I’ve been puzzling over the list of “key SSO cyber milestone dates” released with the upstream 702 story the other day.
For the most part, it lists technical and legal milestones leading to expanded collection targeting cyber targets (which makes sense, given that’s what Special Source Operations does — collect data off switches). There’s the one redacted bullet (which, if it referred to an attack thwarted, might refer to this thwarted attack on a US defense contractor in December 2012).
But what is the August 2012 DDOS attack on Saudi Aramco doing on the list? And, for that matter, why is it referred to as a DDOS attack?
The attack was publicly described as a two-step hack targeted against both Aramco and Qatar’s gas industry which copy-catted an attack associated with the Flame attack on Iran. It is generally now described as Iranian retaliation for StuxNet. Though at the time, potential attribution ranged from hacktivists, a single hacker, or Aramco insiders. The Sony hack used tools related to the Shamoon attack.
Not long after the Aramco hack, the NSA expanded their Third Party SIGINT relationship to include the Saudi Interior Ministry (then led by close US ally Mohammed bin Nayef). The next month the Saudis (again, with MbN in the leader) prematurely renewed their Technical Cooperation Agreement with the US, adding a new cybersecurity component.
So regardless of how serious an attack it was (on that, too, accounts varied) it did have a significant effect on our role in cybersecurity in the Middle East, potentially with implications for SSO.
But unless SSO thwarted the attack — or at least alerted the Saudis in time to pull their computers offline — why would that be a significant milestone for SSO?
Back in 2013, then Saudi Interior Minister and current Crown Prince Mohammed bin Nayef came to the US for a great coming out party (and, seemingly, to herald Obama’s second term foreign policy team). While here, he signed an extension to the Technical Cooperation Agreement first signed back in 2008.
The TCA is basically a cooperation agreement to get direct help from us–including training and toys–to protect Saudi infrastructure and borders, particularly its oil infrastructure. As part of it, the Saudis are developing a 35,000 person force, including a paramilitary force, with US training. But unlike our other defense agreements with the Saudis (and like theJoint Commission for Economic Cooperation it was explicitly modeled on, which had been in place from the 1970s until 1999), this one includes a special bank account to fund it all.
The Kingdom of Saudi Arabia will establish a dollar disbursement account in the United States Treasury. Any funds required by the United States for agreed-upon projects will be deposited by the Kingdom of Saudi Arabia in the account in such amounts and at such times as are mutually agreed, and the United States may draw on this account in the amount so agreed. If upon termination of this agreement there are funds remaining in the special account after all expenses have been paid, such funds will be refunded to the Kingdom of Saudi Arabia.
That account could fund contractors and toys. But at least at first, it could not fund US government employees.
The United States will pay for all costs of U.S. Government direct-hire employees assigned to the Kingdom of Saudi Arabia to perform services under this Agreement.
Less than a year into the agreement, that changed, with MbN agreeing the Saudis would also pay for US personnel salaries.
MbN was grateful for USG efforts and assured us full funding would soon follow the signing of these documents, and reconfirmed the SAG’s commitment to pay all OPM-MOI costs. He also agreed to fund all USG employee costs, concurring with any necessary TCA changes to allow such payments, commenting that “hopefully the lawyers will not cause us any problems.”
And already by the time MbN made that agreement, the US was installing military and State employees to oversee this effort (see more on these personnel here).
After unsuccessfully trying to ask for the TCA, I FOIAed it, which I only finally got yesterday. For the most part, it wasn’t worth the wait, as it was only a formal extension of the deal.
That said, I find it interesting that rather than extend the deal 5 years (the original term of the TCA), they instead extended it over a decade, until May 15, 2023.
Given all the events in the Middle East, January 2013 was an interesting time for MbN to come to the US to preemptively sign this TCA. And it’s interesting they’ve extended it a full decade. I’m also curious about the timing of this release, as MbN just returned to the US (this time as part of the Gulf summit), for the first time as the US-backed heir to the Saudi throne (though maybe it just takes State 2 years to release a totally unclassified document as a matter of course?).
At some time around 9:30 PM ET at the INSA Leadership Dinner, John Brennan suggested that maybe the CIA Director — that is, maybe he — should have a 10 year term.
D/CIA John Brennan says it might make sense to have the CIA director and DNI serve similar terms to the FBI director’s 10-year term.
At 4:30 AM Saudi time (so 9:30 PM ET), Saudi King Salman announced a major royal shake-up. Rather than his brother Muqrin bin Abdulaziz being Deputy and heir to the throne, American favorite and very close Brennan buddy Mohammed bin Nayef will be heir.
Saudi King Salman is announcing a major royal shake-up at 4:30 am. Muqrin is out, M. Bin Nayaf is the new heir, his own son deputy heir.
That’s a rather interesting power move by two closely affiliated types (though I assume that the CIA Director can’t do these things by fiat … yet).
Update: Adding, King Salman’s insomnia induced Kingdom restructuring also apparently made Ambassador to the US (the guy whom Manssor Arbabsiar was purportedly trying to kill) Adel al-Jubeir Foreign Minister.
Mark Mazzetti reports that in 2012 and 2013, CIA did a study that one of its favorite means of covert intervention — arming rebels — pretty much doesn’t work.
An internal C.I.A. study has found that it rarely works.
The still-classified review, one of several C.I.A. studies commissioned in 2012 and 2013 in the midst of the Obama administration’s protracted debate about whether to wade into the Syrian civil war, concluded that many past attempts by the agency to arm foreign forces covertly had a minimal impact on the long-term outcome of a conflict. They were even less effective, the report found, when the militias fought without any direct American support on the ground.
The findings of the study, described in recent weeks by current and former American government officials, were presented in the White House Situation Room and led to deep skepticism among some senior Obama administration officials about the wisdom of arming and training members of a fractured Syrian opposition.
But in April 2013, President Obama authorized the C.I.A. to begin a program to arm the rebels at a base in Jordan, and more recently the administration decided to expand the training mission with a larger parallel Pentagon program in Saudi Arabia to train “vetted” rebels to battle fighters of the Islamic State, with the aim of training approximately 5,000 rebel troops per year.
The only “success” CIA could find was the mujahadeen ousting the Russians in Afghanistan.
I’m particularly interested in the timing of all this.
Mazzetti says there were multiple studies done in 2012 — at which point David Petraeus was CIA Director, and was pushing to arm rebels in Syria — and 2013 — by which point John Brennan had replaced Petraeus.
So the timing looks something like this:
2012: CIA starts doing studies on how crappy their covert ops have been
2012: Hillary and Petraus both push Obama to arm Syrians
2012: Benghazi attack targets CIA officers ostensibly working to reclaim weapons used to oust Qaddafi but reportedly to send them on to Syria
2012: Petraeus ousted for reasons that probably aren’t primarily that he fucked his biographer
2013: John Brennan nominated to serve as CIA Director. As part of his confirmation process, the follow exchange takes place (Bark Mikulski asked a similar question in the hearing itself).
Question 7: What role do you see for the CIA in paramilitary-style intelligence activities or covert action?
The CIA, a successor to the Office of Strategic Services, has a long history of carrying out paramilitary-style intelligence activities and must continue to be able to provide the President with this option should he want to employ it to accomplish critical national security objectives.
Question 8: What are you views on what some have described as the increased “militarization” of the CIA mission following the September 11, 2001 attacks?
In my view, the CIA is the nation’s premier “intelligence” agency, and needs to remain so. While CIA needs to maintain a paramilitary capability to be able to carry out covert action as directed by the President, the CIA should not be used, in my view, to carry out traditional military activities.
April 2013: Obama signs finding authorizing an op CIA knew wouldn’t work
June 2013: Covert op begins, per Chuck Hagel confirmation of it in August
As Mazzetti explains, the amazing discovery that CIA’s covert ops are often useless was one reason Obama delayed so long before he authorized one anyway (and his close confidante Brennan implemented it).
But I think two other things are likely (in addition to Assad’s alleged use of chemical weapons in both April and August 2013). One, it wasn’t so much Obama was opposed to such an op; he was just opposed to the way Petraeus (who oversaw the latter part of the Libya op) and Hillary implemented it. (Note, Mazzetti specifically notes both Hillary and Leon Panetta’s claims they warned Obama to respond earlier in Syria, so Mazzetti’s piece may be a response to that.) And just as likely, the Saudi-tied rising strength in ISIL forced our hand, requiring us to be able to offer a legitimate competitor to their paid terrorists.
Particularly given the mujadadeen “success” apparently cited in the CIA study, I find that rather ominous.
For 5 years, Ibrahim al-Asiri has been the chief boogeyman in US efforts to scare Americans about terrorism from AQAP (and to justify huge outlays for dumb machines TSA can use). Almost yearly, the CIA leaks to ABC News that Asiri has mastered yet another new scary feat, such as surgically implanting bombs in someone’s stomach cavity. More recently, the story has been that Asiri trained some of the western terror recruits in Syria (never mind McClatchy’s report the real threat stems from a French defector).
Which is why I’m surprised that the Rewards for Justice announcement including him yesterday only offered $5 million for his capture (as compared to Nasir al-Wuhayshi — though admittedly Wuhayshi is actually the leader of AQAP, contrary to what the press implies).
Just as interesting is the description the Rewards for Justice announcement and an earlier terrorist designation uses for Asiri. Both make absolutely no mention of the UndieBomb 1.0, toner cartridge, or UndieBomb 2.0 plots in which Asiri has always been claimed to be a central figure.
Instead, State mentions only Asiri’s alleged attempt to kill our chief Saudi intelligence partner, Mohammed bin Nayef, with a bomb hidden in his brother’s rectum. Or maybe underwear. Details, as they always are with Asiri, are fuzzy.
The Secretary of State has designated al-Qa’ida in the Arabian Peninsula (AQAP) operative and bomb maker Ibrahim Hassan Tali al-Asiri under E.O. 13224, which targets terrorists and their supporters. This action will help stem the flow of finances to al-Asiri by blocking all property subject to U.S. jurisdiction in which al-Asiri has an interest and prohibiting all transactions by U.S. persons with al-Asiri. AQAP has previously been designated by the United States under Executive Order 13224 and as a Foreign Terrorist Organization.
Al-Asiri is an AQAP operative and serves as the terrorist organization’s primary bomb maker. Before joining AQAP, al-Asiri was part of an al-Qa’ida affiliated terrorist cell in Saudi Arabia and was involved in planned bombings of oil facilities in the Kingdom.
Al-Asiri gained particular notoriety for the recruitment of his younger brother as a suicide bomber in a failed assassination attempt of Saudi Prince Muhammed bin Nayif. Although the assassination attempt failed, the brutality, novelty and sophistication of the plot is illustrative of the threat posed by al-Asiri. Al-Asiri is credited with designing the remotely detonated device, which contained one pound of explosives concealed inside his brother’s body.
Al-Asiri is currently wanted by the Government of Saudi Arabia. In addition, Interpol has published an Orange Notice warning the public about the threat posed by him.
Remember, even by the time Asiri was designated as a terrorist in 2011, US prosecutors were well on their way to prosecuting Umar Farouk Abdulmutallab in his attempt to take down a Detroit-bound jet; Abdulmutallab was charged with conspiracy, and FBI allegedly found Asiri’s fingerprint on the bomb. Plus, they had Abdulmutallab’s confession implicating Asiri.
And yet … not a mention of these things in State’s descriptions of Asiri.
In February 2011, around the time the CIA took over the hunt for Anwar al-Awlaki, NSA started collaborating with Saudi Arabia’s Ministry of Interior’s (MOI) Technical Assistance Directorate (TAD), under the umbrella of CIA’s relationship with MOI (it had previously cooperated primarily with the Kingdom’s Ministry of Defense).
On August 15, 2011, hackers erased the data on two-thirds of the computers at Saudi Aramco; American sources claim Iran was the culprit.
On September 30, 2011, CIA killed Anwar al-Awlaki, using drones operated from a base on Saudi soil.
On November 5, 2012, King Abdullah named close John Brennan ally Mohammed bin Nayef (MbN) Minister of the Interior; MbN had for some time been our top counterterrorism partner in the Kingdom.
On December 11, 2012, James Clapper expanded NSA’s Third Party SIGINT relationship with the Kingdom of Saudi Arabia, for the first time formally including the Ministry of Interior’s Technical Affairs Directorate.
Between January 14 and 16, 2013 MbN traveled to Washington and met with just about every top National Security person (many of whom, including Brennan, were just assuming new jobs). On January 16, MbN and Hillary Clinton renewed and expanded the Technical Cooperation Agreement initiated in 2008. The TCA was modeled on the JECOR program used from the late 1970s until 2000 to recycle US dollars into development programs in Saudi Arabia; in this more recent incarnation, the Saudis recycle dollars into things like a 30,000 mercenary army and other military toys for internal stability and border control. Last year’s renewal — signed just over a month after Clapper made the Saudis full Third Person partners — added cybersecurity to the portfolio. The TCA — both the existing security resources and its expansion under close ally MbN — shored up the power base of one of our closest partners (and at a time when we were already panicking about Saudi succession).
In other words, in addition to expanding Saudi capabilities at a time when it has been cracking down on peaceful dissent, which is what the Intercept story on this document discusses, by giving the Saudi MOI Third Party status, we added to the power of a key ally within the royal family, and did so at a time when the TCA was already shoring up his power base.
We did so, the Information Paper makes clear, in part because MOI has access to internal Saudi telecommunications. While the Information paper talks about AQAP and Iran’s Republican Guard, they are also targeting Saudi targets.
And these new capabilities? They get coordinated through Chief of Station in Riyadh, the CIA. John Brennan’s agency.
It’s all very tidy, don’t you think?
Yesterday, just weeks after the time Al Arabiya announced Prince Bandar bin Sultan would resume his duties as head of Saudi intelligence (and therefore the mastermind of the Saudi-backed effort to oust Bashar al-Assad), Bandar was replaced by a little-known deputy.
Prince Bandar bin Sultan is on his way back to Riyadh where he will resume his tasks as head of Saudi Intelligence,reported news portal NOW Lebanon.
An informed Saudi source confirmed the report to Al Arabiya News.
“This is without doubt bad news for Tehran, Damascus and Hezbollah, particularly that anti-Saudi media has been propagating false information for the past two months that Prince Bandar’s absence has been due to his dismissal and due to a Saudi decision to back away from its policies regarding the regional conflict,” said the source in Riyadh.
The source confirms that Prince Bandar has actually been away due to medical reasons, however, he has resumed his activities this week from the Moroccan city of Marrakesh; where he has been recovering and where he has met with former Lebanese PM Saad Hariri and Crown Prince of Abu Dhabi, Sheikh Mohammad bin Zayed.
But today he’s out.
Saudi Arabia’s intelligence chief Prince Bandar bin Sultan has been relieved of his post at his request, the official Saudi Press Agency reported Tuesday.
The royal decree announcing that Prince Bandar was stepping down as president of General Intelligence gave no reasons for the move. He has been replaced by General Yousef Al Idrissi, the decree said.
I’m not sure anyone knows what these tea leaves mean. It may be that the “shoulder” injury Bandar had been treated for remains a serious health issue. It may be that — as one piece suggested — he retains some power here and has not ceded it back to Mohammed bin Nayef, who had taken over before Bandar’s return in March. It may be that this and King Abdullah’s designation of Prince Muqrin bin Abdulaziz as second in succession were done to time with Obama’s visit, to signal that America’s more favored successor, Mohammed bin Nayef, was not going to take over any time soon.
But it also comes among two other developments that may be related. First, since about the beginning of the year and increasingly in recent weeks, the Saudis are actually cracking down on terrorism, both real — including those who went to fight in Syria — and imagined. Perhaps the former, too, was a show for the US. But it did seem to reflect some concerns that Saudi efforts in Syria were increasing security concerns for the Kingdom (as well as other countries in the region and not).
Perhaps most interesting, however, is that the same day that Bandar got “sacked” videos started showing opposition figures in Syria with US made anti-tank missiles, which is the kind of thing Bandar has decades of experience arranging. We’ll see whether those disappear like Bandar or represent a new escalation of efforts to oust Assad.
In his drone letter to Congress 11 days ago, Eric Holder quoted a recording Anwar al-Awlaki made — it was prominently reported across the US media in March 2010, not long after he was added to the drone kill list — calling on Americans to take up jihad.
In this role, al-Aulaqi repeatedly made clear his intent to attack U.S. persons and his hope that these attacks would take American lives. For example, in a message to Muslims living in the United States, he noted that he had come “to the conclusion that jihad against America is binding upon myself just as it is binding upon every other able Muslim.” But it was not al-Aulaqi’s words that led the United States to act against him: they only served to demonstrate his intentions and state of mind, that he “pray[ed] that Allah [would] destro[y] America and all its allies.” Rather, it was al-Aulaqi’s actions — and, in particular, his direct personal involvement in the continued planning and execution of terrorist attacks against the U.S. homeland — that made him a lawful target and led the United States to take action.
Though Holder doesn’t quote these bits, the same recording mentions Umar Farouk Abdulmutallab several times, boasting about how such attacks proved the futility of American security systems.
9/11, the war in Afghanistan and Iraq, and then operations, such as that of our brother Omar al-Farouq which could have not cost more than a few thousand dollars, end up draining the US Treasury billions of dollars, in order to give Americans a false sense of security.
Our brother Omar Farouq has succeeded in breaking through the security systems that have cost the US government alone over $40 billion since 9/11.
And after the operation of our brother Omar Farouq, the initial comments coming from the administration were looking the same: another attempt at covering up the truth. But Al-Qaida cut off Obama from deceiving the world again; by issuing their statement claiming responsibility for the operation.
The operation of our brother Omar Farouq was in retaliation to American cruise missiles and cluster bombs that killed women and children in Yemen.
When the recording was originally released, American news outlets noted they had not confirmed the authenticity of the recording. Whether it is or not, the Administration has formally presented this release — as anonymous reporting had in the past — as proof that Awlaki was trying to reach out to American Muslims in early 2010, and therefore proof he could be killed.
If the government maintains that Awlaki would propagandize Abdulmutallab’s attack in English, then why does it claim that Awlaki helped Abdulmutallab make his martyrdom video, which is in Arabic?
Here’s how they describe that claim in the narrative they submitted with Abdulmutallab’s sentencing.
Awlaki told defendant that he would create a martyrdom video that would be used after the defendant’s attack. Awlaki arranged for a professional film crew to film the video. Awlaki assisted defendant in writing his martyrdom statement, and it was filmed over a period of two to three days.
Why would al Qaeda’s best English language propagandist set out to make a video with a man schooled in English about an attack targeting America, but make it in Arabic?
I had been wondering why John Kerry closed his meeting with Saudi Foreign Minister Saud al-Faisal the day after the Boston Marathon bombing, followed by Chuck Hagel’s unscheduled meetings in Saudi Arabia later that week.
The Daily Mail claims this is why:
The Kingdom of Saudi Arabia sent a written warning about accused Boston Marathon bomber Tamerlan Tsarnaev to the U.S. Department of Homeland Security in 2012, long before pressure-cooker blasts killed three and injured hundreds, according to a senior Saudi government official with direct knowledge of the document.
Citing security concerns, the Saudi government also denied an entry visa to the elder Tsarnaev brother in December 2011, when he hoped to make a pilgrimage to Mecca, the source said. Tsarnaev’s plans to visit Saudi Arabia have not been previously disclosed.
It even reports Prince Saud had an unscheduled meeting with President Obama the day after meeting with Kerry.
Now, the article implicates the Saudi Interior Ministry, though perhaps Saudi Interior Minister Mohammed bin Nayef is not the senior Saudi official with direct knowledge of a report handed from the Saudi Interior Ministry to (the article says) top people at the Department of Homeland Security. (Keep in mind that MbN rarely gives or at least gave anything to the US without going through his old buddy John Brennan, though also note the DM included his picture in the article.)
But there are other things about this I find interesting. First, the publication in the DM, which feels more like an info op than a report to, say, the WaPo. Then there’s the DM’s inclusion of people like House Homeland Security Chair Michael McCaul in its article (and, apparently, confirmation of a “Homeland Security Official” that the letter exists, which sounds like the same person as the HHSC aide quoted anonymously), heightening the partisan nature of this scoop.
Then there are apparent logical contradictions in the story, such as the detail that the Saudis apparently didn’t share Tamerlan’s name, but nevertheless expected the US to sort through his mail to get bomb components he could have gotten (and appears to have gotten) in a store.
It ‘did name Tamerlan specifically,’ he added. The ‘government-to-government’ letter, which he said was sent to the Department of Homeland Security at the highest level, did not name Boston or suggest a date for his planned attack.
The Saudi government, he added, alerted the U.S. in part because it believed American authorities should be inspecting packages that came to Tsarnaev in the mail in order to search for bomb-making components.
There’s the suggestion this intelligence came from Yemen.
He dismissed the idea that Tamerlan Tsarnaev was likely trained by al Qaeda while he was outside the United States last year.
The Saudis’ Yemen-based sources, he explained, said militants referred to Tamerlan dismissively as ‘the volunteer.’
‘He was a gung-ho, self motivated jihadi who wasn’t tasked by a larger group,’ he said.
Then, finally, there’s this: the brag about the four plots the Saudis tipped us off to.
‘This is the fourth time the Saudi Arabian government has given the U.S. specific intel’ about a possible terror plot, the official said, citing prior warnings about Richard Reid, the so-called shoe bomber who repeatedly tried to light a fuse in his shoe to bring down American Airlines flight 63 bound for Miami in December 2001.
He also cited the 300-gram ‘ink-cartridge bombs’ planted on two cargo planes headed for the United States from Yemen in October 2010. Those explosives were intercepted in Dubai, and at an East Midlands airport in Great Britain.
The DM names two plots: Richard Reid and the toner cartridge plot.
It doesn’t name another obvious one of the four: the Saudi double agent UndieBomb plot last year, which appears to have been designed to provide the justification to allow signature strikes in Yemen.
And the fourth?
In spite of all the furor over the way the NYT and WaPo sat on news of a Saudi drone base, the only explanation I know of for why they chose to reveal it now was this one.
So, what changed? Why did the New York Times decide to break the silence with a story last night including mention of the Saudi Arabia base? Managing Editor Dean Baquet told news hound-cum-New York Times Public Editor Margaret Sullivan that the decision was connected to the nomination of John O. Brennan to move to the directorship of the CIA; Brennan, after all, was a central figure in establishing the Saudi base.
There’s more to it, notes Leonhardt:
Ultimately, we decided that naming the country did not present enough of a national-security risk to justify withholding the information. There are not many countries on the Arabian peninsula. Some Web reports had already made the connection. We were aware of no specific security risks or threats, and it is widely known that Saudi authorities are aggressively pursuing Qaeda militants in Yemen. The administration continued to object, but we notified them on Monday that we intended to include the location in an upcoming story, which we did.
Bold text added to highlight an interesting wrinkle: Sullivan’s account of the goings-on suggests that toward the end, the government didn’t escalate the matter up the hierarchy at the New York Times:
Mr. Baquet said he had a conversation with a C.I.A. official about a month ago and, at that time, agreed to continue withholding the location, as it had done for many months. More recently, though, one of the reporters working on the story told the government that The Times would reveal the location and said officials should contact Mr. Baquet if they wanted to discuss it further.
“They didn’t call this time,” Mr. Baquet said.
The depiction of continued Administration opposition is a bit rich.
After all, as the NYT presented the story, the Saudi drone base played a role in both Anwar al-Awlaki and Said al-Shihri’s deaths.
The strikes have killed a number of operatives of Al Qaeda in the Arabian Peninsula, the terrorist network’s affiliate in Yemen, including Said Ali al-Shihri, a deputy leader of the group, and the American-born cleric Anwar al-Awlaki.
Not long afterward, the C.I.A. began quietly building a drone base in Saudi Arabia to carry out strikes in Yemen. American officials said that the first time the C.I.A. used the Saudi base was to kill Mr. Awlaki in September 2011.
Since then, officials said, the C.I.A. has been given the mission of hunting and killing “high-value targets” in Yemen — the leaders of Al Qaeda in the Arabian Peninsula who Obama administration lawyers have determined pose a direct threat to the United States. When the C.I.A. obtains specific intelligence on the whereabouts of someone on its kill list, an American drone can carry out a strike without the permission of Yemen’s government.
Although most Yemenis are reluctant to admit it publicly, there does appear to be widespread support for the American drone strikes that hit substantial Qaeda figures like Mr. Shihri, a Saudi and the affiliate’s deputy leader, who died in January of wounds received in a drone strike late last year.
The claim that Shihri (a former Gitmo detainee who had ties to a Saudi Gitmo deradicalized double agent) was killed by a drone is not at all clear. Continue reading