Behind Legion of Doom: Breaking “Encrypted Electronic Communications between High Level Al Qaeda Leaders”


David Garteinstein-Ross, who did his own research into the Daily Beast Legion of Doom story, noted a couple of things via Twitter that I have been pointing to: the conference call behind the Legion of Doom scare wasn’t the first intercept, and Al Qaeda leaders on the conference call (which Eli Lake clarified wasn’t via telephone) assumed the call was secure.

3) There has been more than one intercept related to the plot. The report refers to a captured courier in addition to the conference call.

5) Many reactions to the report assume AQ completely broke OPSEC. The report states that AQ leaders assumed the call was secure.

And in the appearance above on MSNBC, he describes the conference call as,

Encrypted electronic communications between high level Al Qaeda leaders in which they were discussing this plot.


This is encrypted communication. It’s hard to penetrate their communications. And if you make clear that we have, and which communications we’ve penetrated, then they’re simply going to adapt.

In general, that suggests that something the government got from the courier allowed them to break the encrypted conference call. And, if Gartenstein-Ross is accurately informed, that we did, in fact, break their encrypted communications.

While that doesn’t prove or disprove my outtamyarse guess that the Tor compromise had a connection to Legion of Doom, it does make it more likely.

It also means the leaks are that much more damaging, in that they would have ended the period when we had location data on operatives they didn’t realize had been exposed.

10 replies
  1. Alex says:

    how do we know this whole story isn’t a) some fantasy cooked up by the CIA, or b) we had one or more operatives in on the call?

    I am VERY skeptical of this whole 20 al Qaeda leader in on one call story.

  2. b says:

    Notice that there is another inconsistency in Eli Lake’s story. He writes:

    The presence of aspiring al Qaeda affiliates operating in the Sinai was one reason the State Department closed the U.S. Embassy in Tel Aviv, according to one U.S. intelligence official. “These guys already proved they could hit Eilat. It’s not out of the range of possibilities that they could hit us in Tel Aviv,” the official said.

    But the embassy in Tel Aviv wasn’t closed at all.

    Why make this false claim?

  3. emptywheel says:

    @b: First, I don’t think the complaint about the “conference call” usage is an inconsistency at all. While I don’t know what was used, I do know about half the conference calls I use now don’t require a phone.

    As to Tel Aviv, according to this, it was closed.

    I don’t always agree w/Eli, but it’s worth remembering that he had the original leaks on NSA intercepts pertaining to Benghazi, too, which held up.

  4. Snoopdido says:

    I still wonder whether this has been a US disinformation campaign or scam against al Qaeda.

    Here’s my thinking:

    The US CT partners (Saudis, Brits & Yemenis) still have moles in AQAP. Perhaps one of their moles is so highly placed that he is able to pass along upper level AQAP information on strategies, plots and operations.

    Suppose this al Qaeda franchises conference call (or chat) was encrypted, but the US was NOT able to decrypt it; and suppose this highly placed mole was briefed on it and was able to pass along the list of attendees as well as a detailed summary of their discussion to the US CT Team.

    Wouldn’t it make sense for the US to deliberately leak their awareness of the attendees and their discussion as if the US HAD been able to surveill the meeting thereby spooking al Qaeda, increasing their paranoia, dashing their belief that their internet chat system was secret and forcing them back to more primitive and time-consuming communications like via couriers?

    I can’t think of any other good reason why the US government sources would leak this information, nor why they would not scream to high heaven about chasing down the source(s) and publicly vowing to prosecute to the limit. It is this last item that bothers me the most. How could the US government NOT be upset about this level of leak on sources and methods?

    The only way I can figure it is if this was all a US scam to con al Qaeda, and that some US government flunkies forgot to shed the requisite crocodile tears about blowing sources and methods.

  5. Arbusto says:

    I’m well into my dotage, so someone explain to me: 1) how a courier, or the contents of his pouch, could be intercepted without said courier being compromised or Al Qaeda knowing it. 2) That Al Qaeda could possibly believe any electronic communications are safe, encrpted or not.

    If our intercepts as so fucking good, then why haven’t the financiers of Al Qaeda been rounded up after 15 years of NSA/CIA/DIA searching for them, and why hasn’t the NSA/CIA/DEA troika closed down every drug cartel and drug dealer in the world?

  6. greengiant says:

    @Arbusto: Guess that any electronic form of couriering such as passwords on a smart phone or lap top could be sucked down a number of different ways. Back doors to phone or lap top, or even proximity to blue tooth? or wifi while in transit. Same for sticking a thumb drive into one turned computer.
    More likely some or all of the story is smoke to get AQ to do something stupid or even just to identify extra couriers on walk about, or to get someone else to do something stupid, ( that would be the US congress).
    They read in 6,000 air marshals, sending them to Europe, just to dust cloud undie-bomb 2 and their sources.

  7. Snoopdido says:

    @emptywheel: The lack of the US government screaming for heads to roll for leaking these sources and methods is the same clue as the dog that didn’t bark.

    It sure seems to me that this leak is far more serious than the one by the AP about Undiebomber 2.0. And yet, not a word to be heard. Strange!

  8. Saul Tannenbaum says:

    (A bit late to this, but…)

    The weakness of all encryption systems isn’t the encryption, per se, it’s the encryption key distribution systems. Get the right key and you don’t have to break the encrption, you just decrypt it like everybody else who (legitimately) has the key.

    Speculation, but if Al Qaeda decided the best way to do secure key distribution was offline, that is, give it to a courier to give to the right people, and then the key was intercepted with the courier, well…

Comments are closed.