Iranian spam… My father was a trusted minister to the Shah, and I have a fortune he secreted before the fall. I need to get it out of Iran and will share it with you if you will help. Send me your bank account number, SS# and mothers maiden name and I will deposit 47 and 3/8 million dollars…

    The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.” Bet 3 hops on that clogged up the works pretty good.

  7. Bladur Dasche says:

    Didn’t the Aussies also grab from a Malaysian server the now legally-eliminated nontel that a Brit ‘merc’ firm was thinking of planting Russian gas weapons in Syria to help make an ‘incident’?

    They’re good. They’re very good. Toss annuveh shrimp on the Barbie.

  8. Bladur Dasche says:

    @lefty665: Wouldn’t it be insecure to give you my bank information here, where everybody might see it? Won’t you give me your email address? I think we can do bidnis.

  9. lefty665 says:

    @Bladur Dasche: Perhaps we could have a third party hold all the information for us. I hear there is a place on Beef Hollow Rd in Bluffdale UT that does that kind of thing. They may well have it all already.

  10. orionATL says:

    oh, no!

    the mighty (and mighty invasive) nsa experienced a form of denial of service attack?

    well, the way forward is clear :)))))

  11. orionATL says:


    i don’know, lefty.

    i hear the lights go on and off there all the time.

    some people say it’s an electrical problem,

    but the voices talking to me say that the denizens of area 51 have moved to bluffdale and that the nsa is part of a jovian empire based on europa. :))

  12. lefty665 says:

    @orionATL: Well, if that one isn’t the right choice, we could try the home office in MD or other major regional offices in GA, TX, CO. If Bladur is overseas, there are branch offices and international affiliates in many countries. They have also made major efforts to establish web based operations. Although they have not advertised much, you run into them everywhere. They pretty much own the cloud.

  13. orionATL says:



    interesting you mention the cloud. my wife and i were wondering just this morning if nsa just went out and helped themselves to whatever we might have stored on the cloud. it sounds like the answer to our question is: yes.

  14. lefty665 says:


    And, because it’s cold, they don’t need air conditioning at the Europa installation. Cuts the power requirements considerably.

Comments are closed.