October 14, 2013 / by emptywheel


Remarkably Timed Spamouflage, Scary Iran Plot Edition

Screen shot 2013-10-14 at 8.36.40 PMWaPo has its latest Snowden scoop out, describing how the NSA collects hundreds of thousands of email contact lists daily.

The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top secret documents provided by former NSA contractor Edward Snowden.

I’ll come back to this part of the story later.

But further down in the story, it describes how a hack-spam attack on a member of Iran’s Quds Force overwhelmed NSA, forcing it to conduct emergency detasking of that person and several others between September 20 and October 20, 2011.

Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

This means that this target and “several people” within this Quds Force target’s contact books (and possibly the primary target’s email) were detasked in precisely the same time period as our informant, Narc, was entrapping Manssor Arbabsiar, of Scary Iran Plot fame.

Remember, if you read the plain language of some of the transcripts and other materials, it appears possible the money for this op involved another government.

There’s a similarly odd passage in the quotations purportedly showing that Shahlai was being funded for this by Iran.

[Arbabsiar] this is politics, ok … it’s not like, eh, personal … This is politics, so these people they pay this government … [Shahlai’s] got the, got the government behind him … he’s not paying from his pocket. [ellipses original]

Now this passage, unlike the last two (which are translations from Farsi), might best be explained by Arbabsiar’s less than perfect English. With that caveat, though, the bolded passage appears to suggest not that Iran was paying QF, but that QF was paying some other government (or someone else was paying Iran).

There are later details that also don’t make sense if this was an Iranian op.

In other words, during precisely the period when the most bizarre, improbable plot to hit Hollywood in years happens, some of the potential targets have their surveilled communications spamouflaged by an outside entity. (h/t to Frank N Furters for first calling this spamouflage.)

But I think our Intelligence Community is too dull to find that worthy of more consideration.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2013/10/14/remarkably-timed-spamouflage/