Leak Investigations

1 2 3 23

Author of Story Based on Leaks about Surveillance Parrots Brennan Condemning Leaks about Surveillance

Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).

But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.

“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”

The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.

Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.

I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.

That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.

I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.

Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).

But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).

It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.

The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.

Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.


Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.

That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.

It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.

On the Leak Crackdown: Donald Sachtleben Was a Convenient Scapegoat

I’m reading Charlie Savage’s Power Wars. While I disagree with some parts of it and have additional information that isn’t included in others (the book is already 700 pages, so it’s possible they were left out because of length), it is absolutely worth reading and provides a ton of insight about what Obama’s legal insiders were willing to share with Savage. Here’s a long interview with Glenn Greenwald about it.

As it happens, last year I wrote but never finalized a post on an area that is misleading in Savage’s chapter on the Obama Administration’s serial prosecution of leakers, about the prosecution of Donald Sachtleben, the retired FBI guy who, after being busted for kiddie porn, ultimately got prosecuted for being the leaker behind the AP’s UndieBomb 2.0 story. I’m tweaking it and posting it now. This post explains his bust.

Savage claims that Sachtleben never got IDed because he didn’t access any classified documents about the bomb and hadn’t signed the sign-in sheet of the room where it was being investigated — which is all stuff claimed in a Statement of Offense that is obviously designed to be misleading (though Sachtleben’s FBI badge did show him entering the examination space where the bomb was being examined; the Statement doesn’t say whether the specific room tracked badge entries). Savage states, Sachtleben “had visited the Quantico lab where the new underwear bomb was being examined on May 1, 2012, a few hours before Goldman and a colleague, Matt Apuzzo, first called government officials to say they knew the FBI had intercepted a new underwear bomb from Yemen” [that date of the call in the Statement is May 2]. That suggests (again, as the statement does) that Sachtleben was therefore the source for the things the AP told the government it knew on May 2.

As I’ve noted, Sacthleben contested this claim at his sentencing, which is actually consistent with what the text messages with him show: Goldman and Apuzzo were looking for confirmation of something they already knew.

“I was neither the sole nor the original source of information to ‘Reporter A’ about the suicide bomb,” Sachtleben said in a statement sent by his law firm. “The information I shared with Reporter A merely confirmed what he already believed to be true. Any implication that I was the direct source of a serious leak is an exaggeration.”

But in CIA Public Affairs emails obtained by FOIA by The Intercept last year, there’s further support for this. The emails reveal that by April 25, 2012 — 5 days before talking to Sachtleben — Goldman was already asking roughly the same questions about Ibrahim al-Asiri asked of Sachtleben. (PDF 548-9)

Screen Shot 2015-11-09 at 6.49.23 PM

“We’re hearing about aqap activity that has USG spun up and Ibrahim al-asiri is back on agency’s radar.” None of that’s surprising, of course, since AP sourced the initial story to numerous officials, and it’s unlikely two Pulitzer Prize winners would single source a story.

The Statement misleadingly suggests that the when Goldman and Apuzzo called the government on May 2, two and a half hours after speaking with Sachtleben (and a full week after Goldman’s email to the CIA Public Affairs office), they stated for the first time that “they believed, but had not confirmed, that the bomb was linked to AQAP’s premier bomb-maker, Ibrahim al-Asiri.” Except the government knew, but did not reveal in the Statement, that the AP reporters had already reached out via official government channels a week earlier with some of that information. Contrary to what Savage suggests, the call on May 2 was not the “first” that government officials learned the AP was working on the story, though it may have been the first time they claimed to have confirmed details about the bomb.

The emails also show the extent of AP’s efforts to provide CIA an opportunity to weigh in on the story.

After several exchanges the week before (including a “chat” between Deputy CIA Director Mike Morell and an AP editor in which the AP agreed to hold the story), CIA’s press office set up a meeting between Goldman, Apuzzo, and Morell at 9:30 on the morning they released their story, May 7. An Apuzzo email describes the purpose. “[T]his meeting is just the one the DDCIA [Morell] suggested, to offer some details to the story we agreed to hold for a few days.” (PDF 308)

This confirms a point the AP long insisted on — that they heeded an administration request for a few days before they published the story. And in response, Apuzzo’s email makes clear, Morell had offered to provide further details on the plot. That of course means that Mike Morell was himself a source for the story, probably including for the detail that CIA had just drone-killed Fahd al-Quso. Last I checked, Morell is not in prison for leaking to the AP (though of course his influence on the story would be considered official declassification and therefore cool).

Apuzzo followed up on the meeting and the story later that day. “I know that there were some strained conversations between our bosses this evening, but as far as Adam and I are concerned, I hope you found the story fair, accurate and responsible.” (PDF 308)

Of course, CIA had no reason to be pissed, given that the AP story celebrated their successful interception of a plot. Indeed, there is a very high likelihood that the CIA talked the AP reporters out of including more sensitive details — such as that the plot was really a sting run by a Saudi asset — that detail came out in other outlets, thanks in part to John Brennan and Peter King (the latter of whom was in turn blabbing about something the CIA had just briefed him), within a day. Or, something implied by the story but not stated directly, that the Administration had deployed a bunch of Air Marshals to Europe to protect against a threat that had never really been a threat and that they had already neutralized anyway. Those are the damning details of the story, but they weren’t in the AP’s version of it.

But the government came after them anyway. And, after members of Congress — including Peter King, who had served as a source for journalists!! — demanded a head, Donald Sachtleben served as a convenient one to offer up.

The story the government has told about Sachtleben — that they found he had a Secret CIA cable among his kiddie porn but didn’t pursue it any further until they exposed the sources of the entire AP newsroom — has never made sense. But as a guy who had already confessed to kiddie porn charges and had actually only served as the confirming source for some of the least sensitive information in the leak, he was convenient.

And while Savage appropriately lays into the Administration for the damage they did to journalism with their pursuit of leakers, the back story behind the scapegoating of Sachtleben suggests DOJ has been far more cynical about leaks and who gets prosecuted for them than suggested in Savage’s chapter.

Continue reading

Government Still Hasn’t Cleared One of Jeffrey Sterling’s Appellate Lawyers

Former CIA officer Jeffrey Sterling appealed his conviction for purportedly leaking information on Project Merlin to James Risen on May 26, before he even reported to prison on June 16. Throughout the summer, the appeal crept along, as most appeals do, in this case, held up in the wait for transcripts from the trial. But in August, it ground to a halt.

Just days after the Fourth Circuit ordered Sterling’s lawyers to submit their first brief on September 28, they revealed that they still hadn’t been cleared to review the Classified Information Protection Act hearings that will apparently be central to his appeal (the delay was caused, in part, by the problems in the electronic filing system revealed by the OPM hack). By October 1, William Trunk had been informed he was eligible for clearance, but needed to undergo indoctrination. That didn’t happen until November 2, the day his lawyers were due to submit a second status report on the status of their clearance. And Lawrence Robbins, Sterling’s other appellate attorney, still hadn’t heard anything about his clearance by that day.

I get that this process sometimes takes a long time. But Sterling has already served almost 5 months of his 42 month sentence, and the government ultimately controls this clearance process.

I’ve heard indications that the government has similarly stalled or limited clearances of already-cleared lawyers in Gitmo cases, so it is not unreasonable to ask whether the delay is an intentional stall.

On the Nonsense of Norms about Secrets

At a panel on secrecy yesterday, Bob Litt proclaimed that the NYT “disgraced itself” for publishing names, some of which were widely known, of the people who were conducting our equally widely known secret war on drones.

Sadly, Litt did not get asked the question implied by the Washington Post’s Greg Miller (who has, in the past, caught heat for not publishing some of the same names).

So CIA tried to convince not to name CTC chief, but helped do profile of CTC women with names and photos??

Did the NYT “disgrace itself” for publishing a column by Maureen Dowd that covers over some of the more unsavory female CIA officers — notably, Alfreda Bikowsky — who have nevertheless been celebrated by the Agency?

I’d submit that, yes, the latter was a far more disgraceful act, regardless of the credit some of the more sane female CIA officers deserve, because it was propaganda delivered on demand, and delivered for an agency that would squawk Espionage Act had the NYT published the same details in other circumstances.

Keep that in mind as you read this post from Jack Goldsmith, claiming — without offering real evidence — that this reflects a new “erosion of norms” against publishing classified information.

I mean, sure, I agree the NYT decision was notable. But it’s only notable because comes after a long series of equally notable events — events upping the tension underlying the secrecy system — that Goldsmith doesn’t mention.

There’s the norm — broken by some of the same people the NYT names, as well as Jose Rodriguez before them — that when you take on the most senior roles at CIA, you drop your cover. By all appearances, as CIA has engaged in more controversial and troubled programs, it has increasingly protected the architects of those programs by claiming they’re still undercover, when that cover extends only to the public, and not to other countries, even adversarial ones. That is, CIA has broken the old norm to avoid any accountability for its failures and crimes.

Then there’s the broken norm — exhibited most spectacularly in the Torture Report — of classifying previously unclassified details, such as the names of all the lawyers who were involved in the torture program.

There’s the increasing amounts of official leaking — up to and including CIA cooperating with Zero Dark Thirty to celebrate the work of Michael D’Andrea — all while still pretending that D’Andrea was still under cover.

Can we at least agree that if CIA has decided a Hollywood propagandistic version of D’Andrea’s is not classified, then newspapers can treat his actual career as such? Can we at least agree that as soon as CIA has invited Hollywood into Langley to lionize people, the purportedly classified identities of those people — and the actual facts of their career — will no longer be granted deference?

And then, finally, there’s CIA’s (and the Intelligence Community generally) serial lying. When Bob Litt’s boss makes egregious lies to Congress to cover up for the even more egregious lies Keith Alexander offered up when he played dress-up hacker at DefCon, and when Bob Litt continues to insist that James Clapper was not lying when everyone knows he was lying, then Litt’s judgement about who “disgraced” themselves or not loses sway.

All the so-called norms Goldsmith nostalgically presents without examination rest on a kind of legitimacy that must be earned. The Executive has squandered that legitimacy, and with it any trust for its claims about the necessity of the secrets it keeps.

Goldsmith and Litt are asking people to participate with them in a kind of propagandistic dance, sustaining assertions as “true” when they aren’t. That’s the habit of a corrupt regime. They’d do well to reflect on what kind of sickness they’re actually asking people to embrace before they start accusing others of disgraceful behavior.

Does Mossad Take Requests?

Yesterday, WSJ caused a stink by reporting that the Obama Administration was pissed because Israel had shared intelligence it gathered about the Iran negotiations and shared it with Congress.

Soon after the U.S. and other major powers entered negotiations last year to curtail Iran’s nuclear program, senior White House officials learned Israel was spying on the closed-door talks.

The spying operation was part of a broader campaign by Israeli Prime Minister Benjamin Netanyahu’s government to penetrate the negotiations and then help build a case against the emerging terms of the deal, current and former U.S. officials said. In addition to eavesdropping, Israel acquired information from confidential U.S. briefings, informants and diplomatic contacts in Europe, the officials said.

The espionage didn’t upset the White House as much as Israel’s sharing of inside information with U.S. lawmakers and others to drain support from a high-stakes deal intended to limit Iran’s nuclear program, current and former officials said.

“It is one thing for the U.S. and Israel to spy on each other. It is another thing for Israel to steal U.S. secrets and play them back to U.S. legislators to undermine U.S. diplomacy,” said a senior U.S. official briefed on the matter.

The story is not new. Earlier in the month, there were complaints in the conservative press the US had cut intelligence sharing with Israel because of its cherry picking of intelligence. And Bibi himself got caught trying to withhold an intelligence briefing from Senators on a codel.

Obviously, I’m not the least bit sympathetic to Bibi’s disinformation campaign.

But the Administration has brought this on itself. As I noted last year, the Committees have had to go begging for the intelligence they need to do their job (in this case, to craft an AUMF to fight ISIL).

As I noted in my Salon piece last week, former Associate Counsel to the White House Andy Wright noted, and today Jack Goldsmith and Marty Lederman note, Tom Udall suggested before Congress funds overt training of Syrian opposition groups, maybe they should learn details about how the covert funding of Syrian opposition groups worked out.

Everybody’s well aware there’s been a covert operation, operating in the region to train forces, moderate forces, to go into Syria and to be out there, that we’ve been doing this the last two years. And probably the most true measure of the effectiveness of moderate forces would be, what has been the effectiveness over that last two years of this covert operation, of training 2,000 to 3,000 of these moderates? Are they a growing force? Have they gained ground? How effective are they? What can you tell us about this effort that’s gone on, and has it been a part of the success that you see that you’re presenting this new plan on?

Kerry, who had been sitting right next to Hagel when the Defense Secretary confirmed this covert op a year ago, said he couldn’t provide any details.

I know it’s been written about, in the public domain that there is, quote, a covert operation. But I can’t confirm, deny, whatever.

(At the end of the hearing he suggested he has been pushing to share more information, and that he might be able to arrange for the Chair and Ranking Member to be briefed.)

Shortly thereafter, SFRC Bob Menendez confirmed that his committee was being asked to legislate about a war with no details about the covert op that had laid the groundwork for — and created the urgency behind — that war.

To the core question that you raise, this is a problem that both the Administration, as well as the Senate leadership must be willing to deal with. Because when it comes to questions of being briefed on covert operations this committee does not have access to that information. Yet it is charged with a responsibility of determining whether or not the people of the United States should — through their Representatives — support an Authorization for the Use of Military Force. It is unfathomable to me to understand how this committee is going to get to those conclusions without understanding all of the elements of military engagement both overtly and covertly. … I’ll call it, for lack of a better term, a procedural hurdle we’re going to have to overcome if we want the information to make an informed judgment and get members on board.

That’s only going to increase the thirst for intelligence wherever members of Congress can get it (though interestingly, Bob Corker, currently the Senate Foreign Relations Chair, says he hasn’t been getting Bibi’s special briefings).

Information may be power, and the Obama Administration may like hoarding that power. But the vacuum that it leaves can itself exert a lot of power.

Update: I hadn’t seen this Yahoo interview with Bob Corker. But he complains that he’s not getting intelligence. Instead, they bring Senators to a SCIF so we citizens can’t hear the questions.

Yahoo News: A bombshell Wall Street Journal story says the Israelis penetrated the Iranian talks and shared the information with Congress. Are you in a position to confirm any of that? And if the Israelis did what the Journal says they did, did they act appropriately?

Bob Corker: I have never found them actually to be sharing anything different than was in public sources. As I met with Netanyahu the last time, he said, ”You know, all this is Google-able — Yahoo-able!” For what it’s worth, I get more information about what’s happening from foreign ministers than I do from anyone. Not from Israel — foreign ministers that are part of the negotiating teams.

The White House is upset that foreign governments may be giving information to senators because they’re not? Every time they meet with us and give us information down in the classified SCIF (Sensitive Compartmented Information Facility) — they really do that so that none of you can hear questions that are asked — I never learn anything that I haven’t read about on Yahoo or New York Times or some other place.

Washington Post Fails to Disclose Heinonen’s UANI Connection in Anti-Iran Op/Ed

We are now in the “final” week of negotiations to set the framework for the P5+1 long-term agreement on Iran’s nuclear technology. With so much in the balance, voices are popping up from every direction to offer their opinions on what constitutes a good or bad deal. While Netanyahu’s address to Congress dominated the headlines in that regard, other sources also have not held back on offering opinions. In the case of Netanyahu, informed observers considering his remarks knew in advance that Netanyahu considers Iran an “existential threat” to Israel and that violent regime change in Iran is his preferred mode of addressing Iran’s nuclear technology. When it comes to other opinions being offered, it is important to also have a clear view of the backgrounds of those offering opinions so that any biases they have can be brought into consideration.

With that in mind, the Washington Post has committed a gross violation of the concept of full disclosure in an Iran op/ed they published yesterday. I won’t go into the “substance” of this hit piece on Iran, suffice it note that the sensationalist headline (The Iran time bomb) warns us that the piece will come from an assumption that Iran seeks and will continue to seek a nuclear weapon regardless of what they agree to with P5+1.

The list of authors for this op/ed is an anti-Iran neocon’s wet dream. First up is Michael Hayden. The Post notes that Hayden led the CIA from 2006-2009 and the NSA from 1999 to 2005. I guess they don’t think it’s important to note that he now is a principal with the Chertoff Group and so stands to profit from situations in world politics that appear headed toward violence.

The third of the three authors is perhaps the least known, but he’s a very active fellow. Here is how Nima Shirazi describes Ray Takeyh:

Takeyh is a mainstay of the Washington establishment – a Council on Foreign Relations Senior Fellow before and after a stint in the Obama State Department and a founding member of the neoconservative-created Iran Strategy Task Force who has become a tireless advocate for the collective punishment of the Iranian population in a futile attempt to inspire homegrown regime change (if not, at times, all-out war against a third Middle Eastern nation in just over a decade). Unsurprisingly, he dismisses out of hand the notion that “the principal cause of disorder in the Middle East today is a hegemonic America seeking to impose its imperial template on the region.”

The Post, of course, doesn’t mention Takeyh’s association with the group Shirazi describes, nor his membership in another Iran Task Force organized by the Jewish Institute for National Security Affairs.

Sandwiched between Hayden and Takeyh, though, is the Post’s biggest failure on disclosure. Olli Heinonen is described by the Post simply as “a senior fellow at Harvard’s Belfer Center for Science and International Affairs and a former deputy director general of the International Atomic Energy Agency”. As such, uninformed readers are likely to conclude that Heinonen is present among the authors to serve as a hefty dose of neutrality,given his background in the IAEA. Nothing could be further from the truth. What the Post fails to disclose is that Heinonen is also a prominent member of the Advisory Board of United Against Nuclear Iran.

Not only is UANI an advocacy group working against Iran, but they are currently embroiled in litigation in which it has been learned that UANI has come into possession of state secrets from the United States. The Department of Justice has weighed in on the UANI case, urging the judge to throw the case out on the grounds that continuing to litigate it will disclose the US state secrets that UANI has obtained. Since the litigation involves UANI actions to “name and shame” companies it accuses of violating US sanctions against Iran, one can only assume that the state secrets leaked to UANI involve Iran.

How in the world could the Washington Post conclude that Heinonen’s role on the Advisory Board for United Against Nuclear Iran would not be something they should disclose in publishing his opinion piece entitled “The Iran time bomb”?

Oh, and lest we come to the conclusion that failing to note Heinonen’s UANI connection is a one-off thing in which Heinonen himself is innocent, noted AP transcriptionist of neocon anti-Iran rhetoric George Jahn used Heinonen in exactly the same way a month ago.

We can only conclude that Heinonen is happily doing the neocons’ bidding in their push for war with Iran.

Update from emptywheel: The judge in Victor Restis’ lawsuit just dismissed the suit on state secrets grounds. Here’s the opinion, h/t Mike Scarcella.

Is Matt DeHart Being Prosecuted Because FBI Investigated CIA for the Anthrax Leak?

Buzzfeed today revealed a key detail behind in the Matthew DeHart case: the content of the file which DeHart believes explains the government’s pursuit of him.  In addition to details of CIA’s role in drone-targeting and some ag company’s role in killing 13,000 people, DeHart claims a document dropped onto his Tor server included details of FBI’s investigation into CIA’s possible role in the anthrax attack.

According to Matt, he was sitting at his computer at home in September 2009 when he received an urgent message from a friend. A suspicious unencrypted folder of files had just been uploaded anonymously to the Shell. When Matt opened the folder, he was startled to find documents detailing the CIA’s role in assigning strike targets for drones at the 181st.

Matt says he thought of his fellow airmen, some of whom knew about the Shell. “I’m not going to say who I think it was, but there was a lot of dissatisfaction in my unit about cooperating with the CIA,” he says. Intelligence analysts with the proper clearance (such as Manning and others) had access to a deep trove of sensitive data on the Secret Internet Protocol Router Network, or SIPRNet, the classified computer network used by both the Defense and State departments.

As Matt read through the file, he says, he discovered even more incendiary material among the 300-odd pages of slides, documents, and handwritten notes. One folder contained what appeared to be internal documents from an agrochemical company expressing culpability for more than 13,000 deaths related to genetically modified organisms. There was also what appeared to be internal documents from the FBI, field notes on the bureau’s investigation into the worst biological attack in U.S. history: the anthrax-laced letters that killed five Americans and sickened 17 others shortly after Sept. 11.

Though the attacks were officially blamed on a government scientist who committed suicide after he was identified as a suspect, Matt says the documents on the Shell tell a far different story. It had already been revealed that the U.S. Army produced the Ames strain of anthrax — the same strain used in the Amerithrax attacks — at the Dugway Proving Ground in Utah. But the report built the case that the CIA was behind the attacks as part of an operation to fuel public terror and build support for the Iraq War.

Despite his intelligence training, Matt was no expert in government files, but this one, he insists, featured all the hallmarks of a legitimate document: the ponderous length, the bureaucratic nomenclature, the monotonous accumulation of detail. If it wasn’t the real thing, Matt thought, it was a remarkably sophisticated hoax. (The FBI declined requests for comment.)

Afraid of the repercussions of having seen the folder of files, Matt panicked, he claims, and deleted it from the server. But he says he kept screenshots of the dozen or so pages of the document that specifically related to the FBI investigation and the agrochemical matter, along with chat logs and passwords for the Shell, on two IronKey thumb drives, which he hid inside his gun case for safekeeping.

Is it possible DOJ would really go after DeHart for having seen and retaining part of that FBI file?

For what it’s worth, I think Bruce Ivins could not have been the sole culprit and it’s unlikely he was the culprit at all. I believe the possibility that a CIA-related entity, especially a contractor or an alumni, had a role in the anthrax attack to be possible. In my opinion, Batelle Labs in Ohio are the most likely source of the anthrax, not least because they’re close enough to New Jersey to have launched the attacks, but because — in addition to dismissing potential matches to the actual anthrax through a bunch of smoke (only looking for lone wolves) and mirrors (ignoring four of the potentially responsive samples) — Batelle did have a responsive sample of the anthrax. Though as a recently GAO report made clear, FBI didn’t even sample all the labs that had potentially responsive samples, so perhaps one of those labs should be considered a more likely source. Batelle does work for the CIA and just about everyone else, so if Batelle were involved, CIA involvement couldn’t be ruled out.

So I think it quite possible that FBI was investigating CIA or someone related to CIA in the attack. It’s quite possible, too, that someone might want to leak that information, as it has been clear for years that at least some in FBI were not really all that interested in solving the crime. Even the timing would make sense, coming as it would have in the wake of the FBI’s use of the Ivins suicide to stop looking for a culprit and even as the Obama Administration was beginning to hint it wasn’t all that interested in reviewing FBI’s investigation.

But there’s something odd about how this was allegedly leaked.

According to Buzzfeed, the anthrax investigation came in one unencrypted folder with the ag document and a document on drone targeting the source of which he thinks he knows (it would like have been a former colleague from the ANG).

How would it ever be possible that the same person would have access to all three of those things? While it’s possible the ag admission ended up in the government, even a DOJ investigation into such an admission would be in a different place than the FBI anthrax investigation, and both should be inaccessible to the ANG people working on SIPRNet.

That is, this feels like the Laptop of Death, which included all the documents you’d want to argue that Iran had an active and advanced nuclear weapons program, but which almost certainly would never all end up on the same laptop at the same time.

And, given DeHart’s belief reported elsewhere this was destined for WikiLeaks, I can’t help but remember the Defense Intelligence Agency report which noted that WikiLeaks might be susceptible to disinformation (not to mention the HB Gary plot to discredit WikiLeaks, but that came later).

This raises the possibility that the Wikileaks.org Web site could be used to post fabricated information; to post misinformation, disinformation, and propaganda; or to conduct perception management and influence operations designed to convey a negative message to those who view or retrieve information from the Web site

That is, given how unlikely it would be to find these juicy subjects all together in one folder, I do wonder whether they’re all authentic (though DeHart would presumably be able to assess the authenticity of the drone targeting documents).

And DeHart no longer has the documents in question — Canada hasn’t given them back.

Paul told the agents that his family had evidence to back up their account: court documents, medical records, and affidavits — along with the leaked FBI document Matt had found that exposed an explosive secret. It was all on two encrypted thumb drives, which Matt later pulled off a lanyard around his neck and handed to the guards.


If Matt is, in fact, wrongly accused, answers could be on the thumb drives taken by the Canada Border Services Agency, which have yet to be returned to the DeHarts. But without access to the leaked files Matt claims to have seen, there is no way to verify whether he was actually in possession of them, and, if he was, whether they’re authentic.

Though at least one person (a friend in London? Any association with WikiLeaks?) may have a copy.

Inside a hotel room in Monterrey, Mexico, Matt says he copied the Shell files onto a handful of thumb drives. He mailed one to a friend outside London, and several others to locations he refuses to disclose. He also says he sent one to himself in care of his grandmother, which he later retrieved for himself. When the subject of the drives comes up, Matt acts circumspect because, he says, he knows that our communications are being monitored.

There’s definitely something funky about this story. Importantly, it’s not just DeHart and his family that are acting like something’s funky — the government is too.

But that doesn’t necessarily mean the FBI thinks CIA did the anthrax attack.

David Petraeus’ Defense Attorney Argues Mistress-Biographers Have More Legal Privilege than Defense Attorneys

In a letter to the NYT complaining that the paper compared his client, David Petraeus, with Stephen Kim and John Kiriakou, defense attorney David Kendall implicitly makes the argument that mistress-biographers have a better recognized privilege to access classified information than defense attorneys. (h/t Steven Aftergood via Josh Gerstein)

Now, far be it for me to criticize Kendall’s lawyering ability. After all, his firm, Williams & Connolly, has developed quite the expertise for getting well-connected Republicans off for leaking covert officers’ identities, having done so for Ari Fleischer, Dick Cheney, and now David Petraeus.

But his letter is ridiculous on both the facts and his rebuttal of the comparison, at least as it pertains to John Kiriakou.

First, Kendall omits key facts in his depiction of Petraeus’ crimes.

General Petraeus’s case is about the unlawful removal and improper storage of classified materials, not the dissemination of such materials to the public. Indeed, a statement of facts filed with the plea agreement and signed by both General Petraeus and the Justice Department makes clear that “no classified information” from his “black books” (personal notebooks) that were given to his biographer, Paula Broadwell, appeared in the biography.

He notes the plea deal “makes clear that ‘no classified information’ from his ‘black books’ … appeared in the biography.” That’s a very different thing than claiming that no classified information Petraeus shared with Broadwell appeared in her fawning biography of his client — and the record seems to suggest that it does.

Kendall also neglects to mention that this case is also about his client, just days after applauding Kiriakou’s plea, lying to the FBI. While, through the good grace of Kendall’s lawyering, Petraeus has gotten off scot free for a crime that others do years of prison time for, Petraeus nevertheless admitted that he committed that crime.

Indeed, as Abbe Lowell has made clear, that’s what prevented Kim from getting precisely the sweet deal that Petraeus has gotten, his alleged lies to the FBI.

But I’m even more disgusted by Kendall’s cynical treatment of Kiriakou’s crime.

By contrast, Stephen J. Kim arranged for the publication of highly sensitive classified information from an intelligence report on North Korea’s military capabilities, and John C. Kiriakou revealed the identities of covert C.I.A. agents, a betrayal of colleagues “whose secrecy is their only safety,” in the words of a government attorney.


Reporters, like biographers, are frequently given access to sensitive information on the understanding that they will not publicize it, and it is hypocritical for The Times to argue for leniency for Mr. Kim and Mr. Kiriakou and harshness for General Petraeus.

Note how Kendall doesn’t describe to whom Kiriakou “revealed the identities of covert C.I.A. agents” [a factual error — Kiriakou was only accused of leaking one covert officer’s identity]? The answer is he revealed the identity of a torturer to a journalist who was working for defense attorneys defending people that torturer had tortured.

Now, clearly, Kendall does defend the right of journalists to receive such classified information if they don’t publicly disclose it. That’s what he argues Petraeus’ mistress has done (the evidence notwithstanding). So according to Kendall’s lawyering, providing that covert officer’s identity to a reporter who didn’t disclose it publicly — which is what happened in Kiriakou’s case —  should have gotten Kiriakou probation.

Ultimately though, Kendall doesn’t even deal with the fact that, whatever scant privilege journalists and mistress-biographers have been granted in this country, defense attorneys have generally been granted more, for good reason. Thus, by all measures, Kiriakou made no worse, and arguably a much more legally defensible disclosure of a CIA officer’s identity than the multiple covert officers’ identities Petraeus exposed to his mistress and anyone else who decided to peruse his unlocked desk drawer.

I mean, I never really expect people in Petraeus’ vicinity to do anything but fluff his reputation; Petraeus has an infallible ability in eliciting that from people he permits to get close (or closer, in the case of Broadwell).

But I am rather surprised that a defense attorney is arguing he should have fewer privileges than a mistress-biographer.

Chelsea Manning Warned of Nuri al-Maliki’s Corruption in 2010. David Petraeus’ Subordinates Silenced Her.

In early 2010, Chelsea Manning discovered that a group of people Iraq’s Federal Police were treating as insurgents were instead trying to call attention to Nuri al-Malki’s corruption. When she alerted her supervisors to that fact, they told her to “drop it,” and instead find more people who were publishing “anti-Iraqi literature” calling out Maliki’s corruption.

On 27 February 2010, a report was received from a subordinate battalion. The report described an event in which the FP detained fifteen (15) individuals for printing “anti-Iraqi literature.” By 2 March 2010, I received instructions from an S3 section officer in the 2-10BCT Tactical Operations Center to investigate the matter, and figure out who these “bad guys” were, and how significant this event was for the FP.

Over the course of my research, I found that none of the individuals had previous ties with anti-Iraqi actions or suspected terrorist or militia groups. A few hours later, I received several photos from the scene from the subordinate battalion.


I printed a blown up copy of the high-resolution photo, and laminated it for ease of storage and transfer. I then walked to the TOC and delivered the laminated copy to our category 2 interpreter. She reviewed the information and about a half-hour later delivered a rough written transcript in English to the S2 section.

I read the transcript, and followed up with her, asking for her take on its contents. She said it was easy for her to transcribe verbatim since I blew up the photograph and laminated it. She said the general nature of the document was benign. The documentation, as I assessed as well, was merely a scholarly critique of the then-current Iraqi Prime Minister, Nouri al-Maliki. It detailed corruption within the cabinet of al-Maliki’s government, and the financial impact of this corruption on the Iraqi people.

After discovering this discrepancy between FP’s report, and the interpreter’s transcript, I forwarded this discovery, in person to the TO OIC and Battle NCOIC.

The TOC OIC and, the overhearing Battlecaptain, informed me they didn’t need or want to know this information any more. They told me to “drop it” and to just assist them and the FP in finding out where more of these print shops creating “anti-Iraqi literature” might be. I couldn’t believe what I heard, (24-25)

At the time, David Petraeus was the head of CENTCOM, the very top of the chain of command that had ordered Manning to “drop” concerns about Iraqis being detained for legitimate opposition to Maliki’s corruption.

Manning would go on to leak more documents showing US complicity in Iraqi abuses, going back to 2004. None of those documents were classified more than Secret. Her efforts (in part) to alert Americans to the abuse the military chain of command in Iraq was ignoring won her a 35-year sentence in Leavenworth.

Compare that to David Petraeus who pretends, to this day, Maliki’s corruption was not known and not knowable before the US withdrew troops in 2011, who pretends the US troops under his command did not ignore, even facilitate, Maliki’s corruption.

What went wrong?

The proximate cause of Iraq’s unraveling was the increasing authoritarian, sectarian and corrupt conduct of the Iraqi government and its leader after the departure of the last U.S. combat forces in 2011.  The actions of the Iraqi prime minister undid the major accomplishment of the Surge. (They) alienated the Iraqi Sunnis and once again created in the Sunni areas fertile fields for the planting of the seeds of extremism, essentially opening the door to the takeover of the Islamic State. Some may contend that all of this was inevitable. Iraq was bound to fail, they will argue, because of the inherently sectarian character of the Iraqi people. I don’t agree with that assessment.

The tragedy is that political leaders failed so badly at delivering what Iraqis clearly wanted — and for that, a great deal of responsibility lies with Prime Minister Maliki.

Unlike Manning, Petraeus adheres to a myth, the myth that this war was not lost 12 years ago, when George Bush ordered us to invade based on a pack of lies, when Petraeus and his fellow commanders failed to bring security after the invasion (largely through the priorities of their superiors), when Paul Bremer decided to criminalize the bureaucracy that might have restored stability — and a secular character — to Iraq.

Of course, Petraeus’ service to that myth is no doubt a big part of the reason he can continue to influence public opinion from the comfort of his own home as he prepares to serve his 2 years of probation for leaking code word documents, documents far more sensitive than those Manning leaked, as opposed to the 35 years in Leavenworth Manning received.

Which is, of course, a pretty potent symbol of our own corruption.

What an XKeyscore Fingerprint Looks Like

As part of its cooperation with New Zealand’s best journalist on that country’s SIGINT activities, Nicky Hager, the Intercept has published a story on the targets of a particular XKeyscore query (note: these stories say the outlets obtained this document; they don’t actually say they obtained it from Edward Snowden): top officials in the Solomon Islands and an anti-corruption activist there.

Aside from the targets, which I’ll get to, the story is interesting because it shows in greater detail than we’ve seen what an XKS query looks like. It’s a fairly standard computer query, though initiated by the word “fingerprint.” Some of it is consistent with what Snowden has described fingerprints to include: all the correlated identities that might be associated with a search. The query searches on jremobatu — presumably an email unique name — and James Remobatu, for example. As I have noted, if they wanted to target all the online activities of one particularly person — say, me! — they would add on all the known identifiers, so emptywheel, @emptywheel, Marcy Wheeler, and all the cookies they knew to be associated with me.

What’s interesting, though, is this query is not seeking email or other Internet communication per se. It appears to be seeking documents, right out of a file labeled Solomon government documents. Those may have been pulled and stored as attachments on emails. But the query highlights the degree to which XKS sucks up everything, including documents.

Finally, consider the target of the query. As both articles admit, the reason behind some of the surveillance is understandable, if sustained. Australia and New Zealand had peacekeepers in the Solomons to deal with ethnic tensions there, though were withdrawing by January 2013 when the query was done. The query included related keywords.

In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

More specifically, however, the query was targeting not the militants, but the Truth and Reconciliation process in the wake of the violence.

I would go further than these articles, however, and say I’m not surprised the Five Eyes spied on a Truth and Reconciliation process. I would fully expect NSA’s “customer” CIA to ask it to track the South African and Colombian Truth and Reconciliation processes, because the CIA collaborated in the suppression of the opposition in both cases (going so far as providing the intelligence behind Nelson Mandela’s arrest in the former case). While I have no reason to expect CIA was involved in the Solomons, I would expect one or more of the myriad intelligence agencies in the Five Eyes country was, particularly given the presence of Aussie and Kiwi peacekeepers there. And they would want to know how their role were being exposed as part of the Truth and Reconciliation process. This query would likely show that.

Which brings me to the point the activist in question, Benjamin Afuga (who sometimes publishes leaked documents) made: this spying, which would definitely detail all cooperation between him and the government, might also reveal his sources.

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

Ah, but Afuga does have things to hide: his sources. And again, if one or another Five Eyes country had intelligence operatives involved both during the tensions and in the peace keeping process, they would definitely want to know them.

Again, this is all standard spying stuff. I expect CIA (or any other HUMINT agency) would want to know if they’re being talked about and if so by whom — I even expect CIA does a more crude version of this within the US about some of its most sensitive topics, not least because of the way they went after the SSCI Torture investigators.

But this query does provide a sense of just how powerful this spying is in a world when our communications aren’t encrypted.

1 2 3 23
Emptywheel Twitterverse
bmaz @joanwalsh @PPact Terrible. But fear and loathing is their game. Don't accept or give in.
bmaz @speedbudget @Beyerstein There are plenty of very smart people who disagree with me, but from my experience in crim justice system, yes.
bmaz @speedbudget @Beyerstein None of this is about "extra penalties". It is about extra govt leverage and investigatory/surveillance abilities.
bmaz @speedbudget @Beyerstein ...which with sentencing enhancements is effectively life in prison. How much more can you give an adult human??
bmaz @speedbudget @Beyerstein Think about it: 1st degree murder is either life or death penalty. Even armed kidnapping/robbery is 2nd degree
bmaz @speedbudget @Beyerstein It gives the govt better leverage against suspects/defendants, and WAY more invasive tools+rules to investigate.
bmaz @speedbudget @Beyerstein No. For instance in both Dylan Roof+Dear in CO, both are 1stdegree/capital crimes already. What does terrorism add?
emptywheel @KevinBuist Damnit! I'm entering with a Ted Cruz doll and a bunch of colorful condoms. Right outside the carousel.
emptywheel @KevinBuist Can we put him in the river? We need river exhibits back!
emptywheel @KevinBuist Ohhh. The tradeoff of getting him in a winning venue w/some more appropriate church setting.
emptywheel @KevinBuist Maybe you can get him to be an exhibit in Art Prize next year.
JimWhiteGNV RT @CJonesScout: Three #Gators in the top eight of PG's college MLB Draft rankings. https://t.co/N84hQLVa8k
December 2015
« Nov